I'm fairly certain it's available for free via satellite.
Doesn't look like it's on Astra or EuroBird.
The Beeb are not allowed to advertise in the UK, so they would have to strip the ads, but it still seems crazy that you can't see some BBC content in the UK.
I mean we wouldn't want ot say something like "anything that asks for a password shall be considered private". Well anon FTP wants a password, it just takes anything as that password. However, by that standard, it's still private and you can still be busted.
Anonymous FTP servers almost always tell you they are anonymous FTP servers in the banner - it's pretty explicit. If it doesn't say so in the banner, well you probably shouldn't be trying to log in as an anonymous user in the first place.
we don't want to create a situation that some many here thinkg is reasonable of blaming the victim and saying you have to take a bunch of steps to keep people out.
I think you need to ask who the victim is - you're assuming that the victim is the person who plugged a completely insecure machine into the public network and left it there. Equally the victim could be considered the poor bugger who happened upon your insecure machine, assumed it was public and was promptly thrown in jail.
Like it or not, when you connect a device to a public network you _do_ have to take reasonable steps to keep people out. Anything else is negligence. Promoting the idea that you can negligently connect an unprotected device to the internet and then blame someone else when it gets compromised is very bad. The technological methods of telling people that something is private already exist and if you don't use them then you only have yourself to blame.
The internet is (amoungst other things) a publishing medium - you can't publish something in a public place and then throw anyone who looks at it in jail.
It's certainly impossible to tell if it's legitimately public before connecting to it
Sorry, I have to disagree with that. Any reasonable-sized institution (my university, for example) will set up their Linux/Windows/etc. login screen to show a message along the lines of "If you are not authorised to be here, bugger off."
And how did you get sent the login screen? Oh yes, that's right, you connected to the server you weren't authorised to connect to... As I said, there is no way to tell if you are authorised to connect to a machine before you actually try to connect.
However a reasonable person would assume that using something to map the entire file system via an automatic administrative share is nothing intended to be public, even if they forgot to put a password on it.
I think it's worth pointing out at this point that mirror.ac.uk used to (not sure if they still do) provide access to their entire ftp mirror through NFS over the internet - this is more or less equivalent to an open Windows network share and _was_ intended for public consumption.
I would liken it to homes and businesses. If something is in a business district, has a sign on the storefront, and what liiks like a shop inside, pretty safe assumption they are open to the public, even if there's no "Please Come In" sign. However if something is in a residential neighbourhood, looks like a house, probably safe to assume it's not public, even if the door is open, unless there's a sign.
This analogy has proven unreliable - setting up an open wireless access point is pretty much like hanging a "Pub" sign above your door and putting a "free beer" sign on the street outside your gate, yet people have been presecuted for taking advantage of open access points.
However if you mapped an unprotected Samaba share
I again point you at the above example of using NFS over the internet. What's more is that you're assuming knowledge - I'm pretty technically competent and I have a very good understanding of networks but I had no clue that any software would be so insane as to share the hard drive to a public network by default with no password (I avoid using Windows like the plague so I shouldn't be expected to know such details). Also, I'm guessing you could probably point Windows at "\\ip address\share name" and it would connect to the share so it's entirely possible that I could inadvertently follow a link on a html page to get there.
I'm very much of the opinion that the owner of a system must do _something_ to indicate that a service is private - you can't expect people to know, on the internet everything should be considered public unless otherwise indicated.
I think there'd be an argument taht a site which doesn't prompt for credentials is implicitly granting access, while a prompt for credentials even if they password is blank would indicate that only authorized users may access.
Many (including me) would consider this to be a good definition. But it is at odds with many legal cases - take wireless networks for example: an open wireless access point is not only not asking for credentials, but it's actively *broadcasting* advertisements of it's existence and openness - it is in essence inviting anyone in the area to use it. Yet people have successfully been prosecuted for using open access points.
If you know you were not supposed to be doing it, it's trespassing.
Please explain how you can show _beyond all reasonable doubt_ that someone who connects to a private service knew (before connecting) that it wasn't supposed to be a public service. Proving someone's intentions is always very difficult.
you're trespassing if you are anywhere you know you shouldn't be. If it is 10PM and a mall is closed and the cops find you wandering around inside- bam, trespassing.
This is a bad analogy - you can _see_ that the mall is closed. On the internet there is no ability to see the state of something until you try and use it:
- Until I connect to port 80 on a machine I don't know if it's open.
- Until I send a GET request and get a response I don't know if it's going to ask me for a password
- Assuming it doesn't need a password, until I get the whole response page from the GET request, I have no way to know that it's a private page (and even then it may not be obvious - it's all very subjective, many corporate intranets look very similar to a public website so is the "cracker" supposed to be able to tell the difference?).
As bad as analogies are, a better analogy would be a blind person who doesn't know the time wandering around the mall - as far as anyone knows they may well have thought it was mid day and the place was open.
as long as "PRIVATE" was posted at some legally defined interval on or near the property line, or it was otherwise obvious.
Again, not a good analogy, but I'll bite - isn't the PRIVATE sign similar to putting a password on your server? So by that definition, an unpassworded server is clearly a public space and you can't be trespassing, right?
£120 is probably a lot for the people who have a television and don't use any BBC services. I'm not one of them, but consider that perhaps it is unfair to charge £120 a year to someone who just wants to watch the Movies on Sky. I'm not one of these people (I only use Freeview), but the blanket £120 sum is unfair.
(I'm a UK resident, with a fully paid up TV licence)
To my mind, 120 ukp is too much and I think they shouldn't have been allowed to just raise the licence fee to pay for a load of new channels which (for the most part) show nothing but crap.
However, IMHO the BBC should be about producing TV shows that are not viable for commercial channels to do - either because the programs are quite specialist (e.g. The Sky At Night) or because they can use the air-time to show something that costs less money to produce but still brings in a reasonable audiance (pick any of the crappy reality shows). So my licence fee should _not_ be spent on funding popularist crap that any commercial channel would show such as Fame Acadamy, EastEnders, etc - we have enough commercial channels doing that kind of content already.
Of course you have to keep the viewing figures up so that people don't consider their licence fee "wasted" - I believe that the whole way the Beeb works should be changed: - Let them run BBC 1 and 2, paid for by the licence fee as usual. On these channels they should show all the stuff that a commercial channel wouldn't show for the above reasons. - Let them run BBC 3 and 4 as commercial channels, not paid for by the licence fee. These can run all the stuff that is viable for a commercial channel. - If a series that's been showing on BBC1/2 becomes considered "commercially viable", sell it to BBC3/4 and reinvest the cash from that sale into BBC1/2. This also means that you free up some time on BBC1/2 for more quality content.
