Well, Tim O’Reilly has an idea, because he came up with the term. And the new O’Reilly Web 2.0 consulting practice ought to know. In fact one of the reasons the company set up the consultancy arm is to get everyone to agree on a definition, because we can’t have a good conversation about the  benefits Web 2.0 can bring business if we mean something different.

Some people think of Web 2.0 as just about social networks or about sharing user-generated content. By other definitions, anything built with Ajax is Web 2.0, but that would make Outlook Web Access the first ever Web 2.0 service. Is it just having a blog? That doesn’t make Dell a Web 2.0 success. O’Reilly’s original definition was coined before Facebook or YouTube and before blogs were popular and it doesn’t depend on a particular programming language or style. He wanted to explain why Amazon was so successful, why eBay dominated online auctions, how Google was beating everyone else at search. His answer was that they were mining what users thought about the books they were buying, the people they were buying from and the Web pages they linked to and turning that into information for other users.

Web 2.0 is a combination of collective intelligence and network effect, taking user-generated content and metadata and using it to add value, creating applications that get better the more people use them. “Every true Web 2.0 company,” says O’Reilly, “is building a database that grows better with the number of participants.”

Social networks and blogs and interactivity on the Web site are all part of that, but the heart of it is much more structured data. So far, the big Web 2.0 success stories have mostly been companies that started online. If Web 2.0 is really that significant it should help companies who’ve been around for decades as well; how does a blog help if you make shoes or run a phone company? Mostly by letting you turning your customers into unpaid consultants.

The O’Reilly consultants have a fund of amusing mistakes by companies that didn’t get the point, from AT&T saying they wanted to reach out to unhappy customers who were ready to move to another provider - but didn’t want to create a community just to listen to people complaining - to a large consulting firm that was horrified at the idea of letting customers talk to each other.

There was the watch company that cancelled plans to send out images of a new watch to key bloggers because they didn’t want to spoil the effect of their million-dollar launch party and had to watch a grainy picture from a cameraphone go round the blogs instead - making the watch look cheap and nasty. One large retailer declares confidently that ‘none of our employees use Facebook’; that means they’re not in the ‘I hate working here” group trying to find out what’s wrong with the company. Another retailer is spending $2 million on research about shoppers that it won’t see for 13 months, when it will be completely out of date.

A blog won’t fix a company that makes bad products or has terrible customer service; but having a way to hear what customers are saying and respond to it can - if the company is actually able to change. “Going Web 2.0″ for the sake of looking up to date is pointless; using technology to build a relationship with customers is valuable. 

Is any of that the same as Web 2.0 for online services? Not really. And the O’Reilly folks actually admit that. When they talk to a company, they use the term ’social Web’ because Web 2.0 is ‘distracting’.

Every three seconds, HP sells a printer (two of them in Europe). That makes HP responsible for a lot of the 22 pages office workers print every day, half of which end up in the bin. All that paper and ink can make it hard to think of HP as particularly green, especially when Vyomesh Yoshi, the VP of the print and imaging division, talks about wanting to see more pages on HP printers.

Naturally enough, he doesn’t think it’s what much of a contradiction. “We are in the printing business; we don’t want customers to not print. We have to make sure they use it, but also make sure they use it effectively. We want to make sure every printer they buy from HP has lower energy consumption than any other printer. ” Make sure printers turn on “instantly” and people will be happier to turn them off; use the WebJet admin software to turn printers off at the weekend and you’ll save even more energy. “Make duplex printing the default and you can save a tremendous amount,” he says.

And if you think we throw away a lot of paper in offices, 20% of newspapers are discarded, as are 40% of books and 20-30% of marketing bumph. People print too many copies that go out of date, because of the setup charges on offset printing. Naturally again, HP has a solution; customised on-demand printing for everything from wine labels to out of print books.

HP is also pushing green ideas for the data centre like running the air conditioning four degrees higher by blowing cold air directly into the blades. The air coming out the back of the blades is a lot hotter - more like a sauna - but heat behind the blade doesn’t matter so much. But if CEO Mark Hurd is right to predict that data centres will use 50% less energy soon, it’s going to take more than hot air.

