(InfoWorld) - Developers by the thousands flocked to the International Convention Center in Hyderabad, India last week as Sun Microsystems kicked off the second leg of its world-spanning series of Tech Days conferences. The theme of the event was "shape your future" -- and indeed, no slogan could be more appropriate for Sun, its developers, and its partners.

Sun marks its 25th anniversary this week. To the outside observer, however, there may appear to be little to celebrate. Sun's stock price languishes in the single digits, not even matching its performance of five years ago. Although the company's product portfolio is brimming with innovative technologies, it seems unable capitalize on them. Sun stands poised at one of the most critical moments of its history, yet its ability to shape its own future seems doubtful.

And yet, Sun has been here before.

[See also a Slideshow: "25 years of Sun" | PDF: "Timeline of Sun's achievements"]

Like many Silicon Valley successes, the Sun Microsystems story began with a crazy idea. In an era when "serious" computing was still largely dominated by mainframes, Sun's founders sought to bring cutting-edge technology down from the ivory towers of academia, government, and the mega-corporations and make it available in the form of affordable workstations for midsized businesses.

They weren't alone. The so-called Workstation Wars of the 1980s were bitter. But when the dust finally cleared, Sun emerged as the dominant player, thanks to its secret weapon. Unlike its competitors, which shipped complex proprietary operating systems and networking stacks for their hardware, Sun instead focused on existing, known standards, such as Unix, TCP/IP, and Ethernet, that could easily interoperate with the academic and government networks of the day.

Reduced R&D meant lower prices. While their competitors hoarded homegrown technologies like precious jewels, Sun was practically giving away entire computing solutions (at least, by the standards of the time). And from that crazy idea, Sun grew into a $500 million business in five years.

Today, 25 years after it was founded, Sun's commitment to open standards seems stronger than ever, and it has added a new weapon to its arsenal: open source. Sun CEO Jonathan Schwartz has promised to release the code of the company's entire software portfolio, from the Solaris OS to the Java development platform and beyond. Meanwhile, Sun reps sit on countless standards bodies and work tirelessly to promote open formats, such as OpenDocument.

The IT community ranges from interested to ecstatic. Sun's shareholders, on the other hand, remain less enthusiastic. Naturally their concern is profitability: How do you harvest revenue from your market if you're busy giving away the farm? But when investors point to Sun's former glory of the late 1990s, they ignore the fact that those high-flying days actually coincided with Sun's greatest misstep.

By the time the dot-com bubble burst, Sun had grown addicted to selling big, purple, multi-processor Sparc servers running Sun's proprietary Solaris OS. They were powerful. They were sexy. They were expensive. And, for a time, they were so successful that they allowed Sun to grow complacent and even to forget its own history.

Had Sun stuck to its roots, it might still enjoy the dominant share of the Unix market today. Instead it succumbed to its own early tactics. A new OS appeared -- Linux -- built from scratch but based on open standards. It could only do a portion of what Solaris could do, but it cost nothing and ran on commodity x86 hardware. Meanwhile, the x86 platform itself was evolving and becoming more powerful, to the point that clusters of commodity servers could begin to compete with the fastest supercomputers. While Sun gloated, the value proposition of its hardware was dwindling before its very eyes. The value of its shares wasn't far behind.

Thomas L. Friedman might describe it as another manifestation of the flattening of the world. Over the span of a few years, computing resources once reserved for the elites of Boston became available to their counterparts in Bangalore for next to nothing. How fitting, then, that the first stop on Sun's 2007 world conference tour should be India.

During his keynote in Hyderabad, Sun executive vice president of software Rich Green told the audience, "Open source is the vehicle by which you grow your volume." In other words, teach a man to fish and you build a market for bait. But how is a company as big as Sun to thrive in a market where even the fishing rods are seemingly commoditized?

The answer, of course, is to go back to its roots: open standards and open source wherever possible and raw innovation where it counts. Where it counts, in Sun's case, is the hardware. And what's driving it, as in 1982, is a crazy idea.

The current generation of computers does what it does well -- so much so that the full potential of modern processors is largely unrealized. That's one reason why virtualization is becoming so popular: Customers yearn to double up their server workloads and recapture those unused cycles. But Sun execs foresee a moment when the power of mainstream hardware will reach a critical mass that ushers in a new era of enterprise computing, one that will be every bit as significant as the shift toward commodity computing of the last two decades.

Sun CTO Greg Papadopoulos refers to this moment as the "Redshift." It corresponds to an explosion of what he calls "massive-scale systems." As enterprises begin to realize the full potential of modern processors, he says, supercomputing applications like complex computation, data warehousing, and grid computing will become commonplace. Internet-distributed compute farms will eventually grow large and powerful enough to operate on a global scale, serving applications that are only glimmers in the eyes of today's software engineers.