If they worked to that system they could continue to produce quality programs that no commercial channel would touch, and also produce the cheap, popularist stuff without wasting the licence fee on it. Also, because some revenue is coming from the commercial side, they shouldn't need such high licence fees.
The BBC has produced a lot of really good programs, but frequently I also feel that a lot of the other stuff they produce are a waste of the licence fee because it's content that the existing commercial channels wouldn't hesitate to show.
Anybody who thinks that it's OK to go poking around obviously non-public military sites
I'm afraid I don't know the specific details of the case - was he accessing web sites? Were they obviously non-public? How could he have found out that they were obviously non-public before accessing them (and thus being branded a cracker)?
if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public
If you've found passwords and deployment details then you have already accessed the server and thus liable to be prosecuted as a cracker. Please explain how one would find out _before_ potentially breaking the law that they shouldn't proceed any further.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
Emailing them saying "hey, I just accessed all your confidential data" doesn't seem like a good way of avoiding prosecution does it?
It _could_ also be argued that since these were military secrets, knowing them turns him into a target and so the best way of remaining safe is to keep very quiet and hope noone notices.
Excellent! If I hadn't already posted to this article I'd mod you up:)
This is what I've said for a long time - the current computer misuse laws (in the UK at least) pretty much outlaw the whole internet because they require that you have permission to connect to another computer before you do so. The closest you can really get is implied permission resulting from someone leaving the service unpassworded.
we all break laws in countries which we're not in, that's ok, we shouldn't be able to be prosectued for it
Well it's definately a difficult question when it affects another country - if you launch an warhead at another country, it may not be illegal to do so in your own country but the place you launched it at is sure as hell not going to be happy. I'm not really expressing an opinion either way but I can certainly see both sides of the arguement.
Note: I'm specifically talking about actions which affect a whole *country*, not just organisations within that country. For example, I'm deeply opposed to the likes of the RIAA/MPAA thinking that they can apply US copyright laws (including the DMCA) to anywhere in the world - there have been a lot of cases where non-US governments have been put under a lot of pressure to prosecute people who have broken US law even though they haven't broken the local laws of the country they are a resident and citizen in.
Examples of this include US organisations trying to prosecute people who upload copyrighted material, even though the local laws allow the uploading of content but disallow the downloading of it. (Yes, it may be wrong an unethical to upload copyrighted material, but that doesn't give you the right to prosecute people who haven't broken any law that applies in their jurisdiction).
I agree it is stupid that there were no passwords on the system, but just like a yard without a fence, the fact the fence is there does not imply permission to run around there and dig up the flowers.
What constitutes "permission" to access unpassworded network services? Do you need written permission? If so I guess everyone who accesses public web servers is guilty of cracking them since they didn't get written permission from the server owners.
It may sound silly, but there really isn't a lot of difference between a public unpassworded service and a private service that's been left unpassworded on a public network. It's certainly impossible to tell if it's legitimately public before connecting to it and there's no guarantee you can tell that it's not supposed to be public once you have connected.
Lets say you connect to a web server - how are you to know if that's a public web site or a private company's intranet site that they didn't bother to password protect?
VoIP uses considerable bandwidth and you will be charged for the data generated.
VoIP uses considerably less bandwidth than most other popular internet activities - if you fix your prices so that popular activities are reasonably priced then the voice calls would cost very little.
Some calculations are in order: GSM compression uses about 13Kbps in each direction plus IP packet overheads (we'll ignore these for now). So a 1 hour phone call is:
13 * 3600 = 46800Kb in each direction.
Convert that into kilobytes:
46800/8 = 5850KB in each direction.
And into megabytes:
5850/1024 = 5.71MB in each direction
And consider both directions:
5.71MB * 2 = 11.42MB total
I don't know about you, but spending an hour surfing around a modern website on a reasonably fast connection I use a lot more than 11.42MB of bandwidth in an hour. Even taking IP overheads into account, pricing internet traffic at rates that would make VoIP cost a similar amount to a normal cellphone call makes other applications excessively expensive (yeah, ok, still cheaper than what most cellphone companies currently charge for data, but that's not saying much).
Does anyone responding to this thread really understand VoIP and the 150ms delay requirement?
Yes, I do.
It's UDP, so there is no packet reordering a-la TCP.
Only partly true. Each end-point has a jitter-buffer of a certain length (say, 100ms). As the UDP packets arrive their audio data are shoved into the buffer and the sound device reads from that buffer at a (more or less) fixed rate. This is needed because there is always a certain amount of jitter on an IP network (i.e. one packet may take 50ms to get through, another might take 75ms) and so just dumping packets directly to the sound device would result in the usual jitter being audible. If the packets arrive out of order, as long as they all arrive before they are due to be played they can be slotted into the buffer in order. If they don't arrive in time then tough, they get dropped and you either get silence or the phone will generate some sound predictively to try and fill in the gap.
If there is a delay more than a specific amount of time, that packet is dropped by the receiving station
Untrue - this is only the case if your excessive delay is only applying to some packets (e.g. it's jitter, not consistent latency). If all your packets are delayed then you will just end up with a high latency call, much like a satellite phone. If you think about it, it can work no other way - there are no "absolute" clocks involved in the protocols so the receiver cannot know when the packet was actually sent, so can't time it out in the way you describe.
Also, the phones can employ dynamic jitter buffers, which grow if the connection has a lot of jitter. This prevents the jitter being (as) audible at the expense of higher latency.
On the signalling side, there are of course timeouts but these are long enough to be a non-issue in the scenario we're talking about.
Not to mention that VOIP is functionally useles with response times greater than 150ms.
I wouldn't say "useless" - it's just that the delay becomes noticable about around 200ms (150ms + 20ms encode + 20ms decode == 190ms) - you can still use it.
I'm not surprised that T-Mobile is blocking (or purposefully not paying attention to) UDP heavy packets (IM) and VOIP which would require some QoS crafting to ensure reliability.
IM doesn't require QoS queueing and is usually done over TCP. And even though you need QoS queueing to guarantee any level of VoIP service, it's still often surprisingly usable without any kind of QoS.
Besides, how are they going to tell whether the ESP traffic I'm sending is VoIP, IM or just plain web surfing or VNC? They're gonna piss off a whole lot of business users if they block ESP.
Trusted computing isn't without benefits. For my grandmother (who wants her computer to work like an appliance) trusted computing is probably the way to go. For me, it isn't. From my blog
Certainly, I agree with you. The "one size fits all" solution to which the major vendors seem to work towards really doesn't work. For example, I find Windows way too restrictive. I'm sure my parents find it too flexible.