The reason smart cooling works is that HP puts sensors on each rack to make sure the air is only as cold as it needs to be. Without those, says HP fellow Chandrakant Patel , a home air conditioning system is more sophisticated what’s in most data centres. The next step is to use optical interconnects and lasers to replace copper data cables - which saves the 20% of your energy that’s heating and cooling the copper. More likely now HP Labs has come up with a photodetector so sensitive it works as a solar cell.

But the carbon footprint of a data centre includes the CO2 from the concrete used to build it, and the manufacturing and transportation of everything from the blades to the carpets. Really reducing that means calculating it and Patel is working on a framework to cover technology in general. That would measure the true energy cost, down to what it takes to deal with the fertilizer runoff from the fields growing the corn that’s made into the ethanol that goes into the biodiesel that drives the backup generator. It’s a huge undertaking, but it strikes me as more likely to help than maintaining that video conferencing can solve the problem by taking cars off the roads (hint: maybe not if that means more data centres to run the video conferencing).

Microsoft makes a lot of noise. The company holds dozens of conferences, broadcasts its ambitions in every market from mobile phones to data centres to next-generation TV, goes on a buying spree, gets taken to court by everyone from Novell to the EU. HP also makes acquisitions and has ambitions in a lot of markets and employs over twice as many people as Microsoft, but it doesn’t make nearly as big a splash in the industry, for some reason. It’s not for lack of success. Microsoft boasts of the 31 million Windows Mobile phones it’s sold; HP boasts that eight out of every ten text messages are sent using HP technology (inside the mobile operators rather than in your hand).

Wherever Microsoft is, HP is there too (from mobile phones to data centres to next-generation TV); in almost all cases, selling infrastructure rather than competing software. The exception is system management and when a dealer asked Mark Hurd this week why he’d asked Steve Ballmer along to the event where HP was sharing what it wanted dealers to get excited about this year, Hurd pointed out that even there HP takes a wider view. “Microsoft is very focussed about managing Windows environments and Microsoft environments. That’s what’s important to them. And it makes sense for them to be the best in the world at that. We have to be the best in the world at managing heterogeneous environments; we have to be able to take an IBM environment, a Linux environment, a ‘insert name here’ environment and be the best. Microsoft has to optimise simplicity of management of the Microsoft environment. We don’t believe the world will ever be exclusive to Microsoft.”

Ballmer wasn’t offended by that and used the broader view line himself, emphasising all the places from printers to blade servers where the two companies collaborate. He’s also banking on HP to put some style and sparkle back in a PC marketplace that can look lacklustre compared to Apple products that look good even when they can’t compete on features. “We’ve got a lot of work we’re doing on the future of the PC and what that looks like; driving down price, driving up features, driving more excitement. Certainly neither Microsoft or HP likes the shots we’ve been taking with Apple’s adverts and the blah blah blah… On the consumer side there’s so much opportunity today, we can add value to business productivity ; we’re stepping back to remind ourselves what we can do.”

Adding features matters more than driving the price down to get businesses to keep buying new PCs every three years rather than pushing older machines to last a decade and that’s where HP Labs comes in.
HP cares about research, but it’s a means to an end – solving problems by creating products and services – rather than pure knowledge. For pure knowledge you stay in academe; although Microsoft’s Bill Buxton points out that he left academic research for commercial when he was asked to write business plans rather than papers. Mark Hurd is totting up his R&D dollars but it’s not the cost he complains about; “We spend 4.2 billion in R&D to get the best products and services and then only go after half of the market.”

Rather than squeezing the research budget specifically, he’s leveraging it and putting more emphasis on the D than the R. HP Labs looks five to ten years ahead, but it also collaborates with engineers to create products. Microsoft Research uses a mix of technology transfer and researchers who move across to product development groups to shepherd their project into the commercial world. The really important thing is that they can always go back to research afterwards; their job is guaranteed to be there.

