The objective of the Canadian TSB is to analyze the evidence and come up with findings. They are well known and well respected within the accident investigation community and there is frequently significant cooperation between the NTSB and the Canadian TSB.
Any time a Canadian registered, designed or manufactured aircraft goes down in the USA it will be the Canadian TSB involved in the investigation. The converse is also true within Canada. I think if you look up annex 13 you'll find a complete section of the Chicago Convention that deals with this.
There really are no Canadian law implications with this investigation as it is a technical investigation done by engineers, not lawyers.
Reading posts you can generally tell what product each poster owns. Point for point the Blackberries match up with the requirements. Despite personal biases they have the goods and plenty of market experience doing so.
Put another way you're asking for a bread slicer. Instead of buying the industry standard machine that slices bread you have all sorts of proposals for trying to make ninja swords do the job instead. Hey, the sword will be a lot more flashy. At the end of the day security and business focus the only real bread slicer available is the blackberry. This has been their focus from day one. Not entertainment, not the latest greatest games, plain simple secure business apps. Ask the majority of law firms, accounting firms, security firms, police forces, military and government users. Alas, they are not using android or i-ninja-swords to slice the bread. Plain simple non-nonsense BES and Blackberries.
There is also no reason why the Android couldn't do the same. Lawyers don't care about whether it would have been possible for some company to modify their product to meet the requirements of a contract - they care what was done.
RIM designed their infrastructure and device from the ground up to be secure and there is a reason why nearly all the law firms, government contractors and big business uses their devices. Apple designed their iPhone around the best user experience - 2 different objectives and this explains why they've had great success with the home type users.
The problem with this is that it's media-driven. You can't compare reliability on a vehicle until you've had 1,000,000 on the road for 5 years. You are correct that Ford has done some catchup over the last 10 years but talk to anyone in the industry and they will tell you that the money is all made repairing domestics. Their engineering strategy of cheaper cheaper cheaper means a constant supply of work for us mechanics. I love domestics because I can make a lot of $$$ off them.
Walk into your local police station, law firm, government office you don't see the business people carrying around iPhone or Android. For security sensitive applications they are almost exclusively blackberries. This comes at a cost, sluggish phones and more potential for outages as they all rely on the encrypted infrastructure. It says something when middle eastern countries want to ban the phones because their intel communities can't get into them.
So while the common user may try to measure the success or failure of RIM in the home market they are still quite strong in the business world.
This has to be the craziest thing I've ever seen misreported. I happen to work for a Canadian web email firm. This whole issue was reported as though a mysterious "hacker" crashed their email system. Hardly so.
The email in question was sent in a number of ways. They relayed copius amounts through the ISP's own mail servers and others they sent directly to the sources and others still were using a RBL relay.
The spam attack was merely a name guessing attack which 90% of their dictionary generated emails did not go anywhere anyway. The RBL relayed email was blocked automatically. The directly sent email was sent to the bit-bucket. The spam coming from their mail servers was entered into the postfix configuration and the connections got a spam refused SMTP error.
So that would explain why their mail queues got filled up. Not our problem. Not the result of any "hackers". Just the result of a closely monitored email system with good anti-spam countermeasures.
I have often bitched about how ambigous the term "Internet Service" is. It would be really nice if the CRTC in it's control brings this term out and regulates its use. Hystorically the CRTC has taken eons to move anywhere so I doubt any of this will happen in less than a few years anyway. At any rate...
What if I provided you with a high speed link to my http proxy. You get a RFC reserved IP and only access to the proxy. Is this Internet? A lot of new users and people who only surf the web would never know the difference.
I once had Internet Service with a telco (MTT) in Nova Scotia where we all had RFC reserved IPs and had NAT access through Cisco PIX firewalls. This firewall assigned a real IP to you once you accessed an exteral resouce. Problem was, your IP would sometimes change. This was supposed to curb people running FTP servers on their nice 7/4 megabit service. Imagine your SSH sessions dying every 5 minutes.
So that qualified as "Internet Service" and most people didn't have a problem with it. All of us power users had problems. All the FTP was passive. Many services never did work properly. DCC chats and file transfers never worked and a lot of other services were also broken.
The real question here is: To what degree can a company brain dammage or otherwise filter your "Internet Service" before it's not called "Internet Service" anymore.