Crazy? Stranger things have happened in Silicon Valley. Sun is already working hard to cater to the needs of a post-Redshift era. Its latest UltraSparc processors are designed specifically with the kind of multithreaded, parallel-computing applications that Papadopoulos has in mind. More recently, it has broadened its portfolio to include networking hardware, as well.

Still, it's a long road that connects Sun's grand vision with customer realities. It seems likely that a future that includes a Redshift will not be one that comes of its own accord, but one that Sun will have to shape.

There's no doubt that Sun has superior technology. In the real-world IT market, however, superior technology doesn't always win out. (Some of Sun's competitors in the Workstation Wars can testify to that.) But the other card Sun has in its hand, after all, is sheer staying power. And as it marches onward toward its thirties, let's not think of it as a company approaching middle age. Rather, it's simply growing into maturity. As long as it carries on the cause of open source and open standards -- both in name and in spirit -- there will always be a future for it in the market, no matter what its shape.

(InfoWorld) - Ever have this experience? One day, you read about something, then suddenly you start noticing references to it everywhere. This happened to me recently with energy-efficient IT, aka the green datacenter. Today, a gentle trickle of attention; tomorrow — blam! — it’s on everyone’s lips.

Mind you, I wasn’t unaware of the subject matter. For some time, InfoWorld Senior Editor Ted Samson has been pitching “green IT” stories during our editorial planning meetings. We even ran an article entitled “IT confronts the datacenter power crisis” in October. But I began to suspect that the debate was heating up when I heard Michael Dell proclaim in January that tech companies must start taking responsibility for the energy they were siphoning off. The rhetoric was good, even if Dell’s solution for offsetting carbon emissions — asking customers to donate money to plant trees for every system they bought — is unlikely to be effective.

Last week, though, was the capper. First, I received an announcement of the CleanTech Forum, a conference run by a venture capital outfit focusing on green technology investment. Then Senior Contributing Editor David L. Margulius pointed me to a study examining U.S. datacenter power consumption.

A day later, I met with representatives from The Green Grid, a group addressing the very same issue. The consortium, which launches today, boasts an impressive roster of members, including AMD, Dell, HP, Intel, IBM, Microsoft, and Sun. A collection of tech heavyweights like that will surely get people talking about the greening of IT more than ever.

One of those people will be our own Samson, whose Sustainable IT blog launched — when else? — last week. How’s that for timing?

(InfoWorld) - Window Snyder, chief security officer at open source browser maker Mozilla, is caught in the crosshairs of the raging browser vulnerability battle.

On one hand, her company launched an upgrade to its Firefox browser on Feb. 23 that specifically aims to fix a number of flaws that have been discovered in the program.

On the other hand, she's dealing with almost daily reports of newly identified vulnerabilities in Firefox disclosed by a researcher who makes his work public before informing Mozilla of the problems.

As trying as the situation may sound, Snyder admits that the day's conflicts come with the territory of her job and those of security experts at every other browser maker.

With the high-profile nature of the browser in today's Internet-based economy, working to eliminate vulnerabilities, respond to researchers, and ward-off malware attacks will remain a large part of the daily routine for the foreseeable future, according to the CSO.

Snyder said that Mozilla is receiving a lot more customer feedback of late from people concerned about browser security.

"The browser is one of most critical pieces of software on the computer in terms of something attackers are going after," Snyder said. "Attacks are constantly changing and every software developer needs to recognize new threats as they emerge, but that's nothing new, we've always considered security to be a top priority."

Despite Mozilla's ongoing security efforts, Firefox has come under intense scrutiny from Michal Zalewski, a well-known independent security researcher who has published a collection of previously undiscovered vulnerabilities in the browser during the month of February.

The Firefox security update was already delayed several days so that Mozilla could address an issue published by the researcher earlier this month dubbed the location.hostname vulnerability.

And on the eve of Mozilla's release of the revamped browser, dubbed Firefox 2.0.0.2, Zalewski published information about yet another flaw in the product involving a memory corruption issue that could allow attackers to take control of computers running the software. Phishing and spoofing threats are among the attacks likely to be aimed at the latest issue, according to Zalewski.

Although Snyder said she would prefer it if Zalewski and other researchers would disclose vulnerabilities to Mozilla before taking them public, she said the company relies on such experts to help it keep customers protected from attacks, as painful as the reports may be.

