The Office for National Statistics published figures in Trading slowdown at end of 2004 that, by themselves, suggest the worst retail sales figures for 20 years.

However, other agencies are warning not to read too much into the figures. This is partly because a clear picture of overall Christmas trading is not expected until Easter. Also, various statistical presentations so far present different information that provides a positive picture.

For example, retail volume outperformed measures of actual spending, which suggests shoppers were buying into bargains first. Also, there was a distinct movement from high street purchasing to online spending. Another pointer is that non-adjusted performance showed a comparable trend to 2003.

Five companies have now been short-listed to administer the internet’s third largest registry - the .net TLD - which will be re-contracted from July 2005.

Over the next two months a group of advisors, under the auspices of ICANN will make the decision as to which of the five contenders is most likely to serve the best interests of the .net registry, its users, and the internet overall.

So far the shortlist comprises of:

• VeriSign
• Denic
• Afilias
• Santan
• CORE++

The chosen company will find itself administrating over 5 million .net domains, which VeriSign currently administrates for a fee of $6 per domain - a figure other companies claim exists for VeriSign’s benefit, not the consumer.

VeriSign is still a favourite to retain the contract, but German company Denic is expected to offer a serious challenge, already handling over 8 million .de domains - the world’s second largest registry, after .com.

Both these two companies are fighting fiercely for the potentially lucrative contract, and both have managed to persuade a number of major industry board figures to send in cloned letters of recommendation supporting one or the other.

If you can stomach the reading, the letters are available online here: .net Correspondence

Google are appealing against a ruling by a judge in France, which seeks to prevent the serving of AdWords on display of trademarked hotel chain.

Le Meridien had served legal proceedings on Google, after hotel chain rivals were found to have their own ads prominantly displayed in search for “Le Meridien”.

Although in a similar case in the US, Google was found not to be in violation of trademark, if the French judge’s decision is upheld it could spell potential trouble for Google’s generation of revenue.

Google currently earn 98% of their income from AdWords programs, and if their appeal fails it could create serious problems for revenue generation in European markets.

A researcher in cryptography at the Institute of Infocomm Research in Singapore has reported a serious flaw in the method of encryption used by Microsoft in its Office suite.

As reported in Hongjun Wu’s The Misuse of RC4 in Microsoft Word and Excel, the problem arises because Microsoft programmers apparently did not properly apply the 128-bit encryption technique.

In Microsoft RC4 Flaw Bruce Schneier explains that Microsoft programmers effectively allowed the same encryption keys to be used for different documents, making it much easier to crack the encryption code.

Microsoft reportedly view the error as creating “a very low threat”, according to the CNet report Flaw found in Office encryption.

The report marks the latest in a series of weak system key issues.

Phishing scams continue to increase, with the Anti-Phishing Working Group (APWG) publishing figures that cover monitoring over December.

• 9,019 new, unique phishing campaigns
• 1,707 phishing-related sites reported
• 55 targeted companies/brands

Fears that commerce vendors would be specifically targeted were unfounded, as financial institutions became the big focus for phishing attacks.

However, the figures make a clear demonstration of the seriousness of the threat from phishing scams.

For example, in July 2003 there were only 2,625 attacks overall, and the number of phishing related sites has grown at around 25% per month.

Last autumn had seen a particular increase in phishing attacks, as reported in October boom for phishing.

In a move that raises a range of uncomfortable legal issues for Google, its Desktop Search tool has been used in the development of an application for large-scale file-swapping.

DNKA remote desktop search tool acts as a webserver that utilises Google Desktop Search to allow other people to remotely search and download files from a users computer.

Although the development company tries to indicate postive uses for the application, the notion of Google software being used to create peer-to-peer networks can only be an acute concern for the company, especially in the face of high-profile legal actions by music and film corporations, not least the RIAA and BPI.

Voice recognition software development company, Scansoft, and media library production company, Gracenote, have announced plans to join forces to produce voice-activated media applications.

The aim is to provide hands-free access to film and music media, with the technology available from Q4 2005.

Gracenote already provides music library information Apple’s iTunes, so it is not at all inconceivable think iTunes could be the first beneficiary, and that the Apple iPod may be the first multimedia device to incorporate the voice activation & selection technology.

The Super airliner wars have opened in earnest, after Airbus finally revealed their A380 “super-jumbo” aircraft in an opening ceremony, that also served as a warning shot to US rival, Boeing.

With a projected seating capacity of almost 50% more than the Boeing 747, the Airbus A380 project is intended to provide the dominant single aircraft carrier in the 600-800 seater range.

Announced in 1999, with parts and construction carried out across the UK, France, Germany, and Spain, in a deployment of work that catered to political senstivities, the Airbus A380 project is over-budget, at around 12 billion euros.

