Slashdot Mirror

I use Cisco equipment so all your messages are belong to me.

You've got it. And the most common such ASIC in Cisco's middle range is called PXF for Parallel Express Forwarding.

PXF is basically a programmable ASIC using a custom assembly language (think of it as a FPGA) where packets come in one side and are pushed through columns. Each PXF is one grid of 4 rows x 4 colums (16 CPU in total), and packets stay in each column for 128 cycles. Each column is responsible for one task, rarely two. What one PXF does includes IP decapsultaion and encapsulation, sanity checks (ttl, etc.), netflow accounting, NAT, L2TP, Policing/CAR, MAC rewrite, WRED, WFQ, LLQ, traffic shaping, L2TP LNS. This was 2 years ago on the c7200 and c7400 platform; now they're using two PFX processors in serial on newer platforms to do even more features.

PXF is found on the c7200 platform (NSE-1), c7304, c7401, OSM line cards for the Cat6K/c7600, ESR 10k and uBR 10K where two PXF are working in serial, 10720, and probably more.

So the PXF basically does the features described above in hardware. When the c7304 was introduced it was the quickest NAT box that Cisco had with 2Mpps switching performance with NAT. The main router CPU was hovering at 0% utilization, obviously. Not too shaby.. I'd like to see a PC do that but I don't think it's gonna happen any time soon :)

You mean like Cisco Network Admission Control ?

You may or may not be aware that technology exists which allows the light paths in a fibre to be continuously altered in much the same way that band switching (rapidly switching transmissions across multiple frequencies) is already used by the military to evade listening. A military installation is not only likely to make use of this technology but would implement it across multiple fibres. Yes, band switching technology exists on copper networks (e.g. fast etherchannel) however throw in the complexities of dust free fusion splicing (in a battlefield environment...!), the time required to implement a fibre tap clearly highlight the obvious fact that fibre more suited for secure networks than copper.

I feel I am being trolled, but here are some articles I dug up.

This one talks about delay, and that most humans can start to detect delay at around 250ms. On the second page, it goes over different G.7xx codecs and tells you the MOS score for each one.

http://www.networkcomputing.com/1202/1202ws3.html

Here is an article about measuring MOS in a network:

http://www.telecommagazine.com/default.asp?journal id=3&func=articles&page=0011t16&year=2000&month=11

Here is an SLA from MCI that has provisions for MOS:

http://global.mci.com/terms/sla/business_connectio n/

Fluke wont have a meter for this, but Agilent does:

http://we.home.agilent.com/USeng/nav/-536885778.53 6882651/pd.html

Cisco more or less agrees with me about the delay (scroll down a bit):

http://www.cisco.com/warp/public/788/voip/delay-de tails.html

So, you probably never heard of this stuff because it doesn't matter in a classic digital or analog network mainly because you are using dedicated circuits and g.711 all day. When you start using data networks and codecs like g.723.1, you need to worry about this shit.

BTW, it took me about 5 minutes to find this info using that Google thing. You should check it out.

ft

You can get my 7920 when you pry it from my cold dead hands!

Everyone but the vendors knows it's a bad idea. Cisco recently made the same mistake.

Odd that you've been told they'll provide no client as iPass makes an OSX client and Cisco makes an OSX version of its VPN client which I have running on my AlBook right now (I believe you must have an account with Cisco to get it from their site, but Google shows many hits with the download).

I'm very surprised about the consistently positive things people have to say about Vonage, but I also noticed that the "reviews" are very glib, and don't go into any detail about service issues (good or bad).

I'll try to break it down for readability:

1. Call quality - Varies. With some calls, I hear an echo of myself on the line, while other calls are fine. This seems only to be a problem on my end of the line.

Of course, call quality will suffer if you infringe on the amount of bandwidth the VoIP service needs. Basically, if you're using up most of your downstream bandwidth, you'll hear a stutter on the other end of the call; if you're using up most of your upstream, the other party will hear a stutter.