HP takes a different approach. Phil McKinney is the CTO of the personal systems group – everything from iPaqs to the Blackbird gaming system that’s selling to developers to the 2710p tablet PC we both use to the shiny and cute new 2133 Min-Note UMPC (which manages to achieve Apple levels of desirability despite the Via C7-M processor – which might make it even more like an Apple product). But he also runs the Innovation Programme Office and I don’t think it’s named IPO by accident; it’s certainly about taking things public.
The way it works is that a team from the IPO works side by side with the researchers (quite literally; they sit at the next desk). For 12-18 months the two teams work together; the researchers carry on researching, the designers build products and gradually the researchers do less and less and the designers do more and more. Then one day the designers have learned everything the researchers have found out and they spend six months running that into the final product.

There are 28 products in the pipeline with the IPO, coming out two a year – which means starting with 1,800 pipedreams that get whittled down to 200 ‘workable’ ideas. Blackbird was the first, cherry-picking existing HP technologies like blade cooling and push-fit hard drives. The new DreamColor screens are the second. These are LCD screens with colour accurate enough to satisfy DreamWorks and there’s a 30” screen on the way. And there’s a team in HP Labs right now, sitting next to the data centre than rendered Shrek 2, working on the next project. Odds are, it will be something that Microsoft will be interested in…

How do you know you’ve been hacked? You may have a suspicion that someone’s inside your network, but if your log files don’t show anything, don’t assume that your systems are secure. The bad guys know all about standard compouter forensic techniques and have toolkits full of techniques and programs to cover up their traces. The computer security team at Verizon are finding that anti-forensics are used in more than 2/3 of intrusions.

One of the most common techniques is data wiping, used to reduce the evidence available to security analysts. Used in only 18% of cases in 1998, things are very different today, with data wiping used in 80% of cases. The popularity of data wiping can be seen by the sheer number of tools available on black file sites - with more available than all the other types of anti-forensic tools combined.

Luckily for us data wiping is not perfect, and even the best tools leave some files behind - especially when files have been locked or are still in use. It’s a good idea to think outside the box - often literally. Perhaps a backup has traces of the bad guy at work, or there may be traces of his tools and actions on a clustered storage array somewhere else in your data centre. And of course there’s the old forensic stand-by: running memory. A memory dump can show traces of running programs in old page files.

The next most popular technique is data corruption, closely followed by data injection. The aim here is to hide from your logging tools - or even make your log files unreliable. One technique is very simple, with intruders resetting system clocks to create a whole new log that can be deleted when they leave. If there unexpected holes in log files, there’s a distinct possibility that someone is changing your system clock. More complex techniques use tools to corrupt log files to cover up attacks, or to edit out an attackers actions.

One case Verizon worked on was a retail customer that was seeing unexpected charges on its credit card system. Nothing was found in the logs, but the Verizon forensic team was sure that something was happening, so they began to monitor the system.

A few days later a tripwire was triggered, and they were able to watch (and screen capture) someone from the credit processing vendor coming in to the network on a trusted connection. The attacker first changed the system clock to hide their actions, and then using the debug mode in the credit card software to steal transaction data. The security team watched the attacker tidy up after themselves, deleting the debug files. Finally the attacker reset the system clock and edited the system logs to replace their external IP address with an internal one. They’d only made one mistake, which was how the security forensics team was convinced that there was an attacker.

What was it?

The internal IP address they were using wasn’t actually assigned to anything.

It’s clues like that that you need to look out for when assessing a system to see if it’s been compromised. You know what makes your network tick, what addresses are in use, and what your system logs should look like. Vigilance is the only way you’re going to be secure.

In the immortal words of Hill Street Blues: Be careful out there.

– Simon

Security theatre is what security expert Bruce Schneier calls measures designed to make us feel safer that don’t actually make us any safer at all. He discussed the positive effects of this at the RSA conference this week; flying is one of the safest forms of transport and if having to take off your shoes and abandon your bottle of water make you feel that airport security is good enough to catch terrorists and you fly rather than taking a more dangerous method of transport, then the security theatre has made you more secure.

