There are two companies who have announced plans to offer internet over power lines, and only one has received a license and started a very limited offering in one city only (Essen). I think the link is www.rwe-powerline.de.
The service is quite limited. In order for a neighborhood to get access, they have to wait until the company wires up the local substation. There can be no transformers between the substation and the house. Once a neighborhood has access, a technician comes out and installs a box at the meter junction, and then connects the modem to an internal power socket. The powerline modems communicate with the box outside, which in turn communicates with the router at the substation, and everything after that is normal internet. There is no communication across most of the power system, the signals can't pass transformers or switching stations. The signals have an effective limit of 350 meters, which is much shorter than DSL or cable.
The 2Mbps limit is for an entire neighborhood, and is shared by all the other connections in the area. There is a cap at 250Mb per month, sometime later they will offer a 10Gb cap, but only to businesses and at a rate equal to leased line. The companies both are targeting high-density cities, and have no plans to offer this to any rural areas or small towns, because of the 350 meter limit on distance from substation to home.
For the trials last year, the modems had only a serial connection, and had to be "dialed" just like a regular analog modem, and the speed was limited to 115kbps. Their website claims they now have ethernet and USB connections as well. The last I saw, every customer gets a private 10.0.0.0 IP address, and the company doesn't allow servers of any kind.
The truly sad thing is, in Germany this really is competition and an improvement for the market.
the AC
[kann jemand in Essen post einen Kommentar über den Service?]
There was an interesting report (heavy $$$ for a printed copy, no online link, sorry) on the security aspects of Fry's stores I read a while back. The owners take to heart the statistics that 70% of "stock shrinkage" comes from employee theft, the remaining 30% from a wide variety of external criminal forces, from spur-of-the-moment shoplifters to organized armed gangs. In a high value environment of consumer electronics, nearly 40% of stock is lost to theft. Fry's has cut that number down to less than 8%, due to heavy-handed physical security procedures.
The paper was a justification for having well documented security procedures (the paper authors would like to sell clients very expensive consulting) and thorough physical security. The paper detailed Fry's internal auditing team, the daily (and sometimes bi-hourly) stock inspection, the separation of duties, the use of cages for extremely high value small components with two-person "concept team" pass-through to checkout(did you ever notice that no disk or simm reaches the counter until after your credit card has been approved or the cash is in the drawer?), and the final security guys with their pink X's on the customer receipts. The cash counting rooms were set up by Las Vegas security experts who take the movement of large value receipts very seriously.
All of those procedures are designed to make criminals think twice about targeting Fry's. Just by raising the bar slightly, at a slightly increased cost, they have lowered their losses from 40% of all stock to just 8%, and if you multiply that by their annual turnover, the savings is huge.
The guys on the door don't actually stop any theft by checking bags and receipts, their job is to put fear into stupid thieves before a crime takes place. It is very effective, even if the X'ers don't find one theft in an entire week.
I was in a Fry's last month, the whole purpose was to check out if all their security was just like in the consulting paper (I didn't need to buy any gadgets, since I had just come from SE Asia:-) Its all there, most the customer never sees, but keeps the employees slightly more honest and the customers slightly affronted but not enough to lose revenue.
the AC
Its already saturday in Oz, Kiwiland, Oceania...
on
Linux Is 10 Today
·
· Score: 2
CmdrTaco might be in Vladivostok, or Guam, or some part of the earth where "Today" is already saturday. But then again, this is/.'s own CT, who thinks that Holland is in Michigan:-)
I'll be downing a cold beer to celebrate, actually, the celebrations seem to have started early, and I'll continue for another few hours until the official "announcement anniversary"
the AC
[Yes, I know there is a Holland in.mi.us, but I'm heading up to Rotterdam in a few hours to consume large quantities of beer]
I can't get around/.'s tag filters, and they get lost in my browser, so you get square brackets instead.
For cultural tags, it would be handy to delimit which nationality you are stereotyping
[/politically correct]
[french]I weeel beee wiz yoo in a meeenoot, monsieur[/french]
[british]Bloody frogs, ignorant of the fact that The Queen's English is the international standard language[/british]
[scots]Dae ye unnèrstaun, spake, or scrieve tha quains inglais?[/scots]
[german]This is NOT funny[/german]
[politically correct]
The presentation was interesting, if you are an EE studying practical applications of signal processing. By applying standard SP techniques to the sample files, Felten and crew were able to discover all kinds of hidden information buried within. These are standard computer algorithms such as Fast Fourier Transforms, echo detection, and statistical analysis. Nothing magical, mystical, patented, or even super secret. Normal curricula for 2nd year EE students, statisticians, and maybe some CS majors.
The best part started about 40 minutes into the presentation. One of the panel members (I can't remember his name) gave an analysis of section 12.01 of the U.S.Code, broken down paragraph by paragraph. There was a good summary of the DMCA, which exposed it clearly enough for laymen to understand it is not a copyright law, but a "para-copyright law". The distinction is that it doesn't directly change existing laws, but modifies the contract between copyright holders and consumers. Very clear and well spoken, this speaker is someone who has clearly given the speech repeatedly and knows exactly how to present the information for maximum impact.
If you download the presentation, at least take the time to watch that 10 minute section. It will give you the verbal ammo needed to start convincing people you know the basis of why the DMCA is bad.
the AC
[The next section is the EFF lawyer saying "ummm" about 50 times per minute, and completely losing the audience]
Looking back, my laundry list was composed from two points of view, the geek as employee, and the businesses likely to employ geeks. Both are what Ottawa are trying to attract, because without attracting the businesses, there is no need for geeks.
I also forgot to throw in affordable child care. If a municipality doesn't nurture a good child care system in their community, one that businesses can take advantage of, then married geeks will not have any incentive to move up north.
If you are a company trying to build a new R&D centre in Ottawa, and the local ISP doesn't know NTP from NNTP and outlaws servers and has crappy service and capped bandwidth, the geeks will know and won't move to your new building. Word about lousy ISPs gets around, and if Ottawa allows cr@pHome a 20 year exclusive monopoly for lousy, restrictive access, they won't attract much more hi-tech workers than the few trapped there now.
Computers in schools? What's the percentage of geeks with larvae?
Its not the geek with larvae, its a local pool of talent to recruit from over the next few decades. Businesses (errr, good, well managed businesses) choose to relocate based on a large number of factors, and having a tech-knowledgable school system is a big plus. It means that when kids grow up and graduate from university, they will probably stay in the area. Berkeley and Stanford are the reason Silicon Valley exists, as MIT and some Ivy League schools account for Boston's leap into hi-tech. The education effect goes all the way down to grade school level, you can't have top notch universities without a good stream of local talent feeding them.
Some of your best points are the ones a local government have direct control over.
Housing. Housing codes, rent controls, lease terms, satellite antennas, and noise laws can all be adjusted for "geek friendliness". Geeks need cat5 cabling, additional electricity (no artificial caps on residential power), and satellite antennas, municipal laws should ensure that anyone can put up a dish, overriding gated community rules. Landlords need to be held accountable (with criminal punishments and a prosecutor willing to do their job) for safe and fair lodgings and possibly rent control laws. Noise laws should tolerate late night barbeques.
Laws. Anti-alcohol laws need to be completely eliminated, or so reduced in scope as to be forgotten. Liquor stores should be open until 2AM. Bars should stay open until 4AM. Downtown businesses, especially restaurants, should be permitted to stay open very late. Support businesses such as banks and laundromats need to be encouraged to stay open "geek hours".
Network Access. This is one point where a city council must have some backbone when dealing with monopoly cable or telco operators. The next time the cable franchise comes up for renewal, let all bidders know that the contract will require open and fair access to *ALL* competition. So what if AOL/TW doesn't want to play, your cable customers will be much better off without such greedy megacorps. Require that the "owners" of the actual cable and phone wires provide colo space to a large number of alternate providers. Require that no ISP can block servers or have unreasonable "anti-geek" AUPs. Create a hi-tech enforcement team inside your police department and prosecutors office to monitor all ISPs and carriers, and aggressively smackdown those who are not geek friendly.
