Ashley Bell

HP this week unveiled updates to its HP-UX Unix OS and Serviceguard high-availability software, offering capabilities in data protection, data privacy, and business continuity. The software packages run on HP Integrity and HP 900 servers. [ Check out InfoWorld's report on how HP has been looking to lure Sun Solaris Unix users to HP-UX. ] The Unix upgrade offers automated features to reduce maintenance requirements, improve availability, and enhance security, the company said. Update 5 of HP-UX 11i v3 and Serviceguard restore application services in the event of hardware or software failure, HP said.

Users can lower operational costs and increase efficiency in such demanding applications as online transaction processing or business intelligence, according to HP. "Comprehensive" data protection is provided through encryption for data in transit and at rest, HP said. Update 5 provides as much as 99 percent of raw disk performance, enabling reduction in operational costs for large databases and accelerated access to business-critical information. Enhanced data privacy is provided through Bastille, an automated system-hardening tool that configures a system to protect against unauthorized access. Administrator productivity is improved with expanded security bulletin analysis and patch maintenance. Business continuity is improved through minimization of downtime in the OS's Logical Volume Manager. Security issues are identified for as many as 100 systems in a single view when integrated with HP System Insight Manager.

Simplified standards compliance is offered through PCI (Payment Card Industry) and Sarbanes-Oxley Act report templates HP Serviceguard, which is part of the HP Virtual Server Environment software suite, is integrated with HP-UX 11i to protect applications from down time, HP said. Another improvement is elimination of business interruptions with Online Package Maintenance capabilities that run routine maintenance and upgrades while the system is active. Business connectivity is enabled during Serviceguard upgrades through a Dynamic Root Disk tool that reduces server network down time by 75 percent, the company said. Management of server connections is improved with a graphical cluster topology map for administration and configuration.  Also, traffic is coordinated between clustered servers and storage arrays.

The overall number of defects in open-source projects is dropping, a new study by vendor Coverity has found. The vendor has set up a Web site through which open-source projects and developers can submit code to be analyzed. Coverity, maker of tools for analyzing programming code, received a contract in 2006 from the U.S. Department of Homeland Security to help boost the quality of open-source software, which is increasingly being used by government agencies.

The vendor assigns projects to a series of "rungs" depending on how many defects they resolve. "Defect density" has dropped 16 percent during the past three years among the projects scanned through the site and some 11,200 defects have been eliminated, according to Coverity's latest report. They are Samba, tor, OpenPAM and Ruby. Four projects have been granted top-level "Rung 3" status, after resolving defects discovered during Rung 1 and 2, Coverity said. The Scan site has so far analyzed more than 60 million unique lines of code from 280 projects, according to Coverity. Coverity's scanning service employs static analysis, which is used to check code for security or performance problems without having to run an application itself. More than 180 projects have developers actively working to scan open-source projects.

This is preferable because "testing every path in a complex program as it runs requires constructing a large number of special test cases or structuring the code in special ways," Coverity said. "Static analysis [tools] won't tell you that your business process is working correctly ... but they will tell you that the code itself is technically solid, and follows the kind of programming best practices you'd expect to see from code that has gone through a proper code review," said Forrester Research analyst Jeffrey Hammond via e-mail. The tools tend to be most helpful for finding "structural 'anti-patterns' in code, poor programming practices that can result in performance and security issues like memory leaks and buffer overflows as well as more exotic conditions like errors due to parallel execution of code in a multicore CPU environment," he added.

A lawsuit consolidating 16 separate class-action complaints brought by financial institutions against Heartland Payment Systems Inc. has been filed in U.S. District Court for the Southern District of Texas. The complaints allege that the payment processor was negligent in its duty to protect card holder data. The claims stem from the massive data breach disclosed by Princeton, N.J.-based Heartland in January.