However, market demand is strong, and there are existing orders for 149 versions of the plane on the books, with more than 40 alone for Emirates airlines.

Boeing are already updating their 747 range to hold onto some significant market share, but despite a basic design that has survived nearly 40 years, the company has also been working on a different new major project.

Dubbed the 7E7 Dreamliner, Boeing’s next big move is to offer a passenger plane that carries fewer passengers, but at longer distances, cutting out the need for connecting flights in flight distances of less than 15,000 miles. Fifty planes have already been ordered by All Nippon Airways.

Both the Airbus 380 will undergo its first full test flight - and the Boeing 7E7 Dreamliner officially launched - in April of this year.

IMG: Airbus A380 (left) and the Boeing 7E7 Dreamliner (right):

Yahoo! today announced Q4 profits of over $187m from sales in excess of $1 billion, after sales of stock including shares from Google.

Yahoo! indicated strong advertising revenue as a principle growth area, with TV and media companies especially moving increasing marketing budgets to search and banner advertising.

The news was welcome on the stock market, and Yahoo! shares closed at $37.86 on the day.

The Curopean Commission has begun a formal investigation into whether UK telcoms operators, specifically British Telecom (BT) and Kingston Communications (KC), have received unfair tax breaks over competitors.

The complaint was raised by Vtesse, who argued that Business Rates, as set by the Inland Revenue’s Valuation Office Agency (VOA), gave unfair biases towards both BT and KC at the expense of other telecoms companies.

BT denies that the arrangements provide any real benefit to it, and the Department of Trade and Industry also dimisses of aid inherent in the rating system.

SPECIAL REPORT

A new tag is to be introduced to the internet, instructing search engine spiders to ignore specified links, and major search engines Google, Yahoo! and Microsoft will support it. Publicly claimed to be for the fight against blog spam, it effectively leaves the search engines asking webmasters to help improve their results.

A simple attribute, the new tag is intended to be placed inside a link anchor, like this:

rel=”nofollow”

and is placed within the link anchor code.

The intention is that the “nofollow” rel attribute is used to indicate to search engines that the link should not be followed.

While a number of people in the world of blogging are touting this as a solution to blog spam, the actual effect is likely to cripple the link popularity blogs have so readily enjoyed between one another, while additionally providing a tool that webmasters can use to hide useful content from search engines.

A number of options have already existed for blog software development companies, such as:

• Allow only registered users to post
• Disallow HTML in posts
• Use a jump script to mask the target URL
• Place comments in a folder and allow only registered users to access them
• Place comments in a folder and use the “nofollow” meta-tag
• Place comments in a folder and use a robots.txt file to block search engine spiders

Although some blog developers have employed one or more of these methods, some very popular releases have continuously failed to address the problem. For example, Blogger blogs suffer relatively little comment spam - yet SixApart only set the default installation of their very popular MovableType release to registered users only for comments at the start of the year.

The “nofollow” tag is just another option on top of an already rich set of possibilities, that many responsible web publishers have already employed themselves, to help cut out comment spam altogether.

However, it is very unlikely that the new “nofollow” attribute will actually prevent comment spam - it will simply mean that search engines will be asked to ignore it.

More to the point, if implemented to any small degree, it can only encourage more aggressive action from automated blog spamming scripts, and worms such as Santy have already shown how search engines themselves can be used to implement this on a large scale.

There also remains the problem of abuse of the “nofollow” tag itself. For example:

• Webmasters trying to hide reciprocated links, so that search enignes think the link popularity is all one-way,
• Directory owners trying to preserve PageRank by crippling content links,
• Webmasters hiding links in RSS feeds they publish, thus gaining content without search engines being able to attribute it to source
• Exploitation of Creative Commons material, by distributing it (modified or not) on other websites, but preventing search engines from being able to attribute source
• Forum admins crippling member links, to gorge on the PageRank preserved

When looked at in these terms, it is difficult not to think that Google and other search engines, see this method as a way to make Webmasters police themselves - presuming anyone takes up the new attribute for the long term.

Here’s how the internet movers are covering this issue:

Search Engines:

Not surprising, the search engines themselves cheer the move. After all, they’ve just asked the webmastering community to police the internet for them, and help them remove a process that automated spam filtering could not work against:

• Preventing comment spam: Matt Cutts and Jason Shellen at Google report from that this is intended to tackle blog, guestbook, and referrer list spam. They list helpful guidelines for the application of the “nofollow” tag among the webmastering community, to whom they appeal to apply it - yet despite being informative on the technical side, the announcement itself reads as cold.
• A Defense Against Comment Spam: Jeremy Zawodny writes in the Yahoo! blog that he expects this to start combating comment spam right away. Although he tries to indicate that a particular concern is reducing server load for blog hosts, he tellingly comments “In the coming weeks you can expect to see the changes reflected in our web index.” In other words, Yahoo! effectively sees comment spam as a major factor in making Yahoo! provide irrelevant results.
• Working Together Against Blog Spam: MSN warmly relates on times in student halls, and makes no claim to the tool actually having affected the MSN index, nor of comment spam being solved by this issue. However, there is a clear invitation to accept/reject/comment on the matter, while Search Development Manager Ken Moss suggests it will be a “good thing” and “put bloggers back in control.”