2. Hardware - Up until a few months ago, Vonage sold its customers the Cisco ATA 186 VoIP appliances. These were good units, but expensive. Now Vonage has replaced them with the cheaper, flimsier Motorola VT1005 MTA. My main problem with the VT1005 is that such common phenomena as port scans are enough to bring it down. To make matters worse, Vonage encourages users to keep their routers downstream of the Voice Terminal appliance, which means that a simple port scan is enough to take your entire network offline.

I circumvented this problem by putting the voice terminal downstream of the router. However, even thought the device supports static IP addressing, I can't connect to its web interface using its assigned IP address. If I want to reconfigure it, I have to hard-reset it to reenable DHCP support, and then access it on a DHCP-enabled LAN. Imagine a lay person trying to cope with these issues.

3. Customer Service - This is arguably the worst thing about Vonage. The sporadic service problems and billing issues would be much easier to cope with if customer servic gave two shits. Vonage has some of the worst customer service I've ever dealt with. The support people are ineffective and, in my experience, the calls go nowhere. Don't expect promised callbacks to happen.

4. Loss of service - A notorious problem for Vonage users is you attempt to make a call, and you're greeted with nothing but a fast busy signal. I was once unable to place or receive calls for three days.

5. Spam - Not only does Vonage spam its own customers regularly, they actually started calling customers at home with prerecorded messages encouraging people to refer others to Vonage.

6. Service package - The service package is robust. You can even check (and toggle) your voicemail from a website with a decent interface. The website logs all call activity with timestamps. Very nice. The web site control panel gives you a lot of options. This is definitely a strong point of the service. Unfortunately, the voicemail system has some bugs, but once it's setup its fine.

7. Fax - Vonage charges $10 for a fax line. I don't need a separate fax line, but I use my fax modem occasionally. Oops, Vonage don't play dat. I tried for an hour to send a fax through Vonage without success. If you want to send or receive faxes with Vonage at all, you need to pay them an additional $10/month, regardless of whether you want a separate line to do it.

8. Setup and billing - If you already have a landline and you want to keep your old phone number, switching to Vonage is not fun. Expect to pay concurrently for both your POTS and Vonage service until Vonage and your old telco get around to transferring your phone number. This takes weeks if you're lucky, and months if Vonage screws it up, as in my case. Vonage starts billing you from day one, even if you don't actually have service yet (which you won't).

While Vonage tripped over its own feet, I paid SBC and Vonage for three months of service... except I only hav

By the way, your NOT talking about a PPC running VOIP software ONLY. Your also talking about WiFi handsets. Cisco already makes these. Here's the model I saw at hamvention. This is a PHONE that does VOIP over WiFi. Ritron(I think) can also hook a transciever directly into Cisco routers making Nextels obsolete. You just install a transciver at either end and it coverts the radio to a VOIP stream and sends it to everyone on your network. VOIP is going to make not just telcos obsolete but many campuses can switch to IP telephony very easily now....not 5 years from now. You jsut about have it down to only having to run Ethernet and power. That's it.

Individual line cards will be much more expensive. Carriers will need to buy several, perhaps even many of these to take advantage of the architecture.

Some Catalyst 6500 and GSR line cards already retail at >$300K.

From http://www.cisco.com/application/pdf/en/us/guest/p roducts/ps5763/c1031/cdccont_0900aecd800f8118.pdf

"Each route processor manages shelf controller functions and supports up to 4 GB of DRAM plus a 40-Gbps hard drive for storing software images and dumps."

I'm sure they meant "40 GB hard drive"

OTOH, if they have a 40Gbps HD, I sure could use one.....no more need for that expensive RAM....swapping will be plenty fast. ;-P

Sure, two Cisco BR350 series bridges with the 21dBi dish style antenna's. Cisco doesn't sell it certified for more than 15(?) miles or so because to get longer you have to get a high tower to overcome curvature of earth issues. Legally you can't go over 20 miles without going over ERP limits but you CAN run them at 100mW and get significantly more than 35 miles. You can download their calculator here, the last worksheet is the old calculator which will allow you to do all sorts of calculations which aren't necessarily withing regulations.