Sometimes I think things like this can only be regulated by an organisation who has some teeth. Here are some suggestions:
Full Internet Service:
Users get a real static IP and any proxies they use would have to be fully transparent and not set to filter out any "objectional" material. If they do filter any ports they would have to list them, ie ports 137/139 are common.
Restricted Internet Service:
Same service as Full, but with dynamic IPs. Here, they should have to say how often it changes. This of course affects those of us who use persistant connections (like telnet or SSH).
Limited Internet Service:
Users are not assigned a real IP and have only limited access using non transparent proxy servers or NAT servers.
I think because there is a lot of marketing around each of these terms most ISPs would have to be more flexible about the types of service they provide. I'd be willing to pay a few more dollars for the "Full Internet Service" rather than put up with the BS behind limited service where most of the ISPs wouldn't even tell me what they filtered or the fact you didn't get a real IP. Might get rid of the "Sign up and pay the disconnect fee if you don't like what we're giving you" attitude that MTT had.
This whole trend reminds me of an old slogan used by Sun... "The network is the computer"
Remember the days when a computer was a CPU, a little RAM and a few peripherals hooked together by a PIC and a few other parts?
Now we have a motherboard that has a CPU. The CPU has an FPU that independantly does your math. You have a semi-intelligent power supply (ATX) than can turn itself on and off.
Your grapics card more than likely comes complete as an embedded computer of sorts to handle 3d. If your system is performance oriented then your SCSI card may have it's own CPU on it. This often handles tagged queues and elevator sorts requests and may even provide hardware buffering with it's own battery!
Now I see you can buy network cards with their own embedded TCP/IP stack to free up the CPU. Some of them even have high speed CPUs where they do SSL type encryption right on the network card.
So where is this going? Our desktop systems are becoming more and more like networks of small specialised computers. I think as performance demands increase we will see more and more stuff like this.
In an abstract sense the computer of the future may look like a microkernel where most of these peripherals are hooked up via a common bus. Oh damn, I had to reboot my sound card again, it keeps crashing. I can imagine it will be the flash bios hell of the future too.
I'd suggest much of the problem lies in the mail providers being unwilling to or unable to use measures to stop spam.
I own a small webmail company (fastworks.com) and we routinely get spammed. There are a number of methods people use and a number of ways to combat them.
Spammers will go out and get a dialup account, start spamming after the ISP's abuse department has gone home (usually a Friday night) and continue until someone finally pulls the plug.
These spammers will either send the spam by connecting directly to the victim's SMTP server or by using a 3rd party relay.
We combat this by subscribing to the RSS, RBL and DUP services at mail-abuse.net.
Mail sent via a dialup connection is often denied at the outset because many dialup connections are in the DUL. Open relays are often in RBL and RSS.
These two measures alone cut out more than 80% of our incoming spam.
Another popular way (among spammers) is to try the brute force method. They connect to a service with a few million subscribers and blast away with a dictionary-type attack. This usually causes the most problems on a network side because the victim mail server has to contend with 100,000 plus bounces in a few hours. This tends to fill mail queues quite fast.
Some of the most popular mail systems (which shall remain nameless) combat this problem by not bouncing after a threshold has been reached. This, although a simple method still allows the spam to get through.
I refuse to believe that I'm any smarter (maybe faster, but not smarter) than the folks running yahoomail and hotmail, but it makes a lot more sense to me to have the delivery agent blackhole (delete) this spam as it arrives based on the source IP, email address and even the content. It doesn't take much logic to detect a host that sends you 100,000 messages in an hour where 90% of them bounce.
This cuts out 99.9% of bruteforce spam. It saves us on disk space since the spam is never delivered, and it saves on CPU cycles since the SPAM lands in/dev/null as soon as it is received rather than bouncing all over kingdom come.
I believe a very effective way to stop spam is to regulate that each ISP must specify valid SMTP servers much in the same way there is a whois database with all the DNS servers listed. If we do this, then organisations can easily choose to deny all messages coming from dialup connections and it leaves spammers with only one method of sending spam. They would have to use their local ISP's SMTP relay to get their spam out. This would be trivial for the ISP to find and shut down. It would also bring stronger incentives to monitor and stop such activity if their own SMTP servers were being hit.
