The companies aren't pushing any data across your networks, they aren't the ones using it.
Exactly. It's amazing this "eyeballs vs. content" battle still hasn't gone away, especially after several notable disasters where the eyeball owners (service providers to consumers) tried to exact a toll for the content their subscribers were consuming.
I was at the Commercial Internet Exchange annual meeting in 1996 when this issue popped up there. Many theorized then that the Bells, who had lost out on their NSFNET NAP scheme (which Al Gore was a strong proponent of), would find another way to get a measured use model into the net. It's apparent they still dream of ratcheting measured use costs, since they happen to be rather good at billing complicated use schemes. Still, it's amazing to wonder how they think they can carry this out. What would they do - require a fee per domain name to be consumed by a household (and enforce it how? That's one heck of an ACL - as if RBOC DSL service isn't sluggish enough already - Qwest can't get you down the street from home to serving wire center under 40-45 ms typically).
Or would you block it on an AS basis and pick up the whole bilaterial battle that saw Exodus and BBN (if my history is correct) fight? Unfortunately for the RBOCs, there are alternatives to their mediocre DSL. If you think a consumer will pay $55 for partial Internet when they can get complete service from the cable or wireless provider for the same fee, they're gone.
I guess the RIAA bigwigs fear anything that makes it "convenient" to record a broadcast.
You know, we need to take a step back. The parties the RIAA represents are distributors. Many industries have distributors - people that help match buyers with sellers and add expense to the process. Distribution as a viable business often emerges when it is difficult to put the buyer and seller directly together. It dies when new technologies develop that make this easy.
Consider Geico. They sell insurance directly to consumers, bypassing agents. Their model is to cut out the middleman and save the 15-20% overhead associated with distribution, keeping much of that and giving enough of that savings to the consumer to have a competitive advantage.
Should an angry army of insurance agents band, form a trade association, restrain trade, intimidate consumers and fight progress? That'd be absurd. A good friend of mine owns an insurance agency and he's found the way to compete is not suing his customers, but rather proving higher levels of service. He actually saved me 15% off of Geico which I was previously with, and provides me with a lot of expertise and attention in my insurance policies I never got with the direct model. Insurance is actually a market where knowledge is valuable and many consumers will pay a bit more to benefit from it.
Dell has cut out the middleman too. Do you see Best Buy suing all of us for going direct? Of course not. Compete or die. Countless other industries have gone between the flux of direct and distribution. The science comes down to this: When you add value to the consumer that exceeds the additional cost through the distribution process, the consumer will naturally buy through distribution. If you don't add more value than cost, they will bypass you.
The recording industry is cranking out tired artists, relying on a model of selecting a limited set of musicians and "putting lipstick on the pig" through aggressive marketing to sell the stuff. Worse yet, their distribution adds exceptional cost - more than double the original cost that goes to the artist (most of the cost to the consumer is to the distributor - this is a hint that the process is out of control), yet their product is less convenient to the consumer than the direct option. They're adding cost and inconvenience, not any added service. Unfortunately the distribution/direct paradigm has shifted due to technology and they're adding cost with no value. Excluding anticompetitive practices, litigation and legislation based on gifts to corrupt politicians, they will die... unless they can provide value once again that exceeds the cost they add to the product.
"Memory prevented the successful installation on a typical 1997 system, as 32MB of memory is not enough to install most Linux distributions or to run desktop applications with acceptable performance."
Incorrect.
Just because you don't understand how to install Linux doesn't mean your experience is representative of what a competent sysadmin professional should expect. Here is a current competitor to Windows 2003 server running on an ancient piece of hardware:
Hardened Gentoo 2005.1 on a Pentium II with 32 MB RAM
/proc/version: Linux version 2.6.14-hardened-r2 (root@livecd) (gcc version 3.3.5-20050130 (Gentoo 3.3.5.20050130-r1, ssp-3.3.5.20050130-1, pie-8.7.7.1)) #1 SMP PREEMPT Thu Dec 29
19:34:04 CST 2005/proc/cpuinfo (snipped due to/. lameness filter complaints - ugh) model name : Pentium II (Deschutes) cpu MHz : 350.831 flags : fpu vme de pse tsc msr pae mce cx8 mtrr pge mca cmov pat pse36 mmx fxsr bogomips : 702.89
Well go figure. A brand new, hardened load on a 10+ year old PC. How much memory?
total used free Mem: 55384 53876 1508
Get this, Microsoft... it even has GCC 3.3.6 on it with something called stack-smash protection (something your programmers would appreciate), as well as pie and pic, current antivirus (clamav), etc. Since it's a server box (syslog relay), let's see how your 2003 server matches up. Let me know when you get yours loaded on the same config as I've detailed.
So tell me again, you've abandoned the only operating system that could possibly run on this hardware (Win98) and yet are proud of yourself because your techs couldn't figure out how to load Linux like the rest of us on old systems? And this proves what for your shareholders and customers?
I'm also wondering what implications this will have on maintaining code that calculates sales taxes, expecially in states like Ohio where they differ by county and municipality.
In the telecom world, one does not usually find small business CLECs because we have to comply with several database requirements, including: Vertex (or similar tax databases), E911 and SS7.
Last time I had to deal with it (late 90s), a Vertex subscription for our Oracle-based billing system was about $220K annually. You are, of course, free to write your own and obtain tax information from every locale independently.
Of course, you can imagine that these great laws were proudly supported by the incumbant telcos who are pleased to have complicated taxes to merrily pass along to the customer. The more complicated it is, the less likely any up-start competitor can ever handle the up-front cost. Each barrier to entry pushes the benefit to the largest scale of business.
You can bet Congresspersons are getting heavily lobbied by larger institutions that favor taxes. And since 2/3 of our population doesn't understand that corporations don't pay taxes, customers do, we'll never have enough opposition to these ploys. Worse yet, not only will we end up ultimately picking up the cost of the taxes, but the drop in competition will push up the price of goods for us too. And you wonder why your paycheck goes less far each year!
A solution is the fair tax, but it's boring to one half of the population and misunderstood by the other half, so expect to continue to get screwed by the partnership between big government and big business.
*scoove* p.s. Did you collect and file taxes on your last Ebay sale?
Indeed, it is that last one that can make you wonder, and is where science fiction begins (are the "stars" intelligent? can we even tell?)
Which is exactly why it's unfortunate some want to limit education to only the approved list of ideas (and in typical form, those that they happen to agree with). One needs a broader base of models to understand how to pick the best strategy for a given situation.
I laugh pretty hard at the goddess types, but really have to respect most of them for being so passionate about doing positive things (even if their method is odd at times).
Intelligent design isn't science, therefore it doesn't belong in a science room.
Neither is the Gaia Theory, though it is a common part of high school and college biology curriculum and is often discussed during Earth Day. Though it lacks any scientific foundation and is often controversial with persons of faith (who apparently react at having their children instructed by a state school about the "mother goddess earth"), it is well tolerated by the otherwise religious intolerant left.
The concept was pioneered by James Lovelock, who described the earth as "as a complex entity involving the Earth's biosphere, atmosphere, oceans, and soil; the totality constituting a feedback or cybernetic system which seeks an optimal physical and chemical environment for life on this planet."
Educational kits for high school teachers include a discussion of early tribal mysticism, Hindu, Buddist and Native American beliefs and traditions that support the Gaia concept. So how is Gaia different from an intelligent designer? Consider the following Gaia beliefs:
"the Earth's atmosphere is more than merely anomalous; it appears to be a contrivance specifically constituted for a set of purposes" (gaia strong theory)
"Highlife Theory shows that this one gigantic living organism is by far the most intelligent living thing on earth. Far more intelligent than us humans. You'll understand this better later." (gaia highlife theory
So what is the difference between ID and Gaia? Serious reading of Gaia can lead you to believe for a moment that the followers are clearly ID writers in disguise - promoting an exceptionally strong faith in environmental mysticism and an earth that was created and is maintained for our holistic interaction. However, when you realize Gaia's designer is the mother goddess and is presented as in no way any corrolary of a Christian god, the difference becomes more clear.