The amended complaint includes for the first time several statements that Heartland is alleged to have made regarding the controls it had in place to protect credit and debit card data just prior to the breach. The lawsuit seeks compensation from Heartland for the costs that the financial institutions say they've had to bear in notifying customers about the breach and in reissuing new payment cards. The fact that the company suffered the breach despite its claimed security measures shows that Heartland either negligently or deliberately misrepresented the facts, the lawsuit alleged. Among the financial institutions listed are the Pennsylvania State Employees Credit Union, Lone Star Bank of North America and Amalgamated Bank of New York. "There were multiple lawsuits filed all over the country on behalf of financial institutions, and all of those cases were sent to federal court in Houston" for consolidation, said Joseph Sauder, an attorney with Chimicles & Tikellis LLP. The Haverford, Penn.-based law firm is representing some of the plaintiffs in the lawsuit. "This complaint incorporates the strongest claims from all of the financial institution class-action lawsuits," Sauder said. "The next step is for Heartland to file a response to this complaint," he said. The breach, which is considered the biggest involving payment card data, compromised more than 100 million credit and debit cards.

Heartland on Jan. 20 disclosed that unknown intruders had broken into its network sometime last year and accessed payment card data belonging to an undisclosed number of customers. So far, Heartland has publicly admitted to spending nearly $13 million on breach-related costs, and analysts expect it will cost the company millions more in the coming years. The cases were consolidated in federal court in Texas because Heartland's data centers are located in that state, Sauder said. Heartland, one of the biggest payment processors in the U.S., manages about 100 million credit and debit-card transactions per month. A "separate track" of cases involving consumer lawsuits against Heartland is also being heard in the same court, Sauder said.

BJ's Wholesale Club, Hannaford Bros. and Dave & Buster's restaurant chain. In September, Albert Gonzalez, 28, of Miami pleaded guilty to the data heist at Heartland and several other retailers, including TJX Companies Inc. Gonzalez is scheduled to be sentenced in December and faces 15 to 20 years in prison under the terms of his plea agreement. Heartland did not immediately respond to a request for comment.

Pod to PC is one in a growing genre of apps designed to make up for an iTunes flaw: The inability to copy music and video from the device. Pod to PC does what it says it does, and it works swiftly and well. Pod to PC ($10, free demo, temporary unlock code for PC World readers) allows you to automatically or manually copy any music, video and playlists from your iPod or iPhone directly to your iTunes library. You can check tracks on a one-by-one basis, or you can use the automatic transfer feature that takes every music file, video file or playlist file on your iPod and copies it over with one click.

Using only a minimal amount of RAM and system resources, Pod to PC only requires iTunes to be installed and running. Pod to PC even has a handy media player built in for previewing files before copying-just in case you forgot what Slipknot sounds like. The only drawback is that the demo version is really irritating to use. First, the Auto-transfer button is clickable instead of being grayed out, and you can even click OK on the next screen. The demo of Pod to PC crosses a line from informing the user about the full, paid version to the realm of the obnoxious. Instead of auto-transferring, though, it instead pops up a nag screen telling you that auto-transfer is disabled in the demo and that only 10 songs at a time can be transferred.

There's getting people to buy the app, and then there's the ridiculous, and this is the latter. Not only that, but from the second manual transfer onward, that same screen comes back, but this time with a 60 second counter; the entire app is frozen (including any app windows you have open) until the timer counts down. Irritation aside, the full price of $10 makes it a bargain compared to similar-performing competitors such as CopyTrans and iPodRobot iPod Video Converter (each $20). Unlike CopyTrans, Pod to PC automatically checks for duplicate files throughout your iTunes library, and won't just create a big mess of duplicates-Pod to PC will automatically skip any files that already exist on the host computer. Any digital rights management will still be in full force, so your iTunes will have to be authorized to play those tracks. As with all products of this type, being able to copy from any iPod doesn't guarantee you'll be able to play the files. Out of all iPod copy apps I've reviewed, this one is the cheapest and works the best-but you'll want to go ahead and get that $10 registration code immediately.

Note: The demo transfers only up to 10 songs at a time, and auto-transfer is disabled. It'll save you a lot of headaches. Also, after the first few transfers, a 60-second nag screen pops up, halting performance until the timer reaches zero. Vendor myPod Apps is extending a free registration code to PC World readers. The full version costs $10. Editor's Note: An earlier version of Pod to PC covered by PC World was free of charge. The code PCWORLD2009 will unlock the latest version of the software.