A few other things a local government can do.
Law Enforcement. Create a special hi-tech law enforcement group, both police and a prosecutors office, and hire tech-savy judges. Create an educational fund so all those who have to deal with hi-tech crime are as educated as the average geek. Know that a port scan is not a crime, that an IDENT request is not a breakin attempt, and that a sysadmin who regularly runs nmap against her own network is not a cracker. Prosecute "Theft of Trade Secrets" cases, go after mega-corps with unreasonable EULAs and AUPs. Assist local businesses with tracking down and prosecuting crackers. Go after the armed gangs hi-jacking truckloads of CPUs and memory chips.
Libraries. Beef up the local libraries with both the classical material, and create a hi-tech section. Install computers and excellent internet connectivity. Allow any adult to have unblocked access, and provide for censorware for children's access but allow their parents to fill out a form allowing them unblocked access.
Schools. Get computers and internet access into every one of your schools, from K to 12. Provide scholarships or educational programs for every one of your teachers, require them to maintain a minimum level of computer competence. Test the teachers every year. Hire clued-in computer teachers. Require a healthy mix of computer technologies, ensure there are macintoshes, linux boxes, and specialty labs with sparcstations, hp hardware, IBM rs6000, mini computer, routers. Create "magnet schools" or whatever the local buzzword is, which have additional technology oriented courses including advanced mathematics, electronics design and repair, auto mechanics, medical and law studies.
Schools, part II. Outlaw corporate interference in school life. No sponsorships. No exclusive contracts for sugary drinks. No commercial laden morning news programs on televisions in every classroom.
Traffic. Create a working public transportation system. Encourage bicycles. Create non-motorized pathways running from many points in the residential areas to the centres of office space. Geeks like to walk/run/ride to work when the weather permits. Buses should run 24 hours/day. Rebuild a pedestrian friendly downtown with lots of restaurants, bars, parks, mom&pop shops. Ottawa needs to have sheltered sidwalks, build European-style arcades over the areas where people will have to walk in the rain or snow.
When a local government starts to act in the interests of its local citizens, it will become more attractive to the affluent and highly mobile work force. Make that statement the core of every city council meeting.
the AC
[Ottawa? I could make a comment about warm weather year round, but there is nothing you can do about that:-]
Even though I don't own a tele, I've seen a large number of Lexx shows. A friend works on the German side of things, and they fly him to Toronto and some studio in the wilds of Nova Scotia (his words) from time to time. Much of the talent in front of the camera is Canadian, with the exception of Eva & Xenia. Behind the camera is a mix of Germans and Canucks. Most of the young, sexy bit-part actresses are German.
Since I spend wayyyyy too much time in hotel rooms, I do get to see Lexx on both sides of the atlantic. There are two different versions, the European/Canadian shows tend to be more sexy and edgy, the U.S. gets a very edited down version so the Sci-Fi channel doesn't get kicked from too many cable stations as pr0n.
When my friend first told me of Lexx, it was being sold to various investment groups and production support companies as a way to attract a large number of hard-core geeks. By analyzing the only successful elements of recent trek shows [7of9], the first season working title was Sexx. The mini-capsule was "Trek meets Xena in a Blue Velvet universe". With a tag like that, its not hard to see why CmdrTaco likes Lexx, as well as Farscape.
I like Lexx, but I wish all four seasons would come out on DVD or tape, or some fan would digitize every episode into mpeg and share them on gnutella.
WinPoet works with static IP addresses. It all depends on your ISP, and whether they associate your login with a static IP address (i.e. a good ISP) or just grab an IP from a pool (i.e. tightwad fucking loser money grubbing clueless ISP).
There are drivers for Macintosh, Linux, Solaris, and most of the windoze line. For *nux, I'd recommend Roaring Penguin which is just a simple protocol wrapper for existing PPP drivers. Instead of specifying a serial TTY port, use the pty option of pppd to pipe to a process. Simple. Discussion groups here. And IPSec shouldn't care about PPPoE, but I would suspect that typical (i.e. buggy as shit) windoze versions get confused by new device drivers.
PPPoE is pretty common all across Europe. This is because we have monopoly telcos (just like SBC, but with even less ethics) who refuse to allow wireline access to customers. So they aggregate all the DSL connections into Broadband Access Servers, and feed the resulting IP stream to the ISPs based on the CHAP logon. This allows a resemblance of competition, while still taking their cut of the profits. And it allows the telcos to promote their own services ahead of all competitors, and of course their provisioning software works only on their own ISPs systems, and all competitors have to constantly update and hopefully not lose too many customers because the provisioning protocol changes every Monday morning *cough*FraudTelecom*cough*BilgeCom*cough*. [rantmode=off]
If the article is correct about only allowing dynamically assigned IPs, they you are fuckt. Take the article with a grain of salt, because there are enough other factual errors I think the author pulled a bunch of facts out of his ass. If SBC behaves like telcos in Europe, they'll just pass the PPPoE stream to the ISP, and if the ISP wants to offer static IP addresses, no problem. Over here, some give static IPs for no extra cost, others charge as much as US$100 per month on top of the ISP fee.
An F1 stuck in down-town NYC would certainly attract more chicks than an Accord in Montana. Isn't that why we choose the flashiest hardware we can, to get more chicks?:-)
On the other hand, a sparc runs the software I want to run, and the software I earn tons of money from. So of course, having tons of money gets higher quality chicks better than any car:-)
the AC
[not a politically correct post since I'm in a country which has outlawed 'Merkin correctness]
But I am an FCC engineer. FCC engineers are required to know the relevant laws. From time to time, these questions pop up for international companies wanting to do business in the states and europe. The CISSP also requires knowledge of the legal aspects of sysadmin or security personel who may receive electronic communications not intended for them.
The relevant parts of US Federal Law are contained under the Code of Federal Regulations, also known as the U.S. Code, part 47 covers telecoms and the FCC and part 18 is criminal laws and punishments
18 USC 119 bars the disclosure of any electronic communications to which you are not a party
18 USC 2702 defines the criminal act of disclosing intercepted communications
47 USC 605 (the Communications Act of 1934) also bans the disclosure or use of third-party communications.
There are similar laws here in Europe, but I can't find any of those bookmarks. If anyone is interested, google yourself.
(Use the Preview Button! Check those URLs! Don't forget the http://!)
Doh! Port 80. Self-LART applied.
[obPitifulExcuse: was working on sendmail/procmail/qmail/postfix/dns interaction on one screen, watching port 80 probe counts coming in on another screen, and reading/. on another screen.]
[EDITOR] "Cringely, you useless fuckhead! Its deadline! Just make something up, 90% of your readership is so clueless, they won't know the difference. Ignore the 10% who have a clue, they won't bother reading our site for much longer."
Although he mostly misses the point, especially about how any single unpatched server will somehow relaunch CodeRed every month, I'll agree that port 25 probes are on the increase here. But as more and more machines are patched, the problems and reinfections from this particular worm will eventually become lost in the noise. I am looking forward to new, better written nasty IIS worms over the next few months.
It can be retargetted from whitehouse.gov to... cringely.com in an instant.
Thanks for the idea. Now, which bit is it that makes CodeRed attack forever? And which bits to change the target?:-)
the AC
[too much karma interferes with your tantric energy, time to troll]
There is a similar campaign starting up here in Europe, in time for the XP launch.