So should we care about our children being tought about Gaia and the mother goddess, intelligent designers, creationism, evolutionism and other concepts? As a libertarian, I actually enjoy the value of the different ways of looking at a situation these different ideas present (and understand they really help get kids engaged in education). As long as a religion is not being promoted (e.g. some school districts programs that require middle schoolers to "be a Muslim" for a month, say Muslim prayers, etc.), awareness of new concepts that others believe is valuable.
So ask yourself a hard question: what kind of person flips off a driver with a goddess bumper sticker, a walking fish or christian fish on the back of the minivan? Being tolerant of different ideas isn't easy as it can often challenge us to question our own beliefs and practices. Likewise, we should be wary of punishing the expression or discussion of one groups beliefs as there are plenty of our own that probably do not stand the scruitiny as substantiatable fact.
You ever go to a large family holiday function and notice there's usually one relative who sits on his/her ass by the TV yelling at everyone else to hurry up with the food? "What's taking so damn long?" "Bring me some of that pie before I starve here!" "As long as you're bringing pie, you could have been less selfish and brought me another beer. Anyone could have noticed I've been done for at least five minutes!"
It's really not worth getting upset about these people, other than kindly smiling at their obnoxious, selfish requests, letting the dog lick a piece of food before serving it to these ingrates. Mr. Stern should be kindly referred to the Microsoft line and suggested that open source is just not ready for exceptional users like hime.
That most of us never have these problems (all of my desktops save a dual-boot laptop necessary to run a few audit tools are Linux/Gentoo) is irrelevant in an era where half of our population is intellectually challenged when presented with a car, a cell phone, a sandwich and the passing lane of the road.
I just read through CP80's "technical briefing" which I'd strongly recommend/. readers review (it's located at: http://www.cp80.org/solutions/ ). Treating the matter seriously (which isn't easy), there are a few observations:
Viability: CP80 isn't. When you misunderstand the very basics of the subject material from the start (such as this nonsense: "Ports & Protocols = Internet Channels")a few minutes with RFC 1700 would be a good start for CP80's technical advisors, if they have any). Consider the following CP80 quote:
There are over 65,000 Internet channels available on the Internet today. These channels are already used to categorize content and services.
No they're not. They're used to correspond to applications that operate at a known port. This is much lower in the OSI model, where content filtering typically requires application awareness (OSI layer 7).
ISP Administration: CP80 wants ISPs to offer you channels (as if the believe ISPs create the content, which you'd have to do in order to control the content at the appropriate layers), presumably 80 & 443 for "clean content", perhaps 81/444 for rated PG (sorry hosts2 nameserver and snpp), 82/446 for R and 83/447 for X (working around microsoft-ds at 445 for the moment). Should we go down this path, this probably will be the necessary incentive for providers to move residential broadband completely to an opt-in protocol/port model and quit blocking ports. We'll just enable the few basics - your "web channels" (ugh), a mail channel that only goes to us and perhaps a couple of others necessary for audio/video streaming and such. We'll push all through proxies to make sure you're not tunneling something other than the desired protocol (and still, there will be ways around this). It's a radical departure at significant expense and unfortunately doesn't quite work (as most things that ignore Internet architecture do). Coordination between all ISPs, NSPs, OS and software vendors, standards bodies and content providers would be rather necessary and mandatory.
There/is/ a potential solution that addresses the unlikely mandatory compliance aspect and approaches the content filtering on an optional basis (usable for those that wish to integrate it) and I'll post and draft it out this morning so there's evidence of prior art (we know how the SCOG folks have a difficult time understanding how intellectual property works). I'd be willing to push it further into a public commons patent application e.g. under ODSL's patent commons (just so CP80 doesn't make the same mistake SCOG did by thinking they owned other people's IP and get congressional support behind misappropriated property).
An effective approach is to use a shim protocol, similar to how MPLS is implemented (and wedged), that would insert a content header immediately ahead of the IP datagram. The datagram would specify content settings and either be processed by equipment (CPE, firewalls, routers, PCs, etc.) that are Content-Shim aware or ignored by those that aren't. Service providers could implement it and push administration of the filtering to the end-user (though this assumes content providers are using the shim protocol as well as they push out traffic). Done at this level, it is independent of port management issues and other unworkable nonsense.
Contact me if you'd like to work on a content shim on sourceforge with the prototype code under GPL and intellectual property donated to ODSL patent commons.
Just out of curiousity, I logged into my SCO server and checked out a few things. I've got bad news to report. Take a look at this:
(note: numerous pound symbols removed to avoid slashdot lameness filter) #/etc/services
Copyright (C) 2005. The SCO Group.
Any use of this file without the express written consent of SCO
and paid SCO System License is prohibited. Ports, services and
sockets are all the intellectual property of the SCO Group and
are protected under copyright law. Parties found using clean or
dirty ports without the SCO System License will be sued in a Utah
court. (some deleted) cp-http 80/tcp Cleanport Web cp-http 80/udp Cleanport Web #dp-http 81/tcp Dirty pervert web (blocked!) (and so on)
Seriously, I'm intrigued at this remarkable proposal and wonder how they expect to handle illigit services running behind legit ports (a few lines of Python can redirect anything under 443/SSL for instance and makes a nice tunnel), not to mention dynamic port assignment in numerous P2P protocols and things like L2TP (for the user data connection after the connection is negotiated on 1701).
And this overlooks all the circumvention issues. If idiotically simple proposals like this were workable, let's just pass a law requiring all hackers to be required to only hack port 1433 - if you're stupid enough to expose 1433, then you should be hacked. All other ports are off limits to you bad guys.
Excuse me while I go put a "good guys only" sign on the office front door...
Bear in mind that Sony will never say that they're responsible for it. After all, they merely licensed the copy protection scheme from First 4 Internet.
Let Sony say that to the court, perhaps after hearing several hours of testimony from parents of minor children who had to settle with the RIAA (which Sony supports) for $10,000 or more for intellectual property theft actions of their children they were unaware of.
Let's see... Sony and the RIAA estimate the value of a stolen tune at $105,000 or so, times the number of duplicated copies. Guessing Sony's latest DRM oops at only 50,000 copies shipped, that's 5.25 billion Sony owes to those whom they infringed. And don't forget, just as one can have more than one P2P file on a PC (at $105K value each), each party who was damaged by Sony's apparent theft should be entitled to a cut at these prices.
And unlike the parents Sony and the RIAA chased down, Sony has deep pockets and a higher standard given their full knowledge through RIAA persecution that intellectual property theft is wrong.
Maybe using something like Vista since this city is heavy on the medical community. e.g. hospitals, doctors offices, even universities (UIPUI, Butler). Any advice on getting started?
The medical community is very difficult to break into (and becoming increasingly so), due to regulatory factors that impact IT vendor selection like HIPAA. IT sales to publically-traded companies are becoming more difficult due to Sarbanes Oxley audit and compliance requirements that get applied to the vendor. You will be expected to have healthy financials, bear the cost of having them audited, and may be expected to have undergone a recent SAS-70 audit to qualify as a technology service provider.
Over the past dozen years, the tech industry has quickly raised barriers to entry to keep startups out and the most effective approach is to limit qualification to only established and financially healthy vendors. Sadly, it just isn't realistic to break out with a better mousetrap in healthcare, banking or most major corporations for this reason. Then again, some would argue that healthcare or banking are terrible places for the experimentation of untested, bleeding edge IT products. Better to prove them out in markets that are tolerant of their rough edges, get them worked out and then move up into more risk-averse markets.
That said, I'd suggest you look for markets that don't have these regulatory requirements if your startup is to have a chance. I'd also avoid markets that suffer from buyers that expect a ton of perks like free training at exotic vacation destinations (e.g. the week-long Disney World trip with about 4 hours of real training), tons of free ancillary software and other expensive bribes to swing the buyer's decision your way. You'll have difficulty as a startup competing in this kind of market, where your competition will wow the customer with three times the useless sales critters, send the customer's techies to an exotic location for training for a week, and stick the customer with an outrageous bill for an outdated solution. You'd think people would make rational decisions and buy your better product, but at least half the buyers I've encountered probably would take the personal gifts (they're probably looking for another job anyway and a free Disney trip would be a nice way to conclude their career at the company).