Psst.. here ya go - 350 Drivers From Cisco's own website

Too late....try loading their "product tour" (Flash warning): Flash presentation

mirror, in case of slashdotting

Having had a look at some of the source code, I'm generally impressed.

Did you come to this conclusion from looking at the 1996 header file?

Cisco produces solid code.

Maybe they do, maybe they don't. Looks like it gets its first real test. I am betting on no. In fact, I am betting on god awful code. Why? Because companies can get away with writing bad code when nobody is there to call them out on it.

IOS is responsible for switching packets on a fair amount of heavy links; ipfw is responsible for switching packets at your average LAN.

Come on now, that has got to be some sort of argument fallacy. People don't use it, so it must not be as good. Anyone who has ever dealt with Cisco routers is most likely aware at how downright annoying they can be. Nothing like finding a router that crashes every 20 minutes, or finding that everything goes to the shitter because of too large of a routing table.

backdoor-style commands to IOS

I disagree. An application like Cisco's ios should be one application that should be nearly free of this. One would not be able to open a port for a backdoor because it would be noticed. Any source control edits of the login code would surely be audited. It is a lot more likely that the new features would have a bug.

...it is quite time someone questions the exact origin of SSL, SSH, NTP and a few other items in IOS which are known to be bug for bug compatible with OSS code and do not have stated copyrights in the IOS release notes.

" Customers without Service Contracts

Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). [...]"

So in their case, you get the software upgrades, no strings attached. It'd be nice to see Microsoft continue to do the same, for the greater good.

" Customers without Service Contracts

Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). [...]"

So in their case, you get the software upgrades, no strings attached. It'd be nice to see Microsoft continue to do the same, for the greater good.

This is NOT excellent. It is a TRUSTED COMPUTING system.

If you check IBM's Tivoli whitepaper, the top page states right off the bat that it is an "identity management system". Page 7 states that is is based on "tamper-resistant, non-bypassable trusted computing bases (TCBs)".

If we look at Cisco's BUSINESS READY DATA CENTER Security Overview and head down to the Trust and Identity Management section we see Cisco Network Admission Control (NAC) ... relegates noncompliant and potentially vulnerable systems to environments with limited or no network access. Noncompliant endpoints can be denied access, placed in quarantine, or given restricted access. The main NAC page explains that NAC only permits connections to "compliant and trusted endpoint devices". Trusted Computing devices running approved software.

Cisco's Business Ready Data Center Initiative press release says:
Cisco is collaborating with industry-leading technology, system integration and support partners including EDS, HP, IBM, Intel and Microsoft, to enable integrated solutions to be offered to joint customers. Collaboration efforts will include sharing of best practices, alignment of architectures

Alignment of architectures - that would be the new Trusted Computing architecture.

And they are working with EDS, HP, IBM, Intel and Microsoft. HP, IBM, Intel and Microsoft were four of the five Trusted Computing Group's founding members. But who the hell is EDS? Why they have been selected To Operate Root Key Certificate Authority for Trusted Computing. That's a press release from Wave Systems, another member of the Trusted Computing Group. Teir EMBASSY system was the Trusted Computing system before it was named Trusted Computing.

The initial Trusted Computing deployment will look like a GoodThing. Its security features will be used for the benefit of companies deploying it, and there is no infrastructure in place yet to abuse the system. But fundamentally Trusted Computing is designed to be secure against the owner. Once a signifigant number of desktop computers include Trust chips that anti-owner "security" is going to turn into a nightmare. If you computer is not "compliant and trusted" and running approved software then these Business Ready Data Centers may deny you access. Websites will start refusing you access. New software will refuse to instal. And in about 4 or 5 years, ISPs may start installing Cisco's Network Admission Control routers. At that point you will be denied internet access unless you have a "compliant and trusted" system. Then Trusted Computing is no longer "optional". You can't switch it off and opt out. Then you no longer own your computer.

