NetSuite adds ERP support for iPhone

NetSuite on Wednesday plans to unveil a new native application for the iPhone and iPod Touch that lets users of its on-demand ERP (enterprise resource planning) suite tap a number of key capabilities while on the go. A calendar feature allows users to accept or decline events and denote completed tasks. Capabilities include a dashboards for viewing company KPIs (key performance indicators), graphs, scorecards, reports and other data. Salespeople can tap various data, such as contacts, opportunities, cases and orders.

NetSuite customers hailed the new application, but said there is room for improvement. The application also provides features like "click-to-call" from NetSuite records that include a phone number. WhippleHill Communications, a Bedford, New Hampshire company that develops portal and content management systems for schools, switched to NetSuite after using QuickBooks, homegrown applications and Microsoft CRM (customer relationship management) software, according to company president and founder Travis Warren. "We were excited about NetSuite but not thrilled with their mobile option. However, in recent years, WhippleHill employees have been switching to iPhones. It didn't run well on our BlackBerries," he said. Apple's moves to ensure iPhone compatibility with Microsoft Exchange only boosted the 85-person company's enthusiasm for the device further, he added.

I get it all in one glance." While he could always log into NetSuite and get the same information, it's much less cumbersome to use the iPhone, which "is always on," versus booting up a laptop and plugging in a Wi-Fi card, he said. Warren, a beta tester on the iPhone app, is using it to gain quick and easy views into his company's performance, he said. "I can see how much cash we have, our sales, tickets opened today. Warren also appreciates the fact that the iPhone app preserves the hierarchy and structure of his core NetSuite account, with no need for separate configuration. "If I have five KPIs [set up] in NetSuite, I have the same ones on the phone." But the initial application has its shortcomings, chiefly that users can't write back much information into the NetSuite system. Kugler also wants access to more granular data. "I think it would be helpful to be able to get snapshots of a particular inventory item, vendor or customer history (sales, units sold, profit, days behind, YTD info, etc.) at a glance," he said. NetSuite customer Brad Kugler, CEO of Distribution Video and Audio, a Palm Harbor, Florida video distributor, has also been using the iPhone application and is hoping NetSuite will expand such capabilities. "Being able to enter simple lead and customer info would be helpful," he said in an e-mail.

NetSuite's goals for the app's first installment was to provide executives with a "360 degree view" of their business, said Malin Huffman, principal product manager. The company plans to boost write-back capabilities over time, he added. "It's definitely in our road map for the future." NetSuite is making the initial iPhone application available for free. "Down the road, it's hard to say what other apps and versions [will be developed], and if a different model makes sense," Huffman said. "With this, we want to get people engaged." The application is available in English at first, but NetSuite is planning to add additional language support as well, according to Huffman.

Tibco brings DIY BI report generation to BPM

Tibco will offer on Wednesday do-it-yourself capabilities for generating business intelligence reports on business processes to users of its BPM (business process management) software. With this information, users can fine-tune their applications. [ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter and Killer Apps blog. ] Previously, users have had to specifically request business intelligence information on BPM from IT personnel. "The cool thing about this technology is unlike existing business integration products or BPM, this product will allow business users to directly manipulate and analyze the BPM data or the process data that's out there," said Rourke McNamara, Tibco director of product marketing. Built as an add-on to Tibco iProcess Suite for BPM, the company's Tibco iProcess Spotfire software enables users themselves to build personalized, real-time process reports. Management of business processes enables users to make businesses more efficient, he stressed.

Customized templates display reports and analyses. Featured in Spotfire are personalized reporting and analytics, as opposed to using static dashboards to display business processes. Contextual process performance data is generated that can be combined with business data from other applications, enabling process performance to be assessed in a full business context, Tibco said. While BPM is used for a wide variety of tasks, McNamara mentioned insurance claims management as an example of a use. Users can build reports on such activities as bottleneck data, process cycle time, and how quickly business participants are working. "This allows the business users to optimize those processes based on how they're being used today," McNamara said.

Tibco's iProcess software represents a convergence of BPM, business intelligence, and business rules engines, said analyst Boris Evelson, of Forrester. Another shortcoming is the lack of common metadata and metadata standards to bridge the gap between data, process and rules data, he said. This convergence, he said, was "necessary to optimize enterprise operations and create actionable insight into data and processes in order to make better strategic, tactical, and operational decisions." But the merging of the three technologies represents an immature market, which has mostly been addressed by systems integrators cobbling together bits and pieces of components from multiple vendors, Evelson said. Tibco's iProcess Spotfire software is built as a Windows client package, although a Web client is available with abbreviated capabilities, called Spotfire Web Player. The company also will roll out iProcess Workspace Lite, an HTML workspace client focused on core activities for executing business processes.