If you want more ideas or have any aspirations of launching a tech startup, get your hands on Clayton Christensen's Innovator's Solution - this is a must read (and a good start to his books).
new phenomenon among startups, the 'momentary enterprise'.
Actually, Tom Peters dealt with the concept extensively in his 1993 book, Liberation Management. While it's certainly pre-momentary business technology in some respects, it does a good job addressing the higher-level conceptual issues associated with this business construct. One example referred to was Peter's video publication business that existed for about a month and included experts from numerous fields who came together to create a business exclusively for the production of the video, and then disbanded and went onto other projects.
*scoove* You know you're getting old when the new things aren't.
You see, the basic premise is correct, the US has an extremly negative international image right now and because that it does
Certainly, it's correct, but not for the reasons you think. Consider the sourcing of your statement: WHO says the US's image is negative? Don't fall in the relativist trap of making up majorities in your head ala "I feel the US is bad. Lots of people are like me. Therefore lots of people feel the US is bad" - this is absurd and the only people you will influence are the insignificant, irrelevant types like the college dropouts at a local MoveOn meeting.
So who provides substantiation to this statement? I'll provide a few media organizations that do: Al Jazeera, AP, New York Times, Pravda. These publications are controlled by political interests which are directed by very powerful persons. Al Jazeera, for instance, receives financial support from the government of Qatar. The New York Times is the official mouthpiece for an influential "fat cat" east coast US family and their political cronies. These organizations push their agenda in their publications. On top of this, numerous country governments also blame the US for all their troubles as an effort to redirect the frustration of their masses. Between their rampant anti-semitism and their US hatred, they provide their poor populace with plenty of targets to focus on while avoiding constructive criticism of their own governments. Add to it the various international financial speculators such as George Soros that require conflict, strife and hatred for their investment models to properly function and you'll realize there are a lot of people that need you to hate the US. This is why we refer to this group of easily manipulated persons as "useful fools" and would never treat you as an intellectual or moral equal.
but the main premise was that just stubbornly defending the US without taking into account that the rest of the world only takes it more amiss that you are trying to shove more blame on them, thus worsening your reputation even more,
You apparently missed my comment that those who matter do not care, and certainly do not need to either defend US actions or blame others. Rational, emotionally balanced people do not spend their lives apologizing for old mistakes or projecting their problems on others (indeed, many would note that it is impossible to be successful in life when you cannot corrolate accountability for your actions with outcome - blaming others for your mistakes only perpetuates your misery). We get on with our lives, deal with our inevitable mistakes in a positive, responsible way, and frown upon others who live with one big chip on their shoulder.
I've also observed that you continue to lack any productive solution to these issues (other than the inferred nihlistic suggestion that the US simply cease to exist as an apology for wrongs projected onto it from diseased and dying cultures). Most American's ancestors left a morally dying continent for a reason and we understand there's going to be considerable angst in those who blame us for not staying and sinking in their irrelevance. *scoove*
You ever notice these people can't back up their claims with any evidence, while there's always plenty to the contrary? "The US had nothing to do with the invention of TCP/IP, Arpanet, NSFNET, Internet, etc." -- WTF? "War for Oil" - try War that cost us plenty of oil (a billion dollars a day would be more than sufficient to pour into converting the world's largest shale oil reserve in the US to a productive resource, allowing us to tell the Saudis and Iranians to go to hell).
And then there's the holier than thou European crap like this: supporting dubious regimes in other nations... I really wish I could drag every socialist college dropout to Rwanda or any of the countless European colonial nightmares and force them to endure watching the horrors their "propped up pals" who run these nations exact on innocent people. There are few non-US westerners who have hands as clean as ours, and don't think for a second we don't know it when you spew this US hatred. As if I need a German to teach me how to respect Judiasm.
Morality doesn't come from being more experienced at tyranny and corruption than anyone else.
I'm in the process of writing my own compliance based tool specifically designed for auditors from scratch which is in stark difference to whats on the market now
Cool. That'd have to beat my horribly rough Python/Qt Q&A app that fronts a psql database and a whole bunch of duct tape of all the output from every assessment tool (been thinking about Reportlab pdf form generation from this as well for my OCTAVE forms and survey reports). Make sure you get posted on/. when you've got something.
*scoove*
Re:Moral of this Story and Nmap Response
on
Nessus Closes Source
·
· Score: 4, Insightful
I know at least one group of experienced open source programmers that is preparing to announce a new open source vulnerability scanner project or Nessus fork. It would be encouraging for such a fork to succeed.
Fyodor, what can those of us out here do to help make that a possibility? One of my common frustrations is that much of the open source community thinks at a very low level and rejects broader perspectives because the initiators of the projects are often exceptional programmers (at the expense of not being exceptional documentation writers, analysts, managers, communicators, etc.). Some will want to shoot me for saying it, but every technology project needs a hell of a lot more than software developers to make it go. A project needs the help of great documentation writers, testers, managers, analysts, evangelists, etc. to make it, and more importantly, needs to have a culture of taking criticism and evaluating it objectively in order to have a chance at success.
Nessus's rejection of a system vulnerability database was unfortunate but not unexpected - I smell a VC in a room with a bunch of programmers (and nothing in between), plus a bunch of sensitive "Not Invented Here" egos. Nessus needed to integrate with its user community because its success was very dependent upon their feedback. Nmap has succeeded perhaps because it is a more concise tool with a focused objective and I've seen you take feedback out there and honestly respond to it.
I agree that this is not a good trend, and the question is how to reverse it. Success in the open source community is still a rather unpredictable, undocumented (and too often, unrepeatable) event. Successful projects like nmap have happened through their founder's exceptional ability in demonstrating more than just coding ability, yet the community does little to document, educate and communicate this aspect. Projects tend to continue to make the same mistakes. Perhaps a start would be a FAQ on successful open source project methodologies that explains that brilliant code is only one of a dozen components required for success and details the others - perhaps building upon the best practices of the community's successful projects? If Nessus and others are to make it as viable open source, we need to build upon the understanding that it takes more than great code to succeed.
but last time I checked it was: Certified Information Systems Auditor
You're absolutely right. I've been increasingly lazy in not editing my posts lately and blame a pending CISSP exam on my mind for my error! I'm curious if you've looked at any risk management certifications as well - trying to decide the next step and have several clients that'd like to see me expand on that path but don't really have any familiarity with the certification side of things. I blew off certs until the past two years and decided to get serious about them.
I've also been considering switching to Saint (though everyone out here uses eEye - I'm not overwhelmed with it and have seen some negative comments about inconsistencies). Any thoughts there?
Nessus were (sic) more concerned with lack of code input.
Hard to contribute code to a project that has a restrictive license on reselling/embedding, which Nessus has had for quite some time. I looked at building openBSD appliances with Nessus for my clients a year ago but the license model then appeared to be incompatible with this, and they certainly appeared to be well on the MySQL path at that time. By closing the source, they've passed MySQL in restrictiveness. It's hard to be surprised that few volunteered free coding support for a product that appeared to be ready to close source.
*scoove*
Nessus dead. Long live Hindmost
on
Nessus Closes Source
·
· Score: 5, Informative
The developer also expressed disappointment over the lack of community participation in developing the software, despite its open-source license.
I have to disagree. I'm a CISA (certified information security auditor) and have used Nessus in audits. About a year ago, I provided feedback regarding Nessus's tendency to damage production services, even in safe mode. These occurances were not Nessus's fault, but rather the consequence of very poor coding in various network devices. Often Nessus would cause old HP printers (HP Laserjet III was notoriously vulnerable), cheap network fax appliances, and in a couple of cases, Sonicwall firewalls to completely lose their configurations and reset to defaults. 10+ year old printers have a bit of an excuse in my book, but Sonicwall, which advertises as a security product, had no legitimate justification for this behavior. We were able to confirm this from outside Nessus scans as well.
I began reporting this behavior to the Nessus group and suggested a database of vulnerable devices to prevent analysts from getting in repeated hot water. The Tenable folks were not responsive at all and indicated their fear of civil liability due to potential disparagement of network equipment vendors products. Although I referenced numerous other sites, as well as the alternate "compatible device" approach which countless operating systems take, the idea was ignored. I did receive numerous emails from other analysts who had the same concerns.
