Wow. That was an amazing thing the community did, and I have to believe slashdot helped. I think it would be great if there were a continuing thread on/. that just focuses on worthy projects that need help.
And here is a great article from researcher Rainer Bohme that explains why it's hard. It's a fairly technical paper, but one big issue is that insurance companies operate on a reserve that assumes catastrophic events are bounded, perhaps by region. That's not the case with correlated cyber-risks. This is explained in Section 3.
Of course shipping costs exist for brick and mortar purchases. It's just that they are borne by the brick and mortar store. By the way, depending on where you live, you may be violating state law by not paying the sales tax in your state when Amazon doesn't pay it for you.
Thanks for the informative post that was on topic. One question: with 1588 what sort of hierarchy do you set up? Does everyone have a rubidium or cesium clock attached?
I don't know who in Cisco your SP has been speaking with, but even within Cisco opinions vary. What we would probably all agree, however, is that people should pay attention to what is going on with v4 run-out, and particularly service providers, whose very growth has been tied to their unhindered ability to get address space.
How customers should react, however, is a far more complex matter that requires thoughtful consideration.
Many many nations have signed the Council of Europe's Convention on Cybercrime. At least one study in Singapore showed that acceding to the treaty, or even implementing provisions without acceding to it, reduces cybercrime within borders. See http://weis09.infosecon.net/ for the paper.
This report is perhaps based on a false premise. While it may be true that 5% of all the users are using 50% of the bandwidth, that's only because the rest of us aren't as demanding. Were we so demanding, TCP, which is what most of the world runs on, would provide more of a fair share. It wouldn't be perfect, mind you, but particularly with WFQ, if you're using more there is a larger chance that your traffic will drop. This doesn't hold true with UDP-based applications that are less friendly to the network.
Also, where is that 50% measured? Is it on peering points or is it at the access point? If it's at the access point then (A) it could be p2p traffic that never transits a backbone and (B) some of that traffic could be dealt with by making arrangements with content providers like Akamai to bring the content closer.
Users running Windows 9x who are connected to the internet already have so much spyware and viruses that running an unsupported version of Firefox won't be much of a problem in comparision.
Precisely so. And what is the likelihood of such people upgrading anything?
The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks.
Disarm an intrusion?! Because the intrusion is armed?
One major change the article fails to recognize was the shift from control of the Internet from the U.S. military to NSF. People forget, but the military could and did exercise its power to control the ARPANET. My own alma mater had its connection yanked because someone tweaked a general. Talk about AUPs!
In addition, NSFNET required a new tiered routing architecture. Regionals connected many different end systems together through an IGP (either IGRP, RIP, or later on OSPF) and then those regionals connected via EGP and later BGP. The ARPANET was relatively flat in comparison. The regional model provided impetus to develop mechanisms that are very similar to what we have today.
Check out this article about how the Supreme Court earlier in the year revived the obviosness standard. This was one of several decisions that went against patent trolls, and leads me to believe that the justices actually read the newspaper.
Now if Congress took less money from the trolls, perhaps there would be stronger legislative reform.
I think many people are missing the primary challenge that the iPhone (or any other handheld device) faces for enterprises: VPN software is far from standardized. Beyond that Apple hasn't really gone out of their way to make the phone Enterprise friendly. For instance, enterprises like installing all sorts of crap on your device to ensure that it malfunctions rather than give away a single phone number in their personel directory. Paradoxically, open platforms allow for such shenanigans, while this thing doesn't.
I think the point is that "reputation" is a very vague term. When it's used elsewhere it is constrained to very specific sorts of behavior. For instance, my FICO score is based on the likelihood I will repay my debts. It cannot be used for other things. Perhaps some of us who have great reputations on/. don't have a good FICO score, could be spammers, and might even have a lot of bad feedback on eBay. Who knows?
So when we talk about "reputation" we have to constrain to specific questions that begin with "What is the likelihood that..." and end with things like:
- a message will not be spam/malware/phishing?
- an individual will follow through on his or her eBay obligations?
- a person will contribute positively to a discussion group such as this?
- will pay her debts?
- etc
All of this is predicated on the idea that we have some identity system to distinguish individuals AND that we can meaningfully understand what it means to have a good, bad, and neutral reputation (or shades thereof).
Furthermore, any reputation system has to be responsive. Even the financial ones today leave a gap. I could go apply for a bunch of credit cards at the same time, for instance, and the likelihood is that they'd get approved, in part because their reputation service is not responsive.
It should come as no shock that ISPs are shaping traffic. They're out to make money and they only have so much bandwidth, now that the glut has been absorbed. That's not unreasonable. What would be unreasonable is if they advertise video access and then do something like this.
