The Community for Technology Leaders

# IN THE NEWS

Pages: pp. 103-109

## TALIGENT READIES A NEW DEVELOPMENT PARADIGM

RichSantalesa

What's half pink, a bit blue, and runs on everything? The new operatingsystem and development environments from Taligent, the joint venture of Apple,IBM, and HewlettPackard.

Although this is the year Taligent will finally ship a suite of products, it'sbeen a long and winding road. The Taligent technology began life as Apple'ssecret Pink operating system, originally based on an Opus 68Kspecificmicrokernel. In March 1992, Apple spun Taligent out into a joint venture withIBM and the technology expanded, but its position in the Apple and IBMoperatingsystem hierarchy became a bit blurred.

Once Taligent moved out from Apple's control, the underlying microkernelwas switched to Mach 3.0, which is both more powerful and portable than theprevious 68K Opus kernel and has the advantage of being the same kernelbeneath IBM's Workplace operating system. Hewlett Packard joined as Taligentas the third major partner in January 1994.

This operatingsystem history is primarily important in understanding the troikaof components that Taligent will offer in 1995 and their potential effect ondevelopers and applications.

The Taligent product line is completely built around objects. Fromthe development tools, to the operating system, to the user interface andapplication design — every feature stems from the extensive use of consistentobject technology. As the scion of Apple, IBM, and HP, Taligent inherits accessto an astounding range of object and development technology, especially IBM'sSystem Object Model and Distributed System Object Model and HP'sDistributed Object Management Facility. Taligent has already stated that itstechnology will be bundled with the operating systems of IBM, HP, and Applein the future.

### THREE PRODUCTS.

The three prongs of Taligent's attack, in order of release, are

CommonPoint 1.0, formerly known as TalAE (Taligent ApplicationEnvironment). CommonPoint is an objectoriented framework that rests onthe Mach kernel. Now in beta testing at 100 sites, it's more than youraverage framework. It is scheduled to ship in the first half of this year.

TalDE (Taligent Developer Environment) consists of an advanced incrementalcompiler and linker, objectoriented project database, hyperlink tools,debugger, and additional tools, such as versioning control and an interfacebuilder. It is scheduled for release in the second half of 1995.

TalOS (Taligent Object Services) is essentially a complete objectorientedoperating system. It is scheduled to ship in 1996.

### AMBITIOUS GOAL.

Taligent's ambitious goal is to revolutionize portable application developmentand how users interact with their applications, their work, and their computers.Taligent wants to be the industry's standard development method. Regardlessof whether Taligent is ultimately successful, its approach and technology pointsthe way to both the future of software development and computing — a futurein which overall operating system functionality is dramatically enhanced, theunderlying operatingsystem core itself is smaller, and applications interact tooffer a documentcentered computing environment.

The first examples of Taligentforged applications saw light at last fall'sComdex, where a handful of independent software vendors demonstrated severalprograms and prototypes. Among them were Virtus Corp., known for the highlyacclaimed Virtus Walkthrough modeling program, which displayed VirtusNavigator, a 3D Internet tool. Nisus Software showed Info Bank, a sophisticateddocumentmanagement system. Abacus Concepts showed a 3D datavisualizationtool that revealed data associations and patterns using a customizeddatabaseaccess framework. Taligent found the Abacus approach so appealingthat it will include it as part of the standard CommonPoint environment.

### COMMONPOINT FOUNDATION.

According to Joe Beyers, Taligent's director of product marketing andplanning, CommonPoint contains 100 frameworks that offer functionality rangingfrom highlevel application frameworks, to complete text and graphics editing,compound documents, international text support, 2D and 3D graphics, tolowerlevel system services.

CommonPoint is fundamentally different from conventional frameworks becauseit will extend down to the operating system level via TalOS. Conventionalframeworks, such as those in Microsoft and Borland C++ environments, barelyscratch the surface of the underlying operating system. CommonPoint digsdeeply into the Taligent operating system or runtime environment and providesa wealth of methods and classes. Within CommonPoint's 100 frameworks are1,730 public object classes, as many nonpublic classes, and 53,000 methods.Compared to the roughly 4,000 calls on the Mac API and the 1500plus callsin Windows. Taligent's technology is so replete with objects that its beencalled "a whole OS of nothing but hooks."

