Ericsson achieves 100Mbps rates in LTE trials

Ericsson expects that the first commercial network of LTE next-generation mobile technology will go live in the fourth quarter of 2009

Ericsson has managed to achieve rates in excess of 100Mbps with next-generation mobile technology LTE (Long Term Evolution) during recent field trials.

LTE is pitched as a successor to the 3G (third generation) mobile services such as the European UMTS (Universal Mobile Telecommunications System) and similar wide-band CDMA (W-CDMA) services.

[ For more on LTE and its struggle to become the dominant architecture for broadband wireless infrastructure , read "The looming battle over wireless broadband." And find out more about rival WiMax in InfoWorld's report "Does WiMax work in the real world?" ]

Ericsson's goal in the field trials was to show that LTE works all the way from the base station to the terminal. "It's always easy to say that you can get a certain speed in a lab environment, but here we have used real antennas and real distances to the terminals, and also in a moving vehicle," said Lars Tilly, head of research at Ericsson Mobile Platforms.

Using four transmit streams (the maximum number supported in the LTE standard), four receive antennas and bandwidth of 10MHz, the measured peak rates exceeded 130Mbps. This translates into approximately 260Mbps, given the maximum bandwidth of 20MHz, according to an article in Ericsson Review.

"Not everyone will be able to get 100Mbps. You need pretty good conditions for it to work, and you need to be relatively close to the base stations, a couple of hundred meters," said Tilly.

The company also evaluated application-level performance using two transmit and two receive antennas, and the TCP (Transmission Control Protocol) bit rate was more than 40Mbps at least 50 percent of the time and more than 100Mbps at least 10 percent of the time along a test route, which a majority of the time stayed within 1 kilometer from the test site.

The test also shows how important it is to use MIMO (Multiple-Input Multiple-Output) to get the most out of LTE. Using four transmit and receive antennas increase performance by a factor of three compared to a basic setup. But at the same time Ericsson warns that MIMO-related gains are strongly dependent on radio conditions.

All the major telecommunications equipment vendors are currently working at full speed to get LTE out the door, according to Martin Gutberlet, analyst at Gartner.

He isn't worried about the base stations. Instead it's the lack of access to the necessary spectrum, which still hasn't been handed out in many European countries, including U.K., France, and Germany, that could lead to delays, according to Gutberlet.

Ericsson expects that the first commercial LTE network will go live in the fourth quarter of 2009, according to a spokeswoman.

This week's roundup of the top tech news stories includes Microsoft's critical bug, Android's launch, the tech economy, and more

Soon after Microsoft released a patch for a critical bug in its Windows Server software, attack code surfaced, and by Friday afternoon an early sample of the code was out, which led to the week ending on a warning note. Between the beginning and the end of the week, former Fed chairman Alan Greenspan blamed the U.S. economic crisis at least in part on the use of bad data. Perhaps next week will bring better news.


1. Attack code for critical Microsoft bug surfaces and New worm feeds on latest Microsoft bug: It didn't take long after Microsoft provided information about a critical Windows flaw, along with a patch, before attack code showed up. Developers of the Immunity security testing tool had an exploit written within a couple of hours of Microsoft's announcement on Thursday. Although the developer's software is only for paying customers, security researchers said they expected a version of the code to go public soon. That happened Friday afternoon when sample code appeared on the Web. The flaw, in Windows Server service, which is used to connect network resources, was also being exploited by a worm.

[ Video: Catch up on the news of the week with the World Tech Update ]

2. Greenspan, Cox tell Congress that bad data hurt Wall Street's computer models: Insufficient and faulty data used in risk management models contributed to the financial mess embroiling the U.S. and rippling across the globe, said former U.S. Federal Reserve chairman Alan Greenspan. Financial firms made business decisions using "the best insights of mathematicians and finance experts, supported by major advances in computer and communications technology," Greenspan told the House Committee on Oversight and Government Reform. "The whole intellectual edifice, however, collapsed in the summer of last year because the data inputted into the risk management models generally covered only the past two decades -- a period of euphoria."

3. Microsoft expanding Surface access: In order to get the SDK for Microsoft's touch-based apps platform, developers had to buy Surface hardware, which could be a pricey proposition. Well, no more: Microsoft will give the SDK to developers who attend a Surface workshop at its Professional Developers Conference next week.

4. Android phone launch day relatively quiet: Google's Android phone went on sale Tuesday, with people here and there standing in short lines outside of stores to be first to get their handsets. While there wasn't anything approaching the buzz surrounding the first iPhone sales, T-Mobile stores reported a steady stream of customers for its G1 phone, which is the first on the market to run the Android operating system.

