Hey, I even own some FON (Sprint) and PCS (Sprint PCS) stock, and I think this is bad idea. Set aside the long distance telephone service stuff (which is a whole other topic), and just look at the Internet side of it. A combined Sprint/MCI WorldCom would have control over way too much of the Internet.
MCI Worldcom has UUNET, as well as what was ANS, and they provide network services to AOL. The run some of the MAEs. They have lots of connections and POPs outside the US, too. They are probably providing backbone services to about 25% of the Internet (they were backbone for 20.45% of the ISPs in north america according to the winter 98 boardwatch directory). They are just huge.
Sprint IP Services is the backbone for another good chunk of the Internet -- probably another 25% (22.39% of the '98 NA ISP market per boardwatch). Sprint runs the New York NAP. They own a 28% stake in EarthLink, btw, (prior to the EarthLink/MindSpring merger). Post merger, EarthLink will have about 3 million subs, which they say will make them the #2 dialup ISP in the world.
So, post-merger McISprintCom would be providing backbone services to something like 50% of the other Internet providers in the world, including AOL (12+ million subs), and will have a "broad business relationship" with EarthLink (3+ million subs).
And this is just counting backbone connections for ISPs and some of the subs -- I imagine that in terms of actual flow of packets (total sent/recieved on the whole network, transit and peering arraingments) they would have a bigger percentage, because WorldCom/UUNET/ANS and Sprint also have (as far as I know) the majority of the really fast pipes (OC-48s and OC-192s) on the Internet, and the BFRs to go with them.
Hmm, talk about a good company for the NSA to buddy up to for installing packet sniffers....
Just as MCI was forced to sell of Internet business of MCI (to cable and wireless) before the MCI/WorldCom merger was completed, they will probably be forced to sell off some of their Internet provider holdings -- they question is, who will buy them, and what sort of new mess will that be?
Providing all of the information and analysis that that goes along with finding and reporting a problem is only proper. It is rather like publishing a scientific research paper on an experiment -- you should give people enough information that they should be able to reproduce your results independantly.
Phrack and other security publications generally don't have the focus of showing you all the cool 'sploits of the day, but instead try to teach you how to THINK about security and other issues from a programming and design standpoint.
Sure, they have to provide some examples along the way. And as the previous AC mentioned, full disclosure information resources like BUGTRAQ are one of the only reasons that a lot of vendors ever actually fix anything.
You say that you don't need to know the details about a problem if there is a patch available. This is just wrong. Do you know how many times Microsoft (or other vendors) have issued a patch that only protects you against one specific implimentation of an exploit (usually the one posted on BUGTRAQ) instead of actualy re-designing the problem area properly? (I don't know exactly how many either, but lots of times. Remember
It is like finding out someone who has a locksmith kit can pick your locks, so you just re-key your door or add another lock. Doh! You still are not any more secure.
I have setup a few of of the cubes and RaQ2s. Nice little units. Good for the commandline challenged masses for doing web their own web site administration.
Of course, everthing can be done via the command line if you want. Too bad they can't ship with ssh installed.
Yes, there are a lot of bad contractors out there. Yes, There are bad consultants. Yes, too many are motivated by money alone.
But most consultants are {should} be different from the sort that most people seem to have experienced and are commenting on here.
I am a consultant. I work for myself, sub-contract out for additional help only when needed for a specific area. I tend to maintain my relationships with clients for years, even if they only have me do a few dozen billable hours of work for them per year, unless they are completely unreasonable or don't pay their bills.
The pay is nice (easily twice what I can make in my state [Maine] as a employee most places). But I don't consult because of the money. I am a consultant because I *hate* doing the same thing every day, and I want to be using and implimenting fairly new stuff on a regular basis.
As a consultant, I get to see and use a lot of new technology, and gain experience in a lot of different settings. I get to work with all kinds of people and different types of projects. I have even cut my rates to work on a project from time to time, because the project looked like fun or was interesting in some way.
People hire me because I get the job|project done and can resolve problems (or better yet, anticipate problems) that leave their own guys stumped, or at the mercy of their vendors. I usually work directly with the customer's IT staff, and am often given day-to-day management oversight of their staff for the duration of a project.
I believe the fact that I work on many different projects for many different people is a value add for my clients. I can't tell you how many times I have been able to tell someone "you want to watch out for X when you do Y" because of experience that I gained on another client's project.