### PORTABILITY PROMISES.

This richness is intended to translate into a high level of true reusability andoperating system functionality that compliments applications by enforcingprogramming discipline and maintaining clear communication among applicationsand between the operating system and the applications.

Despite the hype surrounding OO programming, reusability and object theory,swift and clean portability is the holy grail of developer tools. Many aspire; fewdeliver. Although the CommonPoint beta runs only on AIX RS/6000 systems, theTaligent APIs within CommonPoint, TalDE and TalOS will eventually run acrossseveral CPU architectures.

With today's porting tools, the major disadvantage is that you must port tothe lowest common denominator, which means that the special aspects ofcertain operating systems are either handled poorly or ignored completelybecause they are not offered in other operating systems. This effect has led, toexample, to the debacle that is Microsoft's MS Word 6.0 for the Macintosh:Mac Word 6.0's interface is a virtual duplicate of the Windows version — allMac conventions are flouted.

Taligent's porting ace in the hole is the fact that Taligent is designed tocoexist with other operating systems via a runtime environment that providesaccess to both the legacy applications and the full Taligent system, interface,and application functionality. As a result, taking an application from oneTaligent environment to another preserves all the functionality offered by theTaligent frameworks. Nothing can be left behind because there is no lowestcommon denominator.

However, running the full TalOS precludes, at least for now, othernonTaligent applications. In other words, the TalOS completely replaces thehost's original operating system. It remains to be seen how popular, orwidespread, this will be.

And the runtime environment, which maintains the underlying operatingsystem functionality and applications has a memory overhead of approximately 4M bytes and a disk footprint of 20M bytes. This is definitely not something you'll run on a fouryear old 80386based system. The ultimate size, memory requirements and performance issues are as yet unclear.

### TALKING TO DEVELOPERS.

It is perfectly clear is that Taligent is fully a C++ system. And it has a stifflearning curve, even for experienced C++ programmers, according to JerzyLewak, president and chief executive officer of Nisus Software. Taligent itselfacknowledges that developing your first Taligent application will take longerthan with conventional tools due to the learning process, but that subsequentapplications are rapidly executed. Several Taligent developers confirmed thisscenario.

"Taligent's frameworks are all coordinated much better than others I'veseen. They're designed to work together with the underlying kernel, in afashion similar to the Mac's ROM Toolbox calls, but on a supremely moreadvanced level," added Lewak. "Nextstep is the closest thing to Taligent butit's already old and not nearly as advanced — despite the fact that until nowit's been the fastest development platform, bar none. We have spoken withpeople who have used Nextstep and we considered it, but it's clear to us thatCommonPoint is the next Nextstep, if you will."

Likewise, Virtus Corp's director of technologies, David Easter, said thatTaligent's developers "really understand the core processes in developingapplications. For instance, there's a standardized way to make object changes,and object communicate cleanly. Basing apps on CommonPoint results inprograms that are more consistent internally, cleaner, and allows the frameworkto do significant grunt work in cooperation with the Taligent environment."

For example, the CommonPoint framework supports multilevel undo,implements a basic menu structure, and offers pervasive draganddrop andother global tools that work throughout the environment, not merely within oneapplication. With CommonPoint and the Taligent kernel you can use a highlighttool that works the same way in any document or application, and indeed theentire Taligent system. Taligent calls this interface approach "People, Places,and Things."

The PPT interface is based on a docucentric model, in which a user createsdocuments that perform tasks, instead of using an application as such. Itincorporates the notion of "people" you can send items to and accessinformation about and the concept of "places" in which you have certainrights and are allowed certain functionality. Taligent believes this makes for amuch more natural working environment and consistently more naturalapplication behavior.

### DEVELOPMENT ISSUES.

To create Nisus' Info Bank program, Lewak sent two engineers to Taligentfor training and education. Despite the fact that both engineers already knewC++, they spent three months working with Taligent to learn the environmentand frameworks. "Once you learn CommonPoint and Taligent's system youwill be expert C++ programmer, whether you want to or not. It took threemonths to develop Info Bank once my engineers were up to speed. So there'sa big payback in development speed, even with the rough state of Taligent toolsat this point, once you grasp the concepts and embrace the discipline."

Info Bank lets users store and categorize any type of information from anyapplication. Every window has an Info Bank icon in the upper left corner -again highlighting Taligent's taskdocument approach. Info Bank functionalityappears ubiquitously by design throughout the environment, extending itselfbeyond windows and onto the desktop. "Any alias can be dragged from thedesktop onto Info Bank to add data, while at any point you can access InfoBank and drill down with our guidedinformation access method," Lewak said.