Oh, and if anyone doubts that ISPs would ever instal such routers that deny you internet access, may I point you to another slashdot story Cisco Working to Block Viruses at the Router. Even Slashdot missed the story that these are Trusted Computing routers. They are being pitched as a GODD THING. They don't actually block virues. What they do is make sure you have a Trusted Computer, then they can use the Trust system to ensure that you are running (or not running) any software they want to require you to run (or that they forbid you to run). In particular they could check that you operating system has the latest patches and that you are running an approved virus scanner, thus the claim that they fight viruses.

To top it off, Bush's cybersecurity advisor gave a speech at a computer convention where he called

This is NOT excellent. It is a TRUSTED COMPUTING system.

If you check IBM's Tivoli whitepaper, the top page states right off the bat that it is an "identity management system". Page 7 states that is is based on "tamper-resistant, non-bypassable trusted computing bases (TCBs)".

If we look at Cisco's BUSINESS READY DATA CENTER Security Overview and head down to the Trust and Identity Management section we see Cisco Network Admission Control (NAC) ... relegates noncompliant and potentially vulnerable systems to environments with limited or no network access. Noncompliant endpoints can be denied access, placed in quarantine, or given restricted access. The main NAC page explains that NAC only permits connections to "compliant and trusted endpoint devices". Trusted Computing devices running approved software.

Cisco's Business Ready Data Center Initiative press release says:
Cisco is collaborating with industry-leading technology, system integration and support partners including EDS, HP, IBM, Intel and Microsoft, to enable integrated solutions to be offered to joint customers. Collaboration efforts will include sharing of best practices, alignment of architectures

Alignment of architectures - that would be the new Trusted Computing architecture.

And they are working with EDS, HP, IBM, Intel and Microsoft. HP, IBM, Intel and Microsoft were four of the five Trusted Computing Group's founding members. But who the hell is EDS? Why they have been selected To Operate Root Key Certificate Authority for Trusted Computing. That's a press release from Wave Systems, another member of the Trusted Computing Group. Teir EMBASSY system was the Trusted Computing system before it was named Trusted Computing.

The initial Trusted Computing deployment will look like a GoodThing. Its security features will be used for the benefit of companies deploying it, and there is no infrastructure in place yet to abuse the system. But fundamentally Trusted Computing is designed to be secure against the owner. Once a signifigant number of desktop computers include Trust chips that anti-owner "security" is going to turn into a nightmare. If you computer is not "compliant and trusted" and running approved software then these Business Ready Data Centers may deny you access. Websites will start refusing you access. New software will refuse to instal. And in about 4 or 5 years, ISPs may start installing Cisco's Network Admission Control routers. At that point you will be denied internet access unless you have a "compliant and trusted" system. Then Trusted Computing is no longer "optional". You can't switch it off and opt out. Then you no longer own your computer.

Oh, and if anyone doubts that ISPs would ever instal such routers that deny you internet access, may I point you to another slashdot story Cisco Working to Block Viruses at the Router. Even Slashdot missed the story that these are Trusted Computing routers. They are being pitched as a GODD THING. They don't actually block virues. What they do is make sure you have a Trusted Computer, then they can use the Trust system to ensure that you are running (or not running) any software they want to require you to run (or that they forbid you to run). In particular they could check that you operating system has the latest patches and that you are running an approved virus scanner, thus the claim that they fight viruses.

To top it off, Bush's cybersecurity advisor gave a speech at a computer convention where he called

is here as posted from an article on the register.

TCP MD5 Authentication for BGP should help cut down the chances at an attacker can reset a BGP connection.

Correct me if I am wrong, but Cisco posted the security advisories with some fixes on this subject.

http://www.cisco.com/warp/public/707/cisco-sa-2004 0420-tcp-ios.shtml

and

http://www.cisco.com/en/US/products/products_secur ity_advisory09186a008021ba2f.shtml

Correct me if I am wrong, but Cisco posted the security advisories with some fixes on this subject.

http://www.cisco.com/warp/public/707/cisco-sa-2004 0420-tcp-ios.shtml

and

http://www.cisco.com/en/US/products/products_secur ity_advisory09186a008021ba2f.shtml

As they state, there is a simple solution: TCP MD5 Signature Option with BGP. Any ISP worth their salt will already be doing it. The rest will learn the hard way.