I also hate office politics and the other BS that often goes on in organziations (ever have to chase paperwork for 3 hours to buy a $100 part?). As a consultant, I am an outsider. I can tell the management or the CIO or whomever EXACTLY what is wrong with their methods or ideas or who isn't pulling their weight, and not have to really deal with the politics, if I don't want to. It is not that this gives me a license to be rude, but rather, an opportunity to be completely honest with them. Sometimes this doesn't go over very well, but often times, they are glad to hear it.
A good consultant should be able to save you time, money, or both on your project. They should be able to represent your best interests in all areas, especially when dealing with vendors and outside contractors. Consultants should be vendor neutral. A big pet peeve of mine are the so called "consultants" that are really just resellers for a set of product lines, and really only want to sell you their "solution package". Consultants should only sell their time and expertise, and nothing else. I very rarely ever let a vendor or contractor group so much as buy me a drink.
One of my own personal goals is to always bring enough value to a project (through cost savings or time savings) that it more than pays for my consulting fees.
In short, an outside consultant should be hired for the same sort of reasons that you might hire a good lawyer, accountant, or other professional: to help you with major planning or processes, to give you access to a depth of knowledge and experience you don't have in-house, and to kick some major butt when and where you need it.
Absolutely. SCO is going to die or have to change form radically.
Their sales force sounds pretty desperate these days -- I get calls just about every week from them following up inquiries I made for clients months ago, and a least one blast of FAX spam a month, trying to wring out all of the Y2K upgrade business they can.
As I have said here before, there is a lot of old SCO boxes out there, and most seem to be moving to linux.
It was very informative when I was checking into Linux support for some SCO apps that clients needed to run under Linux. With one exception, every vendor I talked to either already had a linux port, or was in the process of beta testing their linux port. And most had a very minimal charge for 'cross grading' their app from SCO to Linux.
The exception is Computer Associates' MLINK. They have a version for just about every odd ball unix around, except for Linux. And they don't appear interested in porting; don't know why. (yeah, MLINK is crap, but the client has some specialized EDI stuff written in its scripting language they don't want to recode).
World Domination. It's not just for breakfast anymore.
i'm surprised no one has mentioned MIDS (Matrix Information and Directory Services) yet. They have been mapping and gathering statistics on the net for years. Of course, most of their stuff isn't free.
They have all kinds of interesting matrix maps containing demographic and geographic data about internet hosts and users. I have one of these on my wall in my office -- it is a great conversation piece if nothing else. Much better than all of those posters with "success/team" oriented drivel.
Cisco is pretty good as mega-giant networking companies go. They have clues, and they know how to use them. I think IBM let their networking stuff go a bit cheap, but I think this is going to be a good move in the long term. ObDisclaimer: I do own some IBM stock.
Cisco stuff is fairly expensive, but it works great, and the tech support can't be beat. Compare this to Lucent or Nortel. Allow me to rant about them here:
I have a customer who bought close to $100,000 worth of Nortel gear. One unit had a bad processor card, still under warranty. Nortel didn't want to overnight them the part because they hadn't ponied up the $4,000 for a service contract. 2 week turn around for replacement, or you could pay $750 for "express" service to get a new board in 2 days. After much yelling and screaming and beating up the regional sales manager, we got one at no charge in about 4 days.
Lucent -- same sort of BS. Another client, buys big ass telephone system (over $250,000). Deal is haggled over, prices trimed, etc. contract gets signed. After contract signed and system is being installed, RatBastard salesman tells us that several critical boards and other items were "not in your purchase specification" and get change orders for several thousand dollars. Tech support and service contract is $20,000/year. And then, on top of all of that, Lucent doesn't allow customers access to their own equipment to make changes. That's right, even with your own technical staff, you are prevented from making certain changes (such as resetting a T1 interface) from within the PBX. You have to call Lucent to do this. OR.... they will sell you an "upgrade option" to give you the privs to control T1 ports on the PBX for only a few thousand dollars.
Can you image if Cisco did this? Imagine having to shell out money to get administrative control of an expensive piece of equipment that you already own? Or having to call someone else to reset a down circuit for you in the middle of the night?
This is why I think that Lucent will eventually die. Cisco will compete with them in the telephony space and do it very well, without all of the overhead, insane pricing, and old thinking. Lucent routinely has 4 or more different techs do the setup work on a PBX -- one can only do wiring, another can only do telephone station programming, another can only do trunk programming, etc. Compare this to your average ISP where 1 or 2 guys will throw a complete POP up in a day or two, running all the wiring, setting up racks and power, doing router programming, dial access equipment setup, etc.