Search Engine commenters

The rest of the internet sees things a little differently, though. There is a mixture of enthusiasm, pessimism, resignation, and also real concern that should a move, if widely implemented, could indeed cripple the blogosphere of the very “free exchange of thoughts and ideas” that created it:

• Support for nofollow: Six Apart publish blog software, but until now have done precious little indeed to combat comment spam effectively, though options have been available. It was only at the start of this year that the public version of MovableType even defaulted to comments being moderated - which should have been one of the first defences to be implemented long ago. For the most part, the company is upbeat - but perhaps more because it is seen to be acting in some way, even if it doesn’t actually address the issue.
• The Social Impacts of Software Choices: Anil Dash waxes lyrical about how only “spammers” will suffer from widespread implementation of the links, and suggests are its only real critics. He also cheers Six Apart’s implementation of the tag, yet fails to point out that users will still end up with comment spammed blogs - it’s simply that search engines won’t have to look at the mess.
• Google Admitting Defeat over War with Spammers?: Nick Wilson brings together a number of threads at Threadwatch, and the general tone from experienced SEO’s and webmasters - lack of faith that the attribute will combat spam, but instead will be easily abused.
• Google, Yahoo, MSN Unite On Support For Nofollow Attribute For Links: Danny Sullivan of Search Engine Watch enthuses over the fact that search engines are trying to address some webmaster concerns - but he concedes that this move in itself is unlikely to stop comment spam behaviour.
• Report: Google to Put Kibosh on Blog Comment Spam: Steve Rubel welcomes the move - if it actually addresses the issue.
• Fighting blog comment spam – what companies need to know: Charlene Li at Forrester suggests that companies should be safe to turn on comments, and that the nofollow tag should protect - but she fails to mention that just because search engines may not credit a link, does not mean to say that automated spam bots won’t leave company blog comments filled with spam hawking adult, pharmaceutical, and gambling services.
• Follow On No Follow: John Battelle realises that there are implications way beyond simple elimination of comment spam, and expresses unease - responding to comments on how blog linking may be adversely affected, he ponders that there may be serious consequences for ordinary bloggers if widely implemented.
• Fighting blog comment spam Silicon Valley reports on its scepticism that the nofollow tag can overcome the greater resourcefulness of comment spammers - and also pauses to express unease
• Comment spam - it’s going to get a little better: Alex Barnett simply welcomes the move - but as a dedicated supporter of RSS marketing, does he realise how badly RSS feeds could be abused by this by provision of content for search engines, without the source site being attributed?
• Google to Kill Blog Comment Spam?L Darren Rowse notes that it would require large-scale implementation to have any effect, and also notes that this could serious impact not only how blogs interact, but also kill search traffic to sites that are maintained by links from other blogs.
• Winer set to deliver comment spam knockout: BlogHerald imagines that the announcement will mean that all comment spam will disappear over 12 months - but presumes that all blogs will somehow auto-update to ensure this happens.
• More on the Rel=NoFollow Tag…: Aaron Wall at SEO Book is resigned to the move being widely applied, and simply points out that comment spam had offered “low-hanging fruit” for people to easily abuse. However, he also points out that where the markets move, so does the money - if “nofollow” is effective, other methods will be applied to achieve similar means.
• Massive weblog anti-spam initiative: rel=”nofollow”: MT-Blacklist recognises the fact that blogs will lose out in popularity - both in terms of linking and traffic - if this method is widely applied. Interestingly enough, the issue is seen as fair-trade for over-valuation of blogs in the first place, which has especially created the problem.
• The Spammers have Won: Andy Wismar points out that the blogosphere was created and defined using comments and trackbacks - and if the “nofollow” attribute is used, it effectively means the deconstruction and devaluation of the blogosphere.

vBulletin last night released two important patches, that follow closely on the critical 3.05 patch for vBulletin 3.

The current releases are general security and bug-fix releases for both the vBulletin 3.x and vBulletin 2.3.x platforms.

A primary role of the security fix relates to an issue with XSS that could lead to bbcode for member signatures exploited.