This has been supported in Cisco IOS way back since ~1998 in IOS 11.2 .

Read the BGP "Bible": Internet Routing Architectures or look at any best-practices guides which will state that TCP MD5 sigs should always be used with BGP.

Or search CCO:

router bgp 109
neighbor 145.2.2.2 password v61ne0qkel33&

It's just a single line that has to be added to both peer sides.

As they state, there is a simple solution: TCP MD5 Signature Option with BGP. Any ISP worth their salt will already be doing it. The rest will learn the hard way.

This has been supported in Cisco IOS way back since ~1998 in IOS 11.2 .

Read the BGP "Bible": Internet Routing Architectures or look at any best-practices guides which will state that TCP MD5 sigs should always be used with BGP.

Or search CCO:

router bgp 109
neighbor 145.2.2.2 password v61ne0qkel33&

It's just a single line that has to be added to both peer sides.

Service providers on the other hands, must protect their routers because the BGP protocol used to distribute Internet routes between them, massively uses TCP. And when routes go missing, it is hundreds if not thousands of routes to your favourite places that go unreacheable.

The problem in the case of BGP is made worse by dampening, i.e. keeping the flapping routes out of the routing table for a certain amount of time (up to several hours). BGP routes dampening is not always configured. A determined attacker with this knowlege would be able to knock large portions of the Internet offline for hours.

Is this what we're talking about here?

According to this Article on Cisco they claim to be able to do up to 10km on a fiber gigabit link.

I study at ITESM in Mexico. According to this link, we have a good place as one "organization transforming its businesses using networking technology". I think that includes WiFi acces. We have access in the whole campus!!!! We should be listed!!!!

You just need to upgrade your scanner. Unfortunately, I am not aware of technology like this for individuals, only for bussineses. Still, don't think that signature virus scanning is all that is out there.

What this commercial is really about is the Cisco Security Agent they are selling now. Comes preinstalled on some of their products, like the AVVID CallManager. It hooks into the system libraries and watches call sequences for potential virus/worm/trojan-related activity and stops the application from running if it detects something that fits the profile.

1000base-T used all four wire pairs, yes, but it was extremely limited in length. (10m, IIRC). 1000Base-TX goes the full 100m, uses all four wire pairs, and is full duplex on all wires simeltaneously.

Source, please?

1000base-T does go 100 meters.

Okay, I checked and found that 1000base-TX does exist and is TIA-EIA-854 (1000base-T is IEEE 802.3ab), indeed uses all 4 pairs of wires, but each pair is half-duplex. In addition, CAT6 cable is required for the additional (analog) bandwidth.

And the devices on the market are still 1000base-T. See for example Intel and Cisco: both say 1000base-T and 802.3ab, both go 100m at gigabit speed, and 1000base-TX is nowhere in sight.

Considering that 1000base-T & 1000base-TX are incompatible, and devices would not sell if they don't work with Intel and Cisco, I'd say 99% or more of current gigabit stuff on the market are 1000base-T, not TX.

That said, the propogation of problems from this will be from people who buy this type of equipment, but don't hire a Cisco admin at all. In Soviet Russia, the wireless network hacks you. That's to say, when I find my network is being 'worked' within the next several months, chances are, it'll be from one of these switches - where someone gave themselves access, and are now attacking me from the parking lot of "joebob-widget-mfg.com".

I believe that this qualifies as admission of inclusion. (I found this while searching for something else, and thought it appropriate here.)

It may be expensive, but I have to say I love the 6500 series, especially our new 6513s. They really are beautiful boxes. Dual SUPs, Firewall Services Module, Content Switching Module, so amazing. Check out this if you're wondering why the parent and I are giddy.

It doesn't matter a whole lot... if an intruder has physical access to your gear, you're fux0red either way. And it's not like someone with physical access couldn't connect to the management console port with their laptop, cycle the power, and do the ol' password recovery hack that Cisco gear has built into it. See here for more info: Cisco Password Recovery Procedures

Not true. From Cisco's web sites we read:

"
The three major components of CSR are as follows.