Whenever I had had a problem with Cisco gear, I have either had a solution within a few hours or a new unit arriving via FedEx the next day, with a minimum of hassles and very little of the "did you plug it in and turn it on?" variety of tech support.
You would be surprised how many old SCO (3.2v4.2) installations are out there, in small business enviroments. Small doctor's offices, small retail stores for POS systems, etc. Many of these systems are not getting upgraded for Y2K, even though they should. Many of the small businesses that I see are just ignorant of the issues, or are hoping they won't get hit too badly. (Keep in mind when I say "small business", I mean a operation with less than 10 or 15 people). I see a market in sites that could be upgraded from SCO to Linux. In most cases, the upgrade is pretty painless because of iBCS, and Linux is priced right compared to UnixWare, especially for the small outfits. I am working with one larger site now (125+ employees) that went to Linux mostly because SCO wanted over $10,000 to upgrade them to UnixWare 7 for the number of user licenses. It would be really neat if Red Hat bought SCO -- what a perfect market to exploit, and a quick way to advance towards World Domination. SCO does have some good technologies that businesses want that Linux needs now, like fault tolerant clustering, and support for ridiculous amounts of RAM on Intel machines. They have a fully NT compatible PDC implimention for SCO, which I'm sure the Samba guys could use (if only for hints on some of the hidden details yet to be reversed engineered out of NT). But I would be shocked if it actually happened....
I found the article very disappointing -- it definately had the look of something rushed for deadline, as did the subject matter. His columns usually have a bit more thought and substance to them, even if you don't agree with his ideas or positions. Of course, I don't agree with him at all about Linux or his ideas in this article.
I have met and talked with Bob several times, and we had lunch together once. I don't know him all that well, but I do know that he is very right-wing in a lot of ways, and firmly believes in the free capitalistic market and "consumer choice among competing alternatives". He is a strong believer in school voucher programs, for example.
Bob is a pundit. He gets his kicks by running around the world hosting conferences, writing articles, and making pronouncements about the technology world. Sometimes they are right, sometimes they are wrong. It beats the heck out of sitting around the house all day in Lincolnville, Maine.
And he hates the telephone company monoplies, so he can't be all that bad.;-)
Slashdot Mirror
Hey, I even own some FON (Sprint) and PCS (Sprint PCS) stock, and I think this is bad idea. Set aside the long distance telephone service stuff (which is a whole other topic), and just look at the Internet side of it. A combined Sprint/MCI WorldCom would have control over way too much of the Internet.
MCI Worldcom has UUNET, as well as what was ANS, and they provide network services to AOL. The run some of the MAEs. They have lots of connections and POPs outside the US, too. They are probably providing backbone services to about 25% of the Internet (they were backbone for 20.45% of the ISPs in north america according to the winter 98 boardwatch directory). They are just huge.
Sprint IP Services is the backbone for another good chunk of the Internet -- probably another 25% (22.39% of the '98 NA ISP market per boardwatch). Sprint runs the New York NAP. They own a 28% stake in EarthLink, btw, (prior to the EarthLink/MindSpring merger). Post merger, EarthLink will have about 3 million subs, which they say will make them the #2 dialup ISP in the world.
So, post-merger McISprintCom would be providing backbone services to something like 50% of the other Internet providers in the world, including AOL (12+ million subs), and will have a "broad business relationship" with EarthLink (3+ million subs).
And this is just counting backbone connections for ISPs and some of the subs -- I imagine that in terms of actual flow of packets (total sent/recieved on the whole network, transit and peering arraingments) they would have a bigger percentage, because WorldCom/UUNET/ANS and Sprint also have (as far as I know) the majority of the really fast pipes (OC-48s and OC-192s) on the Internet, and the BFRs to go with them.
Hmm, talk about a good company for the NSA to buddy up to for installing packet sniffers....
Just as MCI was forced to sell of Internet business of MCI (to cable and wireless) before the MCI/WorldCom merger was completed, they will probably be forced to sell off some of their Internet provider holdings -- they question is, who will buy them, and what sort of new mess will that be?
Providing all of the information and analysis that that goes along with finding and reporting a problem is only proper. It is rather like publishing a scientific research paper on an experiment -- you should give people enough information that they should be able to reproduce your results independantly.
Phrack and other security publications generally don't have the focus of showing you all the cool 'sploits of the day, but instead try to teach you how to THINK about security and other issues from a programming and design standpoint.