Also being offered in the Tibco BPM space Wendesday is Business Studio 3.2, which is a user interface adding capabilities for visually defining an organization's structure and relationships between different organizational components. A simple user interface in Workspace Lite enables the product to be used more easily by those with impaired vision and/or fine motor control difficulties, Tibco said. This story, "Tibco brings DIY BI report generation to BPM," was originally published at InfoWorld.com. Tibco would not disclose pricing information for the three products. Follow the latest developments in enterprise applications at InfoWorld.com.

Microsoft issues security advisory on IE exploit, patch in works

Microsoft Monday night issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer and said a patch is forthcoming. 15 secrets of next-generation browsers Earlier in the day, the company said it was investigating the incident which emerged over the weekend when someone published the exploit code to the Bugtraq mailing list. There have not been any active exploits reported so far. By Monday night, Microsoft switched gears and issued the advisory.

Microsoft's Security Response Center posted a blog entry last night saying it was working on a patch. "Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. Vulnerabilities that allow remote code execution generally result in patches rated as critical by Microsoft. That may include releasing the update out of band." Microsoft released Security Advisory 977981, which includes workarounds for an issue that exposes a flaw in Cascading Style Sheets that could allow for remote code execution. The advisory confirmed the vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft said users running IE 7 on Vista can configure the browser to run in Protected Mode to limit the impact of the vulnerability. The "High" setting will disable JavaScript, which currently is the only confirmed attack mode. It also recommended setting the Internet zone security setting to "High" to protect against the exploit.

Microsoft said IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected. SSIRP is a four-step process Microsoft has developed to deal with malicious threats. Microsoft activated its Software Security Incident Response Process (SSIRP) and said the investigation into the vulnerability is ongoing. Issuing the security advisory is Step 3, called assess and stabilize, where "the engineering team investigates and develops the solution, while the communications team reaches out to provide guidance to customers and partners." Step 4 is the resolution stage where "the Microsoft Security Response Center provides tools and solutions." While Microsoft did not say specifically that it planned to issue a patch, it did say in an e-mail to media that "the company recommends customers review and implement the workarounds outlined in the advisory until a comprehensive security update is released." Microsoft also is recommending users upgrade their earlier versions of IE to more recent versions that are not susceptible to the attack, which can give a hacker control of the targeted machine. Right now, it is a potential threat. Earlier in the day, security experts at Symantec's Security Response division said the published IE exploit code does not work reliably but that a better written version is likely on the way. "The exploit code is not very good," said Ben Greenbaum, senior research manager with Symantec Security Response. "So it is going to have to be fine tuned before it is a real threat.

But it is just a matter of time before somebody finds a far more reliable method for exploiting this." He says if users disable JavaScript in IE they would be protected against the exploit, however, the action also would break some functionality on Web sites. He says Symantec already has various protections out that would foil an attack by this exploit, and that others are also in the works. Greenbaum did note that JavaScript may not be the only attack vector, but right now it is the only one that has been disclosed publicly. For the attack to be carried out a user only has to be directed to a malicious Web page or visit a legitimate Web page that has been compromised with the exploit code. Just last month, Microsoft issued a patch rated critical to close a vulnerability in IE first disclosed at the Black Hat conference in July. IE has become a popular attack target for hackers.

In addition to IE, Firefox also can be vulnerable to the exploit when it is running the Windows Presentation Foundation plug-in, which gets installed via .Net Framework Service Pack 1. Follow John on Twitter.

Apple TV software 3.0 on its way with iTunes LP

It's been some time since the Apple TV has received much attention from Apple, and no, dropping the 40GB model and the price on the 160GB model doesn't count. When I checked for iPhone OS app updates and Season Pass downloads this morning, the iTunes Store prompted me with a new TOS agreement. But just in time for the holidays, a new iTunes Store Terms of Service agreement may have let the cat out of the bag. Admittedly, I wasn't interesting in reading such a scorcher from beginning to end, but Apple fortunately highlights the major changes above the agreement.

The second is a bit more interesting, especially for owners or soon-to-be-owners of an Apple TV: The Terms of Sale have been revised to clarify that you can now use iTunes LPs and iTunes Extras on Apple TV with software version 3.0 or higher. There are two TOS changes of note this time around, the first being a clarification of how and when film rentals can be moved between devices. The Apple TV is at software version 2.4 right now and, so far, a version 3.0 upgrade has yet to hit the wire. The arrival of iTunes Extras and LPs on Apple TV is pretty interesting by itself. Apple's support document that lists Apple TV software versions and changes has also not been updated yet. But since the iTunes LP format is based on Web technologies, this also means that Apple would have to add some version of WebKit-the Web rendering engine that powers Safari and an increasing number of other browsers-to Apple TV. Put two and two together, and one could quickly begin wandering down speculative roads that other web-powered services, such as Hulu and Netflix, may either be on their way from Apple, or easy to enable with third-party utilities.