I heard a M$ lawyer comment that the biggest problem with the call centre handling "disgruntled employees" is that close to 99% of the calls are really one company trying to get competitors audited. Sometimes its a few rogue salesmen in one company trying to tie up the competition, other times its a well funded campaign to derail a deal with the wrong supplier. Since the last grass campaign netted very few violations for the large number of calls, they have been developing a whole scripting system for the front line call handlers to filtre as many bogus calls as possible.
They are now requiring face to face meetings with the grassers, before committing any resources to pursuing an audit. Even with more training for the call centre staff and about 20 dedicated auditing teams across Europe, they still expect only a few cases per year. Its not a revenue centre.
Most of the increase in income will come from the scare campaign, along with pressure from the channel on every company who gets a letter. They have been trying to set up a new training program for companies who want to be certified Auditors. The feeling is that a regular scare mail campaign with demands to produce a yearly system audit will create a large Audit Company market. The plan was that the channel would share in the money earned by an audit, about 10,000 euros minimum, up to several million euros for a large corp, by asking for a certified audit report at the beginning of contract negotiations.
With some more press coverage like this Yahoo article, I think I'll let customers know there is no teeth to the audit demands, and to just say no.
Here are some titles I tend to keep on my shelf. Books that have served me well over the years, and maintained relevance to various aspects of my job
The Dragon Book (Compilers, principles, techniques and tools) by Aho, Sethi and Ullman
The Cricket Book (DNS and BIND) by Albitz and Liu
The Bat Book (Sendmail) Allman and co-conspirators
The BGP Book (Internet Routing Architectures) Sam Halabi
A whole bunch of William Stallings books (Cryptography and Network Security, High Speed Nets and ATM Design, SNMP)
The whole series of Roger L. Freeman's Reference Manual for Telecommunications Engineering.
Telecommunications Engineer's Reference Book, by Mazda
At home, I have the classics, Knuth's Art of Computer Programming volumes I to III, The Mythical Man Month, Godel Escher Bach, and many others I can't remember in this inebriated state.
For a lending library, I'd add the whole of the O'Reilly series, a bunch of Cisco Press, Dilbert and of course User Friendly
I put a copy of the report of my outgoing gnutella directory. Its name is pornP2P.pdf
One hour later, the report has been downloaded 14 times. I wonder if those lusers knew what they were getting just by grabbing a random 1.7Mb pdf file with the word PORN in the title.
Its late, enough fucking with pornmeister's minds for the moment.
Out of the box, most OSes have WAY too many services enabled. All of the manufacturers do this in the name of "Ease Of Use", another way of saying "No Security". Urging companies to tighten up their security out of the box will slowly make the internet a better place for all.
Micro~1.oft is the worst offender, because they strive for the easiest to use systems possible. They also know that 99% of their user base have no clue about computers beyond point-and-click of the few icons scattered on the desktop. Other/.ers are covering the micr~1.oft topic in greater depth.
Sun is also pretty bad, they've been shipping thier OSen with tons of unnecessary services enabled by default. Every solaris install has sendmail, FTP, telnet and dozens of RPC services running, and quite often the stable version of those services are old and have scripted exploits.
Many other OS developers are in the same boat. Default passwords for unused accounts, obscure services that only 1% of the users ever even know about, and wide open services are the norm HP, IBM, Oracle, etc.
Apple is one of the few shining examples of good systems, but that is probably less for altruistic reasons than for their user oriented paradigm. They concentrate on the desktop and user, and not on network facing services. OSX is nice, because even though the system is loaded with BSD utilities, none are enabled originally, and require user intervention to turn them on. The way all systems should be.
This pressure group has been needed for more than a decade, because companies like Sun have blithely ignored all calls to tighten up their system from security experts and groups like Usenix and NANOG. Before, there were many voices saying the same thing, but never really united. It will be good to see name-and-shame lists maintained by a central group, then I can spend less time maintaining my own lists of evil services to destroy^Wcomment out immediately after an install.
I can't imagine how MS can use Passport for anything more than a bullet for thier.NET brocuure, let alone dominate an industry.
You are right there. Pissport is just a beta test of some new ideas. EOL is already planned for next year, to be replaced by newer and costlier and more prevalent technology. They are tweaking the business processes behind the service, to see what flies in the market, and what doesn't produce any revenue, and what pisses off end users to the point of abandoning the service. After the next round of analysis, pissport will evolve into something else with a newly trademarked name and flashy marketing campaign.
M$ has changed their entire focus from being an OS and apps company, to an internet services and developer support company. If the US courts break off their OS and apps divisions, the core will continue to become the dominant force for intranet and internet authentication, using dotNET as the infrastructure.
The scale of the project is huge, and will require years for their own in-house developers to write, as well as years for the 3rd party developers to get on board. But if they play all their cards correctly, they will soon be in the center of a new market, earning regular income from a wide variety of licensing schemes. It will take years until this happens, but they started last year while they still had the 95% monopoly of desktop systems, and that monopoly will continue for long enough for them to muscle into the new internet markets.
The looming battle for the desktop OS will be huge, and largely un-stoppable. Mundie was 100% correct in his assessment of the GPL as "viral" and a "cancer". Soon, FreeOSen will dislodge M$ from their 95% market share, down to maybe 50% or less. But at that point, M$ will be in a new playing field, and will have patented and registered every key technology to lock all competition out. They know they can't compete with a Cisco for networking, or an Oracle for straight-up DBs, or an AOL for control of the cable, or the RIAA for hatred inducing lawsuits. The markets for the 4 A's, Authentication, Authorization, Accounting and Auditing services are very immature right now, and when properly developed will be a new source of revenues. Cisco will be required to license M$ patents on network authentication protocols. Oracle will have to license the patents for DB authentication, or find themselves with no windoze desktop user software. AOL will have to obtain certificates identifying themselves as properly certified by the M$ controlled root, and you can believe M$ will force some concessions before granting a cert. The RIAA lawyers will genuflect in admiration at the gall of the M$ legal team using thousands of newly purchased laws to beat down any free competition.
Its late, I've now ranted enough about M$ to last me a few weeks. I would love to see some well thought out criticisms from intelligent people, to help me sharpen my arguments and avoid repeating mistakes, but alas, this is/.
Which clueless are you referring to? Me or yourself?
You are confusing the simplistic communication tools available to programmers in this early round of dotNET implementation. Yes, there are some cool, well developed XML communication procedures. I'll bow to your point about W3C standards, since I'm not a web coder. I seldom raise my eyes above OSI layer 4, or else I concentrate on policy, budget, and religious issues. But M$ themselves have been quietly letting key developers know that they are positioning themselves to repel the FreeOS attack, by including a lot of additional features in future versions of dotNET.
If you want to write an app or web page to do simple communication between processes or from a web server to a browser, XML tools can do the job. But if you are going to use the latest authentication goodies to communicate with objects and processes externally, you will have to pay royalties/licenses/fees to M$ at some point. If you are ever going to write a killer app for a website, or a client/server setup, or a P2P function, M$ will be somewhere in the middle of your transactions. Count on it, it is what they are telling the financial analysts, the corporate planners, the CEOs of favored developers, and a few other elite few.
Passport is a service that is offered to service/content providers.
Pissport is just one service that M$ offers, where they sit in the middle and collect revenues from those sites that want to participate in this new program. They have a whole bunch of other programs in development right now, all grouped together under various codenames, the latest to leak was called HailStorm.
As a provider, I can choose whether to use Passport, Vendor X, Vendor Y, my own authenication scheme, or all four implementaions if I choose to do so.