Teneble has done a good job pushing away its user base and unfortunately moves into a hypercompetitive world of better proprietary tools. I wonder if there's an impatient VC pulling their strings.
I'll definitely support any open source effort that continues with the GPL code. How about calling it Hindmost (for all the Ringworld fanatics out there).
Level 3 is not advertising the Cogent route at all.
I'd bet L3's argument is that they will not provide transit across their AS to Cogent. It's a play that's been made several times before. The first time I know of it being done was in 1995 when Sean Doran pulled this at the CIX-W router, preferring to take commercial traffic via NSFNET or Sprint reseller service. Not only didn't it work, but it caused some immediate political backlash as Sean's action (presumably made without his boss's approval, who was the chairman of the CIX board and took some political grief for Sean's latest stunt) caused several state's to literally drop off the map.
If my memory's right, I think this got pulled again around 1998 timeframe on Exodus by someone like Genuity (I may be wrong about the culprit), only for the higher ups at the culprit to discover they couldn't see half of the world's worthwhile websites and search engines. Much of this was in the transit battle - e.g. if you had consumers, you felt your eyeballs were the value of the Internet and all other ISPs should pay you to get to your consumers, while if you were a content provider, you had the stuff all those consumers were paying their ISP to get to and someone had better pay you for that content.
What can you do about it? Let your ISP know you're not paying them for 80% of the Internet. When UUNET considered pulling this stunt around 1997, I worked for a small software shop that had a couple bonded UUNET T1's and we let them know we were going to drop them the moment they were only selling partial Internet. Then follow through if they do (UUNET backed off). Bilateral agreements are weird things in the world of settlement-free IP exchange, so unless you want a settlement-driven Internet (which will have unusual effects you might not want, like driving a per-packet pricing model), just expect this occasionally and drop those who don't play well with others. When L3 drops customer base, even the Denver boys will figure out their customers aren't happy.
I'd be curious if there was any corrolation between IE usage and publically announced "major security patches." Many folks still check updates manually and I'd expect IE frequency to increase when the publicity of major vulnerability patches increases.
Wouldn't it be easier to work with MPLS over microwave networks?
Um, er, that's the new 802.16oMPLS protocol. Part of the WiMax spec. LOL. Must have tipped the OSI box over this morning and didn't notice. Damn network's been running backwards ever since. Thx!
While I can certainly understand those complications, one would assume that there would be some way to circumvent or remedy the radio signal issue.
The reason is physics. I mentioned in a previous post that the reason international satellite communications is terrible for data is that the limitation of the speed of light (oversimplification) causes several seconds of latency, which many protocols do not like.
Thanks to physics, unshielded long transmission wires happen to make great antennas (ever notice the hum from them, especially when you drive underneath? When you realize that's only from one frequency being put into the wire, and BPL would put in millions, you might get the picture). We actually use unshielded long-wires for antennas at field day all the time - wonderful antennas. Just tune them so they resonate better at the desired frequency and go. I had a blast on 160 meters (~1.8 MHz) last year using a run of electric fence wire about a football field long.
So here, the physics of a long, unshielded wire being a classic definition of an antenna, is the problem. It's not a matter of tweaking or changing the law of physics. This is why you see the BPL industry spending its money on attorneys and lobbyists, not scientists and engineers. They know that "possession is 9/10ths" and once they've got BPL authorized, it is too late for the rest of us. Did you ever think to ask, if BPL could be made quiet and affordable, why it isn't out there already?
As long as we could use the upgrade, why not add broadband onto to too?
Here it becomes a financial issue. Let me ask, since BPL won't give you speeds anywhere near what WiMax and FTTP (fiber to the premises) will, why not just give everyone buried fiber? In high-density metropolitan areas, it's only about $5000 per customer to implement (not including maintenance, service, switching or end-user equipment). Since we really need an ROI within two years to justify the investment (with a 25% hurdle to please the money people on this speculative venture), we need to charge:
$300 per month for your fiber termination plus your usual broadband, phone and television programming fees. About $425 per month would be appropriate.
Interestingly, most consumers don't wish to spend $425 per month, so even in larger metros, FTTP is a very speculative venture. Rural FTTP is simply insane. The reason I mention FTTP is that many power providers already have fiber optic systems embedded in their top groundwire (called FOGwire - Fiber Over Ground). They use it to manage their transmission network. It's just absurdly expensive to deliver fiber to the residence or business - well beyond what anyone would pay.
All you hams should get a computer and learn to use email instead of tieing up valuable spectrum with your silly talking.
Normally it isn't prudent to respond to humor masqueraded as flamebait, but I thought I'd add some perspective for those who might be curious about the reality of such criticisms. Here are a few thoughts:
Many of the carrier network CCIEs I work with are "hams" - licensed amateur radio operators. I'm only a lowly CCIP in process (actually with a CISSP and CISA, with a management/finance background, worked with Linux since Linus had it on two floppies (ala "pre distribution"), build a mean kernel and program in Python). I'm a general license ham and work with microwave communications over MPLS networks daily.
There is considerable innovation done in modulation schemes, such as PSK, which increasingly gets integrated in the commercial wireless broadband world. I've constructed IPv6 over mesh protocol networks in amateur frequencies, and the best thing about the extensive range of amateur bands is that there's certain to be one for your open source project. One of my projects that needs more attention is my Python software repeater that controls a Piexx.com Motorola VHF-L, VHF-H or UHF radio from Linux.
Amateur radio is very much open source radio, where broadband over powerline is closed source. If you're interested in open source and radiofrequency, amateur radio is where you go to get the open tools to experiment. Care to understand what really is happening in your 802.11? The theory is all contained in amateur radio. You'd be shocked how much you learn when you compile in AX.25 into your kernel, build the tools, and construct a whopping 56 kbps network on UHF (or even better, 1200 on some old Kantronics TNCs). You can keep up with Ethereal on a saturated network at those speeds, and suddenly basic IP and lower layer fundamentals click. Some of the best wireless security people I've met are hams. Just as a real kernel hacker is a better OS security person, a knowledgable ham is going to beat a "user" of 802.11 any day (anyone who claims to be a wireless security expert that simply knows how to click on an icon in NetStumbler is a joke).
The BPL initiatives are unfortunately highly destructive to a very wide band of RF - not just HF. Low VHF frequencies are seriously degraded as well. BPL is a property grab no different than abusive software patents. It is theft of a third of the public radiofrequency commons for no reason other than corporate profit.
The best analogy I can give a non-radio person on BPL is to imagine if Microsoft Longhorn would cause a 60% to 70% consumption in IP networks by having uncontrolled, sustained blasts of ICMP, TCP and UDP traffic. Microsoft's explanation that this just "had to happen because there is a demand for Longhorn" wouldn't pass with the rest of us who know there are better solutions. Forcing it if it doesn't fix is never a good approach.
BPL suffers problems due to RF theory, not implementation. Just as I had to work around 1-2 second latencies in international satellite voice network engineering (no "negative latency inducer" could bail me out), transmission and distribution power systems are designed to radiate energy based on the RF injected (hence the 60 Hz hum one often hears). They are big antennas, but fortunately most electronics has worked around the awareness that 60 Hz is noisy and blankets the environment. Now induce HF to VHF and you've destroyed RF (and we're not factoring for harmonics and other higher band interference which is certain to occur).
Incidentally, regarding this amusing comment:
If you really want to you can still use morse code over IP. . Screw the radio, screw broadcast TV, screw emergency services. They should all be using broadband.
Someone needs to learn the OSI model. He might be surprised to learn that his IP is riding over VHF, HF, or another frequency blasted by BPL. Our weather network in western Iowa uses mobile IP (IPv4oAX25) on lower VHF frequencies to monitor storms for the National Weather Service. Given BPL interference, you might be well served telling people they just have to die for their BPL since emergency service and amateur spectrum isn't important.
I read this as users having no anonymity and paying through the nose for it.
Paying through the nose is close, if you assume current high bandwidth usage behavior. Clark understands the economics of a time-share network that has become less time-share and more reserved capacity in its model.