Here’s another paradox. Too much security makes you insecure. If someone in your company is emailing customer information to their Gmail account and copying market forecasts to their laptop and keeping old price lists for months after they’re out of date, it’s more likely that they’re just trying to get their job done on the road than that they’re stealing data to pass to a competitor - and that you didn’t give them a better way to do it. Make it impossible to do my job securely and I’m going to break or bypass your security so I can actually do my job.

The wireless network at the RSA conference was a good example of this. It was secure. Very secure. So secure that without the five pages of instructions I didn’t manage to get connected, and I didn’t meet anyone else at the conference who managed it either. If I’d wanted to hack into the laptops of anyone at the show, I wouldn’t have tried to steal them. I’d have set up an open free wi-fi connection on the show floor and everyone would have connected to that instead, giving me a great opportunity to see anything that didn’t go through a VPN.

Hugh Thompson of People Security has a good grasp of security and security theatre; you’ll have seen him if you watched Hacking Democracy, the documentary about the security problems with voting machines. He closed the conference with a chat show that ranged from a funny song about SQL injection (not a very funny song, but still) to Eric Drew’s tale of having his identity stolen by a lab technician at the hospital where he was being treated for leukemia and tracking the man down himself (a story Drew makes funny in the retelling that would have been a tragedy if he wasn’t in remission).

Thompson had a semi-serious conversation with Bill Cheswick, co-inventor of the firewall. Cheswick jokingly referred to malware as a “denial of spare time attack” that at least means you spend time with the family and friends who ask you to fix their computers. He was also slightly tongue in cheek when he said that he hadn’t used a firewall in a decade because he wants to use a secure computer instead; “it’s that whole crunchy outside, chewy centre thing; now we have much bigger liquid centres and once you’re past the outside you have access to everything.” But Cheswick also had some serious predictions to finish off Thompson’s security cabaret.

• “IPV6 has been three years away for the last 15 years. We’re finally approaching it - so all those firewall rules are going to need redoing. That will be fun…”
• “More attacks are going to come in through the browser so it may not matter so much what that the OS underneath is. You go to the wrong page, or the right page that has the wrong advertising agency - you did the right thing on your site but the other guy got hacked. To deal with that there’s going to be more sandboxes. I want users to be able to do everything online. I want them to run free in a sandbox. I used ASCII email for twenty years. ASCII email is safe but you want to be able click on the pictures.”
• “Computers are going to get better. We’re in the barnstorming era now. We’re going to look back and say ‘remember when you had to be careful about what you clicked on?’”.

There’s a shadow economy that’s bigger than you can imagine, and it’s the engine that’s driving the spam that’s flooding your inbox. That’s the message from RSA 2008 in San Francisco, where security experts are debating the shape of tomorrow’s threats.

In a panel on understanding the online criminal ecosystem, expert spamfighters sat down and told the world what they knew about the world of spam. The days of the green card lawyers flooding Usenet newsgroups are long gone. The target now is the web, and email is the tool of choice. It’s email that brings new customers to the spam networks, it’s email that entices the new money mules, and it’s email that lets spammers build their hidden bot nets.

Botnets are the heart of the criminal ecosystem, running spam web sites, sending out messages, and acting as a shadow network of stolen CPU cycles and network bandwidth. They’re even acting as web servers, fastfluxing web sites across the network so they avoid the packet scanning radar of the ISPs. The domain names they use are real, as are the DNS servers. While most domain name services are legitimate, there are some smaller registries that get much of their business by providing domain name services for spam networks.

Bots also reduce the costs of running a spam network, as they mean online criminals do not own the infrastructure. Instead they’re using stolen cycles on their bots, and have no infrastructure to be confiscated by law enforcement.

It’s a very profitable business. Spam advertising makes money (often selling real products through the networks’ own fulfilment houses), and bots are also used to steal credit card data and user’s identities. There’s a lot of money to be made from sealing stolen credit cards, especially if account access comes with the card. Botnets can also be used to manage and distribute adware and spyware, or run DDOS extortion attacks on gambling sites.