I'm this far: ->.<- from installing Linux on my parents machine since most of the time they're only using it for web browsing, email and word processing and I could secure it a lot more effectively than Windows. However, the thing that stops me is that my dad has a habit of going to PC World and buying some random software, which obviously ain't going to work (easilly) under Linux.
That said, I worry a lot that trusted computing may end up giving the big names a lot more power since it effectively pushes the competition out of the market. If MS launch an appliance computer you can bet that it'll ship with Office, Media Player, IE, Outluck. If a large chunk of people buy these machines it's suddenly reduced the size of the market available to OpenOffice, FireFox, Thunderbird, etc. And we've already seen what happens when a single company gets most of the market with IE - they completely cease development because there is no financial gain in them continuing. It's another situation where in the short term it's good for (a lot of) end users but in the long term the lack of competition just causes the market to stagnate.
DOS which won't crash but it won't do what we want
Trust me, DOS will crash at the drop of a hat - no memory protection and random software poking directly at the hardware, a recipe for disaster. I still have (painful) memories of writing ISRs under DOS - frequent crashes during development due to things breaking during an interrupt. Under those conditions you definately benefit from a fast boot.:)
A version of this model is what we have for online security. You can get a "trusted" SSL certificate for your business, signaling that it is OK to put in your SSN or credit card number.
Except that the online security model is fundamentally flawed. It requires that I trust that the people who signed the certificate have ensured the certificate owner is who he says he is. Why should I trust a large company like Verisign who is being paid by the certificate owner? In my experience, large corporations are usually fundamentally untrustworthy.
large cost advantages (which is a good thing)
I remain unconvinced that large corporations providing "discounts" is a good thing. Take Microsoft's drug-dealer tactics as a good example: Provide cheap/free software for schools. This makes it unfeasable for the schools to use competing software because it's cheaper to stick with the MS stuff. MS also looks like the good guy coz they're "helping" educate the kids. However, the kids are now hooked on MS software - they have no interest in learning anything else and MS crank up the price when they leave school and go into the real world. So now all the non-MS software is automatically at a significant disadvantage because noone has been shown how to use it and all the kids consider it "standard" and have no interest in learning anything "non-standard". Sounds like a crack dealer to me - get them hooked young on free crack and then ramp up the price.
Drivers are so bad that XP even warns you about drivers that haven't been through checks.
However, the driver certification program is to some extent a waste of time anyway:
When MS sign the driver they cannot test all execution paths - there are known cases where the driver manufacturers have put the drivers into a safe (read: slow) mode for the certification and then switched to a completely different (fast) execution path in real life - this makes the driver no more stable than an uncertified driver
Many driver writers don't want the time and expense of getting MS to certify each release of their driver, so they release uncertified drivers - a large chunk of drivers are uncertified and so will pop up the warning upon installation
Windows gives the users so many pop up messages anyway (made worse by the previous point) that the users just ok the message without reading it - an unread warning is worse than no warning at all since the user is no better off and you just annoyed them by making them click yet another box.
I think a big part of the problem is that it really isn't worth the driver writer's development costs to make the drivers stable. There is often a rapid turnover of hardware so they need to keep revising the driver and so long as it's stable enough that the average user doesn't realise it's that driver that's to blame before the product is end-of-lifed then what benefit is it to the manufacturer to spend the extra cash to make the driver stable?
However a driver that can be safely restarted is better than a driver that locks up everything that touches it (ever had an unkillable process stuck in the D state? That's probably due to a driver getting stuck).
The D state _is_ a bug, and in many cases an example of lazy coding. It's the "oops something went wrong but we don't want to complicate our code by catching the error and cleaning up so lets put the machine into an unrecoverable state".
For example, if you pull a USB mass storage device while it's mounted (a very silly thing to do, but it really shouldn't break the machine) then all the processes that try to access it will probably drop into the D state. There is no good reason for this - the filesystem driver has asked the USB block device driver to read or write some data and the USB block device driver _knows_ full well that the device has gone away so it should return a failure which the filesystem driver and catch and (after cleaning up locks, etc.) can return to userland as a failed operation. Unfortunately, rather than catching this error gracefully, either the block driver or the filesystem driver just gives up and goes to sleep waiting for an i/o operation that will never complete.
In this case, the D state is no better than a user's application bombing out on an ASSERT() failure - something went wrong, we can't be bothered to even save the user's work to a recovery file, lets bomb out losing the lot - if that's not a bug I don't know what is. (Yes, I'm aware that data integrity can't be guaranteed in many cases but you should at least dump out the (potentially corrupt) data to a recovery file).
At the end of the day it would be better if people didn't make mistakes but since they do it is wise to take steps to mitigate the damage.
I think there is some truth in the "less risk increases lazyness" idea, but I do agree that mitigating the damage is more important than scaring coders away from lazyness.
you roll back the changes but keep the unrolled back state accessible to recover data from?
Well, nice idea, but if it's a month or so between making the mistake and realising you made it (which may very well be the case if you got yourself malwared) then there could be a *lot* of changes between the two states. I certainly can't see it being especially nice for the average computer user (although it might be good for the contractor they have to call to fix their machine)
Only thing? No. Interfaces also make common mistakes easier to recover from
However, some mistakes cannot be recovered from - for example, if you click the "yes" button on the "would you like to install this malware" dialogue. In this case you might be able to use journalling features of the filesystem to undo the damage, but if you've done other things since then you probably couldn't selectively roll back the filesystem changes associated with the malware without rolling back everything else too.
In this case the UI has to be designed to make unrecoverable mistakes difficult or impossible to do in the first place so the "how do I recover?" problem (almost) never comes up. This is a very hard thing to do unless you want to turn computers into appliances (most people wouldn't like appliance computers since they wouldn't be able to install their favorite software) and becomes even harder when the people who want you to make mistakes (malware writers) are actively trying to trick you into making them.
One possibility that has been suggested is kind of a halfway-house between computers as we know them now and appliance computers - the OS would require all executable code to be signed by a "trusted party". However, this brings up some serious problems: 1. Who can be a "trusted party"? Lets say it's the OS vendor, why should I trust Microsoft to guarantee that the signed software is malware-free (especially since they are probably getting paid by the software vendor)? There will certainly need to be stiff penalties for signing software which turns out to be malware. 2. The inability to run unsigned software could be used to lock out the competition - for example, Microsoft could refuse to sign OpenOffice. 3. How much would this "signing service" cost - you can bet that thoroughly inspecting the software to ensure it really isn't malware is going to be very expensive so you just locked out all the small vendors who can't afford it. 4. How are you going to run code you compiled yourself since it won't be signed by the trusted party? This could either be FOSS code that you choose to compile yourself, or your own personal code.