Sure, they have to provide some examples along the way. And as the previous AC mentioned, full disclosure information resources like BUGTRAQ are one of the only reasons that a lot of vendors ever actually fix anything.
You say that you don't need to know the details about a problem if there is a patch available. This is just wrong. Do you know how many times Microsoft (or other vendors) have issued a patch that only protects you against one specific implimentation of an exploit (usually the one posted on BUGTRAQ) instead of actualy re-designing the problem area properly? (I don't know exactly how many either, but lots of times. Remember
It is like finding out someone who has a locksmith kit can pick your locks, so you just re-key your door or add another lock. Doh! You still are not any more secure.
I have setup a few of of the cubes and RaQ2s. Nice little units. Good for the commandline challenged masses for doing web their own web site administration.
Of course, everthing can be done via the command line if you want. Too bad they can't ship with ssh installed.
Yes, there are a lot of bad contractors out there. Yes, There are bad consultants. Yes, too many are motivated by money alone.
But most consultants are {should} be different from the sort that most people seem to have experienced and are commenting on here.
I am a consultant. I work for myself, sub-contract out for additional help only when needed for a specific area. I tend to maintain my relationships with clients for years, even if they only have me do a few dozen billable hours of work for them per year, unless they are completely unreasonable or don't pay their bills.
The pay is nice (easily twice what I can make in my state [Maine] as a employee most places). But I don't consult because of the money. I am a consultant because I *hate* doing the same thing every day, and I want to be using and implimenting fairly new stuff on a regular basis.
As a consultant, I get to see and use a lot of new technology, and gain experience in a lot of different settings. I get to work with all kinds of people and different types of projects. I have even cut my rates to work on a project from time to time, because the project looked like fun or was interesting in some way.
People hire me because I get the job|project done and can resolve problems (or better yet, anticipate problems) that leave their own guys stumped, or at the mercy of their vendors. I usually work directly with the customer's IT staff, and am often given day-to-day management oversight of their staff for the duration of a project.
I believe the fact that I work on many different projects for many different people is a value add for my clients. I can't tell you how many times I have been able to tell someone "you want to watch out for X when you do Y" because of experience that I gained on another client's project.
I also hate office politics and the other BS that often goes on in organziations (ever have to chase paperwork for 3 hours to buy a $100 part?). As a consultant, I am an outsider.
I can tell the management or the CIO or whomever EXACTLY what is wrong with their methods or ideas or who isn't pulling their weight, and not have to really deal with the politics, if I don't want to. It is not that this gives me a license to be rude, but rather, an opportunity to be completely honest with them. Sometimes this doesn't go over very well, but often times, they are glad to hear it.
A good consultant should be able to save you time, money, or both on your project. They should be able to represent your best interests in all areas, especially when dealing with vendors and outside contractors. Consultants should be vendor neutral. A big pet peeve of mine are the so called "consultants" that are really just resellers for a set of product lines, and really only want to sell you their "solution package". Consultants should only sell their time and expertise, and nothing else. I very rarely ever let a vendor or contractor group so much as buy me a drink.
One of my own personal goals is to always bring enough value to a project (through cost savings or time savings) that it more than pays for my consulting fees.
In short, an outside consultant should be hired for the same sort of reasons that you might hire a good lawyer, accountant, or other professional: to help you with major planning or processes, to give you access to a depth of knowledge and experience you don't have in-house, and to kick some major butt when and where you need it.
Absolutely. SCO is going to die or have to change form radically.
Their sales force sounds pretty desperate these days -- I get calls just about every week from them following up inquiries I made for clients months ago, and a least one blast of FAX spam a month, trying to wring out all of the Y2K upgrade business they can.
As I have said here before, there is a lot of old SCO boxes out there, and most seem to be moving to linux.
It was very informative when I was checking into Linux support for some SCO apps that clients needed to run under Linux. With one exception, every vendor I talked to either already had a linux port, or was in the process of beta testing their linux port. And most had a very minimal charge for 'cross grading' their app from SCO to Linux.
The exception is Computer Associates' MLINK. They have a version for just about every odd ball unix around, except for Linux. And they don't appear interested in porting; don't know why. (yeah, MLINK is crap, but the client has some specialized EDI stuff written in its scripting language they don't want to recode).
World Domination. It's not just for breakfast anymore.
i'm surprised no one has mentioned MIDS (Matrix Information and Directory Services) yet. They have been mapping and gathering statistics on the net for years. Of course, most of their stuff isn't free.