And Lewak seconds Taligent's claims that porting is easy. "The currentdevelopment platform is an IBM RS/6000 running AIX, which is what wedemoed using at Comdex on, but the porting issues are very, very fast. It'sbasically a recompile to move over."

Beyond development and porting mechanics, Taligent's very nature couldchange the contour of the application landscape. "In a pure Taligentenvironment, you really wouldn't create a monolithic program, like NisusWriter. Rather the same functionality would be spread across several smallerapps that work tightly together — an offshoot of the stringently definedframework and object methods."

This is a radically different model from today's ever larger, ever later, everbuggier monstersized applications. It envisages a terrain populated by smallapplications working in concert. Theoretically, since the applications are smaller,the ability to debug and optimize is suddenly magnitudes easier.

The unanswered question is who, on a system running a mixandmatch menuof applications from different vendors, answers the help line. Nevertheless, it'sclear that Taligent is sitting on, using, and refining what is ostensibly theworld's best developed, comprehensive, objectoriented development and systemenvironment. If the future scares you, ignore Taligent. If not being prepared forthe future scares you even more, it would be wise to investigate what's takingplace in Cupertino.

## ISO PUBLISHES ADA 95 STANDARD

DavidSims

Proponents of Ada hope the approval of a new version will boost thelanguage's popularity in the commercial marketplace. In February, Ada 95(formerly called Ada 9 x) became a published standard from the InternationalOrganization for Standardization. Publication of standards from AmericanNational Standards Institute and Federal Information Processing Standards ispending.

All this activity aims to reintroduce Ada to skeptics who think of it as "thatDoD language." Ada's advocates say the new version incorporates thesafeguards and softwareengineering discipline of Ada 83 while adding fullsupport for objectoriented programming and better interfaces to other languages.But vendors and others trying to sell users on Ada also must overcome a moretangible obstacle: a history of inadequate compilers and a lack of tool support.

### WILL INDUSTRY ACCEPT IT?

Ada's roots reach back at least to 1974 when the Defense Department begana project to develop a common language that could handle realtime embeddedsystems in missioncritical environments. After several years of proposals,reviews, and refinements, HoneywellBull won the competition to design the finallanguage, which was released as Ada 83. (The language is named for AdaByron, Lord Byron's daughter, who is often considered the world's firstprogrammer in light of her work with Charles Babbage in the 19th century.)

DoD wanted to develop a single, reusable software system to serve as astandard throughout the armed forces. In addition to simplifying training, Adaalso aimed to reduce costs with efficient debugging and encouragement forreuse. The DoD also wanted a language that industry would support: A biggermarket means a greater choice of compilers and tools. But part of thelanguage's difficulties stemmed from the DoD's failure to promote it toindustry, and thus ensure there were enough compilers.

"I think there was this assumption that it would stand on its own, and thatthey really didn't have to do anything," said Tucker Taft, chief scientist atIntermetrics' development systems department. "We know now — and peopleknew then — there's more to selling something than just announcing it anddropping it on their heads."

In 1988, the DoD undertook a revision and in 1990 Intermetrics won the bidto develop Ada 9 x. The review committee and distinguished reviewers wrangledover how much to change the language, but a few areas emerged as crucial,including full support for objectoriented programming and the ability tointerface with other languages. "We had to recognize it's a multilingualworld," Taft, Ada 95's chief designer, said. "You're never really talkingabout building a whole system at one time. You're generally buildingsubsystems that have to integrate with other systems written in [otherlanguages]. ... We spent a lot of energy on interfacing."

### TROUBLE AT HOME.

Resistance to Ada was not limited to the commercial marketplace; it also hadtroubles within the defense community. Ralph Crafts, who led the Ada StrategicAlliance (predecessor of the Ada Resource Association) from its inception in1989 until his resignation in 1994, said the Ada community has received mixedmessages from the DoD, which mandates Ada's use but ignores violations.

Defense contractors who want to use another language must secure a waiverfrom the DoD. DoD officials said they issue few waivers, but Crafts said this ismisleading. "Nobody who wants to avoid using Ada even bothers going throughthe waiver process," he said. "There's just no enforcement of it at all."