If you're not getting the service you expect form your ISP, you should call them (which by the way, really costs them quite a bit of money), and complain. If they can't or won't satisfy you, you should find another SP who will. Competition is important, and while it's difficult to find in the US and perhaps even moreso in the UK, alternatives should be encouraged. Just remember that you can't get something for nothing. That bandwidth does cost money.
... in the book Moneyball by Michael Lewis. He follows Billy Beane through a season with the Oakland As, where they beat their division even though they were outspent by nearly every other team. This prompted former Fed Chair Paul Volker to comment that Beane had found a market inefficiency. He had used such an inefficiency, but it wasn't Beane who had found it.
To do this right, however, you have to do legwork, because according to the model described in Moneyball, On Base Percentage is really what you're after, not batting average, and from a pitching/fielding perspective you want to do something more nuanced. He broke the field out into zones and provided feedback based on that. My recollection is that he didn't go into too many details about that part.
The important part was to get a $/runs scored number.
Funny how this came out just as we are hearing on NPR that the FBI underreported by 20% their use of so-called "National Security Letters", and how there is insufficient oversight on their use, according to the DOJ inspector general.
First of all, it's really not the OS developers that are at issue here, but the application developers. These are the people who will get the calls when something in Office 2007 breaks on Windows 2000. Even before those calls come in, there is a QA matrix that has to be satisfied. The more supported versions the longer it takes to get new software out the door. Moreover, sometimes those OS version differences cause ugliness in the application code, particularly when some might be classed "cruddy little fixes" for a version that is obsolete.
So there are a lot of reasons for MSFT to not want to do support W2K. If you don't like their business practices, don't buy their product.
There is a paper about this in SIGCOMM 1997 (!) by Nielsen, Gettys, et al that goes into far more detail of the "whys" and "wherefores". I'm not sure this shows ANYTHING new. In fact, what this gentleman demonstrates is the way that TCP windows work. By spreading requests over four hosts you are in effect getting four times the window size, arguably more than your fair share. Without looking at the aggregate impact, one cannot really judge what's going on.
Also, the reason pipelining is turned off by default in many browsers is that there are a lot of middleboxes that can't handle it.
There are certainly problems with DomainKey and DKIM but I cannot glean from what you wrote that you and I agree on what those problems are. If you do NOT modify the body or one of the protected headers, DKIM will pass validation no problem (I say this as someone who has his mail validated this way every day).
I will speak to DKIM since that is what the IETF is standardizing on, and that is the code you can get for free on SourceForge.
DKIM's biggest advantage is that it does not care about how the mail gets to your mailbox, that there might be intervening MX forwarders or other mechanisms, that convolute the path, and that these may or may not participate in whatever path-based games SPF and Sender-ID presume.
DKIM's biggest disadvantage is not for everyday mail, but primarily relating to mailing lists, where validation of the content becomes a problem, when it is altered. A DKIM header contains a header signature and a body hash. The body hash becomes invalid when you add stuff like mailing list info, or if you normalize the output in any way, which some systems do.
The answer to all of this is for those systems to take responsibility for the message and apply appropriate policies before forwarding. This means that a mailing list should, yes, check whatever reputation service and then make a decision as to whether or not the sender is to be trusted (assuming a valid and acceptable signature).
It also means that corporate mail servers should perform validation PRIOR to any monkeying of the headers or the body. Whatever fragility can thus be mitigated.
There is no need for pirate radio. The whole pirate radio thing is about "fighting the Man". The Man does not (yet) control internet radio. It's a battle you don't need to fight.
Absolutely. This article talks about a bunch of people who want to be heard. No better place for that than the Internet. Now if only someone could provide a decent organization of the cacaphony of voices out here...
On the other hand, it does bother me that somewhere along the way we forgot that the airwaves are a public trust, and that many licensed radio stations all are run from a single point, meaning I can go from one end of the country to the other, listening to the same music with little if any regional variation, or for that matter care for regional issues or concerns. I am curious about how many of those Clear Channel stations actually provided useful and timely information to the people of New Orleans last year. I wonder how well they upheld that trust. And I wonder if a pirate radio station would do better.
By the way, as I recall from my read of Part 79 (the Ham code), you have a right to broadcast on any frequency in order to save life and limb.
Having lived in the Valley for nearly 20 year I spent most of my adult life hearing the legend of Hewlett and Packard. And these two men meant a lot to the Valley. They gave generously and their foundations continue to do so. Between the Children's Wing of the Stanford Hospital to MBARI to the vintage movie in Palo Alto to public radio, these people and their money have done quite a lot of good. HP as a company back then was a fine establishment, and while today I'm sure there are fine people there, I bet both men would be rolling in their graves.