These are certainly not easy problems. I do, however, feel that the ISPs need to take more action against people running malware infected machines. It seems all too common these days for ISPs to ignore abuse reports, let alone run monitoring software to proactively drop the connection to infected machines. The ISPs should monitor people's connections for malware signatures and upon finding an infected host they should drop the entire internet connection until it's fixed (probably redirecting all web requests at a server containing patches and instructions to fix the problem).
Part of the problem is definately that most of the malware doesn't actually cause a problem for the owner of the infected machine - they don't know or care that their machine is actively being a spambot. Cause hassle for the owners of infected machines and they might actually pay attention to the security of their own systems (viruses were considered a much bigger deal back in the days when their payload often trashed your data).
That means that unlike most VOIP systems, which work really well if you're on the real Internet but die if you're stuck behind NAT (or at least if both ends of your call are behind NAT), and which generally require lots of configuration if you have a more complex firewall, Skype Just Works.
Anything that can use STUN (almost all SIP clients) will traverse (most) NATs. However, there are rare situations where the NAT cannot be traversed and Skype works around this by proxying your traffic through random other Skype users. Whilest some people may consider this ability to "just work" a good thing, the cases where such proxying is needed are few and sending your data via random other users can (and does) lead to poor QoS. The number of irate "Skype has crap quality" complaints I hear, I do think it would probably be better just to tell the user they have an incompatable NAT and let them fix it rather than providing them with a low-quality service instead.
Google is going with Jabber
Yes, this is a big disappointment IMHO - Google saw that there was a standard protocol in use by most of the industry and then decided to invent their own instead of using the standard. It's open, but it's existance dilutes the compatability by adding Yet Another Protocol to do the same thing.
The main difference between VOIP and IM is jus tthe media channel - both services have some kind of presense server that keeps track of users and tells them the options for the media channel
Actually, SIP does not require a registration server - you can make direct phone-to-phone calls with nothing in the middle, so long as the caller knows the destination phone's address and the destination phone isn't behind a NAT. However, registration servers are indeed used in most cases since they allow clients to run behind a NAT and still be reachable, and keep track of dynamic addresses which would otherwise need something like dynamic-DNS. It's worth also noting that SIP can transport instant messages - I believe MS use SIP/SIMPLE instant messaging in their commercially available IM systems.
SIP seems to be the dominant VOIP standard at the moment but i believe, with a bit more work, Jingle might well replace it and become the ubiquitous VOIP standard in 5-10 years.
If we were starting from scratch then yes, I'd say that XMPP is the right place to put VoIP (and many other private communication methods such as email). However, we're not starting from scratch - SIP has a lot of weight behind it and as the dominant and industry standard protocol it's not going away and things like Jingle just seem to be reinventing the wheel and diluting the compatability.
The telephone industry is throwing a lot of money at SIP. The PSTN is slowly migrating from TDM based systems to IP. The intermediate step is SIGTRAN but the long term aim is to roll out IMS networks, which use SIP at the core. The telcos might not want to admit it, but the end of the PSTN isn't that far away, it will converge with the internet and using SIP for telephony will probably become as standard as using SMTP to send your emails.
most of the people the other guy's parents know will likely be using Skype.
What makes you say that? I can see no evidence that the parent poster knows anyone on Skype. Infact the parent doesn't mention *anything* about Skype at all.
If they were using a SIP service, they would not be able to call those people, or indeed the millions of other people using Skype.
And indeed noone on Skype can call people using SIP. I'm not sure what your point is here, you seem to be arguing against a statement I didn't make.
MS Office has a shiny CD which you insert into your PC and click next a few times with, OOo has to be downloaded.
The parent poster said "another paid service any person can spend 15 minutes learning to get absolutely free". I'm not sure how you are disproving this - yes, MS Office comes on a shiny CD, whoopy-do, but probably all the functionality a typical home-user needs is available for free in OOo (or similar). It is an example of a paid-for product which does much the same as something available for free.
MythTV is absolute HELL to set up. Freevo is even worse.
Really? I had no problems setting up MythTV.
Sometimes the cheaper alternative is unsuitable, more complex or just plain crap.
Sometimes, yes, but you're not saying anything to make my point moot - the original poster commented that AOL were (once again) offering a product which offers similar features to what's already available for free, I was simply pointing out that it's a pretty common case anyway, not just AOL. Many paid-for products are available with similar feature sets to free products, yet the paid-for products still sell. This isn't necessarilly a bad thing, it's just a fact - people will pay money because they are too lazy or knowledgable to find the cheaper/free product.
Infact, assuming AOL use SIP, having a big name like AOL marketting a service using the industry standard, open protocol is good. Especially since they're marketting it to the technologically inept, which is the same market as Skype - with luck it'll make a significant dent in Skype's market share and give the open protocol a boost.
I wouldn't blame Skype's success on marketing by the way, I've barely seen any round here.
I bet you've seen more about Skype than any other VoIP service though. I'm not just talking about explicit marketting, I'm talking about magazine articles, word of mouth, etc too.
I want something that will interoperate with everything else --including the traditional telephone network -- transparently. I don't want to have to care whether the person I'm calling uses Skype, or AOL, or Google Talk, or whatever. I just want to pick up my phone (software or hardware) and call them, like I can on the traditional phone network.
Well, not entirely true - on the traditional PSTN you have to know that people use the PSTN and not something like Google Talk. But the PSTN is so ubiquitous that you can pretty much assume everyone has a PSTN connection.
Anyway, Google Talk doesn't pretend to be a telephony service - it's an instant messaging system with some voice stuff on the top. At the moment there are basically only two IP telephony systems in common use - Skype and the thousands of people who use SIP.
If someone is using SIP then you should be able to just dial their SIP URI, much the same as sending an email to someone's email URI.
So really you only have to ask yourself: is someone using the industry standard IP telephony system or are they using Skype - if they're using Skype then they're pretty much cut off from the rest of the world and I'm sure Skype will eventually have to support SIP.
It's worth remembering that SIP isn't just something that only open standards interest groups will care about (e.g. who uses XMPP except those of us who care about open standards? Everyone else is stuck on MSN) - the entire telephone industry is adopting SIP as part of the IMS PSTN infrastructure, it's not going to go away.
You could say that about more or less ANY VoIP-system.
Skype does VoIP, so any VoIP-system is bound to be more or less a clone of it.