But since it is the holiday season, we certainly hope that an upgrade as large as a 3.0, whenever it arrives, will bring at least a few other features and fixes as well. Still, we've been expecting a software upgrade for the Apple TV for a while now, and support for iTunes Extras and LPs-new features and formats that are simply begging to be displayed on an HDTV-is a great place to start.

Oracle plans aggressive fight with EU over Sun takeover

Oracle is planning an aggressive fight with European regulators if its attempt to take over Sun is slapped with a statement of objections in the coming week, said people close to the company Wednesday. The European Commission declined to comment on the reports, but confirmed that if such a step was to be taken it would have to be taken soon, in order to allow enough time for procedures leading up to the Jan. 19 deadline for a ruling. "The ball game would change dramatically if the Commission issues a statement of objections," said one person familiar with Oracle's thinking who insisted on anonymity. Unsourced news reports that a statement of objections is imminent surfaced earlier Wednesday. He added: "Oracle has been holding back until now, and contrary to what the Commission says it has addressed the substance of the Commission's concerns about the deal in huge abundance." When the Commission opened an in-depth probe of the Oracle-Sun deal at the beginning of September, it said it was concerned about the deal's impact on the market for software that runs corporate databases.

Oracle is unwilling to sell off MySQL because it is "a strategic imperative of the deal," the person said. Sun owns MySQL, an open-source challenger to the big three makers of proprietary database technology: IBM, Microsoft and the market leader, Oracle. Oracle needs MySQL in order to compete with Microsoft in markets such as the one for small and medium-size corporate clients, he said. "This deal is the most transformational deal in the history of the IT industry. The frustration with European competition regulators is palpable, she said. It will enhance competition, not erode it, by creating a more viable counterweight to Microsoft," another person close to the merging companies said, also on condition that she wasn't named.

The European Commission was notified of the deal at the beginning of August - a time when many Commission officials are away on holiday. It can send a review off in the wrong direction. The chances of getting a quick thumbs-up in Brussels were not strengthened by the timing, as less-experienced officials were left to handle the notification, she said. "It's not ideal to have your deal handled by the B-team at the start. It looks like that's what has happened with Oracle/Sun," this person said. In reference to the most controversial merger ruling by the Commission in recent years, he said the transatlantic political storm that would be unleashed if the Commission blocked Oracle/Sun "would be like GE/Honeywell on steroids." General Electric's planned takeover of aeronautics firm Honeywell was cleared in the U.S., just as the Oracle/Sun deal was.

If the Commission does issue formal objections to the deal it will mean war, said the person familiar with Oracle's thinking. But it was blocked in 2001 by the European Commission. Although the political landscape has shifted dramatically with the arrival of Barack Obama in the White House, the person close to Oracle said the political fallout from a European prohibition of the Oracle/Sun deal would be even more intense. "While GE was arguing with the Commission, not one job at Honeywell was lost. During the buildup to that ruling, senior U.S. politicians including President George W. Bush intervened to try to save the deal. Sun has lost thousands and faces going out of business if this deal fails," the person said, pointing out that GE/Honeywell happened when the U.S. economy was strong, unlike now, when unemployment has reached almost 10 percent in the U.S.. "Senior politicians including Speaker of the House Nancy Pelosi are ready to intervene on Oracle's and Sun's behalf but have been asked to hold fire for now," he said. Pelosi has close political and personal ties with Sun's hometown of San Francisco. "If the Commission issues an SO (statement of objections) in the coming week it will be gloves-off time - no more holding back," the person close to Oracle said.

Unpatched SMB bug crashes Windows 7, researcher says

A day after Microsoft plugged more than a dozen holes in its software, a security researcher unveiled a new unpatched bug in Windows 7 and Server 2008 R2 that, when exploited, locks up the system, requiring a total shutdown to regain control. Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Microsoft acknowledged that it's investigating the flaw.