The Ada Joint Program office said it is difficult to assess the mandate'senforcement because waivergranting authority is decentralized among militarydepartments, and because the mandate allows the use of other languages inlegacy systems and in cases where using Ada would not be "costeffective" —a potentially large loophole.

### REASONS FOR RESISTANCE.

Why have some people resisted Ada? In part, Crafts blames the military fornot explaining Ada's superiority to contractors and project managers. But healso blames the "guru" ethos of the programmer community — in whichcreativity is highly valued and standardization resisted — an attitude he said isobsolete in a world where software reliability is often vital.

Programmers may have resisted Ada because of a suspicion that it grew upprotected, unable to compete with other languages. That characterization isunfair, according to Dave McAllister, who manages Ada and C++ products atSilicon Graphics. "[Ada] could always stand on its own, but there was thisperception, like a kid inside of a plastic bubble, who would never get exposedto all the things that would make him grow up to be very strong."

Add to this the natural resistance to the difficulty of learning a new languageand the cost of migrating legacy systems. "People say it costs a lot to learnAda," said Christine Anderson, project manager for the DoD's Ada 9 x Project."I really don't think that's true. Certainly if you're a software engineer,learning one language or another doesn't take that long. What really takessome time and energy and cost is to train people in software engineering. Ithink that's what they're really complaining about."

However, she believes that industry is where the military was 15 years ago:beginning to develop complex systems that will require maintenance overdecades. "I think some of these companies are going to get burned on theirsoftware practices. You see a lot of releases of software products, release 10,15, whatever, because they probably didn't apply the right discipline to theirsoftwaredevelopment process." Ada's rigid discipline, its advocates maintain,actually save time on debugging and maintenance of complex systems.

A more important reason may be that there weren't enough mature tools tosupport Ada back in the mid 1980s when many programmers took a look at it."The compilers simply weren't capable of doing the level of work[programmers] wanted done," said SGI's McAllister. His customers now mustbe convinced of Ada's usefulness, he said. He positions the language as oneof many solutions capable of working within a system. "Our view of Ada 95is, 'Hey guys, it's just a compiler.'"

### GIVING IT AWAY.

One way to get people to try something new is to give it away. That's theidea behind the GNU Ada Translator, developed at New York University withfunds from the Ada Joint Program Office.

The compiler is an Ada 95 front end for the GCC compiler, which isdistributed freely over the Internet. GNAT makes Ada 9 x available to most32bit workstations. It has three main components: a front end written in Ada83 that parses and analyzes Ada 95 text to generate a tree form that can bemapped to the C semantics in the backend; modifications to the backend tosupport some Ada semantics such as variant record types and exceptionhandling; and runtime features like a tasking module to support Ada 95'srealtime capabilities.

Like other GNU software, GNAT is covered by the GNU Public License, whichmeans you can use it freely to experiment, but are obligated to make anymodified source code freely available. However, you can use GNAT to compileyour own Ada code without inheriting GNU's socalled "copyleft" restrictions.

Another part of the effort to promote Ada 95 is the ARA. ARA's executivedirector Bob Mathis said the group is trying to build its membership beyondbig compiler vendors, such as Rational, Thomson (which bought Alsys andTelesoft), Tartan, Intermetrics, and others. Mathis said the new organization isreaching out to include consultants, trainers, and developers of Ada supporttools. ARA plans a series of seminars to promote the language this spring andsummer. "For most people, [Ada's] an unknown," he said. "We've got toget out there and market it."

Crafts agreed that Ada's biggest problem at this point is lack of visibility.He cited an awareness survey conducted by Response Analysis Corporationasking commercial software users what criteria in a language were mostimportant to them. The top four responses were reliability, performance, abilityto handle large applications, and standardization — areas where Ada backerssay the language excels. However, not a single respondent said they wereconsidering Ada.

Ada backers are aware of what they call this "ignorance," but remainoptimistic. "I think, if you look at the history of programming usage, everyfive years or so there's a new dominant language," said Intermetrics' Taft."And I think, clearly, the upcoming dominant language is C++. But I don'tbelieve it's going to remain dominant. ... If you talk to C++ programmers, youfind many of them have plenty of gripes and wouldn't mind trying somethingnew."