Consider for a second the direction your broadband service is going. Factor in MPLS or whatever quality of service protocol you like. Imagine a broadband connection that gives you reserved bandwidth to anywhere for voice and VPN. Suddenly your model isn't timeshare anymore. Timeshare infers best-effort transport, meaning if the network is being used (ala busy), you just have to wait a bit longer. Result? FTP takes 10 minutes instead of 5. QoS means you're locking up capacity from location A to Z. Packets are delivered in sequence, under a strict deadline. Now we're back to virtual engineered circuits ala Bell TDM 1970. Granted, your VoIP isn't taking a full DSO (64 kbps) - perhaps somewhere between 8 and 16 kbps, but you're still demanding that reserved capacity on my network.
If you're reserving it from your home community to someplace 1,000 miles away, I have a cost. International? Even greater cost (in a former life I dealt with Americas-1 E1 circuits, at 2 Mbps, a circuit cost $35K per month to a given South American country). It doesn't take a lot of VoIP to chew up 2 Mbps. (Politically, don't count the ILECs and PTTs out - VoIP might be killing them, but there's nothing like the NSFNET to come in and rescue the blue bloods from technology disruption).
So what Clark is inferring, per my understanding, is probably measured use or some corrolary. Say goodbye to endless P2P. Pay per packet or per Mbps connection rate. If you want to lock up carrier capacity, you're going to have to foot the bill for all these circuits internationally that have real and significant costs (my cable broadband friends say it's a matter of time you all will see bandwidth caps convert to nice fat bills - rather than shut you down for all that porn download, they'd much rather just bill you $300 for the convenience. Coming soon to a cable Internet network near you). Plus, when you understand that more complicated pricing and billing schemes are a barrier to entry for bottom feeding disruptors, you'll understand how measured use makes sense to telcom's fat cats.
For those of you that follow Clayton Christensen's disruptive technology models, I have a question for you (those of you that don't know it, but want to run tech companies, get your ass to Amazon and buy this book yesterday, or else learn the hard way as I did thru several companies before Clayton figured out some rather important rules). As a career disruptor, I was shocked to read my comment as follows:
My customers would tell me they expect me to do these things already at no additional cost to them. Absent additional capital, it ain't happening in today's telecom market). Lacking a killer ap that only works in IPv6 land, the finance people won't back any infrastructure upgrade. Here's the rule: either make money or save money.
Damn if I sound like an old IBM suit.
Clayton's model says my thinking is what plowed DEC (Digital Equipment Corp) into the ground. I'm wondering if Clayton is off... what if the "right answer" only came from a bunch of irrational entrepreneurs who threw caution into the wind and bet on new technologies before any financial analysis would ever prove it out? Sort of an irrational charge of ten thousand barbarians against the city gates, of which only five might survive, but in doing so, the win?
Take my pragmatic thinking as detailed above in the quote. I've been through startup hell and have grey hairs. I'm an old guy in Internet time. I've finally agreed with all the financial rules. What if being 20-something, irrational and fearless gives you an unbeatable advantage vs. the rational "IBM" decision making models? We've gone from Innovator's Solution to Innovator's Nightmare. Instead of a viable solution for business redevelopment, we have a scenario where you throw a thousand lemmings at a new technology, most sink and die (a farce, yes, and a funny Apple ad), but the one that makes it breeds and kills the old guys.
I'd be very curious at the thoughts of those that have walked in these shoes... slashdot five-figure IDs or less certainly:)
Slashdot Mirror
The companies aren't pushing any data across your networks, they aren't the ones using it.
Exactly. It's amazing this "eyeballs vs. content" battle still hasn't gone away, especially after several notable disasters where the eyeball owners (service providers to consumers) tried to exact a toll for the content their subscribers were consuming.
I was at the Commercial Internet Exchange annual meeting in 1996 when this issue popped up there. Many theorized then that the Bells, who had lost out on their NSFNET NAP scheme (which Al Gore was a strong proponent of), would find another way to get a measured use model into the net. It's apparent they still dream of ratcheting measured use costs, since they happen to be rather good at billing complicated use schemes. Still, it's amazing to wonder how they think they can carry this out. What would they do - require a fee per domain name to be consumed by a household (and enforce it how? That's one heck of an ACL - as if RBOC DSL service isn't sluggish enough already - Qwest can't get you down the street from home to serving wire center under 40-45 ms typically).
Or would you block it on an AS basis and pick up the whole bilaterial battle that saw Exodus and BBN (if my history is correct) fight? Unfortunately for the RBOCs, there are alternatives to their mediocre DSL. If you think a consumer will pay $55 for partial Internet when they can get complete service from the cable or wireless provider for the same fee, they're gone.
I guess the RIAA bigwigs fear anything that makes it "convenient" to record a broadcast.
You know, we need to take a step back. The parties the RIAA represents are distributors. Many industries have distributors - people that help match buyers with sellers and add expense to the process. Distribution as a viable business often emerges when it is difficult to put the buyer and seller directly together. It dies when new technologies develop that make this easy.
Consider Geico. They sell insurance directly to consumers, bypassing agents. Their model is to cut out the middleman and save the 15-20% overhead associated with distribution, keeping much of that and giving enough of that savings to the consumer to have a competitive advantage.
Should an angry army of insurance agents band, form a trade association, restrain trade, intimidate consumers and fight progress? That'd be absurd. A good friend of mine owns an insurance agency and he's found the way to compete is not suing his customers, but rather proving higher levels of service. He actually saved me 15% off of Geico which I was previously with, and provides me with a lot of expertise and attention in my insurance policies I never got with the direct model. Insurance is actually a market where knowledge is valuable and many consumers will pay a bit more to benefit from it.
Dell has cut out the middleman too. Do you see Best Buy suing all of us for going direct? Of course not. Compete or die. Countless other industries have gone between the flux of direct and distribution. The science comes down to this: When you add value to the consumer that exceeds the additional cost through the distribution process, the consumer will naturally buy through distribution. If you don't add more value than cost, they will bypass you.
The recording industry is cranking out tired artists, relying on a model of selecting a limited set of musicians and "putting lipstick on the pig" through aggressive marketing to sell the stuff. Worse yet, their distribution adds exceptional cost - more than double the original cost that goes to the artist (most of the cost to the consumer is to the distributor - this is a hint that the process is out of control), yet their product is less convenient to the consumer than the direct option. They're adding cost and inconvenience, not any added service. Unfortunately the distribution/direct paradigm has shifted due to technology and they're adding cost with no value. Excluding anticompetitive practices, litigation and legislation based on gifts to corrupt politicians, they will die... unless they can provide value once again that exceeds the cost they add to the product.
*scoove*
"Memory prevented the successful installation on a typical 1997 system, as 32MB of memory is not enough to install most Linux distributions or to run desktop applications with acceptable performance."
/proc/version: /proc/cpuinfo /. lameness filter complaints - ugh)
Incorrect.
Just because you don't understand how to install Linux doesn't mean your experience is representative of what a competent sysadmin professional should expect. Here is a current competitor to Windows 2003 server running on an ancient piece of hardware:
Hardened Gentoo 2005.1 on a Pentium II with 32 MB RAM
Linux version 2.6.14-hardened-r2 (root@livecd) (gcc version 3.3.5-20050130 (Gentoo 3.3.5.20050130-r1, ssp-3.3.5.20050130-1, pie-8.7.7.1)) #1 SMP PREEMPT Thu Dec 29
19:34:04 CST 2005
(snipped due to
model name : Pentium II (Deschutes)
cpu MHz : 350.831
flags : fpu vme de pse tsc msr pae mce cx8 mtrr pge mca cmov pat pse36 mmx fxsr
bogomips : 702.89
Well go figure. A brand new, hardened load on a 10+ year old PC. How much memory?
total used free
Mem: 55384 53876 1508
Get this, Microsoft... it even has GCC 3.3.6 on it with something called stack-smash protection (something your programmers would appreciate), as well as pie and pic, current antivirus (clamav), etc. Since it's a server box (syslog relay), let's see how your 2003 server matches up. Let me know when you get yours loaded on the same config as I've detailed.