Actually, I'd say that Skype is the clone - SIP and H.323 have been around a lot longer than Skype. The only reason Skype have succeeded is marketting - open protocols have been doing the same job years before Skype came along, Skype just marketted their closed clone to the general public.
Slashdot Mirror
I'm fairly certain it's available for free via satellite.
Doesn't look like it's on Astra or EuroBird.
The Beeb are not allowed to advertise in the UK, so they would have to strip the ads, but it still seems crazy that you can't see some BBC content in the UK.
I mean we wouldn't want ot say something like "anything that asks for a password shall be considered private". Well anon FTP wants a password, it just takes anything as that password. However, by that standard, it's still private and you can still be busted.
Anonymous FTP servers almost always tell you they are anonymous FTP servers in the banner - it's pretty explicit. If it doesn't say so in the banner, well you probably shouldn't be trying to log in as an anonymous user in the first place.
we don't want to create a situation that some many here thinkg is reasonable of blaming the victim and saying you have to take a bunch of steps to keep people out.
I think you need to ask who the victim is - you're assuming that the victim is the person who plugged a completely insecure machine into the public network and left it there. Equally the victim could be considered the poor bugger who happened upon your insecure machine, assumed it was public and was promptly thrown in jail.
Like it or not, when you connect a device to a public network you _do_ have to take reasonable steps to keep people out. Anything else is negligence. Promoting the idea that you can negligently connect an unprotected device to the internet and then blame someone else when it gets compromised is very bad. The technological methods of telling people that something is private already exist and if you don't use them then you only have yourself to blame.
The internet is (amoungst other things) a publishing medium - you can't publish something in a public place and then throw anyone who looks at it in jail.
It's certainly impossible to tell if it's legitimately public before connecting to it
Sorry, I have to disagree with that. Any reasonable-sized institution (my university, for example) will set up their Linux/Windows/etc. login screen to show a message along the lines of "If you are not authorised to be here, bugger off."
And how did you get sent the login screen? Oh yes, that's right, you connected to the server you weren't authorised to connect to... As I said, there is no way to tell if you are authorised to connect to a machine before you actually try to connect.
However a reasonable person would assume that using something to map the entire file system via an automatic administrative share is nothing intended to be public, even if they forgot to put a password on it.
I think it's worth pointing out at this point that mirror.ac.uk used to (not sure if they still do) provide access to their entire ftp mirror through NFS over the internet - this is more or less equivalent to an open Windows network share and _was_ intended for public consumption.
I would liken it to homes and businesses. If something is in a business district, has a sign on the storefront, and what liiks like a shop inside, pretty safe assumption they are open to the public, even if there's no "Please Come In" sign. However if something is in a residential neighbourhood, looks like a house, probably safe to assume it's not public, even if the door is open, unless there's a sign.
This analogy has proven unreliable - setting up an open wireless access point is pretty much like hanging a "Pub" sign above your door and putting a "free beer" sign on the street outside your gate, yet people have been presecuted for taking advantage of open access points.
However if you mapped an unprotected Samaba share
I again point you at the above example of using NFS over the internet. What's more is that you're assuming knowledge - I'm pretty technically competent and I have a very good understanding of networks but I had no clue that any software would be so insane as to share the hard drive to a public network by default with no password (I avoid using Windows like the plague so I shouldn't be expected to know such details). Also, I'm guessing you could probably point Windows at "\\ip address\share name" and it would connect to the share so it's entirely possible that I could inadvertently follow a link on a html page to get there.
I'm very much of the opinion that the owner of a system must do _something_ to indicate that a service is private - you can't expect people to know, on the internet everything should be considered public unless otherwise indicated.
I think there'd be an argument taht a site which doesn't prompt for credentials is implicitly granting access, while a prompt for credentials even if they password is blank would indicate that only authorized users may access.
Many (including me) would consider this to be a good definition. But it is at odds with many legal cases - take wireless networks for example: an open wireless access point is not only not asking for credentials, but it's actively *broadcasting* advertisements of it's existence and openness - it is in essence inviting anyone in the area to use it. Yet people have successfully been prosecuted for using open access points.
If you know you were not supposed to be doing it, it's trespassing.
Please explain how you can show _beyond all reasonable doubt_ that someone who connects to a private service knew (before connecting) that it wasn't supposed to be a public service. Proving someone's intentions is always very difficult.
you're trespassing if you are anywhere you know you shouldn't be. If it is 10PM and a mall is closed and the cops find you wandering around inside- bam, trespassing.
This is a bad analogy - you can _see_ that the mall is closed. On the internet there is no ability to see the state of something until you try and use it:
- Until I connect to port 80 on a machine I don't know if it's open.
- Until I send a GET request and get a response I don't know if it's going to ask me for a password
- Assuming it doesn't need a password, until I get the whole response page from the GET request, I have no way to know that it's a private page (and even then it may not be obvious - it's all very subjective, many corporate intranets look very similar to a public website so is the "cracker" supposed to be able to tell the difference?).
As bad as analogies are, a better analogy would be a blind person who doesn't know the time wandering around the mall - as far as anyone knows they may well have thought it was mid day and the place was open.
as long as "PRIVATE" was posted at some legally defined interval on or near the property line, or it was otherwise obvious.
Again, not a good analogy, but I'll bite - isn't the PRIVATE sign similar to putting a password on your server? So by that definition, an unpassworded server is clearly a public space and you can't be trespassing, right?
£120 is probably a lot for the people who have a television and don't use any BBC services. I'm not one of them, but consider that perhaps it is unfair to charge £120 a year to someone who just wants to watch the Movies on Sky. I'm not one of these people (I only use Freeview), but the blanket £120 sum is unfair.
(I'm a UK resident, with a fully paid up TV licence)
To my mind, 120 ukp is too much and I think they shouldn't have been allowed to just raise the licence fee to pay for a load of new channels which (for the most part) show nothing but crap.
However, IMHO the BBC should be about producing TV shows that are not viable for commercial channels to do - either because the programs are quite specialist (e.g. The Sky At Night) or because they can use the air-time to show something that costs less money to produce but still brings in a reasonable audiance (pick any of the crappy reality shows). So my licence fee should _not_ be spent on funding popularist crap that any commercial channel would show such as Fame Acadamy, EastEnders, etc - we have enough commercial channels doing that kind of content already.
Of course you have to keep the viewing figures up so that people don't consider their licence fee "wasted" - I believe that the whole way the Beeb works should be changed:
- Let them run BBC 1 and 2, paid for by the licence fee as usual. On these channels they should show all the stuff that a commercial channel wouldn't show for the above reasons.
- Let them run BBC 3 and 4 as commercial channels, not paid for by the licence fee. These can run all the stuff that is viable for a commercial channel.