They have all kinds of interesting matrix maps containing demographic and geographic data about internet hosts and users. I have one of these on my wall in my office -- it is a great conversation piece if nothing else. Much better than all of those posters with "success/team" oriented drivel.
Cisco is pretty good as mega-giant networking companies go. They have clues, and they know how to use them. I think IBM let their networking stuff go a bit cheap, but I think this is going to be a good move in the long term. ObDisclaimer: I do own some IBM stock.
Cisco stuff is fairly expensive, but it works great, and the tech support can't be beat. Compare this to Lucent or Nortel. Allow me to rant about them here:
I have a customer who bought close to $100,000 worth of Nortel gear. One unit had a bad processor card, still under warranty. Nortel didn't want to overnight them the part because they hadn't ponied up the $4,000 for a service contract. 2 week turn around for replacement, or you could pay $750 for "express" service to get a new board in 2 days. After much yelling and screaming and beating up the regional sales manager, we got one at no charge in about 4 days.
Lucent -- same sort of BS. Another client, buys big ass telephone system (over $250,000). Deal is haggled over, prices trimed, etc. contract gets signed. After contract signed and system is being installed, RatBastard salesman tells us that several critical boards and other items were "not in your purchase specification" and get change orders for several thousand dollars. Tech support and service contract is $20,000/year. And then, on top of all of that, Lucent doesn't allow customers access to their own equipment to make changes. That's right, even with your own technical staff, you are prevented from making certain changes (such as resetting a T1 interface) from within the PBX. You have to call Lucent to do this. OR.... they will sell you an "upgrade option" to give you the privs to control T1 ports on the PBX for only a few thousand dollars.
Can you image if Cisco did this? Imagine having to shell out money to get administrative control of an expensive piece of equipment that you already own? Or having to call someone else to reset a down circuit for you in the middle of the night?
This is why I think that Lucent will eventually die. Cisco will compete with them in the telephony space and do it very well, without all of the overhead, insane pricing, and old thinking. Lucent routinely has 4 or more different techs do the setup work on a PBX -- one can only do wiring, another can only do telephone station programming, another can only do trunk programming, etc. Compare this to your average ISP where 1 or 2 guys will throw a complete POP up in a day or two, running all the wiring, setting up racks and power, doing router programming, dial access equipment setup, etc.
Whenever I had had a problem with Cisco gear, I have either had a solution within a few hours or a new unit arriving via FedEx the next day, with a minimum of hassles and very little of the "did you plug it in and turn it on?" variety of tech support.
You would be surprised how many old SCO (3.2v4.2) installations are out there, in small business enviroments. Small doctor's offices, small retail stores for POS systems, etc. Many of these systems are not getting upgraded for Y2K, even though they should. Many of the small businesses that I see are just ignorant of the issues, or are hoping they won't get hit too badly. (Keep in mind when I say "small business", I mean a operation with less than 10 or 15 people). I see a market in sites that could be upgraded from SCO to Linux. In most cases, the upgrade is pretty painless because of iBCS, and Linux is priced right compared to UnixWare, especially for the small outfits. I am working with one larger site now (125+ employees) that went to Linux mostly because SCO wanted over $10,000 to upgrade them to UnixWare 7 for the number of user licenses. It would be really neat if Red Hat bought SCO -- what a perfect market to exploit, and a quick way to advance towards World Domination. SCO does have some good technologies that businesses want that Linux needs now, like fault tolerant clustering, and support for ridiculous amounts of RAM on Intel machines. They have a fully NT compatible PDC implimention for SCO, which I'm sure the Samba guys could use (if only for hints on some of the hidden details yet to be reversed engineered out of NT). But I would be shocked if it actually happened....
I found the article very disappointing -- it definately had the look of something rushed for deadline, as did the subject matter. His columns usually have a bit more thought and substance to them, even if you don't agree with his ideas or positions. Of course, I don't agree with him at all about Linux or his ideas in this article.
;-)
I have met and talked with Bob several times, and we had lunch together once. I don't know him all that well, but I do know that he is very right-wing in a lot of ways, and firmly believes in the free capitalistic market and "consumer choice among competing alternatives". He is a strong believer in school voucher programs, for example.
Bob is a pundit. He gets his kicks by running around the world hosting conferences, writing articles, and making pronouncements about the technology world. Sometimes they are right, sometimes they are wrong. It beats the heck out of sitting around the house all day in Lincolnville, Maine.
And he hates the telephone company monoplies, so he can't be all that bad.