* postgreSQL Database
"

I, for one, wish they used more OSS components, since at least these parts have been peer-reviewed to not have trojans or backdoors as mentioned in the article.

Find out here Its not the router Its not the radio Its not the switch Its the management platform that you can use to monitor your wireless connections. Why any company would allow network access to this device from a un-secure network is beyond me. Still don't know why its frontpage news, besides the fact it gives us a chance to bash closed source systems.

Yes. If word got out they put in a backdoor so that some guy named Sisco at Cisco could root your box, their reputation would be ruined. They would essentially be the microsoft of routers, only they don't have 95% market share so they can't just flip everyone off. (Or maybe they do have 95% market share, I don't know)

Ummmm, word did get out...


I'm sure they do extensive checking against this sort of thing.

Checking to make certain that it doesn't happen, or checking that it's in there and kept quiet ?

Do they plan on releasing a firmware update?

RTFA.

If so, how do we know they aren't going to put another backdoor into that and simply change the information?

You don't.

Is there a way they can make the firmware patch open source without giving away their other "proprietary" source?

If you own the affected products and require open source firmware patches then you should have thought of that before you bought the product. If you require open source hardware then buy open source hardware.

Snort as a recommendation is a rather good pun but, as a network sniffer (packet capture/protocol analyzer) Snort is not the answer.

Snort is an Intrusion Detection System(IDS) that monitors network traffic and performs an action when it sees a matching pattern. That action could be a log entry or it might be configured to save the packet to a file. Other actions are possible using external programs. Snort uses libpcap of TCPDump fame to monitor or capture the network traffic. Snort is useless for displaying or analyzing network traffic but, this is not a function that it was designed for.

Ethereal is a graphical protocol analyzer although it does include a command line version as well called Tethereal. Ethereal also relies on libpcap for actually capturing the network packets but, it goes much further than simply capturing network packets. Ethereal displays a break down of the packets themselves separating categorizing and displaying the various fields and data in a packet. It goes further by also decoding a long list of higher level protocols that may be included in the packet.

Ethereal is also capable of reading and decoding network traffic that has been captured and saved in other formats. Ethereal can read and save packet capture files in MS Network Monitor, NAI Sniffer Pro, and many other formats. Ethereal is increasingly recommended by companies such as Novell who actually has had their own protocol analyzer for years called Lanalyzer. Cisco support engineers are also increasingly recommending the use of Ethereal for capture and analysis of network traffic when troubleshooting potential problems with their equipment.

TCPDump has also been recommended by many people here on Slashdot.. TCPDump is a command line based protocol analyzer. It also relies on libpcap for actual packet capture but, it then displays a break down of the actual packets. Its display is not as attractive or as configurable as the graphical Ethereal and it is more limited in the number of protocols that it can interpret and disassemble but, it is still a very powerful and capable program. Further more, its output can be saved for further examination by ethereal.

Intel's "wireless everywhere" ads don't mention the need for a base station, not the likelyhood that such a station won't be found on a freaking mountain for that matter, despite what some of the ads imply.

Depends if the mountain in question is Everest or not ;)

No, the distance limit cited is 100 meters. This is not 10G to your house from the CO over copper. It's 10G from your L2 switch in the closet to your other switch in the office. "Over copper" does not mean "last mile access".

current technologies are still pretty much limited at 40Gb/s for one single fiber

Well, no. Here's a typical commercial 800 Gbps-per-fiber long-haul DWDM product (80 wavelengths x 10 Gbps/wavelength):

This one supports 120 10Gbps channels, designed for 160 at 50 GHz spacing.

OC-768 (40 Gbps) chipsets are all the rage, for 40 Gbps per individual wavelength, but a fiber carries more than one wavelength.