So tell me again, you've abandoned the only operating system that could possibly run on this hardware (Win98) and yet are proud of yourself because your techs couldn't figure out how to load Linux like the rest of us on old systems? And this proves what for your shareholders and customers?
Indeed, that's quite a testimonial.
I'm also wondering what implications this will have on maintaining code that calculates sales taxes, expecially in states like Ohio where they differ by county and municipality.
In the telecom world, one does not usually find small business CLECs because we have to comply with several database requirements, including: Vertex (or similar tax databases), E911 and SS7.
Last time I had to deal with it (late 90s), a Vertex subscription for our Oracle-based billing system was about $220K annually. You are, of course, free to write your own and obtain tax information from every locale independently.
Of course, you can imagine that these great laws were proudly supported by the incumbant telcos who are pleased to have complicated taxes to merrily pass along to the customer. The more complicated it is, the less likely any up-start competitor can ever handle the up-front cost. Each barrier to entry pushes the benefit to the largest scale of business.
You can bet Congresspersons are getting heavily lobbied by larger institutions that favor taxes. And since 2/3 of our population doesn't understand that corporations don't pay taxes, customers do, we'll never have enough opposition to these ploys. Worse yet, not only will we end up ultimately picking up the cost of the taxes, but the drop in competition will push up the price of goods for us too. And you wonder why your paycheck goes less far each year!
A solution is the fair tax, but it's boring to one half of the population and misunderstood by the other half, so expect to continue to get screwed by the partnership between big government and big business.
*scoove*
p.s. Did you collect and file taxes on your last Ebay sale?
Pretty interesting comments cr0sh...
Indeed, it is that last one that can make you wonder, and is where science fiction begins (are the "stars" intelligent? can we even tell?)
Which is exactly why it's unfortunate some want to limit education to only the approved list of ideas (and in typical form, those that they happen to agree with). One needs a broader base of models to understand how to pick the best strategy for a given situation.
I laugh pretty hard at the goddess types, but really have to respect most of them for being so passionate about doing positive things (even if their method is odd at times).
Reason is the Path to God - Anon
Nice...
*scoove*
Intelligent design isn't science, therefore it doesn't belong in a science room.
Neither is the Gaia Theory, though it is a common part of high school and college biology curriculum and is often discussed during Earth Day. Though it lacks any scientific foundation and is often controversial with persons of faith (who apparently react at having their children instructed by a state school about the "mother goddess earth"), it is well tolerated by the otherwise religious intolerant left.
The concept was pioneered by James Lovelock, who described the earth as "as a complex entity involving the Earth's biosphere, atmosphere, oceans, and soil; the totality constituting a feedback or cybernetic system which seeks an optimal physical and chemical environment for life on this planet."
Educational kits for high school teachers include a discussion of early tribal mysticism, Hindu, Buddist and Native American beliefs and traditions that support the Gaia concept. So how is Gaia different from an intelligent designer? Consider the following Gaia beliefs:
"the Earth's atmosphere is more than merely anomalous; it appears to be a contrivance specifically constituted for a set of purposes" (gaia strong theory)
"Highlife Theory shows that this one gigantic living organism is by far the most intelligent living thing on earth. Far more intelligent than us humans. You'll understand this better later." (gaia highlife theory
So what is the difference between ID and Gaia? Serious reading of Gaia can lead you to believe for a moment that the followers are clearly ID writers in disguise - promoting an exceptionally strong faith in environmental mysticism and an earth that was created and is maintained for our holistic interaction. However, when you realize Gaia's designer is the mother goddess and is presented as in no way any corrolary of a Christian god, the difference becomes more clear.
So should we care about our children being tought about Gaia and the mother goddess, intelligent designers, creationism, evolutionism and other concepts? As a libertarian, I actually enjoy the value of the different ways of looking at a situation these different ideas present (and understand they really help get kids engaged in education). As long as a religion is not being promoted (e.g. some school districts programs that require middle schoolers to "be a Muslim" for a month, say Muslim prayers, etc.), awareness of new concepts that others believe is valuable.
So ask yourself a hard question: what kind of person flips off a driver with a goddess bumper sticker, a walking fish or christian fish on the back of the minivan? Being tolerant of different ideas isn't easy as it can often challenge us to question our own beliefs and practices. Likewise, we should be wary of punishing the expression or discussion of one groups beliefs as there are plenty of our own that probably do not stand the scruitiny as substantiatable fact.
Besides, what's this guy's problem anyway?
You ever go to a large family holiday function and notice there's usually one relative who sits on his/her ass by the TV yelling at everyone else to hurry up with the food? "What's taking so damn long?" "Bring me some of that pie before I starve here!" "As long as you're bringing pie, you could have been less selfish and brought me another beer. Anyone could have noticed I've been done for at least five minutes!"
It's really not worth getting upset about these people, other than kindly smiling at their obnoxious, selfish requests, letting the dog lick a piece of food before serving it to these ingrates. Mr. Stern should be kindly referred to the Microsoft line and suggested that open source is just not ready for exceptional users like hime.
That most of us never have these problems (all of my desktops save a dual-boot laptop necessary to run a few audit tools are Linux/Gentoo) is irrelevant in an era where half of our population is intellectually challenged when presented with a car, a cell phone, a sandwich and the passing lane of the road.
*scoove*
I just read through CP80's "technical briefing" which I'd strongly recommend /. readers review (it's located at: http://www.cp80.org/solutions/ ). Treating the matter seriously (which isn't easy), there are a few observations:
/is/ a potential solution that addresses the unlikely mandatory compliance aspect and approaches the content filtering on an optional basis (usable for those that wish to integrate it) and I'll post and draft it out this morning so there's evidence of prior art (we know how the SCOG folks have a difficult time understanding how intellectual property works). I'd be willing to push it further into a public commons patent application e.g. under ODSL's patent commons (just so CP80 doesn't make the same mistake SCOG did by thinking they owned other people's IP and get congressional support behind misappropriated property).
Viability: CP80 isn't. When you misunderstand the very basics of the subject material from the start (such as this nonsense: "Ports & Protocols = Internet Channels")a few minutes with RFC 1700 would be a good start for CP80's technical advisors, if they have any). Consider the following CP80 quote:
There are over 65,000 Internet channels available on the Internet today. These channels are already used to categorize content and services.
No they're not. They're used to correspond to applications that operate at a known port. This is much lower in the OSI model, where content filtering typically requires application awareness (OSI layer 7).
ISP Administration: CP80 wants ISPs to offer you channels (as if the believe ISPs create the content, which you'd have to do in order to control the content at the appropriate layers), presumably 80 & 443 for "clean content", perhaps 81/444 for rated PG (sorry hosts2 nameserver and snpp), 82/446 for R and 83/447 for X (working around microsoft-ds at 445 for the moment). Should we go down this path, this probably will be the necessary incentive for providers to move residential broadband completely to an opt-in protocol/port model and quit blocking ports. We'll just enable the few basics - your "web channels" (ugh), a mail channel that only goes to us and perhaps a couple of others necessary for audio/video streaming and such. We'll push all through proxies to make sure you're not tunneling something other than the desired protocol (and still, there will be ways around this). It's a radical departure at significant expense and unfortunately doesn't quite work (as most things that ignore Internet architecture do). Coordination between all ISPs, NSPs, OS and software vendors, standards bodies and content providers would be rather necessary and mandatory.
There
An effective approach is to use a shim protocol, similar to how MPLS is implemented (and wedged), that would insert a content header immediately ahead of the IP datagram. The datagram would specify content settings and either be processed by equipment (CPE, firewalls, routers, PCs, etc.) that are Content-Shim aware or ignored by those that aren't. Service providers could implement it and push administration of the filtering to the end-user (though this assumes content providers are using the shim protocol as well as they push out traffic). Done at this level, it is independent of port management issues and other unworkable nonsense.
Contact me if you'd like to work on a content shim on sourceforge with the prototype code under GPL and intellectual property donated to ODSL patent commons.
*scoove*
(scoove-at-yahoo.com)
Just out of curiousity, I logged into my SCO server and checked out a few things. I've got bad news to report. Take a look at this:
(note: numerous pound symbols removed to avoid slashdot lameness filter)
#/etc/services
Copyright (C) 2005. The SCO Group.