Interview with Tom DeMarco

Figure

## BLUEPRINT FOR SUCCESS: INNOVATE AND INVEST IN PEOPLE

As an engineering consultant and trainer, Tom DeMarco works with softwarecompanies to manage change. As a keen observer and accomplished writer, heis in a perfect position to comment on what's wrong and what's right withthe software industry. He spoke with Managing Editor Angela Burgess aftergiving a keynote address at the Applications of Software MeasurementConference in which he criticized the use of measurement to mechanizesoftware production.

Q:Is the software industry ready for mechanized measurement?

A: I feel that we, the software industry, have lost track of what it is we do.On a global scale, in countries everywhere, we're trying to squeeze softwaredevelopment into a production niche, whereas software is much moreappropriately a researchanddevelopment activity.

We try to squeeze it into this niche by focusing on process, by focusing onrepeatability. The whole Capability Maturity Model is totally focused on softwareas a production activity. And software is not properly a production activity ... ifyou find yourself doing the same thing over and over again, something isterribly wrong. Rather than learn to do it better, that's the thing we ought tolearn not to do at all.

Q:But what about a Microsoft, say, which is big enough to have aresearchanddevelopment division, but also puts out products that are virtuallyreplications of what they produced before with a few enhancements and a fewnew features. On the replication side of their business, why isn't measurementto modify behavior appropriate?

A: I don't want to be too much of an extremist, but anytime you findyourself treating software as a production activity, I suggest that ought to be adanger sign. Maybe when you're designing a product for a new platform youought to go back and rethink your crossplatform architecture instead of simplyreplicating what you've done before.

This subject is very strongly tied to our concept of risk management. With aproduction mentality, you minimize risk. With a researchanddevelopmentmentality, you realize that anything that has low risk is your enemy. Only thething that has high risk is really worth doing. The Denver International Airportis a very compelling example. People have taken potshots at that over theInternet; it's a constant source of low comedy. But the fact is, that was avery highrisk project that rushed into a domain where angels fear to tread —robotics. Maybe they didn't take account of their risks — you can criticize theproject in some sense. But the point is that it is a project we ought to becelebrating, because those people took on a challenge, an enormous challenge,and gave it a good shot.

Q:Do you think there's a payoff for them down the road?

A: There will be an enormous payoff for someone. The domain ofsoftwarecontrolled robotics is a rich and promising one. But the owners of theairport aren't the ones who stand to gain. They are just another example ofhow ignoring risk can hurt you.

Q: How do you see this production attitude affecting the kinds of people whoare being attracted to and who are getting hired into the software industry?

A: Well, I think there will be fewer, better jobs in software as time goes on.I think one of the things that caught us unaware during the 1980s was thatthe established software organizations were becoming white elephants.Organizations that once built software that had enormous benefit built up alarge staff during their development heyday. Then they became creatures ofsoftware replication. And the incentive to build a software system ceased tocome from the user and came instead from the software people.

Very often now people will ask me, "How do you manage a project whenthe user doesn't want the product?" Twenty years ago that question wouldhave been a joke, but today I hear it a lot. "How do we deal with thiscustomer who really doesn't want the system — has never wanted it?" I seea lot of these projects. They're all fiascoes. But how do they come about?Well, they come about because there's this white elephant to feed — anenormous establishment built up with all these people that have jobs.

Q:So what happens? Who services this store of software that's already outthere and that continues to grow?

A: Well, I think we're going to be generating a lot less software. I think thiswhole idea of the software factory in which we learn to be tremendouslyeffective at generating hundreds of millions of lines of software is part of theproblem — the production mentality carried to its extreme.

Q:So you think that the export business being set up in much of the ThirdWorld is for naught?

A: In the short run it will take business away from companies stuck in theimplementation mode. But in the long run there is not going to be that muchreplicable software work. In the long run we'll find ourselves going back todoing software as a development activity without any production mentality atall and doing highrisk projects. System invention will be more relevant.

Q:How do you see R&D work evolving? What kinds of people are hired?What skills do they have? What's the management structure like? How dothey work?

A: Companies that do software without the production mentality are, in myexperience, mostly engineering companies. They hire people who havereasonable engineering skills and invest heavily in them. At HewlettPackard, amanager in medical imaging told me they invest twoandahalf years in anemployee before he or she begin to carry their own weight.

Q:Talk about high risk!