Slashdot Mirror
The objective of the Canadian TSB is to analyze the evidence and come up with findings. They are well known and well respected within the accident investigation community and there is frequently significant cooperation between the NTSB and the Canadian TSB.
Any time a Canadian registered, designed or manufactured aircraft goes down in the USA it will be the Canadian TSB involved in the investigation. The converse is also true within Canada. I think if you look up annex 13 you'll find a complete section of the Chicago Convention that deals with this.
There really are no Canadian law implications with this investigation as it is a technical investigation done by engineers, not lawyers.
Reading posts you can generally tell what product each poster owns. Point for point the Blackberries match up with the requirements. Despite personal biases they have the goods and plenty of market experience doing so.
Put another way you're asking for a bread slicer. Instead of buying the industry standard machine that slices bread you have all sorts of proposals for trying to make ninja swords do the job instead. Hey, the sword will be a lot more flashy. At the end of the day security and business focus the only real bread slicer available is the blackberry. This has been their focus from day one. Not entertainment, not the latest greatest games, plain simple secure business apps. Ask the majority of law firms, accounting firms, security firms, police forces, military and government users. Alas, they are not using android or i-ninja-swords to slice the bread. Plain simple non-nonsense BES and Blackberries.
There is also no reason why the Android couldn't do the same. Lawyers don't care about whether it would have been possible for some company to modify their product to meet the requirements of a contract - they care what was done.
RIM designed their infrastructure and device from the ground up to be secure and there is a reason why nearly all the law firms, government contractors and big business uses their devices. Apple designed their iPhone around the best user experience - 2 different objectives and this explains why they've had great success with the home type users.
The problem with this is that it's media-driven. You can't compare reliability on a vehicle until you've had 1,000,000 on the road for 5 years. You are correct that Ford has done some catchup over the last 10 years but talk to anyone in the industry and they will tell you that the money is all made repairing domestics. Their engineering strategy of cheaper cheaper cheaper means a constant supply of work for us mechanics. I love domestics because I can make a lot of $$$ off them.
Walk into your local police station, law firm, government office you don't see the business people carrying around iPhone or Android. For security sensitive applications they are almost exclusively blackberries. This comes at a cost, sluggish phones and more potential for outages as they all rely on the encrypted infrastructure. It says something when middle eastern countries want to ban the phones because their intel communities can't get into them.
So while the common user may try to measure the success or failure of RIM in the home market they are still quite strong in the business world.
This has to be the craziest thing I've ever seen misreported. I happen to work for a Canadian web email firm. This whole issue was reported as though a mysterious "hacker" crashed their email system. Hardly so.
The email in question was sent in a number of ways. They relayed copius amounts through the ISP's own mail servers and others they sent directly to the sources and others still were using a RBL relay.
The spam attack was merely a name guessing attack which 90% of their dictionary generated emails did not go anywhere anyway. The RBL relayed email was blocked automatically. The directly sent email was sent to the bit-bucket. The spam coming from their mail servers was entered into the postfix configuration and the connections got a spam refused SMTP error.
So that would explain why their mail queues got filled up. Not our problem. Not the result of any "hackers". Just the result of a closely monitored email system with good anti-spam countermeasures.
I have often bitched about how ambigous the term "Internet Service" is. It would be really nice if the CRTC in it's control brings this term out and regulates its use. Hystorically the CRTC has taken eons to move anywhere so I doubt any of this will happen in less than a few years anyway. At any rate...
What if I provided you with a high speed link to my http proxy. You get a RFC reserved IP and only access to the proxy. Is this Internet? A lot of new users and people who only surf the web would never know the difference.
I once had Internet Service with a telco (MTT) in Nova Scotia where we all had RFC reserved IPs and had NAT access through Cisco PIX firewalls. This firewall assigned a real IP to you once you accessed an exteral resouce. Problem was, your IP would sometimes change. This was supposed to curb people running FTP servers on their nice 7/4 megabit service. Imagine your SSH sessions dying every 5 minutes.
So that qualified as "Internet Service" and most people didn't have a problem with it. All of us power users had problems. All the FTP was passive. Many services never did work properly. DCC chats and file transfers never worked and a lot of other services were also broken.
The real question here is: To what degree can a company brain dammage or otherwise filter your "Internet Service" before it's not called "Internet Service" anymore.