The attack code, said Gaffie, crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. "No BSOD [Blue Screen of Death], you gotta pull the plug," Gaffie said in notes inserted into the exploit code . Gaffie claimed that the exploit, powered by a vulnerability in the new operating systems' implementation of SMB (Server Message Block), could be successfully launched from within a network from an already compromised computer, or used to attack Windows 7 machines via Internet Explorer (IE) by transmitting a rogue SMB packet to the PC. Unlike more serious flaws, the Windows 7 SMB bug cannot be used by attackers to hijack a PC, Gaffie confirmed. "No code execution, but a remote kernel crash," he said in an e-mail today. None of the 15 affected the final version of Windows 7, which was released to retail Oct. 22, or affected Windows Server 2008 R2. Gaffie also said that Microsoft's security team has acknowledged the vulnerability, which he first reported to them last weekend, but was told by the company that it wasn't planning to fix the flaw with a security update, instead perhaps correcting it in the first service packs for Windows 7 and Server 2008 R2. A Microsoft spokesman confirmed that the company is looking into Gaffie's claims. "Microsoft is investigating new public claims of a possible denial-of-service vulnerability in Windows Server Message Block," said the spokesman in an e-mail reply to questions. "Once we re done investigating, we will take appropriate action & [which] may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves." Gaffie's disclosure came just a day after Microsoft issued November's security updates , which patched 15 vulnerabilities in Windows, Windows Server and Office.

Nortel users should hope for best, prepare for worst

Users should chart the progress of Avaya's purchase of Nortel's enterprise assets carefully, so that they are spared any unpleasant product integration or rationalization surprises. Avaya last week also won court approval for the purchase. Product overlap, consolidation and subsequent support are the biggest issues facing Nortel enterprise customers on the heels of Avaya's $900 million purchase of that business.  Avaya last week emerged as the winning bidder for Nortel's enterprise business, beating out Siemens Enterprise Communications for the asset. The rise and fall of Nortel Now comes the uneasy task of sifting through the product portfolio and eliminating redundancies - an ordeal that could leave Nortel - and even Avaya users - with a shortened lifespan on their investments. "Like an onion, there are lots of layers," says Nortel customer Bruce Meyer, director of network services at ProMedica Health Systems in Toledo, Ohio. "Let's see where they go from here." "There may be some surprises there," says Bob Hafner, an analyst with Gartner. "These are going to be two large companies coming together.

These things never go without issues, problems or concerns." Significant overlap is expected in the IP telephony/unified communications portfolios of both companies - such as IP PBXs, handsets and call management software. It's not the easiest thing to do. Avaya is the leading revenue market-share vendor in enterprise telephony, according to Dell'Oro Group, while Nortel is No. 4. Little to no overlap will be found in routers, switches and other infrastructure products, where Nortel has a significant market share and installed base. We need a reliable infrastructure." "The biggest issue for users is, 'Show me the [product] road map,'" says Henry Dewing of Forrester Research. "They want to see hardcore product plans and how they are going to actually consolidate product lines." Avaya has pledged near term support for the Nortel enterprise products, including those serviced by Verizon, a Nortel reseller. Indeed, Meyer believes Nortel routers and switches will be less susceptible to discontinuation than the VoIP products, because Avaya has virtually no data products. "With Avaya, there's not a lot of strength in enterprise data," Meyer says. "[Avaya] will want to know that the infrastructure is good. Verizon filed motions last week seeking assurances that Avaya would continue to support the Verizon accounts, which the carrier says include many federal law enforcement agencies.   "I'd be surprised if that issue doesn't work itself out," says IDC analyst Abner Germanow of the Verizon/Avaya scuttle. "I'd have a hard time believing they'd leave the U.S. government out to dry." Longtime users such as Meyer and Promedica would also like support assurances.

To that end, Avaya kicked in $15 million for employee retention, on top of the $900 million purchase price for Nortel Enterprise Solutions. In addition to product direction, Meyer hopes the relationship his company has had with Nortel sales, service and support representatives remains intact. Nortel enterprise chief Joel Hackney said last week that Avaya could retain as much as 75% of Nortel's enterprise staff, though he would not say how many the unit employed. We're talking about lots of long-term relationships. Published reports, however, stated that Avaya may only retain 60% or less of the Nortel enterprise workforce, a situation that troubles Meyer. "My concern is reduced staff," he says. "What are those reductions going to mean? Brand loyalty comes from post-sales support.

IDC's Germanow is advising Nortel customers to accelerate any assessment or planning activities in light of the Avaya takeover. "They should figure out where their own needs lie and how to most effectively migrate," he says. "They should hold companies to their multi-vendor visions - that open means open." Meyer, for now, is holding fast and not contemplating any alternative vendor options in light of Avaya's takeover of Nortel's enterprise business. "This is still a wait-and-see scenario," he says. "How much of this will be a replay of Bay/Nortel?" he asks, referring to Nortel's 1998 acquisition of Bay Networks, which largely crippled the No. 2 player to Cisco in routers and switches. "This is going to be really interesting to watch." If those relationships change because of staffing changes, that would be a big deal." Gartner's Hafner agrees. "Customers need to pay attention to what's going on in the [merged] organization" to detect any potential distractions or turf battles or downsizings that may adversely affect them, he says.