[ Special report: All about Google Android ]

5. Intel repudiates executives' criticism of the iPhone: Comments from Intel executives who criticized the iPhone weren't appropriate, Intel said, after reports on the statements emerged from the company's developer forum in Taipei. Shane Wall and Pankaj Kedia said the iPhone is slow and incapable of running the "full Internet" because the smartphone has an Arm processor instead of, you guessed it, an Intel processor. "Apple's iPhone offering is an extremely innovative product that enables new and exciting market opportunities. The statements made in Taiwan were inappropriate, and Intel representatives should not have been commenting on specific customer designs," the company said later in a statement posted on its Chip Shots Web site.

6. Gmail activation problem in Apps finally solved: A problem was finally solved this week with Google Apps that kept those who recently subscribed to its Web-hosted office suite from being able to get to their new Gmail accounts. The problem kept Gmail accounts from being activated for new Apps users, starting late last week. The company said Monday the problem would be fixed by Tuesday, but it didn't work out that way, to the consternation of many Apps users, or would-be users.

7. Sun tussles with startup over noted systems designer: In an oddball of a story, startup Arista Networks set off a mini firestorm with Sun Microsystems when it announced that Andreas Bechtolsheim is the company's new chief development officer. Bechtolsheim, you see, is Sun's chief scientist and a top-notch systems designer, so Arista's news led to reports that he had resigned from Sun, which Sun denied, sending e-mail to journalists saying those reports were inaccurate and that he would continue at the company, though part time. That led Arista's director of marketing, Mark Foss, to say that as far as the startup is concerned Bechtolsheim is working full time at Arista, and that there was "a miscommunication" between his company and Sun that they were working to clarify. Bechtolsheim then did the clarifying -- he works full time now at Arista, which he cofounded and where he also serves as chairman, but he's going to advise Sun on a part-time basis of "no more than one day a week."

8. Intel shows off new laptop platform: Users got a glimpse of Intel's upcoming laptop platform, code-named Calpella, at the Intel Developer's Forum in Taiwan. The primary focuses of Calpella are efficiency and battery life.

9. Microsoft looks to secure Web content: At its Professional Developers Conference next week, Microsoft will show off its Web Sandbox initiative, which seeks to secure Web content by isolating it. The technology includes a cross-browser JavaScript virtualization layer that provides a secure standards-based programming model without requiring any add-ons.

10. Where the presidential candidates stand on tech issues: Both Democrat Barack Obama and Republican John McCain bring technology experience to the table as presidential candidates, though the experiences are quite different. Obama is an avid user of technology -- he's among the capital's BlackBerry enthusiasts -- while McCain admits he's not much for using electronic devices, but he has been on the Senate Commerce, Science and Transportation Committee for a long time, and a lot of technology-related legislation passes through that group before going to the full Senate. IDG News Service took a look at where they each stand on five key technology areas: telecommunications, national security, privacy, IT jobs, and innovation.

Office 2007 Service Pack 2 due in spring '09
SP2 of Office 2007 will introduce support for ODF and PDF as well as a more reliable calendar and faster performance for Outlook and other improvements

Microsoft said via a company blog Wednesday that Service Pack 2 (SP2) of Office 2007 will ship between February and April of next year.

The software maker had already said that SP2 will introduce support for the Open Document Format (ODF) used by Office's chief competitor, OpenOffice.org, the Portable Document Format (PDF) created by Adobe Systems, and its own XML Paper Specification (XPS) that is meant to compete with PDF.

The Office Sustained Engineering blog confirmed those features, and some others:

A more reliable calendar and faster performance for Outlook 2007;
Improvements to Excel 2007's charting;
Enabling Object Model support for charts in PowerPoint 2007 and Word 2007;
An uninstallation tool for Office 2007 service packs;
Improvements to server editions of Office 2007.

This is in contrast to SP1 of Office 2007, released last December, which mostly provided bug fixes rather than new features.

Office 2007 was released to businesses in November 2006, the same time as Windows Vista, with shipments to consumers and small businesses in January the following year.

Office 2007 was far different than prior versions, using a new "Ribbon" interface. Despite the risk of customer rejection, Office 2007 has been widely considered a sales and marketing success, unlike Vista.

Microsoft said it plans to divulge more details in Office blogs in the next few weeks. It will also begin inviting Office enterprise customers to a private SP2 beta in the next few days, which may or may not turn into a public one.

The months-old bug can be used to trick people into downloading and launching malicious code
Google has patched its Chrome browser to block a months-old bug that can be used to trick people into downloading and launching malicious code.

The fix has not been pushed out to most users, however.