Great. Use all four. But the market will be dominated by the M$ based one, and few, if any will use a Vendor X. Will you develop for Solaris, Macintosh, HP-UX, SGI, Linux, and a dozen other platforms, even though only 15% of your customer base might use them? As a hardcore *nix person, supporting a huge user base of every kind of machine, I can tell you of the levels of frustration we face every day when popular websites decide to reject all browsers except for IE5 on win98 or 2K. My bank offers banking by internet, and under pressure from M$, they have decided that alienating 35% of their customers is worth the discount that M$ gave them on their web development tools. It is written into their licensing discount they will reject all non-IE browsers, so its no use talking to the project leads, and they reassigned all the programmers who objected, leaving only M$ lackeys.
there will probably be competition in the authenication service market
You are showing how naive and blinkered you are, if you believe that M$ will tolerate any competition in the authentication marketplace. Their stated goal is total domination, using their monopoly position to force developers to use only M$ protocols. Those of us on the sidelines who have been burned by M$ repeatedly are hoping the US Justice Department create a remedy to the illegal abuse of monopoly power that will address the newly mutated M$. M$ today no longer cares about OS or standalone application revenues, since they will decline over the next decade, and has shifted its entire focus to dominating the internet services market.
Here is a list of some things that *MAY* be incorporated into XP over the next couple of years. None of them are confirmed, some were tossed out by M$ to see what the corporate response would be, others are just rumours and pure speculation. Predicting M$ future moves is becoming an art form for those of us in the trenches.
- browsers that will only show banner ads from "certified" advertisers. When suddenly 95% of the machines don't show an ad unless the advertiser purchases a certificate, watch the stampede over to certified ads. So what if FreeOS users can see any ad without checking on certificates, advertisers will still buy them. To avoid anti-trust problems, IE will have a checkbox "block un-trusted banner ads", which when unchecked, allows a luser to see all banner ads:-) IE will NOT have a check box "block all banner ads":-(
- checking hotmail. When hotmail servers detect a non-authenticated browser, user gets re-directed to a pissport signup page. Again, since 95% of users will be on XP boxes with an authenticated browser, the loss of only 5% of FreeOS users can be absorbed by increased licensing revenues and re-selling the private data from pissport to spamm^Wadvertising partners.
- certificates buried in Office documents, which can be lightly encrypted, or just signed. The official Office will check the certificate for every document it opens, and refuse to open any non-certified documents. This will be touted as a solution to wurd macro viruses and increased security and confidence in legal documents. Again, since the algorithm for generating the embedded certificate will be patented, and FreeOS package will be attacked by the courts if it can duplicate the functionality(deCSS), there will never be another starOffice-style package offering M$ compatibility. If a FreeOS version somehow triumphs in the legal arena, with dotNET's DCOM features, M$ could overnight change the embedded certificate functions in every currently licensed application, pushing the changes down the hierarchy to the ASPs and then to the end-users. They can keep doing this every time the FreeOSen catch up to the functionality, and most updates will be transparent to XP using sheeple.
- Attaching a certificate to every email sent through a licensed gateway, to prove trackability of emails in case of UCE, ILoveU-style virii, or timestamping ability. Certainly sendmail/Ximian/Kmailgate will have dotNET modules to create and verify digital signatures, but the certificates will still only be available from a M$/verisign licensed crypto-key vendor. To avoid privacy laws in the.eu, only gateways would need to add/verify certificates, the end users would never need to see or manipulate a cert. The sysadmins of a gateway would then be responsible for their machines. In case a user started spamming, it would be only the local gateway admin who would know the detail of the user sending the spam, and hopefully take corrective action. ORBS could then become "gateway certificates revocation list of known spam-friendly ISPs".
I had written up an similar dialog, but once the lameness filter rejects your post, it claims the post was originally posted at the beginning of the unix epoch...
Easy does it!This comment has been submitted already, 276471 hours , 18 minutes ago. No need to try again.
it went a little something like this, but this is just based on being on both ends of a hell desk line:-P
[Luser]: It doesn't work
[HellDeskAI]: ##unknown-subject[It]## What doesn't work?
[L]: my machine is broken
[HDAI]: ##common-response## Have you rebooted your machine?
[L, 52 minutes later]: Yes, it still doesn't work
{snip}
it was a long post, which had all the great/. inside jokes (AYB-filter-triggered-notifying-security, beowulf, anti-M$ rant), but/.ers can use their own imagination to fill in the rest.
the AC
who is tired of fighting the lameness filter on/.
I just used up my moderator points, or I'd up you to a (score:+6 spot-on).
Since I was forced recently to attend several M$ sponsored functions to learn about dotNET and the authentication services which will have to pass unhindered on networks, I've come to believe M$ has come up with a winner for their stockholders. As you point out, since M$ has 95% of the desktop market, their only growth will be limited to the slowly expanding installations of PCs, a measly 5%-12% per year. If they continue to rely on software licensing, their revenues will drop steadily over the next few years until the economy booms again.
So they are moving into services, but not just any old services. The only services where you can control the market are those where they have legal protection from all competitors, including free software. This means software patents, trademarks, service marks, and copyrights (there, I've just included every/. hotbutton:-) M$ has been quietly devising a scheme where they can legally control all of the key services to "valid" communication between all dotNET implementations. By being at the centre of the authentication scheme, they control who can use all the nifty new services, and who will be excluded. They will also charge a subscription service for every end user, so you can go ahead and use *nix, but you will still have to pay your Pissport fee in order to access any new features offered by any value added internet content provider.
One of the things being pushed in these meetings was the fact that dotNET will not be run centrally by M$, but they will license the authentication, administration and accounting features to ASPs all over the world. So instead of end user fees going directly to M$, local companies can offer a variety of licensing options to their customers, passing a percentage of the revenues on to M$. So M$ will have the master certificates, and thousands of ASPs will each purchase a certificate signed by M$, and their customers will then only need to authenticate with the local ASPs servers. A certificate from one ASP will be valid with all other ASPs, and will need very little communication with the central M$ site.
Corporate customers can have a "secured" authentication/accounting server (also the application server, and data store) installed locally to keep track of a corporation's use of M$ product use. Unlike the fears of some/.ers, a company's data will never leave the premises, and it will be up the the local BOFHs to perform regular backups of the data. But the A/A server will report back to the ASP on a regular basis to re-authenticate the certificates, and to communicate application and feature usage. The ASP can then bill the corporation for use. The ASPs will be required to purchase large blocks of licenses, which they will then have incentive to sell. The larger blocks of licenses will have bigger discounts. That means that a large ASP will have 50,000 licenses for OXP, and will then have incentive to find as close to 50,000 licensees to have the greatest RoI. Larger ASPs will be able to undercut the price of licenses than smaller ASPs, who will have to compete by offering better technical support.
The security implications of a huge hierarchical authentication method are staggering, and I'd expect there to be distributed.net style contests to crack the root M$ keys. The one question micr~1.oft avoided was any details on Certificate Revocation Lists, which to this point are mostly broken in all OS releases. They only said they are developing a system which will be "judicially protected" from any Open Source copies, so the ASPs did not have to worry about pricing pressures of people trying to substitute a "free" authentication scheme. The bane of my existance, XML, was mentioned rather cluelessly at several points, but no technical details at all were permitted during the discussions.
Its a good article about DIY projects. The author touches lightly on the one thing that may effectively kill the DIY market, new laws. But then he swerves back into his nostalgia for overclocking and other simply build-it-yourself systems.
As noted on/. and other places, many of the market leaders of commodity PC components have realised that there is no profit in a commodity market as long as every little taiwanese/korean factory is allowed to create cheap knock-offs that are functionally equivalent. Consumers love the fact that PC components are cheap, but what if that isn't always the case?
If projects such as CPRM move ahead, it will create a new, protected technology for PCs. All of the mainstream market companies will band together to offer only new machines with CPRM, locking out all the non-licensed competition. When federal/euro laws come into effect outlawing the sale or possession of non-compliant disk drives, the market for cheap far-east drives will disappear over night. The laws will be based on protection of intellectual property, and the battle will become much tougher to fight once those laws are passed. This is why so many intelligent people are fighting the creeping crud of bad IP laws, they can see the economic damage if more laws like the DMCA/UCITA are passed.