Spammers have learnt from legitimate online businesses, and now many run like Google’s or Amazon’s affiliate programmes. These allow spam networks to expand quickly – and also allow the network operators to hide in the background. Larger networks mean more revenue, and even though the cash has to be shared, it’s a business model that makes a lot of sense.

There’s a reason why spam has moved from Florida to Eastern Europe. It’s a lot easier to make money from cybercrime than from the standard economy if you’re anyway technically inclined. There are several folk out that the panel called the “Bill Gateses of Cybercrime”, with a mix of skills in both code and business. They’re the people who’ve built this new ecosystem – which includes a lot of specialised skills and services.

One example was a pump and dump stock scammer, who was playing both sides of the game and making money on the stocks he was spamming as well as from the stock owners. He began by using spammer chat rooms to recruit people to infect computers to spam through, paying for their services per infected computer. The result was a market for networks of hacked computers to spammers. The pump and dump scam itself is an old one, and it turns out that the people running Internet pump and dump scams had been running them by mail for years. It’s a new way of doing an old business.

Stock scams are important, but they don’t get into the news. A group of hackers that were in keystroke logging business decided to go bigger, and go after where the data existed. They ended up designing attacks on the middle tier of businesses, entities that are processing financial transactions like retailers and small credit unions. Even though there are standards for working with encrypted data, there’s often a flaw, as data often transits the network in the clear. The result has been 30 significant data breaches in the last two months, with the criminals getting entire caches of credit card data – data they can use to remanufacture and use the cards.

Pharmacy spammers are probably the most visible, and they’re making a lot of money – over $150 million a year. They’re even selling real drugs… If you want to sell Viagra online, all you need to do is go to one Russian organization. It will spam you a pharmacy site, taking care of everything from  credit cards processing, to web sites and to shipping.

There’s something more worrying too. It turns out that there’s even a shadow technology journalism out there, with people reviewing these services. Does that mean that there’s even a shadow IT Pro out there?

On the Internet, nobody knows you’re a dog. You can put up a Facebook page, send spam, pretend to be a bank; as long as you can read distorted characters, you can leave comments on a blog under any name you choose (I’d like to see at least one Mickey Mouse commenting to this post). Passwords are well past their sell-by date but proving your identity securely matters more and more. Identity online covers everything from throwaway accounts on forums to online banking and no one system is every going to ‘win’ - but they can learn to work together.

You can buy a hard drive from any vendor you like; as long as it fits in your PC and uses a standard interface, your operating system will take care of accessing the hardware and loading the drivers, leaving you to enjoy the storage space. The identity metasystem will do the same thing for user information, identity providers and sites that accept user details in the form of information cards. The terminology comes from Microsoft, the impetus comes from a wide range of customers and the technology comes from everybody from Oracle to Sun, IBM to Novell, the Liberty Alliance to the Higgins Project. Does it all work together yet? Not quite - but the Project Concordia interoperability workshop that opened the RSA conference today was a step forward.

Not least because for the first time Sun demonstrated an information card logon that used no Microsoft software at all; Sun’s Pat Patterson showed a system using OpenSSO v1 build 4 - which Sun will ship in the summer as Federated Access Manager 8.0, with an Oracle identity provider and Novell’s identity selector to deliver the same experience of logging in with an information card as a Vista user gets on the system using CardSpace.

Microsoft showed CardSpace sending SAML 1.1 and SAML2 tokens to a WS-Federation system. Ashish Jain of Ping Identity demonstrated a system using an information card from Sun to log into Gmail, running Vista in a virtual machine on a Mac talking to a Linux system. And systems from Ping, SymLabs, FuGen and Shibbloeth talked to each other and to Sun, Oracle and Microsoft systems using WS-Federation and SAML, transferring not just the identity of the user from a managed information card provided by a trusted identity provider rather than one the user had created themselves but also information like whether the user had provided a password or a smartcard rather than just clicked on a link.