Any use of this file without the express written consent of SCO
and paid SCO System License is prohibited. Ports, services and
sockets are all the intellectual property of the SCO Group and
are protected under copyright law. Parties found using clean or
dirty ports without the SCO System License will be sued in a Utah
court.
(some deleted)
cp-http 80/tcp Cleanport Web
cp-http 80/udp Cleanport Web
#dp-http 81/tcp Dirty pervert web (blocked!)
(and so on)
Seriously, I'm intrigued at this remarkable proposal and wonder how they expect to handle illigit services running behind legit ports (a few lines of Python can redirect anything under 443/SSL for instance and makes a nice tunnel), not to mention dynamic port assignment in numerous P2P protocols and things like L2TP (for the user data connection after the connection is negotiated on 1701).
And this overlooks all the circumvention issues. If idiotically simple proposals like this were workable, let's just pass a law requiring all hackers to be required to only hack port 1433 - if you're stupid enough to expose 1433, then you should be hacked. All other ports are off limits to you bad guys.
Excuse me while I go put a "good guys only" sign on the office front door...
*scoove*
Bear in mind that Sony will never say that they're responsible for it. After all, they merely licensed the copy protection scheme from First 4 Internet.
Let Sony say that to the court, perhaps after hearing several hours of testimony from parents of minor children who had to settle with the RIAA (which Sony supports) for $10,000 or more for intellectual property theft actions of their children they were unaware of.
Let's see... Sony and the RIAA estimate the value of a stolen tune at $105,000 or so, times the number of duplicated copies. Guessing Sony's latest DRM oops at only 50,000 copies shipped, that's 5.25 billion Sony owes to those whom they infringed. And don't forget, just as one can have more than one P2P file on a PC (at $105K value each), each party who was damaged by Sony's apparent theft should be entitled to a cut at these prices.
And unlike the parents Sony and the RIAA chased down, Sony has deep pockets and a higher standard given their full knowledge through RIAA persecution that intellectual property theft is wrong.
*scoove*
Maybe using something like Vista since this city is heavy on the medical community. e.g. hospitals, doctors offices, even universities (UIPUI, Butler). Any advice on getting started?
The medical community is very difficult to break into (and becoming increasingly so), due to regulatory factors that impact IT vendor selection like HIPAA. IT sales to publically-traded companies are becoming more difficult due to Sarbanes Oxley audit and compliance requirements that get applied to the vendor. You will be expected to have healthy financials, bear the cost of having them audited, and may be expected to have undergone a recent SAS-70 audit to qualify as a technology service provider.
Over the past dozen years, the tech industry has quickly raised barriers to entry to keep startups out and the most effective approach is to limit qualification to only established and financially healthy vendors. Sadly, it just isn't realistic to break out with a better mousetrap in healthcare, banking or most major corporations for this reason. Then again, some would argue that healthcare or banking are terrible places for the experimentation of untested, bleeding edge IT products. Better to prove them out in markets that are tolerant of their rough edges, get them worked out and then move up into more risk-averse markets.
That said, I'd suggest you look for markets that don't have these regulatory requirements if your startup is to have a chance. I'd also avoid markets that suffer from buyers that expect a ton of perks like free training at exotic vacation destinations (e.g. the week-long Disney World trip with about 4 hours of real training), tons of free ancillary software and other expensive bribes to swing the buyer's decision your way. You'll have difficulty as a startup competing in this kind of market, where your competition will wow the customer with three times the useless sales critters, send the customer's techies to an exotic location for training for a week, and stick the customer with an outrageous bill for an outdated solution. You'd think people would make rational decisions and buy your better product, but at least half the buyers I've encountered probably would take the personal gifts (they're probably looking for another job anyway and a free Disney trip would be a nice way to conclude their career at the company).
If you want more ideas or have any aspirations of launching a tech startup, get your hands on Clayton Christensen's Innovator's Solution - this is a must read (and a good start to his books).
*scoove*
new phenomenon among startups, the 'momentary enterprise'.
Actually, Tom Peters dealt with the concept extensively in his 1993 book, Liberation Management. While it's certainly pre-momentary business technology in some respects, it does a good job addressing the higher-level conceptual issues associated with this business construct. One example referred to was Peter's video publication business that existed for about a month and included experts from numerous fields who came together to create a business exclusively for the production of the video, and then disbanded and went onto other projects.
*scoove*
You know you're getting old when the new things aren't.
You see, the basic premise is correct, the US has an extremly negative international image right now and because that it does
Certainly, it's correct, but not for the reasons you think. Consider the sourcing of your statement: WHO says the US's image is negative? Don't fall in the relativist trap of making up majorities in your head ala "I feel the US is bad. Lots of people are like me. Therefore lots of people feel the US is bad" - this is absurd and the only people you will influence are the insignificant, irrelevant types like the college dropouts at a local MoveOn meeting.
So who provides substantiation to this statement? I'll provide a few media organizations that do: Al Jazeera, AP, New York Times, Pravda. These publications are controlled by political interests which are directed by very powerful persons. Al Jazeera, for instance, receives financial support from the government of Qatar. The New York Times is the official mouthpiece for an influential "fat cat" east coast US family and their political cronies. These organizations push their agenda in their publications. On top of this, numerous country governments also blame the US for all their troubles as an effort to redirect the frustration of their masses. Between their rampant anti-semitism and their US hatred, they provide their poor populace with plenty of targets to focus on while avoiding constructive criticism of their own governments. Add to it the various international financial speculators such as George Soros that require conflict, strife and hatred for their investment models to properly function and you'll realize there are a lot of people that need you to hate the US. This is why we refer to this group of easily manipulated persons as "useful fools" and would never treat you as an intellectual or moral equal.
but the main premise was that just stubbornly defending the US without taking into account that the rest of the world only takes it more amiss that you are trying to shove more blame on them, thus worsening your reputation even more,
You apparently missed my comment that those who matter do not care, and certainly do not need to either defend US actions or blame others. Rational, emotionally balanced people do not spend their lives apologizing for old mistakes or projecting their problems on others (indeed, many would note that it is impossible to be successful in life when you cannot corrolate accountability for your actions with outcome - blaming others for your mistakes only perpetuates your misery). We get on with our lives, deal with our inevitable mistakes in a positive, responsible way, and frown upon others who live with one big chip on their shoulder.
I've also observed that you continue to lack any productive solution to these issues (other than the inferred nihlistic suggestion that the US simply cease to exist as an apology for wrongs projected onto it from diseased and dying cultures). Most American's ancestors left a morally dying continent for a reason and we understand there's going to be considerable angst in those who blame us for not staying and sinking in their irrelevance.
*scoove*
War for oil
Gee, we're getting oil from Iraq? When did that start? If you want to talk about profiting from Iraq's oil, perhaps you should speak to Mr Annan.
Either Annon or France's former UN ambassador, who was just arrested and taken into custody for all the kickbacks taken in the Oil for Food scandel.
You ever notice these people can't back up their claims with any evidence, while there's always plenty to the contrary? "The US had nothing to do with the invention of TCP/IP, Arpanet, NSFNET, Internet, etc." -- WTF? "War for Oil" - try War that cost us plenty of oil (a billion dollars a day would be more than sufficient to pour into converting the world's largest shale oil reserve in the US to a productive resource, allowing us to tell the Saudis and Iranians to go to hell).
And then there's the holier than thou European crap like this: supporting dubious regimes in other nations... I really wish I could drag every socialist college dropout to Rwanda or any of the countless European colonial nightmares and force them to endure watching the horrors their "propped up pals" who run these nations exact on innocent people. There are few non-US westerners who have hands as clean as ours, and don't think for a second we don't know it when you spew this US hatred. As if I need a German to teach me how to respect Judiasm.
Morality doesn't come from being more experienced at tyranny and corruption than anyone else.