- If a series that's been showing on BBC1/2 becomes considered "commercially viable", sell it to BBC3/4 and reinvest the cash from that sale into BBC1/2. This also means that you free up some time on BBC1/2 for more quality content.
If they worked to that system they could continue to produce quality programs that no commercial channel would touch, and also produce the cheap, popularist stuff without wasting the licence fee on it. Also, because some revenue is coming from the commercial side, they shouldn't need such high licence fees.
The BBC has produced a lot of really good programs, but frequently I also feel that a lot of the other stuff they produce are a waste of the licence fee because it's content that the existing commercial channels wouldn't hesitate to show.
BBC world isn't paid for out of the licence fee. It carries advertising.
:(
Hmm, and I'm trying to work out if there's any way to actually see this content here in the UK... It looks like possibly there isn't, how ironic
Anybody who thinks that it's OK to go poking around obviously non-public military sites
I'm afraid I don't know the specific details of the case - was he accessing web sites? Were they obviously non-public? How could he have found out that they were obviously non-public before accessing them (and thus being branded a cracker)?
if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public
If you've found passwords and deployment details then you have already accessed the server and thus liable to be prosecuted as a cracker. Please explain how one would find out _before_ potentially breaking the law that they shouldn't proceed any further.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
Emailing them saying "hey, I just accessed all your confidential data" doesn't seem like a good way of avoiding prosecution does it?
It _could_ also be argued that since these were military secrets, knowing them turns him into a target and so the best way of remaining safe is to keep very quiet and hope noone notices.
Excellent! If I hadn't already posted to this article I'd mod you up :)
This is what I've said for a long time - the current computer misuse laws (in the UK at least) pretty much outlaw the whole internet because they require that you have permission to connect to another computer before you do so. The closest you can really get is implied permission resulting from someone leaving the service unpassworded.
we all break laws in countries which we're not in, that's ok, we shouldn't be able to be prosectued for it
Well it's definately a difficult question when it affects another country - if you launch an warhead at another country, it may not be illegal to do so in your own country but the place you launched it at is sure as hell not going to be happy. I'm not really expressing an opinion either way but I can certainly see both sides of the arguement.
Note: I'm specifically talking about actions which affect a whole *country*, not just organisations within that country. For example, I'm deeply opposed to the likes of the RIAA/MPAA thinking that they can apply US copyright laws (including the DMCA) to anywhere in the world - there have been a lot of cases where non-US governments have been put under a lot of pressure to prosecute people who have broken US law even though they haven't broken the local laws of the country they are a resident and citizen in.
Examples of this include US organisations trying to prosecute people who upload copyrighted material, even though the local laws allow the uploading of content but disallow the downloading of it. (Yes, it may be wrong an unethical to upload copyrighted material, but that doesn't give you the right to prosecute people who haven't broken any law that applies in their jurisdiction).
I agree it is stupid that there were no passwords on the system, but just like a yard without a fence, the fact the fence is there does not imply permission to run around there and dig up the flowers.
What constitutes "permission" to access unpassworded network services? Do you need written permission? If so I guess everyone who accesses public web servers is guilty of cracking them since they didn't get written permission from the server owners.
It may sound silly, but there really isn't a lot of difference between a public unpassworded service and a private service that's been left unpassworded on a public network. It's certainly impossible to tell if it's legitimately public before connecting to it and there's no guarantee you can tell that it's not supposed to be public once you have connected.
Lets say you connect to a web server - how are you to know if that's a public web site or a private company's intranet site that they didn't bother to password protect?
VoIP uses considerable bandwidth and you will be charged for the data generated.
VoIP uses considerably less bandwidth than most other popular internet activities - if you fix your prices so that popular activities are reasonably priced then the voice calls would cost very little.
Some calculations are in order: GSM compression uses about 13Kbps in each direction plus IP packet overheads (we'll ignore these for now). So a 1 hour phone call is:
13 * 3600 = 46800Kb in each direction.
Convert that into kilobytes:
46800/8 = 5850KB in each direction.
And into megabytes:
5850/1024 = 5.71MB in each direction
And consider both directions:
5.71MB * 2 = 11.42MB total
I don't know about you, but spending an hour surfing around a modern website on a reasonably fast connection I use a lot more than 11.42MB of bandwidth in an hour. Even taking IP overheads into account, pricing internet traffic at rates that would make VoIP cost a similar amount to a normal cellphone call makes other applications excessively expensive (yeah, ok, still cheaper than what most cellphone companies currently charge for data, but that's not saying much).
Does anyone responding to this thread really understand VoIP and the 150ms delay requirement?
Yes, I do.
It's UDP, so there is no packet reordering a-la TCP.
Only partly true. Each end-point has a jitter-buffer of a certain length (say, 100ms). As the UDP packets arrive their audio data are shoved into the buffer and the sound device reads from that buffer at a (more or less) fixed rate. This is needed because there is always a certain amount of jitter on an IP network (i.e. one packet may take 50ms to get through, another might take 75ms) and so just dumping packets directly to the sound device would result in the usual jitter being audible. If the packets arrive out of order, as long as they all arrive before they are due to be played they can be slotted into the buffer in order. If they don't arrive in time then tough, they get dropped and you either get silence or the phone will generate some sound predictively to try and fill in the gap.
If there is a delay more than a specific amount of time, that packet is dropped by the receiving station
Untrue - this is only the case if your excessive delay is only applying to some packets (e.g. it's jitter, not consistent latency). If all your packets are delayed then you will just end up with a high latency call, much like a satellite phone. If you think about it, it can work no other way - there are no "absolute" clocks involved in the protocols so the receiver cannot know when the packet was actually sent, so can't time it out in the way you describe.
Also, the phones can employ dynamic jitter buffers, which grow if the connection has a lot of jitter. This prevents the jitter being (as) audible at the expense of higher latency.
On the signalling side, there are of course timeouts but these are long enough to be a non-issue in the scenario we're talking about.
Not to mention that VOIP is functionally useles with response times greater than 150ms.
I wouldn't say "useless" - it's just that the delay becomes noticable about around 200ms (150ms + 20ms encode + 20ms decode == 190ms) - you can still use it.
I'm not surprised that T-Mobile is blocking (or purposefully not paying attention to) UDP heavy packets (IM) and VOIP which would require some QoS crafting to ensure reliability.
IM doesn't require QoS queueing and is usually done over TCP. And even though you need QoS queueing to guarantee any level of VoIP service, it's still often surprisingly usable without any kind of QoS.