"We would prefer that he would notify us first, but more importantly we are glad researchers are looking at Firefox and helping us fix problems," the Mozilla CSO said. "We also see where the researchers are coming from, in terms of their frustration with the amount of time vendors are taking to fix vulnerabilities."

Snyder hopes that as Mozilla improves its ability to patch flaws faster, researchers will work more closely with the nonprofit company. The software maker is also developing a range of new security features for use in the Firefox 3 iteration of the browser, code-named "Gran Paradiso," that is slated to arrive sometime in the second half of 2007.

Much of the work is focused on improving users' capability to understand and manage their online credentials, the CSO said.

Security researchers maintain that attacks on browser vulnerabilities are only going to increase in volume and frequency, in particular during 2007.

According to experts at IBM's newly acquired ISS business unit, which is based in Atlanta, the continued emergence of the "exploits as a service" business, through which malware code writers market their attacks to cyber-criminals via underground channels, will only add fuel to the fire.

In another daunting development, roughly 50 percent of the browser attacks observed by ISS' X-Force research team during 2006 used encryption to hide themselves and the data they attempted to steal, with the group expecting use of such tactics only to grow during 2007.

"Attackers have honed into Web browser vulnerabilities because the amount of protection people have to defend against these types of threats is not as advanced for many end users," said Gunter Ollmann, director of security strategy at IBM ISS. "In addition to the underground communities where exploits are being bought and sold, it's also become much easier for attackers to build engines that sit on Web servers and generate personalized browser attacks."

Ollmann said that such threat engines are being armed with increasingly sophisticated levels of programming logic, giving them the capability to look at the specific version of a browser someone is using and launch attacks specifically aimed at the programs. Malware code writers are also sharing libraries of IP addresses known to be used by security researchers to help avoid detection of their latest work, Ollmann said.

Another breed of emerging attack attempts to insert itself between end-users' keyboards and browsing programs to steal data and circumvent the security tools being added to the programs.

The so-called "man-in-the-browser" threats have already been found lurking in high-value online transactional systems operated by financial services companies, where they seek to intercept valuable information as it entered by customers, said Dr. Chenxi Wang, analyst with Forrester Research.

The spiraling complexity of such threats serves as strong evidence that the battle between malware writers and browser makers is only beginning to heat up, and will continue for some time, the analyst said.

Wang believes that one answer to the security problem will be for browser makers to adopt more rigorous software development efforts to minimize vulnerabilities, but even those improved processes won't catch every flaw.

Microsoft's Security Development Lifecycle (SDL) program, for instance, appears to have lowered the number of vulnerabilities in its newest Internet Explorer 7 browser compared to earlier versions of the product, but the company has already been forced to patch at least one critical flaw in the software, which was released in Oct. 2006.

"This is going to be an arms race that is ongoing for the foreseeable future," Wang said. "There is no excuse for people on the defense side not to be more proactive with security and use better mechanisms during software development to protect against future attacks, but the attackers will always have some new approach as well."

(InfoWorld) - Following Google's announcement on Thursday that it would offer an enhanced version of its Google Apps, dubbed Google Apps Premier Edition, the company left no doubt about the direction in which it was heading.

Not only has it added key business applications -- a word processor and spreadsheet -- to Google Apps, but the company is offering the kind of support corporate IT would expect: IT management tools, technical support, and service level agreements for uptime.

Even all that, however, does not tell the entire story or give the scope of Google’s plans.

In its press announcement and in an interview with a Google executive, Dave Giroud, vice president and general manager of the Enterprise Unit, Google made it clear that it will offer APIs for business integration, thus creating a business platform not unlike what Salesforce.com offers with AppExchange.

[Related story: "Avaya to add VoIP to Google Apps" | Podcast: "Google's Rajen Sheth discusses Apps" | Talkback: "Can Web-based applications outwit, outplay, outlast the desktop?"]

If that happens it could become the center of an application ecosystem that leaves traditional desktop applications in the dust.

Both Avaya and Postini participated in the Google announcement on Thursday saying they would develop a "variety of solutions" based on Google's APIs. Included among those third-party applications will be e-mail gateways, enhanced security, calendar synchronization, and VoIP integration between Avaya and Google Talk.

The reason some analysts have characterized the announcement as historic rests with the fact that Google is the first top-tier company to offer a 21st century solution that will compete with Microsoft Office, a suite of applications created in the 20th century and well before the Internet or HTML existed.

With the addition of word processing and a spreadsheet as well as support, Google Apps could very well represent a watershed moment in a wave of online applications from many other new companies that some day might overwhelm giant Microsoft.