Further down the road, more laws protecting IP will eliminate competition in the video card market, sound cards, or any IP storage, transmission or playback mechanisms. When that happens, only large computer manufacturers will have systems on the market, and even though they will only cost about US$500-US$1000, they will become sealed units. If you want a system with more storage, buy a bigger computer. Faster video for games, get the next expensive system. Upgrading will no longer be an option, and all those internal upgrade slots/cables/connectors/sockets will disappear.
Getting rid of unused DIMM sockets, IDE sockets, plugs, cables, AGP adapters, PCI buses will make a computer system much cheaper than today. Systems will become sealed, and changing components will be left to only the most technically gifted. Those cheap systems will use technologies like.NET to store everyones data in data centres, so if your box fries, you just go buy a new one, and keep working where you left off.
This also has a knock-on effect for Free Operating Systems, if the law extends to cover drivers for IP protected components. No longer will linux be allowed to have a free version of a driver for CPRM drives, or a DeCSS decoder for DVD players, or De4HGFu for the latest 4D-Hyper-GeoForce-Ultra video chipset. Possessing, creating, or distributing un-licensed drivers will be completely outlawed, possibly with criminal charges as opposed to the current civil laws. Universities will be required to monitor students work, and forbid any student working on any project that might infringe on IP protected software. When the boxes close up, free software will be marginalised to very small groups dedicated to keeping the counter-culture spirit alive.
Slashdot Mirror
There are two companies who have announced plans to offer internet over power lines, and only one has received a license and started a very limited offering in one city only (Essen). I think the link is www.rwe-powerline.de.
The service is quite limited. In order for a neighborhood to get access, they have to wait until the company wires up the local substation. There can be no transformers between the substation and the house. Once a neighborhood has access, a technician comes out and installs a box at the meter junction, and then connects the modem to an internal power socket. The powerline modems communicate with the box outside, which in turn communicates with the router at the substation, and everything after that is normal internet. There is no communication across most of the power system, the signals can't pass transformers or switching stations. The signals have an effective limit of 350 meters, which is much shorter than DSL or cable.
The 2Mbps limit is for an entire neighborhood, and is shared by all the other connections in the area. There is a cap at 250Mb per month, sometime later they will offer a 10Gb cap, but only to businesses and at a rate equal to leased line. The companies both are targeting high-density cities, and have no plans to offer this to any rural areas or small towns, because of the 350 meter limit on distance from substation to home.
For the trials last year, the modems had only a serial connection, and had to be "dialed" just like a regular analog modem, and the speed was limited to 115kbps. Their website claims they now have ethernet and USB connections as well. The last I saw, every customer gets a private 10.0.0.0 IP address, and the company doesn't allow servers of any kind.
The truly sad thing is, in Germany this really is competition and an improvement for the market.
the AC
[kann jemand in Essen post einen Kommentar über den Service?]
There was an interesting report (heavy $$$ for a printed copy, no online link, sorry) on the security aspects of Fry's stores I read a while back. The owners take to heart the statistics that 70% of "stock shrinkage" comes from employee theft, the remaining 30% from a wide variety of external criminal forces, from spur-of-the-moment shoplifters to organized armed gangs. In a high value environment of consumer electronics, nearly 40% of stock is lost to theft. Fry's has cut that number down to less than 8%, due to heavy-handed physical security procedures.
:-) Its all there, most the customer never sees, but keeps the employees slightly more honest and the customers slightly affronted but not enough to lose revenue.
The paper was a justification for having well documented security procedures (the paper authors would like to sell clients very expensive consulting) and thorough physical security. The paper detailed Fry's internal auditing team, the daily (and sometimes bi-hourly) stock inspection, the separation of duties, the use of cages for extremely high value small components with two-person "concept team" pass-through to checkout(did you ever notice that no disk or simm reaches the counter until after your credit card has been approved or the cash is in the drawer?), and the final security guys with their pink X's on the customer receipts. The cash counting rooms were set up by Las Vegas security experts who take the movement of large value receipts very seriously.
All of those procedures are designed to make criminals think twice about targeting Fry's. Just by raising the bar slightly, at a slightly increased cost, they have lowered their losses from 40% of all stock to just 8%, and if you multiply that by their annual turnover, the savings is huge.
The guys on the door don't actually stop any theft by checking bags and receipts, their job is to put fear into stupid thieves before a crime takes place. It is very effective, even if the X'ers don't find one theft in an entire week.
I was in a Fry's last month, the whole purpose was to check out if all their security was just like in the consulting paper (I didn't need to buy any gadgets, since I had just come from SE Asia
the AC
CmdrTaco might be in Vladivostok, or Guam, or some part of the earth where "Today" is already saturday. But then again, this is /.'s own CT, who thinks that Holland is in Michigan :-)
.mi.us, but I'm heading up to Rotterdam in a few hours to consume large quantities of beer]
I'll be downing a cold beer to celebrate, actually, the celebrations seem to have started early, and I'll continue for another few hours until the official "announcement anniversary"
the AC
[Yes, I know there is a Holland in
Linux is a cancer
- Steve Ballmer, crackmonkey
Unsurprisingly, that's incorrect; LINUX was released on August 25th, 1991 and is therefore a virgo.
- Kevin Lyda, kevin@suberic.net, from r.h.f one liners file
the AC
I can't get around /.'s tag filters, and they get lost in my browser, so you get square brackets instead.
For cultural tags, it would be handy to delimit which nationality you are stereotyping
[/politically correct]
[french]I weeel beee wiz yoo in a meeenoot, monsieur[/french]
[british]Bloody frogs, ignorant of the fact that The Queen's English is the international standard language[/british]
[scots]Dae ye unnèrstaun, spake, or scrieve tha quains inglais?[/scots]
[german]This is NOT funny[/german]
[politically correct]
the AC
The presentation was interesting, if you are an EE studying practical applications of signal processing. By applying standard SP techniques to the sample files, Felten and crew were able to discover all kinds of hidden information buried within. These are standard computer algorithms such as Fast Fourier Transforms, echo detection, and statistical analysis. Nothing magical, mystical, patented, or even super secret. Normal curricula for 2nd year EE students, statisticians, and maybe some CS majors.
The best part started about 40 minutes into the presentation. One of the panel members (I can't remember his name) gave an analysis of section 12.01 of the U.S.Code, broken down paragraph by paragraph. There was a good summary of the DMCA, which exposed it clearly enough for laymen to understand it is not a copyright law, but a "para-copyright law". The distinction is that it doesn't directly change existing laws, but modifies the contract between copyright holders and consumers. Very clear and well spoken, this speaker is someone who has clearly given the speech repeatedly and knows exactly how to present the information for maximum impact.
If you download the presentation, at least take the time to watch that 10 minute section. It will give you the verbal ammo needed to start convincing people you know the basis of why the DMCA is bad.
the AC
[The next section is the EFF lawyer saying "ummm" about 50 times per minute, and completely losing the audience]
Looking back, my laundry list was composed from two points of view, the geek as employee, and the businesses likely to employ geeks. Both are what Ottawa are trying to attract, because without attracting the businesses, there is no need for geeks.
I also forgot to throw in affordable child care. If a municipality doesn't nurture a good child care system in their community, one that businesses can take advantage of, then married geeks will not have any incentive to move up north.
If you are a company trying to build a new R&D centre in Ottawa, and the local ISP doesn't know NTP from NNTP and outlaws servers and has crappy service and capped bandwidth, the geeks will know and won't move to your new building. Word about lousy ISPs gets around, and if Ottawa allows cr@pHome a 20 year exclusive monopoly for lousy, restrictive access, they won't attract much more hi-tech workers than the few trapped there now.
Computers in schools? What's the percentage of geeks with larvae?