[ For more on Google's Chrome browser, see InfoWorld's special report. ]

The security researcher who reported the vulnerability, which involves a combination of the "carpet bomb" bug with another flaw disclosed in August, called the fix "enough for the time being," but said Google's patch wasn't the final word.

Google plugged the hole in a developer-only version of Chrome that has not yet been sent to all users via the browser's update mechanism. Chrome users, however, can reset the browser to receive all updates, including the developer editions, with the Channel Chooser plug-in.

According to a Google blog, Chrome 0.3.154.3, which was released last week, changes the browser's download behavior for executable files, such as .exe, .dll, and .bat files on Windows.

"These files are now downloaded to 'unconfirmed_*.download' files," said Mark Larson, Chrome program manager, in the blog post. "In the browser, you're asked if you want to accept the download. Only after you click Save is the 'unconfirmed_*.download' file converted to the real file name. Unconfirmed downloads are deleted when Google Chrome exits."

Last month, Israeli security researcher Aviv Raff demonstrated how hackers could create a new "blended threat" -- so named because it relies on multiple vulnerabilities -- to attack Chrome. Raff's proof-of-concept code used an auto-download vulnerability (aka "carpet bomb") along with a user interface design flaw and an issue with Java.

Chrome contributed to the vulnerability by making downloaded files appear as buttons at the bottom of the browser's frame, Raff said then.

Tuesday, after examining the 0.3.154.3 developer build, Raff proclaimed the fix sufficient for the short term, but nothing more. "The fix is not good enough. [But] it's enough for the time being, until other small issues might popup and be used to exploit the auto download problem," Raff said in an interview conducted via instant messaging. "The best solution was if they just won't download the files until the user approves, or download them to a random directory..., as it's done with other browsers, like Internet Explorer's Temporary Internet Files folder or Firefox's random profile directory."

On the plus side, Raff said, Chrome shows the full filename -- the "unconfirmed_*.download" that Google's Larson described -- so that users can see if the file is, in fact, an executable and potentially dangerous.

But Chrome still has holes. "Even if [Google assigns executables] a random filename, it might still be possible to predict the downloaded filename," Raff said. "They delete the automatically downloaded files only after the user shuts down the browser. What happens if the browser crashes? The malicious files might still exist after the crash."

The best solution would be for Google to prevent any files from downloading through Chrome without user permission. "I think that downloading any file without user interaction to a predictable location, [for example] the default download directory, is still bad," Raff argued. "Even if the extension is not an executable, there might be other ways to execute those files. For example, through the Windows command line you can execute any file with a PE header, even if they have a different extension."

Chrome accounted for less than 1 percent of the browser market share during its first month of availability, according to data from Net Applications.

Security developers were able to write an exploit code in two hours after Microsoft released an emergency patch

Just hours after Microsoft posted details of a critical Windows bug, new attack code that exploits the flaw has surfaced.

It took developers of the Immunity security testing tool two hours to write their exploit, after Microsoft released a patch for the issue Thursday morning. Software developed by Immunity is made available only to paying customers, which means that not everyone has access to the new attack, but security experts expect that some version of the code will begin circulating in public very soon.

Microsoft took the unusual step of rushing out an emergency patch for the flaw Thursday, two weeks after noticing a small number of targeted attacks that exploited the bug.

The vulnerability was not publicly known before Thursday; however, by issuing its patch, Microsoft has given hackers and security researchers enough information to develop their own attack code.

The flaw lies in the Windows Server service, used to connect different network resources such as file and print servers over a network. By sending malicious messages to a Windows machine that uses Windows Server, an attacker could take control of the computer, Microsoft said.

Apparently, it doesn't take much effort to write this type of attack code.

"It is very exploitable," said Immunity Security Researcher Bas Alberts. "It's a very controllable stack overflow."

Stack overflow bugs are caused when a programming error allows the attacker to write a command on parts of the computer's memory that would normally be out of limits and then cause that command to be run by the victim's computer.

Microsoft has spent millions of dollars trying to eliminate this type of flaw from its products in recent years. And one of the architects of Microsoft's security testing program had a frank assessment of the situation Thursday, saying that the company's "fuzzing" testing tools should have discovered the issue earlier. "Our fuzz tests did not catch this and they should have," wrote Security Program Manager Michael Howard in a blog posting. "So we are going back to our fuzzing algorithms and libraries to update them accordingly. For what it's worth, we constantly update our fuzz testing heuristics and rules, so this bug is not unique."

While Microsoft has warned that this flaw could be used to build a computer worm, Alberts said that it is unlikely that such a worm, if created, would spread very far. That's because most networks would block this type of attack at the firewall.

"I only see it being a problem on internal networks, but it is a very real and exploitable bug," he said.