The annoouncement was made in vBulletin 3.0.6 and 2.3.6 Released, and vBulletin 3.x users who already updated to 3.0.5 only need download the includes/functions_bbcodeparse.php.

After the recent security concerns with PHP, upgrades from PHP 4.3.9 to PHP 4.3.10 have left some dynamic applications with serious problems with slowed performance.

In a report at the PHP development community, Bug #31332 unserialize() works terribly slow on huge strings compared to 4.3.9, it is pointed out that this error is critical for many php based systems, such as vBulletin and Drupal.

The issue centers around use of the unserialize() function, which when used on serialized multidimensional arrays, can result in a a slowdown in the application of stored data by as much as a factor of 20.

In layman’s terms: if the software you run is like a pub, and the database the software runs from is like the beer cellar, then the barman now has lead boots.

A workaround is already in beta format, and a public release of the patch is expected soon.

New York ISP, Panix, is reported to have had its domain name hijacked.

According to ISP fights for return of hijacked domain:

A Panix.com representative said ownership of the domain had been moved sometime Friday evening to a company in Australia, the domain name server (DNS) records had been moved to the United Kingdom and that the company’s mail had been redirected to a company in Canada.

The company warned that most customers will either have no access to the Panix.com domain or will arrive at a false site. E-mail to the domain is being directed to the false site and “should be considered lost or compromised,” the ISP said in its posting.

Although it is uncertain how the ISP’s domain could have been hijacked, in September a German teen was arrested after he put in DNS transfer requests for a small number of corporate sites, and suddenly became the registered owner of ebay.de.

Computing giant IBM last week announced plans to offer around 500 patents to the open source community, in a planned investment of open source development for industry.

As reported in IBM offers 500 patents for open-source use, the company does still retain vast number of patents by volume, suggested to be as many as 10,000. Crucially, however, the 500 includes an important set of 60, which were believed compromised by the development of Linux operating systems.

Following that announcement came a report from Linux Business Week, which claimed in Linux Kernel To Be Re-Written To Counter Microsoft FUD that a consortium of companies - including IBM and Intel, and starring Linux founder Linus Torvalds - will fund a project to rewrite the Linux kernel so that it is free of an estimated 283 patent infringements - specifically, 27 suggested related to filings by Microsoft, which has long been expected to launch patent-infringement suits on the developer community.

Business consultants Deloitte, in 2005 – Tough times ahead?, indicate that they expect the UK ecomony’s “golden period” of the past ten years to come to an end.

Citing a slowdown of the housing market as the major economic brake, it predicts this will impact comsumer spending, resulting in lower economic growth than forecast.

Interestingly enough, the report, primarily authored by Roger Bootle, downplays the impact of oil on retail prices, and expects “aggressive” rate rises from the Bank of England, with interest rates as low as 3.5% for 2006.

TCI Fund Management, an investment company claiming more than a 5% share in Deutsche Boerse, has called an Extraordinary General Meeting of Deutsche Boerse shareholders to recommend against any further bid for the London Stock Exchange.

Under German law, any company with 5% more shareholding in a public company can call an EGM. However, it is uncertain whether it will be able to forward compelling arguments to persuade against supporting a bid for LSE.

After Deutsche Boerse’s intial bid was rejected last month, markets have expected Deutsche Boerse to return with an increased bid.

After completing one of the bitterest IT merger acquisitions in recent years, Oracle have announced that they will lay-off 5,000 workers. The majority of the lay-offs are expected at acquired company Peoplesoft, which already employs nearly 11,000 people worldwide.

In Oracle to cut 5,000 jobs in PeopleSoft merger, CNet reports on how Peoplesoft tried to fight off the acquisition for 18 months, and the matter ended up covering two high-profile court cases which heard how the opposing company CEO’s lashed out at each.

A fault at British Telecom’s internet switching site in Bletchley yesterday left more than 70,000 of their business broadband customers with little or no internet access.

The UK’s largest broadband provider, the disruption of service meant that online vendors and e-commerce sites hosted on BT were unable to process orders, as well as users being unable to properly surf the internet.

The cause of the problem was not released.

After 9/11, disorganisation of security information was cited as a key failure in the application of intelligence gathering and application that helped allow the plane hijackers to succeed.

A $600 million package was assigned to the FBI to build 3 crucial computer systems for achieving their mandate, but one of them - Virtual Case File - has failed to materialise after $180 in investment.

Intended to allow all FBI offices to search for and access case files and related documents, and to permit separate offices to collaborate on line, Virtual Case File, according to the Register’s report FBI blew $170m on doomed IT upgrade:

The Bureau concedes that the system is capable of only 10 per cent of its requirements, and cannot be salvaged, except perhaps for minor bits that might be recycled in a future replacement.