Its not the geek with larvae, its a local pool of talent to recruit from over the next few decades. Businesses (errr, good, well managed businesses) choose to relocate based on a large number of factors, and having a tech-knowledgable school system is a big plus. It means that when kids grow up and graduate from university, they will probably stay in the area. Berkeley and Stanford are the reason Silicon Valley exists, as MIT and some Ivy League schools account for Boston's leap into hi-tech. The education effect goes all the way down to grade school level, you can't have top notch universities without a good stream of local talent feeding them.
the AC
A few other things a local government can do.
When a local government starts to act in the interests of its local citizens, it will become more attractive to the affluent and highly mobile work force. Make that statement the core of every city council meeting.
the AC
[Ottawa? I could make a comment about warm weather year round, but there is nothing you can do about that
Even though I don't own a tele, I've seen a large number of Lexx shows. A friend works on the German side of things, and they fly him to Toronto and some studio in the wilds of Nova Scotia (his words) from time to time. Much of the talent in front of the camera is Canadian, with the exception of Eva & Xenia. Behind the camera is a mix of Germans and Canucks. Most of the young, sexy bit-part actresses are German.
Since I spend wayyyyy too much time in hotel rooms, I do get to see Lexx on both sides of the atlantic. There are two different versions, the European/Canadian shows tend to be more sexy and edgy, the U.S. gets a very edited down version so the Sci-Fi channel doesn't get kicked from too many cable stations as pr0n.
When my friend first told me of Lexx, it was being sold to various investment groups and production support companies as a way to attract a large number of hard-core geeks. By analyzing the only successful elements of recent trek shows [7of9], the first season working title was Sexx. The mini-capsule was "Trek meets Xena in a Blue Velvet universe". With a tag like that, its not hard to see why CmdrTaco likes Lexx, as well as Farscape.
I like Lexx, but I wish all four seasons would come out on DVD or tape, or some fan would digitize every episode into mpeg and share them on gnutella.
the AC
WinPoet works with static IP addresses. It all depends on your ISP, and whether they associate your login with a static IP address (i.e. a good ISP) or just grab an IP from a pool (i.e. tightwad fucking loser money grubbing clueless ISP).
There are drivers for Macintosh, Linux, Solaris, and most of the windoze line. For *nux, I'd recommend Roaring Penguin which is just a simple protocol wrapper for existing PPP drivers. Instead of specifying a serial TTY port, use the pty option of pppd to pipe to a process. Simple. Discussion groups here. And IPSec shouldn't care about PPPoE, but I would suspect that typical (i.e. buggy as shit) windoze versions get confused by new device drivers.
PPPoE is pretty common all across Europe. This is because we have monopoly telcos (just like SBC, but with even less ethics) who refuse to allow wireline access to customers. So they aggregate all the DSL connections into Broadband Access Servers, and feed the resulting IP stream to the ISPs based on the CHAP logon. This allows a resemblance of competition, while still taking their cut of the profits. And it allows the telcos to promote their own services ahead of all competitors, and of course their provisioning software works only on their own ISPs systems, and all competitors have to constantly update and hopefully not lose too many customers because the provisioning protocol changes every Monday morning *cough*FraudTelecom*cough*BilgeCom*cough*. [rantmode=off]
If the article is correct about only allowing dynamically assigned IPs, they you are fuckt. Take the article with a grain of salt, because there are enough other factual errors I think the author pulled a bunch of facts out of his ass. If SBC behaves like telcos in Europe, they'll just pass the PPPoE stream to the ISP, and if the ISP wants to offer static IP addresses, no problem. Over here, some give static IPs for no extra cost, others charge as much as US$100 per month on top of the ISP fee.
the AC
An F1 stuck in down-town NYC would certainly attract more chicks than an Accord in Montana. Isn't that why we choose the flashiest hardware we can, to get more chicks? :-)
:-)
On the other hand, a sparc runs the software I want to run, and the software I earn tons of money from. So of course, having tons of money gets higher quality chicks better than any car
the AC
[not a politically correct post since I'm in a country which has outlawed 'Merkin correctness]
But I am an FCC engineer. FCC engineers are required to know the relevant laws. From time to time, these questions pop up for international companies wanting to do business in the states and europe. The CISSP also requires knowledge of the legal aspects of sysadmin or security personel who may receive electronic communications not intended for them.
The relevant parts of US Federal Law are contained under the Code of Federal Regulations, also known as the U.S. Code, part 47 covers telecoms and the FCC and part 18 is criminal laws and punishments
18 USC 119 bars the disclosure of any electronic communications to which you are not a party
18 USC 2702 defines the criminal act of disclosing intercepted communications
47 USC 605 (the Communications Act of 1934) also bans the disclosure or use of third-party communications.
There are similar laws here in Europe, but I can't find any of those bookmarks. If anyone is interested, google yourself.
the AC
(Use the Preview Button! Check those URLs! Don't forget the http://!)
/. on another screen.]
Doh! Port 80. Self-LART applied.
[obPitifulExcuse: was working on sendmail/procmail/qmail/postfix/dns interaction on one screen, watching port 80 probe counts coming in on another screen, and reading
the AC
[EDITOR] "Cringely, you useless fuckhead! Its deadline! Just make something up, 90% of your readership is so clueless, they won't know the difference. Ignore the 10% who have a clue, they won't bother reading our site for much longer."
... cringely.com in an instant.
:-)
Although he mostly misses the point, especially about how any single unpatched server will somehow relaunch CodeRed every month, I'll agree that port 25 probes are on the increase here. But as more and more machines are patched, the problems and reinfections from this particular worm will eventually become lost in the noise. I am looking forward to new, better written nasty IIS worms over the next few months.
It can be retargetted from whitehouse.gov to
Thanks for the idea. Now, which bit is it that makes CodeRed attack forever? And which bits to change the target?
the AC
[too much karma interferes with your tantric energy, time to troll]
There is a similar campaign starting up here in Europe, in time for the XP launch.
I heard a M$ lawyer comment that the biggest problem with the call centre handling "disgruntled employees" is that close to 99% of the calls are really one company trying to get competitors audited. Sometimes its a few rogue salesmen in one company trying to tie up the competition, other times its a well funded campaign to derail a deal with the wrong supplier. Since the last grass campaign netted very few violations for the large number of calls, they have been developing a whole scripting system for the front line call handlers to filtre as many bogus calls as possible.
They are now requiring face to face meetings with the grassers, before committing any resources to pursuing an audit. Even with more training for the call centre staff and about 20 dedicated auditing teams across Europe, they still expect only a few cases per year. Its not a revenue centre.
Most of the increase in income will come from the scare campaign, along with pressure from the channel on every company who gets a letter. They have been trying to set up a new training program for companies who want to be certified Auditors. The feeling is that a regular scare mail campaign with demands to produce a yearly system audit will create a large Audit Company market. The plan was that the channel would share in the money earned by an audit, about 10,000 euros minimum, up to several million euros for a large corp, by asking for a certified audit report at the beginning of contract negotiations.
With some more press coverage like this Yahoo article, I think I'll let customers know there is no teeth to the audit demands, and to just say no.
the AC
Imagine checking out the camel book for a week, and getting started on Perl. Then you have to turn it in. Minutes later, you'll need the book again.
You will probably buy one to keep. You certainly would know the worth of a good reference book, and remember those funny animal sketches.
the AC
The Dragon Book (Compilers, principles, techniques and tools) by Aho, Sethi and Ullman
The Cricket Book (DNS and BIND) by Albitz and Liu
The Bat Book (Sendmail) Allman and co-conspirators
The BGP Book (Internet Routing Architectures) Sam Halabi
A whole bunch of William Stallings books (Cryptography and Network Security, High Speed Nets and ATM Design, SNMP)
The whole series of Roger L. Freeman's Reference Manual for Telecommunications Engineering.