Who needs that heterogenous a system? General Motors for a start, which is why Bob Haar, an IT architect at GM was chairing the workshop along with Microsoft’s Mike Jones and Eve Maler from Sun. Jones repeated what Microsoft is hearing from customers; “Some of the more interesting business discussions have been about risk. Certainly in the automotive industry, a decision has been made that there’s both at least cost savings and possibly minimisations of risk by going to federated authentication for collaboration with suppliers. Think about how many companies are involved in building a GM automobile or a Boeing airplane; it’s mind boggling.”

Haar explained that in a little more detail. “We think the federation gives us more control in real time to monitor and control access. There are legal and contractual aspects of setting up the business relationships and supporting for activities about auditing - if there’s a question about who changed this financial data or when it came through the federated environment, we have to have systems and procedures in place to make that happen.”

Sun’s demo didn’t use any Microsoft products at all and Patterson took something of a cheap shot by apologizing to Microsoft for that. Mike Jones smiled back and said actually, Sun had given him two of his three wishes. “I said three years ago we’ll know the metasytem is succeeding when interactions occur that use no Microsoft software, where Microsoft receives no revenue and Microsoft has no idea the interaction is taking place.” Today, the point is for the companies to be talking so they can make this all work. When it does all work, Sun wouldn’t need to tell Microsoft anything to have happy customers who could use CardSpace against a system that uses Oracle to issue identity information to connect through to another system that uses ADFS to do it. Assuming ADFS could issue and understand identity beyond Active Directory…

There isn’t a name for the next version of ADFS, or a shipping date but Microsoft promises, it will issue and consume information cards. This has gone in and out of the feature list for the next version of ADFS as shipping schedules and priorities shifted, but it’s back on the table says Jones - and Visual Studio will get tools for working with identity. “We probably wouldn’t have gotten permission to show SAML2 token support in the next version of our identity server products if we were not going to put tools into deployers hands to easily build and consume these tokens. We get that until it’s easy for developers to do this, a lot won’t. We’re looking at federation and information cards not as separate things but as parts of a spectrum people can deploy as it makes sense for them.”

Standards are good, runs an old joke; that’s why we have so many of them. Whether it’s a proprietary approach that’s become popular enough to document or a philosophical difference in approaches, there’s hardly anything in technology that you can’t do in two completely incompatible ways by following different standards. What’s happening in identity is a remarkably grown-up approach to tackling a problem. When did you last see Microsoft, IBM, Sun, Novell and Oracle playing nice together without government interference? Instead of expecting to own the marketplace, all the major players are putting in the effort to get their systems working with each other and with the standards. Imagine if all the effort spent arguing about whether OOXML and ODF could both be ISO standards had gone into writing translators to move documents between the two.

But once it’s easy for a service to accept identity logons from a variety of information providers, what is the user experience going to look like? The test sites had buttons to log on with every combination of service and they exposed the debug information so you could see what was happening; real sites won’t have that. But they shouldn’t have umpteen buttons to choose which information provider I want to use either; that way madness and another set of chances to get me to do something insecure lie.

Every credit card I have has its own branding, and there are plenty of different card readers in shops, but they all have a slot I put the card into and a keypad where I type in the PIN. I don’t have to press a button saying I want to use a MasterCard or an Amex card before I start - I put in the card and the reader works it out, hides the process and asks me for the important thing, my PIN. Sites using identity should do the same thing. Don’t give me a button for OpenID or SAML or Ping or Oracle or whatever underlying identity system I’m going to use happens to be, and make me click it and then click again to pick an information card. Use the same identity selector I’m going to give you my information card in; that way your Web site doesn’t have to have five otherwise identical pages and CardSpace or the Higgins identity selector or whatever the experience is on my OS and browser can do the hard work. All I have to do is say yes, I do want to use this information card with this site and you can concentrate on building something that works better because you know who I am without either of us having to care about passwords.