Besides, how are they going to tell whether the ESP traffic I'm sending is VoIP, IM or just plain web surfing or VNC? They're gonna piss off a whole lot of business users if they block ESP.
Trusted computing isn't without benefits. For my grandmother (who wants her computer to work like an appliance) trusted computing is probably the way to go. For me, it isn't. From my blog
:)
Certainly, I agree with you. The "one size fits all" solution to which the major vendors seem to work towards really doesn't work. For example, I find Windows way too restrictive. I'm sure my parents find it too flexible.
I'm this far: ->.<- from installing Linux on my parents machine since most of the time they're only using it for web browsing, email and word processing and I could secure it a lot more effectively than Windows. However, the thing that stops me is that my dad has a habit of going to PC World and buying some random software, which obviously ain't going to work (easilly) under Linux.
That said, I worry a lot that trusted computing may end up giving the big names a lot more power since it effectively pushes the competition out of the market. If MS launch an appliance computer you can bet that it'll ship with Office, Media Player, IE, Outluck. If a large chunk of people buy these machines it's suddenly reduced the size of the market available to OpenOffice, FireFox, Thunderbird, etc. And we've already seen what happens when a single company gets most of the market with IE - they completely cease development because there is no financial gain in them continuing. It's another situation where in the short term it's good for (a lot of) end users but in the long term the lack of competition just causes the market to stagnate.
DOS which won't crash but it won't do what we want
Trust me, DOS will crash at the drop of a hat - no memory protection and random software poking directly at the hardware, a recipe for disaster. I still have (painful) memories of writing ISRs under DOS - frequent crashes during development due to things breaking during an interrupt. Under those conditions you definately benefit from a fast boot.
A version of this model is what we have for online security. You can get a "trusted" SSL certificate for your business, signaling that it is OK to put in your SSN or credit card number.
Except that the online security model is fundamentally flawed. It requires that I trust that the people who signed the certificate have ensured the certificate owner is who he says he is. Why should I trust a large company like Verisign who is being paid by the certificate owner? In my experience, large corporations are usually fundamentally untrustworthy.
large cost advantages (which is a good thing)
I remain unconvinced that large corporations providing "discounts" is a good thing.
Take Microsoft's drug-dealer tactics as a good example: Provide cheap/free software for schools. This makes it unfeasable for the schools to use competing software because it's cheaper to stick with the MS stuff. MS also looks like the good guy coz they're "helping" educate the kids. However, the kids are now hooked on MS software - they have no interest in learning anything else and MS crank up the price when they leave school and go into the real world. So now all the non-MS software is automatically at a significant disadvantage because noone has been shown how to use it and all the kids consider it "standard" and have no interest in learning anything "non-standard". Sounds like a crack dealer to me - get them hooked young on free crack and then ramp up the price.
However, the driver certification program is to some extent a waste of time anyway:
I think a big part of the problem is that it really isn't worth the driver writer's development costs to make the drivers stable. There is often a rapid turnover of hardware so they need to keep revising the driver and so long as it's stable enough that the average user doesn't realise it's that driver that's to blame before the product is end-of-lifed then what benefit is it to the manufacturer to spend the extra cash to make the driver stable?
However a driver that can be safely restarted is better than a driver that locks up everything that touches it (ever had an unkillable process stuck in the D state? That's probably due to a driver getting stuck).
The D state _is_ a bug, and in many cases an example of lazy coding. It's the "oops something went wrong but we don't want to complicate our code by catching the error and cleaning up so lets put the machine into an unrecoverable state".
For example, if you pull a USB mass storage device while it's mounted (a very silly thing to do, but it really shouldn't break the machine) then all the processes that try to access it will probably drop into the D state. There is no good reason for this - the filesystem driver has asked the USB block device driver to read or write some data and the USB block device driver _knows_ full well that the device has gone away so it should return a failure which the filesystem driver and catch and (after cleaning up locks, etc.) can return to userland as a failed operation. Unfortunately, rather than catching this error gracefully, either the block driver or the filesystem driver just gives up and goes to sleep waiting for an i/o operation that will never complete.
In this case, the D state is no better than a user's application bombing out on an ASSERT() failure - something went wrong, we can't be bothered to even save the user's work to a recovery file, lets bomb out losing the lot - if that's not a bug I don't know what is. (Yes, I'm aware that data integrity can't be guaranteed in many cases but you should at least dump out the (potentially corrupt) data to a recovery file).
At the end of the day it would be better if people didn't make mistakes but since they do it is wise to take steps to mitigate the damage.
I think there is some truth in the "less risk increases lazyness" idea, but I do agree that mitigating the damage is more important than scaring coders away from lazyness.
you roll back the changes but keep the unrolled back state accessible to recover data from?
Well, nice idea, but if it's a month or so between making the mistake and realising you made it (which may very well be the case if you got yourself malwared) then there could be a *lot* of changes between the two states. I certainly can't see it being especially nice for the average computer user (although it might be good for the contractor they have to call to fix their machine)
Only thing? No. Interfaces also make common mistakes easier to recover from
However, some mistakes cannot be recovered from - for example, if you click the "yes" button on the "would you like to install this malware" dialogue. In this case you might be able to use journalling features of the filesystem to undo the damage, but if you've done other things since then you probably couldn't selectively roll back the filesystem changes associated with the malware without rolling back everything else too.
In this case the UI has to be designed to make unrecoverable mistakes difficult or impossible to do in the first place so the "how do I recover?" problem (almost) never comes up. This is a very hard thing to do unless you want to turn computers into appliances (most people wouldn't like appliance computers since they wouldn't be able to install their favorite software) and becomes even harder when the people who want you to make mistakes (malware writers) are actively trying to trick you into making them.
One possibility that has been suggested is kind of a halfway-house between computers as we know them now and appliance computers - the OS would require all executable code to be signed by a "trusted party". However, this brings up some serious problems:
1. Who can be a "trusted party"? Lets say it's the OS vendor, why should I trust Microsoft to guarantee that the signed software is malware-free (especially since they are probably getting paid by the software vendor)? There will certainly need to be stiff penalties for signing software which turns out to be malware.
2. The inability to run unsigned software could be used to lock out the competition - for example, Microsoft could refuse to sign OpenOffice.
3. How much would this "signing service" cost - you can bet that thoroughly inspecting the software to ensure it really isn't malware is going to be very expensive so you just locked out all the small vendors who can't afford it.
4. How are you going to run code you compiled yourself since it won't be signed by the trusted party? This could either be FOSS code that you choose to compile yourself, or your own personal code.
These are certainly not easy problems. I do, however, feel that the ISPs need to take more action against people running malware infected machines. It seems all too common these days for ISPs to ignore abuse reports, let alone run monitoring software to proactively drop the connection to infected machines.