A: Well, it's only high risk if you don't intend to build a culture that tendsto keep people. In American industry, we don't capitalize any investment inpeople. When Marie leaves and George takes her place, we ignore the fact thatMarie did complicated jobs successfully, whereas George is worse than no onebecause not only can't he do these jobs, but he uses up Harry and Fred'stime to try to get up to speed. At the end of twoandahalf years you've gothundreds of thousands of dollars tied up in getting George up to speed.

Now in American industry we expense that cost. I'm not suggesting weshould do it differently, but I am suggesting we manage people as if they werea capital asset. If we don't do that, we won't manage people in a way thatmakes very effective use of that capital. One of the most compelling signs inthe 1990s is all these layoffs, many times by companies that are makingmoney. Take IBM. Its cash reserves amount to tens of billions of dollars andits earnings are positive, yet it laid off many thousands of people. Well, youcan only do that if you pretend you have no investment in those people. Ifyou wrote down the $300,000 you had invested in each one, the stock marketwould just go crazy. But by not keeping track of the investment, not managing human capital asthough it were capital, we manage it rather foolishly. Development organizationshave much more investment in human capital and so they are much moreaware of this. Q:What about daytoday management, what is that like? A: I think the best managers you encounter in a development organization arethose who are charmed by the idiosyncratic nature of people. And I thinkthat's a characteristic of a natural manager. I have worked with seven great managers in my life. And I look back atthese people as, first of all, people who understood the importance ofcommunity. They understood that the human creature has this great need forcommunity. A great need to be part of a 19thCentury town, where you knoweverybody. Only, those towns are gone. Today that need is filled by ourcompanies, or at least the best ones fill that need. Q:What about this new form of development organization springing up in themultimedia world in which all the work is outsourced from a publisher to asoftware house? The software house does the work, then moves on tosomeplace else. This is a much more nomadic model than the one in whichthere is heavy emphasis on training and longterm employment. A: I don't think the studio model is a real trend. It's amusing butirrelevant, because it's not happening that much. I do see a trend away fromgeneralpurpose programmers. Because now software is very evolved and furtherfragmented. It's increasingly "nichified," if I may coin that term. Pockets ofdevelopers in different organizations are working in entirely different ways. ButI don't see them becoming nomadic. Q:Not even multimedia? A: Well, multimedia is just the thing de jour, and of course when you have anew component that adds itself to a development process, you have a smallnumber of people who have that skill. They float for a while and then findtheir place, their niche. Q:What are the things that last, that seem to have persisted and are strongand important as ever? A: Well, I go back to the concepts of treating people as human capital andbuilding community. People have a firmware need to work for a community.One that accounts for people as a capital component. Let me make a point about the sociological character of our business thatstrikes me as essential. It has to do with "coaching." Software developershave a nearreligious sense about coaching, because it is through effectivecoaching that we achieve meaningful growth. But while coaching is wonderful,it is not a management role. The model of the master craftsman has ceased tobe very applicable. The only reasonable coaching that goes on today is at thepeertopeer level. Companies that think a lot about coaching are trying tomake acrosstheorganization peer coaching work. Of course, it's hard to becoached by your peers, because it calls attention to the fact that they knowsomething you don't know. It is thoughtful, caring management that makesthis okay. That is the key to making this coaching happen. You have to feelsafe to be coached by your peers. ## COMPANION PIECE The March Computer carries "Taligent's CommonPoint: The Promise ofObjects," a companion piece that focuses on the objectoriented technology thatunderlies the Taligent offerings. ## FOR MORE INFORMATION Taligent provides a very rich source of information, documents and resourceson its Internet home page, http://www.taligent.com. Or write to Taligent, 10201N. De Anza Blvd., Cupertino, CA 950142233; (408) 2552525 or (800) 2885545;fax (408) 7775181. White papers available from Taligent: A Study of America's Top Corporate Innovators, 1992 Lessons Learned from Early Adopters of Object Technology, 1993 Driving Innovation with Technology: Intelligent Use of Objects, 1993 Other reading on Taligent frameworks and object technology include: Taligent's Guide to Designing Programs (AddisonWesley, 1994); The C++ Programming Language, Second Edition (B. Stroustrup, AddisonWesley) Developing ObjectOriented Software for the Macintosh (Goldstein and Alger, AddisonWesley) ObjectOriented Design with Applications (G. Booch, Benjamin/Cummings) ObjectOriented Technology: A Manager's Guide (Taylor, AddisonWesley) ## FOR MORE INFORMATION Ada Joint Program Office, Defense Information Systems Agency, Code TXC,5600 Columbia Pike, Arlington, VA 222042199; (703) 6812463. Ada Information Clearinghouse, PO Box 1866, Falls Church, VA 22041; (800)2324211 or (703) 6812466; fax (703) 6852869 The final standards of Ada 83 and Ada 95, lists of validated compilers andcommercial Ada endeavors, and results of a US Air Force comparison of Adaand C++ are available via anonymous ftp at sweng.fallschurch.va.us; WorldWide Web site http://sweng.fallschurch.va.us/. Ada Resource Association, 4719 Reed Rd., Ste. 305, Columbus, OH 43220; (614)4429232; fax (614) 4420055; 73313.2671compuserve.com. SIGAda, Association for Computing Machinery, 1515 Broadway, New York, NY10036; (212) 8697440. For information on GNAT, send email to gnatrequestcs.nyu.edu. The Public Ada Library is at wuarchive.wustl.edu in the languages/ada directory. ## IN BRIEF #### Trade war. The United States imposed trade sanctions on China on February 4, after thetwo countries failed to reach agreement on halting copyright piracy, includingillegal software copying and sales. The Business Software Alliance estimates thatonly 6 percent of software used in the People's Republic of China is legal. TheUS developers' share of the rest could be worth$322 million.