> "The Internet is powered by open source."
Like Cisco or Nortel?
No, like Sendmail, or Cisco's Open Source Initiative

>"The Internet is the carrier for open source."
It's also the carrier of porn and illegal copies of propritary software.
That doesn't transfer evil to (F)OSS merely by being transported the same way (except in the eyes of some people ... who run the country :-( ).

>"The Internet is also the platform through which open source is developed."
It is also the platform through which propritary software is developed.
(Thus associating proprietry software with pr0n and warez as you pointed out above. ;-> )I think the point being made is about the exapandability of the of (F)OSS development style.

>"It's simply going to be more secure than proprietary software."
Not nescessarily. Most insecurities are due to looming release dates. There is also a tradeoff between usability and security. Which is better? Depends on your mission.
Many (F)OSS projects lack big PR departments which have an alarming tendancy to set release dates and feature lists at early stages. And usability IS improving, with the improvements in KDE/Gnome, even though the GUI is not so essential for many computing uses.

>"Open source benefits from anti-American sentiments."
Not sure about this. I just got back from Kuait and there are literally hundreds of street vendors there selling propritary software.
But how many were selling legal copies? (F)OSS software companies are often not so hurt by illegal copying as propietry software companies would be.

>"Incentives around open source include the respect of one's peers."
Like the respect between the Reiser group and Linus? Why did it take so long to get that patch added? Those two crews showed as much respect as a couple of kids yelling "Did not! Did too!"
Surely that is an exceptional case. The job of Jobs/Wozniak/Gates is to make money for shareholders. The job of Torvalds/Stallman is to make great software (I think).

>"Open source means standing on the shoulders of giants."
Uuh, not sure what he means by this. I'm assuming he means IBM. What about Sun, MS, Adobe, and other closed source "Giants"?
That quotation of Newton's metaphor is a little confusing in this case. Newton (originator of quote) meant that he could start with previous scientist's public discoveries instead of wasting time having to rediscover them. (F)OSS developers can often start with bits of public existing code instead of wasting time having to reinvent them.

>"Servers have always been expensive and proprietary, but Linux runs on Intel."
So does Windows. And when you are buying a $10k server, $200 for Windows doesn't even figure into it.
He seems to be talking about disadvantages of Apple (and similar) here.

>"Embedded devices are making greater use of open source."
You have a winner here. But imbeded Windows and QNX are also players. This marker is not usually concerned with backwards compatibility and is very volitale in regards to the underlying kernel they choose. If x86 chips become prevalant, expect Windows to dominate.
But (F)OSS Kernels are far more easily and cheaply trimmable and tweakable than proprietry ones. e.g. GNU/Hurd will (eventually) have modules, which can be loaded across a (e.g. mobile phone) network as needed.

>"There are an increasing number of companies developing software that aren't software companies."
This has always been the case. Lots of companies need some app that custom-built. They don't really care where the source comes from. Since the app is rarely redistributed, they have no requirements to relea

It is very possible to have the newest AV updates and get hit by a virus.

Thus the fundamental flaw of signature based protection. Cisco has a sweet little product out called Cisco Security Agent. Check it out. My company is evaluating it now. It's a tad pricey, but it uses behavioral analysis to determine whether or not executed code is a worm, virus, or any other kind of malware. So there actually can be protection against unknown threats.

Actually it has been going on both ways - people moving from the industry to the academia and from the academia to the industry.

Just as an example, think of Jerry Yang and David Filo, Larry Page and Sergey Brin, Leonard Bosack and Sandra Lerner, Scott McNealy and Bill Joy - just to mention a few - all these people could have remained in the academia but chose to go to the industry instead.

I'm not sure if this will produce the kind of innovative stuff that came out of Bell labs, but at least fundamental research is alive!


That is the problem - the kind of monolithic no-holds-barred and no-questions-asked environment that Bell Labs provided is gone - that is what the article sought to mention towards the end. Sure, you can do something at the Universities, but not at the scale that it happened at Bell Labs.

So, it really brings us back to the question - Is fundamental research really happening, or is all research now being funded solely based on what Wall Street wants?.

It looks more and more like the days of research for the sake of in and itself are slowly coming to an end.