The ISPs should monitor people's connections for malware signatures and upon finding an infected host they should drop the entire internet connection until it's fixed (probably redirecting all web requests at a server containing patches and instructions to fix the problem).
Part of the problem is definately that most of the malware doesn't actually cause a problem for the owner of the infected machine - they don't know or care that their machine is actively being a spambot. Cause hassle for the owners of infected machines and they might actually pay attention to the security of their own systems (viruses were considered a much bigger deal back in the days when their payload often trashed your data).
In the last 200-300 years though, we've started to educate almost everybody about the proper usage of English
:)
Clearly you haven't used IRC recently...
(Or SMS for that matter... or listened to popular music...)
That means that unlike most VOIP systems, which work really well if you're on the real Internet but die if you're stuck behind NAT (or at least if both ends of your call are behind NAT), and which generally require lots of configuration if you have a more complex firewall, Skype Just Works.
Anything that can use STUN (almost all SIP clients) will traverse (most) NATs. However, there are rare situations where the NAT cannot be traversed and Skype works around this by proxying your traffic through random other Skype users. Whilest some people may consider this ability to "just work" a good thing, the cases where such proxying is needed are few and sending your data via random other users can (and does) lead to poor QoS. The number of irate "Skype has crap quality" complaints I hear, I do think it would probably be better just to tell the user they have an incompatable NAT and let them fix it rather than providing them with a low-quality service instead.
Google is going with Jabber
Yes, this is a big disappointment IMHO - Google saw that there was a standard protocol in use by most of the industry and then decided to invent their own instead of using the standard. It's open, but it's existance dilutes the compatability by adding Yet Another Protocol to do the same thing.
The main difference between VOIP and IM is jus tthe media channel - both services have some kind of presense server that keeps track of users and tells them the options for the media channel
Actually, SIP does not require a registration server - you can make direct phone-to-phone calls with nothing in the middle, so long as the caller knows the destination phone's address and the destination phone isn't behind a NAT. However, registration servers are indeed used in most cases since they allow clients to run behind a NAT and still be reachable, and keep track of dynamic addresses which would otherwise need something like dynamic-DNS. It's worth also noting that SIP can transport instant messages - I believe MS use SIP/SIMPLE instant messaging in their commercially available IM systems.
SIP seems to be the dominant VOIP standard at the moment but i believe, with a bit more work, Jingle might well replace it and become the ubiquitous VOIP standard in 5-10 years.
If we were starting from scratch then yes, I'd say that XMPP is the right place to put VoIP (and many other private communication methods such as email). However, we're not starting from scratch - SIP has a lot of weight behind it and as the dominant and industry standard protocol it's not going away and things like Jingle just seem to be reinventing the wheel and diluting the compatability.
The telephone industry is throwing a lot of money at SIP. The PSTN is slowly migrating from TDM based systems to IP. The intermediate step is SIGTRAN but the long term aim is to roll out IMS networks, which use SIP at the core. The telcos might not want to admit it, but the end of the PSTN isn't that far away, it will converge with the internet and using SIP for telephony will probably become as standard as using SMTP to send your emails.
most of the people the other guy's parents know will likely be using Skype.
What makes you say that? I can see no evidence that the parent poster knows anyone on Skype. Infact the parent doesn't mention *anything* about Skype at all.
If they were using a SIP service, they would not be able to call those people, or indeed the millions of other people using Skype.
And indeed noone on Skype can call people using SIP. I'm not sure what your point is here, you seem to be arguing against a statement I didn't make.
MS Office has a shiny CD which you insert into your PC and click next a few times with, OOo has to be downloaded.
The parent poster said "another paid service any person can spend 15 minutes learning to get absolutely free". I'm not sure how you are disproving this - yes, MS Office comes on a shiny CD, whoopy-do, but probably all the functionality a typical home-user needs is available for free in OOo (or similar). It is an example of a paid-for product which does much the same as something available for free.
MythTV is absolute HELL to set up. Freevo is even worse.
Really? I had no problems setting up MythTV.
Sometimes the cheaper alternative is unsuitable, more complex or just plain crap.
Sometimes, yes, but you're not saying anything to make my point moot - the original poster commented that AOL were (once again) offering a product which offers similar features to what's already available for free, I was simply pointing out that it's a pretty common case anyway, not just AOL. Many paid-for products are available with similar feature sets to free products, yet the paid-for products still sell. This isn't necessarilly a bad thing, it's just a fact - people will pay money because they are too lazy or knowledgable to find the cheaper/free product.
Infact, assuming AOL use SIP, having a big name like AOL marketting a service using the industry standard, open protocol is good. Especially since they're marketting it to the technologically inept, which is the same market as Skype - with luck it'll make a significant dent in Skype's market share and give the open protocol a boost.
I wouldn't blame Skype's success on marketing by the way, I've barely seen any round here.
I bet you've seen more about Skype than any other VoIP service though. I'm not just talking about explicit marketting, I'm talking about magazine articles, word of mouth, etc too.
I want something that will interoperate with everything else --including the traditional telephone network -- transparently. I don't want to have to care whether the person I'm calling uses Skype, or AOL, or Google Talk, or whatever. I just want to pick up my phone (software or hardware) and call them, like I can on the traditional phone network.
Well, not entirely true - on the traditional PSTN you have to know that people use the PSTN and not something like Google Talk. But the PSTN is so ubiquitous that you can pretty much assume everyone has a PSTN connection.
Anyway, Google Talk doesn't pretend to be a telephony service - it's an instant messaging system with some voice stuff on the top. At the moment there are basically only two IP telephony systems in common use - Skype and the thousands of people who use SIP.
If someone is using SIP then you should be able to just dial their SIP URI, much the same as sending an email to someone's email URI.
So really you only have to ask yourself: is someone using the industry standard IP telephony system or are they using Skype - if they're using Skype then they're pretty much cut off from the rest of the world and I'm sure Skype will eventually have to support SIP.
It's worth remembering that SIP isn't just something that only open standards interest groups will care about (e.g. who uses XMPP except those of us who care about open standards? Everyone else is stuck on MSN) - the entire telephone industry is adopting SIP as part of the IMS PSTN infrastructure, it's not going to go away.
You could say that about more or less ANY VoIP-system.
Skype does VoIP, so any VoIP-system is bound to be more or less a clone of it.
Actually, I'd say that Skype is the clone - SIP and H.323 have been around a lot longer than Skype. The only reason Skype have succeeded is marketting - open protocols have been doing the same job years before Skype came along, Skype just marketted their closed clone to the general public.