China has copyright laws, but US industry observers say it fails to enforcethem. BSA wants "explicit enforcement initiatives," including parity of softwarewith other copyrighted goods, enforcement of China's antipiracy laws, as wellas raids and audits. BSA spokeswoman Kim Willard said that several raids lastyear by Chinese officials were "P.R. efforts." China has said that the USdemands go beyond the scope of intellectual property laws.

#### Software patents surge.

The US Patent Office issued 4,569 patents in 1994 — nearly onethird of the15,000plus software patents issued since 1970. Imageprocessing patents weremost numerous (623), followed by network and communications (532), operatingsystems (448), process and numerical control (374), and graphics (337). Fiftysixpatents were awarded for algorithms, 28 for parallel programming, and 26 forvirtualreality applications.

IBM led the field with 396 patents, followed by Hitachi (189), and then, with107 software patents each, DEC, Xerox and Fuji Xerox, and Toshiba.

— Internet Patent News Service

#### IP spoofing.

The Computer Emergency Response Team's Coordination Center at CarnegieMellon University reported intruder attacks on systems that use IP addresses forsecurity authentication. Intruders create packets with spoofed (hoaxed) source IPaddresses to gain user or root access to a system. Once in, intruders candynamically modify the Unix kernel, allowing them to hijack existing terminaland login connections.

One way to detect the modification is by commands appearing on a user'sterminal or the system not responding to typed commands. Vulnerableconfigurations include routers to external networks that support multiple internalnetworks, routers with two interfaces that support subnetting on the internalnetwork, and proxy firewalls where the proxy applications use the source IPaddress for authentication.

The best prevention, the advisory said, is to filter on the inbound side of yourexternal interface. CERT recommends installing a filtering router that restrictsinput to the interface by disallowing packets with source addresses from insidethe network.

You can access the full CERT advisory on IP spoofing via ftp at info.cert.orgin the pub/cert_advisories directory, under the file nameCA95:01.IP.spoofing.attacks.and.hijacked.terminal.connections. It includes referencesto vendors that provide filter protection and to academic papers that detailed theweakness as long ago as 1989.

#### GIF royalties.

Unisys Corporation said it owns rights to an algorithm widely used in onlinegraphics and will seek royalty payments from developers who use it.CompuServe introduced the graphicinterchange format in 1987, incorporatingLempelZevWelch compression, which it believed was in the public domain. In1993, Unisys learned the LZW algorithm was used in GIF, and the twocompanies reached an agreement in June 1994 under which CompuServe paidan undisclosed sum.

To recoup that cost, CompuServe in December imposed a onetime \$1 fee plusa royalty of 1.5 percent (or 15 cents per program, whichever is more) ondevelopers who use GIF. However, the deal has caused some concern forshareware and freeware developers. Their products are distributed widely viaonline services and they say they have no way of contacting all the users,many of whom never register the software. Yet developers may be liable forroyalties to Unisys on every copy of their software in use.

— NewsBytes News Network