And so it's just sad to see their legacy trashed. I can't say why, but from the moment the board picked Carly Fiorina, things just went south. I am not an HP shareholder. I don't think I could be one until everyone on the current board was gone. If you are a shareholder, that should bother you, because I'm sure I'm not alone.
Were I a shareholder, I would propose that not a single member of the board stand for re-election, so that after some period of time a new board would run the company.
Direct TV bandwidth is ammortized over millions of people and I'll bet there are few if any handoffs.
careful how you read that... all's not gold
on
Google In-Flight WiFi?
·
· Score: 3, Insightful
I've learned never to discount possibilities, and Google employing WiFi somewhere other than Mountain View seems like a possibility. However...
Doing anything with moving vehicles costs real money, and no more so than with airplanes, where the coverage has to be extremely broad, and the RF issues and internet routing are non-trivial. There's a reason why Boeing got out of the business: they couldn't make it cost effective. It's not that people don't want to send and receive mail periodically in the air, but they sure as heck don't do it in huge numbers at the price Connexion could deliver.
Furthermore, there is an entrenched base in airports. Typically in the US it's a company like T-Mobile who *do* offer decent service at attractive rates. And what do people do when they get to their airport and jack in? They connect to their VPNs. So it's not like Google can even insert ads in that sort of environment or provide searching or what have you. So sure, they could offer a service, but it's got to go head to head with others with little technical advantage, if any, and perhaps some disadvantage, such as lack fo bilateral aggregation agreements.
So, I look forward to more good stuff from Google, but let's keep reality in sight.
According to the Computer Industry Almanac the U.S. uses 25% of the world's PCs. While I know our broadband penetration is not has high as other countries, we sure have a lot of hardware. Another thing to look at would be total messages in/out versus total messages claimed as spam. Sophos doesn't give us that piece of information. At least last year, Andrei Serjantov and Richard Clayton had done some work along those very lines in a paper found here. I don't know if they've updated it.
I have no idea why WGA issued a warning either, but I can say that if it had anything to do with a version of something installed on a VM, you would think that's a pretty esoteric corner case that some developer should just live with.
On the other hand, how many Microsoft systems are really all that vanilla these days? Perhaps the way WGA gets paid for is through Microsoft's 900 support number?
Slashdot Mirror
Wow. That was an amazing thing the community did, and I have to believe slashdot helped. I think it would be great if there were a continuing thread on /. that just focuses on worthy projects that need help.
And here is a great article from researcher Rainer Bohme that explains why it's hard. It's a fairly technical paper, but one big issue is that insurance companies operate on a reserve that assumes catastrophic events are bounded, perhaps by region. That's not the case with correlated cyber-risks. This is explained in Section 3.
Of course shipping costs exist for brick and mortar purchases. It's just that they are borne by the brick and mortar store. By the way, depending on where you live, you may be violating state law by not paying the sales tax in your state when Amazon doesn't pay it for you.
Thanks for the informative post that was on topic. One question: with 1588 what sort of hierarchy do you set up? Does everyone have a rubidium or cesium clock attached?
I don't know who in Cisco your SP has been speaking with, but even within Cisco opinions vary. What we would probably all agree, however, is that people should pay attention to what is going on with v4 run-out, and particularly service providers, whose very growth has been tied to their unhindered ability to get address space.
How customers should react, however, is a far more complex matter that requires thoughtful consideration.
(not speaking for Cisco but myself).
Many many nations have signed the Council of Europe's Convention on Cybercrime. At least one study in Singapore showed that acceding to the treaty, or even implementing provisions without acceding to it, reduces cybercrime within borders. See http://weis09.infosecon.net/ for the paper.
This report is perhaps based on a false premise. While it may be true that 5% of all the users are using 50% of the bandwidth, that's only because the rest of us aren't as demanding. Were we so demanding, TCP, which is what most of the world runs on, would provide more of a fair share. It wouldn't be perfect, mind you, but particularly with WFQ, if you're using more there is a larger chance that your traffic will drop. This doesn't hold true with UDP-based applications that are less friendly to the network.
Also, where is that 50% measured? Is it on peering points or is it at the access point? If it's at the access point then (A) it could be p2p traffic that never transits a backbone and (B) some of that traffic could be dealt with by making arrangements with content providers like Akamai to bring the content closer.
Users running Windows 9x who are connected to the internet already have so much spyware and viruses that running an unsupported version of Firefox won't be much of a problem in comparision.
Precisely so. And what is the likelihood of such people upgrading anything?
The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks.