Motorola has backed down from two big challenges this week. The announcements about support for LTE signal that WiMAX isn’t going as well as the company hoped, although they’re good news for users because it means we’ll get more than one system capable of true wireless broadband speeds up to 100Mbps.

Realistically, the future is going to be a mix of multiple wireless standards: mobile operators with investments in 3G have always been going to move to LTE - that’s what the name means, long-term evolution of GPRS and 3G. They’re going to use high-speed wi-fi and WiMAX as part of the back haul along with anything else they can lay their hands on, down to home broadband connections with femtocells. Fast Internet connectivity is expensive. That’s why the dirty little secret of 3G is that there isn’t a single mobile cell anywhere in the UK with more than 1Mbps of backhaul, so whether your HSDPA phone is 3.6 or 7.2Mbps it’s going to crawl along as shared DSL speed.

Fixing that will mean using a mesh of different technologies and WiMAX is only part of it. Motorola has done pretty well out of its WiMAX investments and supporting LTE is logical - but given the investment Motorola put into Clearwire’s US WiMAX service, the company must have hoped for more from WiMAX alone.

And then there’s the handset division losing money and market share hand over fist, which took down CEO Ed Zander and could easily scupper his successor, former CTO Greg Brown as well. The problem is there’s no sign of a new phone to give the company another success like RAZR. The real problem is, that’s actually business as usual at Motorola.

The original eye-catching mobile phone was the StarTAC. I had the analogue and digital versions and loved both (bearing in mind that this was when you had to learn the primitive user interface and put up with it). With the analogue CELLect data card I did email at 2400bps, sitting on a train to London downloading email from CIX to my HP OmniBook (the one with the mouse on a stick). As close to the name and style of the Star Trek communicator as possible, the sleek little flip-phone was iconic, hugely successful - and followed by a long line of failures.

The RAZR was another one-off success that the company milked shamelessly, diluting the exclusivity and confusing the market with multiple versions painting it pink for Valentines day and adding that ultimate admission of guilt in a user interface - a help system. Since then Motorola’s biggest hit has probably been the Q: a good Windows Mobile handset that came with a woefully inadequate battery and abandoned the European market to HTC and Samsung when it took far too long to bring out a 3G model. Leaving the GPS out of the UK model while keeping the extra-large case adds insult to injury.

The MOTOFONE should have been a huge success; just 9mm thick with a simple user interface, a battery life measured in weeks and an epaper display. It could have been the ideal phone for everyone who finds cryptic menu commands confusing - but Motorola pitched this combination of simplicity and sophistication at the developing world and saw it eclipsed by a rugged rubberised Nokia with a built-in torch.

The Z10 was about-face that should have been a warning. Motorola had abandoned Symbian to reduce the number of operating systems it was developing, pinning future hopes on mobile Linux and Windows Mobile. But last spring it turned around and released a Symbian phone to try and compete with Samsung’s onslaught in the high-end feature phone space. Samsung released half a dozen models with the same features, and so did LG and Sony Ericsson; Motorola had chosen a crowded market and a picture of Jason Bourne on the box wasn’t going to help.

Motorola is an object lesson for anyone expecting mobile Linux to sweep all other phones aside. Turns out, it’s not as cheap or as easy to make mobile Linux work as it sounds in theory. Motorola had one very successful Linux phone with a model you’ve probably never heard of, the MING. This is a stylish touch screen phone with two speaker wires running through the clear acrylic lid (turning necessity into art) and a finger-writing system that copes with the complex characters of Asian languages. It’s based on a Linux platform from Trolltech and it swept through the Asian market.

The reason Motorola hasn’t produced a range of successful Linux phones for the US or UK using the same platform might have something to do with Nokia buying Trolltech. Or it might just be that as far as phones go, Motorola is a one hit per decade wonder.

With nothing impressive on the way from Motorola until at least 2009, splitting the company in half is a good way to get the handset division ready for a quick sale without dragging down the backend division that’s making money with or without WiMAX. Maybe someone else struggling to build a mobile Linux handset could snap it up. I wonder what Palm is up to these days apart from poaching everyone from Apple?
-Mary