Telecommunications Engineer's Reference Book, by Mazda
At home, I have the classics, Knuth's Art of Computer Programming volumes I to III, The Mythical Man Month, Godel Escher Bach, and many others I can't remember in this inebriated state.
For a lending library, I'd add the whole of the O'Reilly series, a bunch of Cisco Press, Dilbert and of course User Friendly
the AC
I put a copy of the report of my outgoing gnutella directory. Its name is pornP2P.pdf
One hour later, the report has been downloaded 14 times. I wonder if those lusers knew what they were getting just by grabbing a random 1.7Mb pdf file with the word PORN in the title.
Its late, enough fucking with pornmeister's minds for the moment.
the AC
Out of the box, most OSes have WAY too many services enabled. All of the manufacturers do this in the name of "Ease Of Use", another way of saying "No Security". Urging companies to tighten up their security out of the box will slowly make the internet a better place for all.
/.ers are covering the micr~1.oft topic in greater depth.
Micro~1.oft is the worst offender, because they strive for the easiest to use systems possible. They also know that 99% of their user base have no clue about computers beyond point-and-click of the few icons scattered on the desktop. Other
Sun is also pretty bad, they've been shipping thier OSen with tons of unnecessary services enabled by default. Every solaris install has sendmail, FTP, telnet and dozens of RPC services running, and quite often the stable version of those services are old and have scripted exploits.
Many other OS developers are in the same boat. Default passwords for unused accounts, obscure services that only 1% of the users ever even know about, and wide open services are the norm HP, IBM, Oracle, etc.
Apple is one of the few shining examples of good systems, but that is probably less for altruistic reasons than for their user oriented paradigm. They concentrate on the desktop and user, and not on network facing services. OSX is nice, because even though the system is loaded with BSD utilities, none are enabled originally, and require user intervention to turn them on. The way all systems should be.
This pressure group has been needed for more than a decade, because companies like Sun have blithely ignored all calls to tighten up their system from security experts and groups like Usenix and NANOG. Before, there were many voices saying the same thing, but never really united. It will be good to see name-and-shame lists maintained by a central group, then I can spend less time maintaining my own lists of evil services to destroy^Wcomment out immediately after an install.
the AC
I can't imagine how MS can use Passport for anything more than a bullet for thier .NET brocuure, let alone dominate an industry.
/.
You are right there. Pissport is just a beta test of some new ideas. EOL is already planned for next year, to be replaced by newer and costlier and more prevalent technology. They are tweaking the business processes behind the service, to see what flies in the market, and what doesn't produce any revenue, and what pisses off end users to the point of abandoning the service. After the next round of analysis, pissport will evolve into something else with a newly trademarked name and flashy marketing campaign.
M$ has changed their entire focus from being an OS and apps company, to an internet services and developer support company. If the US courts break off their OS and apps divisions, the core will continue to become the dominant force for intranet and internet authentication, using dotNET as the infrastructure.
The scale of the project is huge, and will require years for their own in-house developers to write, as well as years for the 3rd party developers to get on board. But if they play all their cards correctly, they will soon be in the center of a new market, earning regular income from a wide variety of licensing schemes. It will take years until this happens, but they started last year while they still had the 95% monopoly of desktop systems, and that monopoly will continue for long enough for them to muscle into the new internet markets.
The looming battle for the desktop OS will be huge, and largely un-stoppable. Mundie was 100% correct in his assessment of the GPL as "viral" and a "cancer". Soon, FreeOSen will dislodge M$ from their 95% market share, down to maybe 50% or less. But at that point, M$ will be in a new playing field, and will have patented and registered every key technology to lock all competition out. They know they can't compete with a Cisco for networking, or an Oracle for straight-up DBs, or an AOL for control of the cable, or the RIAA for hatred inducing lawsuits. The markets for the 4 A's, Authentication, Authorization, Accounting and Auditing services are very immature right now, and when properly developed will be a new source of revenues. Cisco will be required to license M$ patents on network authentication protocols. Oracle will have to license the patents for DB authentication, or find themselves with no windoze desktop user software. AOL will have to obtain certificates identifying themselves as properly certified by the M$ controlled root, and you can believe M$ will force some concessions before granting a cert. The RIAA lawyers will genuflect in admiration at the gall of the M$ legal team using thousands of newly purchased laws to beat down any free competition.
Its late, I've now ranted enough about M$ to last me a few weeks. I would love to see some well thought out criticisms from intelligent people, to help me sharpen my arguments and avoid repeating mistakes, but alas, this is
the AC
Which clueless are you referring to? Me or yourself?
You are confusing the simplistic communication tools available to programmers in this early round of dotNET implementation. Yes, there are some cool, well developed XML communication procedures. I'll bow to your point about W3C standards, since I'm not a web coder. I seldom raise my eyes above OSI layer 4, or else I concentrate on policy, budget, and religious issues. But M$ themselves have been quietly letting key developers know that they are positioning themselves to repel the FreeOS attack, by including a lot of additional features in future versions of dotNET.
If you want to write an app or web page to do simple communication between processes or from a web server to a browser, XML tools can do the job. But if you are going to use the latest authentication goodies to communicate with objects and processes externally, you will have to pay royalties/licenses/fees to M$ at some point. If you are ever going to write a killer app for a website, or a client/server setup, or a P2P function, M$ will be somewhere in the middle of your transactions. Count on it, it is what they are telling the financial analysts, the corporate planners, the CEOs of favored developers, and a few other elite few.
Passport is a service that is offered to service/content providers.
Pissport is just one service that M$ offers, where they sit in the middle and collect revenues from those sites that want to participate in this new program. They have a whole bunch of other programs in development right now, all grouped together under various codenames, the latest to leak was called HailStorm.
As a provider, I can choose whether to use Passport, Vendor X, Vendor Y, my own authenication scheme, or all four implementaions if I choose to do so.
Great. Use all four. But the market will be dominated by the M$ based one, and few, if any will use a Vendor X. Will you develop for Solaris, Macintosh, HP-UX, SGI, Linux, and a dozen other platforms, even though only 15% of your customer base might use them? As a hardcore *nix person, supporting a huge user base of every kind of machine, I can tell you of the levels of frustration we face every day when popular websites decide to reject all browsers except for IE5 on win98 or 2K. My bank offers banking by internet, and under pressure from M$, they have decided that alienating 35% of their customers is worth the discount that M$ gave them on their web development tools. It is written into their licensing discount they will reject all non-IE browsers, so its no use talking to the project leads, and they reassigned all the programmers who objected, leaving only M$ lackeys.
there will probably be competition in the authenication service market
You are showing how naive and blinkered you are, if you believe that M$ will tolerate any competition in the authentication marketplace. Their stated goal is total domination, using their monopoly position to force developers to use only M$ protocols. Those of us on the sidelines who have been burned by M$ repeatedly are hoping the US Justice Department create a remedy to the illegal abuse of monopoly power that will address the newly mutated M$. M$ today no longer cares about OS or standalone application revenues, since they will decline over the next decade, and has shifted its entire focus to dominating the internet services market.
the AC
Here is a list of some things that *MAY* be incorporated into XP over the next couple of years. None of them are confirmed, some were tossed out by M$ to see what the corporate response would be, others are just rumours and pure speculation. Predicting M$ future moves is becoming an art form for those of us in the trenches.
:-) IE will NOT have a check box "block all banner ads" :-(
.eu, only gateways would need to add/verify certificates, the end users would never need to see or manipulate a cert. The sysadmins of a gateway would then be responsible for their machines. In case a user started spamming, it would be only the local gateway admin who would know the detail of the user sending the spam, and hopefully take corrective action. ORBS could then become "gateway certificates revocation list of known spam-friendly ISPs".