This code must be entered in Pod to PC before October 10, 2009; refund requests must also be received by the same date.

An Oakwood, Virginia, man who used a social-networking Web site to make threats of school shootings throughout the country has been sentenced to four years in a federal prison. Sammons sent several e-mail messages and posted several messages on the social-networking site LiveJournal.com, the DOJ said. Allen Leon Sammons, 28, was sentenced Wednesday in U.S. District Court for the Western District of Virginia after pleading guilty in June to five counts of transmitting threats to others across state lines, the U.S. Department of Justice said. In addition, Sammons also posted long essays on LiveJournal.com expressing his frustrations with the university system, his inability to afford college and his aggravation with "traditional students" whose parents pay for everything.

Its something you will have to live with for the rest of your lives, you should have just let it go and left me alone. On Dec. 29, 2007, Sammons posted on LiveJournal.com: "the blood of [two others], and my own is on your hands. Only thing im waiting for is the rejection letter. If you could have just let us part ways than [another person] would not be dead." On Jan. 9, 2008, Sammons received an e-mail from the Rice University Admissions Department requesting SAT subject scores. You are at fault." One minute later Sammons posted this message: "I will be killing them with luck I'll be killed also..if not I'll plee insanity...doesn't matter anymore...you are at fault...the blood is on your hands..." Later in the evening he continued, "I know you think it's a joke and not real." On Dec. 30, 2007, Sammons again posted a message on LiveJournal.com, threatening violence to others on the site: "You should have let it go, you should have let it go, but you had to pretend to be a bad [expletive] and now I've been pushed to far and tragic things are going to take place.

Sammons replied with the following: "I have a highschool diploma thats all you should ... need. AK-47 on your campus for destroying lives." As the result of one of his e-mails, some workers at the Rice department left their office that day and decided to work from home, the DOJ said. Classist and elitists. In one post, Sammons stated that he intended to take over a university by force in order to make his point. He also said he intended to commit "suicide by cop" while in the process of taking over the campus. At times, he stated he bought a cheap, imitation AK-47 assault rifle, which he would use.

During a search of Sammons' hard drive, law enforcement officials found a document labeled "People to Kill." The document contained the names of various people and their addresses. He wrote that he waited outside the apartment door of these individuals, but changed his mind about his course of action. In August 2007, Sammons traveled to the University of Illinois Champaign-Urbana to confront some of the students he had posted threats to on LiveJournal.com.

EMC executive Alan Atkinson is taking over as CEO of Xiotech, a storage company that just secured $10 million in new financing. Glassmeyer is also general partner of Oak Investment Partners, which owns a majority stake in Xiotech. Nine data storage companies to watch Atkinson was co-founder and CEO of WysDM, a data protection vendor sold to EMC in April 2008. Atkinson remained at EMC as vice president of the company's Storage Software Group, but on Thursday was announced as Xiotech's new CEO. Xiotech said its previous CEO, Casey Powell, will remain on the board of directors and will be a "strategic advisor to Atkinson." "With his extensive knowledge of and experience with data storage, Alan Atkinson is the right leader to take Xiotech to the next level," Ed Glassmeyer of Xiotech's board of directors said in an announcement.

Atkinson's 21-year career includes positions at StorageNetworks, Goldman Sachs and AT&T Bell Laboratories. Xiotech, based in Eden Prairie, Minn., plans to use the cash to expand its Intelligent Storage Element technology with new products to be released early next year. He takes over at Xiotech just after the company announced a $10 million funding round from private investors. Xiotech says its ISE architecture is designed to provide 100% usable storage capacity, to improve efficiency but without a performance hit. Atkinson marked his first day on the job at Xiotech with a blog post. "I can honestly say, after 20+ years in the storage industry (I'm really not THAT old), I've never seen a company this size with so many talented storage folks," he wrote. "We have more patents than most companies five times our size." Follow Jon Brodkin on Twitter