Sometimes I think things like this can only be regulated by an organisation who has some teeth. Here are some suggestions:
Full Internet Service:
Users get a real static IP and any proxies they use would have to be fully transparent and not set to filter out any "objectional" material. If they do filter any ports they would have to list them, ie ports 137/139 are common.
Restricted Internet Service:
Same service as Full, but with dynamic IPs. Here, they should have to say how often it changes. This of course affects those of us who use persistant connections (like telnet or SSH).
Limited Internet Service:
Users are not assigned a real IP and have only limited access using non transparent proxy servers or NAT servers.
I think because there is a lot of marketing around each of these terms most ISPs would have to be more flexible about the types of service they provide. I'd be willing to pay a few more dollars for the "Full Internet Service" rather than put up with the BS behind limited service where most of the ISPs wouldn't even tell me what they filtered or the fact you didn't get a real IP. Might get rid of the "Sign up and pay the disconnect fee if you don't like what we're giving you" attitude that MTT had.
-Michael
This whole trend reminds me of an old slogan used by Sun... "The network is the computer"
Remember the days when a computer was a CPU, a little RAM and a few peripherals hooked together by a PIC and a few other parts?
Now we have a motherboard that has a CPU. The CPU has an FPU that independantly does your math. You have a semi-intelligent power supply (ATX) than can turn itself on and off.
Your grapics card more than likely comes complete as an embedded computer of sorts to handle 3d. If your system is performance oriented then your SCSI card may have it's own CPU on it. This often handles tagged queues and elevator sorts requests and may even provide hardware buffering with it's own battery!
Now I see you can buy network cards with their own embedded TCP/IP stack to free up the CPU. Some of them even have high speed CPUs where they do SSL type encryption right on the network card.
So where is this going? Our desktop systems are becoming more and more like networks of small specialised computers. I think as performance demands increase we will see more and more stuff like this.
In an abstract sense the computer of the future may look like a microkernel where most of these peripherals are hooked up via a common bus. Oh damn, I had to reboot my sound card again, it keeps crashing. I can imagine it will be the flash bios hell of the future too.
-Michael
I own a small webmail company (fastworks.com) and we routinely get spammed. There are a number of methods people use and a number of ways to combat them.
Spammers will go out and get a dialup account, start spamming after the ISP's abuse department has gone home (usually a Friday night) and continue until someone finally pulls the plug.
These spammers will either send the spam by connecting directly to the victim's SMTP server or by using a 3rd party relay.
We combat this by subscribing to the RSS, RBL and DUP services at mail-abuse.net.
Mail sent via a dialup connection is often denied at the outset because many dialup connections are in the DUL. Open relays are often in RBL and RSS.
These two measures alone cut out more than 80% of our incoming spam.
Another popular way (among spammers) is to try the brute force method. They connect to a service with a few million subscribers and blast away with a dictionary-type attack. This usually causes the most problems on a network side because the victim mail server has to contend with 100,000 plus bounces in a few hours. This tends to fill mail queues quite fast.
Some of the most popular mail systems (which shall remain nameless) combat this problem by not bouncing after a threshold has been reached. This, although a simple method still allows the spam to get through.
I refuse to believe that I'm any smarter (maybe faster, but not smarter) than the folks running yahoomail and hotmail, but it makes a lot more sense to me to have the delivery agent blackhole (delete) this spam as it arrives based on the source IP, email address and even the content. It doesn't take much logic to detect a host that sends you 100,000 messages in an hour where 90% of them bounce.
This cuts out 99.9% of bruteforce spam. It saves us on disk space since the spam is never delivered, and it saves on CPU cycles since the SPAM lands in /dev/null as soon as it is received rather than bouncing all over kingdom come.
I believe a very effective way to stop spam is to regulate that each ISP must specify valid SMTP servers much in the same way there is a whois database with all the DNS servers listed. If we do this, then organisations can easily choose to deny all messages coming from dialup connections and it leaves spammers with only one method of sending spam. They would have to use their local ISP's SMTP relay to get their spam out. This would be trivial for the ISP to find and shut down. It would also bring stronger incentives to monitor and stop such activity if their own SMTP servers were being hit.
Now if only we can stop ICQ spam...
-Michael