Disarm an intrusion?! Because the intrusion is armed?
One major change the article fails to recognize was the shift from control of the Internet from the U.S. military to NSF. People forget, but the military could and did exercise its power to control the ARPANET. My own alma mater had its connection yanked because someone tweaked a general. Talk about AUPs!
In addition, NSFNET required a new tiered routing architecture. Regionals connected many different end systems together through an IGP (either IGRP, RIP, or later on OSPF) and then those regionals connected via EGP and later BGP. The ARPANET was relatively flat in comparison. The regional model provided impetus to develop mechanisms that are very similar to what we have today.
Check out this article about how the Supreme Court earlier in the year revived the obviosness standard. This was one of several decisions that went against patent trolls, and leads me to believe that the justices actually read the newspaper. Now if Congress took less money from the trolls, perhaps there would be stronger legislative reform.
I think many people are missing the primary challenge that the iPhone (or any other handheld device) faces for enterprises: VPN software is far from standardized. Beyond that Apple hasn't really gone out of their way to make the phone Enterprise friendly. For instance, enterprises like installing all sorts of crap on your device to ensure that it malfunctions rather than give away a single phone number in their personel directory. Paradoxically, open platforms allow for such shenanigans, while this thing doesn't.
I think the point is that "reputation" is a very vague term. When it's used elsewhere it is constrained to very specific sorts of behavior. For instance, my FICO score is based on the likelihood I will repay my debts. It cannot be used for other things. Perhaps some of us who have great reputations on /. don't have a good FICO score, could be spammers, and might even have a lot of bad feedback on eBay. Who knows?
So when we talk about "reputation" we have to constrain to specific questions that begin with "What is the likelihood that..." and end with things like:
- a message will not be spam/malware/phishing?
- an individual will follow through on his or her eBay obligations?
- a person will contribute positively to a discussion group such as this?
- will pay her debts?
- etc
All of this is predicated on the idea that we have some identity system to distinguish individuals AND that we can meaningfully understand what it means to have a good, bad, and neutral reputation (or shades thereof).
Furthermore, any reputation system has to be responsive. Even the financial ones today leave a gap. I could go apply for a bunch of credit cards at the same time, for instance, and the likelihood is that they'd get approved, in part because their reputation service is not responsive.
It should come as no shock that ISPs are shaping traffic. They're out to make money and they only have so much bandwidth, now that the glut has been absorbed. That's not unreasonable. What would be unreasonable is if they advertise video access and then do something like this.
If you're not getting the service you expect form your ISP, you should call them (which by the way, really costs them quite a bit of money), and complain. If they can't or won't satisfy you, you should find another SP who will. Competition is important, and while it's difficult to find in the US and perhaps even moreso in the UK, alternatives should be encouraged. Just remember that you can't get something for nothing. That bandwidth does cost money.
... in the book Moneyball by Michael Lewis. He follows Billy Beane through a season with the Oakland As, where they beat their division even though they were outspent by nearly every other team. This prompted former Fed Chair Paul Volker to comment that Beane had found a market inefficiency. He had used such an inefficiency, but it wasn't Beane who had found it.
To do this right, however, you have to do legwork, because according to the model described in Moneyball, On Base Percentage is really what you're after, not batting average, and from a pitching/fielding perspective you want to do something more nuanced. He broke the field out into zones and provided feedback based on that. My recollection is that he didn't go into too many details about that part.
The important part was to get a $/runs scored number.
Funny how this came out just as we are hearing on NPR that the FBI underreported by 20% their use of so-called "National Security Letters", and how there is insufficient oversight on their use, according to the DOJ inspector general.
First of all, it's really not the OS developers that are at issue here, but the application developers. These are the people who will get the calls when something in Office 2007 breaks on Windows 2000. Even before those calls come in, there is a QA matrix that has to be satisfied. The more supported versions the longer it takes to get new software out the door. Moreover, sometimes those OS version differences cause ugliness in the application code, particularly when some might be classed "cruddy little fixes" for a version that is obsolete.
So there are a lot of reasons for MSFT to not want to do support W2K. If you don't like their business practices, don't buy their product.
There is a paper about this in SIGCOMM 1997 (!) by Nielsen, Gettys, et al that goes into far more detail of the "whys" and "wherefores". I'm not sure this shows ANYTHING new. In fact, what this gentleman demonstrates is the way that TCP windows work. By spreading requests over four hosts you are in effect getting four times the window size, arguably more than your fair share. Without looking at the aggregate impact, one cannot really judge what's going on.
Also, the reason pipelining is turned off by default in many browsers is that there are a lot of middleboxes that can't handle it.