However, Josh Greenberg, senior analyst at Enterprise Applications Consulting, offers more cautions than he does encomiums about Google Apps and how successful Google can be against the Redmond giant.

"Google is the number one media company and they have a great search. That doesn't mean they have the credentials to be a player in desktop applications," Greenberg said.

Greenberg says Google needs to "dress up" Google Apps to make it look corporate in terms of security, feature functionality, and interoperability.

But perhaps more importantly, Microsoft is not standing still, Greenberg adds. Microsoft is no longer a collection of stand-alone applications. It is morphing into a strategic interface for ERP and other transaction processes, Greenberg says, pointing out the recent deal with SAP and the co-developed Duet technology.

"Every single enterprise player of note has an Office interface," Greenberg said. And despite Google's wide appeal in the consumer market, corporate uptake of Office drives a tremendous amount of personal use, he added.

Is this a play on Google's part to go head to head against a player in its own backyard, Salesforce.com and its AppExchange? For that to happen it would require a huge uptake on the part of third-party application developers.

Tony Meadow, president of Bear River Associates, an application development company, says the promise of a huge, available market for third-party applications does not always guarantee that developers will follow it. Meadow says that idea already exists with Microsoft and it has only been successful to a limited extent.

"There are people who develop complete spreadsheets with Excel that are sold as products, so it is not inconceivable that it will happen with Google but at this point it is an unknown," Meadow said.

Despite the roadblocks to gain entry into the enterprise all indications point to Google gearing up to do just that.

Sources say Google is buying up a great deal of dark fiber all around the country and at the same time hiring telecommunications engineers and delivering during the past year or two thousands of server blades to what are called Peering Centers, datacenters where networks converge to optimize connectivity.

This could be happening so that Google can offer the kind of quality of service, so-called five 9s uptime, required by the very biggest of enterprises before they would consider using an online streaming application.

Finally, Google executives are already making it quite clear where they are heading. Both Douglas Merrill, CIO and vice president of Engineering at Google, and Eric Schmidt, CEO, are increasingly going on the record about Google Apps in the enterprise.

"The hardest thing to build is a million-user consumer application with no downtime. We have taken that opportunity to bullet proof [for] large scale enterprise applications," Schmidt said.

Merrill even touches on the current climate of government regulations and the fact that Google Apps were built to meet those new demands.

"We built applications to meet regulatory requirement for even the largest enterprise companies. That means Google Apps already have enterprise security built into them," Merrill said.

Nevertheless, Google isn't the first company to attempt an Office killer. Whether it is Sun's Star Office most recently or WordPerfect from a previous generation, with 450 million users, chipping away at the Microsoft Office user base won't be easy.

Greenberg has reservations about whether or not Google understands this part of the market well enough to be a serious competitor. And he warns that one of the lessons of capitalism in the 20th century is that "extreme verticalization" doesn't succeed.

Companies need to outsource functions that companies are not an expert at. And, some would say, what Google does best is search and they should not get diverted by what other companies do best.

Only time will tell.

Jeffrey Falk, director of product development at The Members Group says his company, which has about 150 people and revenues in the $50 million range, would consider Google Apps as a replacement for Microsoft Office mostly for the cost savings. But, he added it would have to meet a number of stringent requirements first.

"If we could find an ironclad solution that would deliver a quick time to market as far as the learning curve for us and we could overcome the hurdles of security and become comfortable with that, Google Apps has some legs," Falk said.

(InfoWorld) - Mozilla has released an update to its Firefox browser, fixing a number of security flaws in the product.

The Firefox 2.0.0.2 release includes a fix for a bug disclosed by security researcher Michal Zalewsky last week. That flaw can be exploited by attackers to manipulate cookie information in the Firefox browser, making it probably the most important fix in the update, according to Window Snyder, Mozilla's head of security strategy.

"The potential to compromise a user's account is almost as serious as compromising their machine," she said Friday via instant message. "Since the details of how to exploit the vulnerability are publicly available, the risk to users is increased."

The updates also include a fix for a previously undisclosed memory corruption flaw in the browser that could be exploited to run unauthorized software on a Firefox user's computer.

This flaw could also affect Thunderbird users who have configured their mail client to run JavaScript automatically, something that Mozilla does not recommend. Thunderbird is Mozilla's free e-mail client.

The patches were released on Friday afternoon and should soon be delivered via Firefox's automatic software update mechanism, Snyder said.

Mozilla has patched a total of seven Firefox bugs and is also addressing two bugs in Thunderbird.

The latest browser release also includes enhancements to make it run better with Windows Vista as well as support for the Afrikaans, Belarusian, Georgian, and Kurdish languages.