- browsers that will only show banner ads from "certified" advertisers. When suddenly 95% of the machines don't show an ad unless the advertiser purchases a certificate, watch the stampede over to certified ads. So what if FreeOS users can see any ad without checking on certificates, advertisers will still buy them. To avoid anti-trust problems, IE will have a checkbox "block un-trusted banner ads", which when unchecked, allows a luser to see all banner ads
- checking hotmail. When hotmail servers detect a non-authenticated browser, user gets re-directed to a pissport signup page. Again, since 95% of users will be on XP boxes with an authenticated browser, the loss of only 5% of FreeOS users can be absorbed by increased licensing revenues and re-selling the private data from pissport to spamm^Wadvertising partners.
- certificates buried in Office documents, which can be lightly encrypted, or just signed. The official Office will check the certificate for every document it opens, and refuse to open any non-certified documents. This will be touted as a solution to wurd macro viruses and increased security and confidence in legal documents. Again, since the algorithm for generating the embedded certificate will be patented, and FreeOS package will be attacked by the courts if it can duplicate the functionality(deCSS), there will never be another starOffice-style package offering M$ compatibility. If a FreeOS version somehow triumphs in the legal arena, with dotNET's DCOM features, M$ could overnight change the embedded certificate functions in every currently licensed application, pushing the changes down the hierarchy to the ASPs and then to the end-users. They can keep doing this every time the FreeOSen catch up to the functionality, and most updates will be transparent to XP using sheeple.
- Attaching a certificate to every email sent through a licensed gateway, to prove trackability of emails in case of UCE, ILoveU-style virii, or timestamping ability. Certainly sendmail/Ximian/Kmailgate will have dotNET modules to create and verify digital signatures, but the certificates will still only be available from a M$/verisign licensed crypto-key vendor. To avoid privacy laws in the
I had written up an similar dialog, but once the lameness filter rejects your post, it claims the post was originally posted at the beginning of the unix epoch...
:-P
/. inside jokes (AYB-filter-triggered-notifying-security, beowulf, anti-M$ rant), but /.ers can use their own imagination to fill in the rest.
/.
Easy does it! This comment has been submitted already, 276471 hours , 18 minutes ago. No need to try again.
it went a little something like this, but this is just based on being on both ends of a hell desk line
[Luser]: It doesn't work
[HellDeskAI]: ##unknown-subject[It]## What doesn't work?
[L]: my machine is broken
[HDAI]: ##common-response## Have you rebooted your machine?
[L, 52 minutes later]: Yes, it still doesn't work
{snip}
it was a long post, which had all the great
the AC
who is tired of fighting the lameness filter on
I just used up my moderator points, or I'd up you to a (score:+6 spot-on).
/. hotbutton :-) M$ has been quietly devising a scheme where they can legally control all of the key services to "valid" communication between all dotNET implementations. By being at the centre of the authentication scheme, they control who can use all the nifty new services, and who will be excluded. They will also charge a subscription service for every end user, so you can go ahead and use *nix, but you will still have to pay your Pissport fee in order to access any new features offered by any value added internet content provider.
/.ers, a company's data will never leave the premises, and it will be up the the local BOFHs to perform regular backups of the data. But the A/A server will report back to the ASP on a regular basis to re-authenticate the certificates, and to communicate application and feature usage. The ASP can then bill the corporation for use. The ASPs will be required to purchase large blocks of licenses, which they will then have incentive to sell. The larger blocks of licenses will have bigger discounts. That means that a large ASP will have 50,000 licenses for OXP, and will then have incentive to find as close to 50,000 licensees to have the greatest RoI. Larger ASPs will be able to undercut the price of licenses than smaller ASPs, who will have to compete by offering better technical support.
Since I was forced recently to attend several M$ sponsored functions to learn about dotNET and the authentication services which will have to pass unhindered on networks, I've come to believe M$ has come up with a winner for their stockholders. As you point out, since M$ has 95% of the desktop market, their only growth will be limited to the slowly expanding installations of PCs, a measly 5%-12% per year. If they continue to rely on software licensing, their revenues will drop steadily over the next few years until the economy booms again.
So they are moving into services, but not just any old services. The only services where you can control the market are those where they have legal protection from all competitors, including free software. This means software patents, trademarks, service marks, and copyrights (there, I've just included every
One of the things being pushed in these meetings was the fact that dotNET will not be run centrally by M$, but they will license the authentication, administration and accounting features to ASPs all over the world. So instead of end user fees going directly to M$, local companies can offer a variety of licensing options to their customers, passing a percentage of the revenues on to M$. So M$ will have the master certificates, and thousands of ASPs will each purchase a certificate signed by M$, and their customers will then only need to authenticate with the local ASPs servers. A certificate from one ASP will be valid with all other ASPs, and will need very little communication with the central M$ site.
Corporate customers can have a "secured" authentication/accounting server (also the application server, and data store) installed locally to keep track of a corporation's use of M$ product use. Unlike the fears of some
The security implications of a huge hierarchical authentication method are staggering, and I'd expect there to be distributed.net style contests to crack the root M$ keys. The one question micr~1.oft avoided was any details on Certificate Revocation Lists, which to this point are mostly broken in all OS releases. They only said they are developing a system which will be "judicially protected" from any Open Source copies, so the ASPs did not have to worry about pricing pressures of people trying to substitute a "free" authentication scheme. The bane of my existance, XML, was mentioned rather cluelessly at several points, but no technical details at all were permitted during the discussions.
the AC
Its a good article about DIY projects. The author touches lightly on the one thing that may effectively kill the DIY market, new laws. But then he swerves back into his nostalgia for overclocking and other simply build-it-yourself systems.
/. and other places, many of the market leaders of commodity PC components have realised that there is no profit in a commodity market as long as every little taiwanese/korean factory is allowed to create cheap knock-offs that are functionally equivalent. Consumers love the fact that PC components are cheap, but what if that isn't always the case?
.NET to store everyones data in data centres, so if your box fries, you just go buy a new one, and keep working where you left off.
As noted on
If projects such as CPRM move ahead, it will create a new, protected technology for PCs. All of the mainstream market companies will band together to offer only new machines with CPRM, locking out all the non-licensed competition. When federal/euro laws come into effect outlawing the sale or possession of non-compliant disk drives, the market for cheap far-east drives will disappear over night. The laws will be based on protection of intellectual property, and the battle will become much tougher to fight once those laws are passed. This is why so many intelligent people are fighting the creeping crud of bad IP laws, they can see the economic damage if more laws like the DMCA/UCITA are passed.
Further down the road, more laws protecting IP will eliminate competition in the video card market, sound cards, or any IP storage, transmission or playback mechanisms. When that happens, only large computer manufacturers will have systems on the market, and even though they will only cost about US$500-US$1000, they will become sealed units. If you want a system with more storage, buy a bigger computer. Faster video for games, get the next expensive system. Upgrading will no longer be an option, and all those internal upgrade slots/cables/connectors/sockets will disappear.
Getting rid of unused DIMM sockets, IDE sockets, plugs, cables, AGP adapters, PCI buses will make a computer system much cheaper than today. Systems will become sealed, and changing components will be left to only the most technically gifted. Those cheap systems will use technologies like
This also has a knock-on effect for Free Operating Systems, if the law extends to cover drivers for IP protected components. No longer will linux be allowed to have a free version of a driver for CPRM drives, or a DeCSS decoder for DVD players, or De4HGFu for the latest 4D-Hyper-GeoForce-Ultra video chipset. Possessing, creating, or distributing un-licensed drivers will be completely outlawed, possibly with criminal charges as opposed to the current civil laws. Universities will be required to monitor students work, and forbid any student working on any project that might infringe on IP protected software. When the boxes close up, free software will be marginalised to very small groups dedicated to keeping the counter-culture spirit alive.
the AC