There are certainly problems with DomainKey and DKIM but I cannot glean from what you wrote that you and I agree on what those problems are. If you do NOT modify the body or one of the protected headers, DKIM will pass validation no problem (I say this as someone who has his mail validated this way every day).
I will speak to DKIM since that is what the IETF is standardizing on, and that is the code you can get for free on SourceForge. DKIM's biggest advantage is that it does not care about how the mail gets to your mailbox, that there might be intervening MX forwarders or other mechanisms, that convolute the path, and that these may or may not participate in whatever path-based games SPF and Sender-ID presume. DKIM's biggest disadvantage is not for everyday mail, but primarily relating to mailing lists, where validation of the content becomes a problem, when it is altered. A DKIM header contains a header signature and a body hash. The body hash becomes invalid when you add stuff like mailing list info, or if you normalize the output in any way, which some systems do.
The answer to all of this is for those systems to take responsibility for the message and apply appropriate policies before forwarding. This means that a mailing list should, yes, check whatever reputation service and then make a decision as to whether or not the sender is to be trusted (assuming a valid and acceptable signature).
It also means that corporate mail servers should perform validation PRIOR to any monkeying of the headers or the body. Whatever fragility can thus be mitigated.
There is no need for pirate radio. The whole pirate radio thing is about "fighting the Man". The Man does not (yet) control internet radio. It's a battle you don't need to fight.
Absolutely. This article talks about a bunch of people who want to be heard. No better place for that than the Internet. Now if only someone could provide a decent organization of the cacaphony of voices out here...
On the other hand, it does bother me that somewhere along the way we forgot that the airwaves are a public trust, and that many licensed radio stations all are run from a single point, meaning I can go from one end of the country to the other, listening to the same music with little if any regional variation, or for that matter care for regional issues or concerns. I am curious about how many of those Clear Channel stations actually provided useful and timely information to the people of New Orleans last year. I wonder how well they upheld that trust. And I wonder if a pirate radio station would do better.
By the way, as I recall from my read of Part 79 (the Ham code), you have a right to broadcast on any frequency in order to save life and limb.
Having lived in the Valley for nearly 20 year I spent most of my adult life hearing the legend of Hewlett and Packard. And these two men meant a lot to the Valley. They gave generously and their foundations continue to do so. Between the Children's Wing of the Stanford Hospital to MBARI to the vintage movie in Palo Alto to public radio, these people and their money have done quite a lot of good. HP as a company back then was a fine establishment, and while today I'm sure there are fine people there, I bet both men would be rolling in their graves.
And so it's just sad to see their legacy trashed. I can't say why, but from the moment the board picked Carly Fiorina, things just went south. I am not an HP shareholder. I don't think I could be one until everyone on the current board was gone. If you are a shareholder, that should bother you, because I'm sure I'm not alone.
Were I a shareholder, I would propose that not a single member of the board stand for re-election, so that after some period of time a new board would run the company.
Direct TV bandwidth is ammortized over millions of people and I'll bet there are few if any handoffs.
I've learned never to discount possibilities, and Google employing WiFi somewhere other than Mountain View seems like a possibility. However...
Doing anything with moving vehicles costs real money, and no more so than with airplanes, where the coverage has to be extremely broad, and the RF issues and internet routing are non-trivial. There's a reason why Boeing got out of the business: they couldn't make it cost effective. It's not that people don't want to send and receive mail periodically in the air, but they sure as heck don't do it in huge numbers at the price Connexion could deliver.
Furthermore, there is an entrenched base in airports. Typically in the US it's a company like T-Mobile who *do* offer decent service at attractive rates. And what do people do when they get to their airport and jack in? They connect to their VPNs. So it's not like Google can even insert ads in that sort of environment or provide searching or what have you. So sure, they could offer a service, but it's got to go head to head with others with little technical advantage, if any, and perhaps some disadvantage, such as lack fo bilateral aggregation agreements.
So, I look forward to more good stuff from Google, but let's keep reality in sight.
According to the Computer Industry Almanac the U.S. uses 25% of the world's PCs. While I know our broadband penetration is not has high as other countries, we sure have a lot of hardware. Another thing to look at would be total messages in/out versus total messages claimed as spam. Sophos doesn't give us that piece of information. At least last year, Andrei Serjantov and Richard Clayton had done some work along those very lines in a paper found here. I don't know if they've updated it.
I have no idea why WGA issued a warning either, but I can say that if it had anything to do with a version of something installed on a VM, you would think that's a pretty esoteric corner case that some developer should just live with.
On the other hand, how many Microsoft systems are really all that vanilla these days? Perhaps the way WGA gets paid for is through Microsoft's 900 support number?