*scoove*
I'm in the process of writing my own compliance based tool specifically designed for auditors from scratch which is in stark difference to whats on the market now
Cool. That'd have to beat my horribly rough Python/Qt Q&A app that fronts a psql database and a whole bunch of duct tape of all the output from every assessment tool (been thinking about Reportlab pdf form generation from this as well for my OCTAVE forms and survey reports). Make sure you get posted on
*scoove*
I know at least one group of experienced open source programmers that is preparing to announce a new open source vulnerability scanner project or Nessus fork. It would be encouraging for such a fork to succeed.
Fyodor, what can those of us out here do to help make that a possibility? One of my common frustrations is that much of the open source community thinks at a very low level and rejects broader perspectives because the initiators of the projects are often exceptional programmers (at the expense of not being exceptional documentation writers, analysts, managers, communicators, etc.). Some will want to shoot me for saying it, but every technology project needs a hell of a lot more than software developers to make it go. A project needs the help of great documentation writers, testers, managers, analysts, evangelists, etc. to make it, and more importantly, needs to have a culture of taking criticism and evaluating it objectively in order to have a chance at success.
Nessus's rejection of a system vulnerability database was unfortunate but not unexpected - I smell a VC in a room with a bunch of programmers (and nothing in between), plus a bunch of sensitive "Not Invented Here" egos. Nessus needed to integrate with its user community because its success was very dependent upon their feedback. Nmap has succeeded perhaps because it is a more concise tool with a focused objective and I've seen you take feedback out there and honestly respond to it.
I agree that this is not a good trend, and the question is how to reverse it.
Success in the open source community is still a rather unpredictable, undocumented (and too often, unrepeatable) event. Successful projects like nmap have happened through their founder's exceptional ability in demonstrating more than just coding ability, yet the community does little to document, educate and communicate this aspect. Projects tend to continue to make the same mistakes. Perhaps a start would be a FAQ on successful open source project methodologies that explains that brilliant code is only one of a dozen components required for success and details the others - perhaps building upon the best practices of the community's successful projects? If Nessus and others are to make it as viable open source, we need to build upon the understanding that it takes more than great code to succeed.
*scoove*
but last time I checked it was: Certified Information Systems Auditor
You're absolutely right. I've been increasingly lazy in not editing my posts lately and blame a pending CISSP exam on my mind for my error! I'm curious if you've looked at any risk management certifications as well - trying to decide the next step and have several clients that'd like to see me expand on that path but don't really have any familiarity with the certification side of things. I blew off certs until the past two years and decided to get serious about them.
I've also been considering switching to Saint (though everyone out here uses eEye - I'm not overwhelmed with it and have seen some negative comments about inconsistencies). Any thoughts there?
Nessus were (sic) more concerned with lack of code input.
Hard to contribute code to a project that has a restrictive license on reselling/embedding, which Nessus has had for quite some time. I looked at building openBSD appliances with Nessus for my clients a year ago but the license model then appeared to be incompatible with this, and they certainly appeared to be well on the MySQL path at that time. By closing the source, they've passed MySQL in restrictiveness. It's hard to be surprised that few volunteered free coding support for a product that appeared to be ready to close source.
*scoove*
The developer also expressed disappointment over the lack of community participation in developing the software, despite its open-source license.
I have to disagree. I'm a CISA (certified information security auditor) and have used Nessus in audits. About a year ago, I provided feedback regarding Nessus's tendency to damage production services, even in safe mode. These occurances were not Nessus's fault, but rather the consequence of very poor coding in various network devices. Often Nessus would cause old HP printers (HP Laserjet III was notoriously vulnerable), cheap network fax appliances, and in a couple of cases, Sonicwall firewalls to completely lose their configurations and reset to defaults. 10+ year old printers have a bit of an excuse in my book, but Sonicwall, which advertises as a security product, had no legitimate justification for this behavior. We were able to confirm this from outside Nessus scans as well.
I began reporting this behavior to the Nessus group and suggested a database of vulnerable devices to prevent analysts from getting in repeated hot water. The Tenable folks were not responsive at all and indicated their fear of civil liability due to potential disparagement of network equipment vendors products. Although I referenced numerous other sites, as well as the alternate "compatible device" approach which countless operating systems take, the idea was ignored. I did receive numerous emails from other analysts who had the same concerns.
Teneble has done a good job pushing away its user base and unfortunately moves into a hypercompetitive world of better proprietary tools. I wonder if there's an impatient VC pulling their strings.
I'll definitely support any open source effort that continues with the GPL code. How about calling it Hindmost (for all the Ringworld fanatics out there).
*scoove*
Level 3 is not advertising the Cogent route at all.
I'd bet L3's argument is that they will not provide transit across their AS to Cogent. It's a play that's been made several times before. The first time I know of it being done was in 1995 when Sean Doran pulled this at the CIX-W router, preferring to take commercial traffic via NSFNET or Sprint reseller service. Not only didn't it work, but it caused some immediate political backlash as Sean's action (presumably made without his boss's approval, who was the chairman of the CIX board and took some political grief for Sean's latest stunt) caused several state's to literally drop off the map.
If my memory's right, I think this got pulled again around 1998 timeframe on Exodus by someone like Genuity (I may be wrong about the culprit), only for the higher ups at the culprit to discover they couldn't see half of the world's worthwhile websites and search engines. Much of this was in the transit battle - e.g. if you had consumers, you felt your eyeballs were the value of the Internet and all other ISPs should pay you to get to your consumers, while if you were a content provider, you had the stuff all those consumers were paying their ISP to get to and someone had better pay you for that content.
What can you do about it? Let your ISP know you're not paying them for 80% of the Internet. When UUNET considered pulling this stunt around 1997, I worked for a small software shop that had a couple bonded UUNET T1's and we let them know we were going to drop them the moment they were only selling partial Internet. Then follow through if they do (UUNET backed off). Bilateral agreements are weird things in the world of settlement-free IP exchange, so unless you want a settlement-driven Internet (which will have unusual effects you might not want, like driving a per-packet pricing model), just expect this occasionally and drop those who don't play well with others. When L3 drops customer base, even the Denver boys will figure out their customers aren't happy.
*scoove*
I think new PCs is a major reason.
I'd be curious if there was any corrolation between IE usage and publically announced "major security patches." Many folks still check updates manually and I'd expect IE frequency to increase when the publicity of major vulnerability patches increases.
*scoove*
Wouldn't it be easier to work with MPLS over microwave networks?
Um, er, that's the new 802.16oMPLS protocol. Part of the WiMax spec. LOL. Must have tipped the OSI box over this morning and didn't notice. Damn network's been running backwards ever since. Thx!
*scoove*
While I can certainly understand those complications, one would assume that there would be some way to circumvent or remedy the radio signal issue.
The reason is physics. I mentioned in a previous post that the reason international satellite communications is terrible for data is that the limitation of the speed of light (oversimplification) causes several seconds of latency, which many protocols do not like.
Thanks to physics, unshielded long transmission wires happen to make great antennas (ever notice the hum from them, especially when you drive underneath? When you realize that's only from one frequency being put into the wire, and BPL would put in millions, you might get the picture). We actually use unshielded long-wires for antennas at field day all the time - wonderful antennas. Just tune them so they resonate better at the desired frequency and go. I had a blast on 160 meters (~1.8 MHz) last year using a run of electric fence wire about a football field long.
So here, the physics of a long, unshielded wire being a classic definition of an antenna, is the problem. It's not a matter of tweaking or changing the law of physics. This is why you see the BPL industry spending its money on attorneys and lobbyists, not scientists and engineers. They know that "possession is 9/10ths" and once they've got BPL authorized, it is too late for the rest of us. Did you ever think to ask, if BPL could be made quiet and affordable, why it isn't out there already?
As long as we could use the upgrade, why not add broadband onto to too?
Here it becomes a financial issue. Let me ask, since BPL won't give you speeds anywhere near what WiMax and FTTP (fiber to the premises) will, why not just give everyone buried fiber? In high-density metropolitan areas, it's only about $5000 per customer to implement (not including maintenance, service, switching or end-user equipment). Since we really need an ROI within two years to justify the investment (with a 25% hurdle to please the money people on this speculative venture), we need to charge:
$300 per month for your fiber termination
plus your usual broadband, phone and television programming fees. About $425 per month would be appropriate.
Interestingly, most consumers don't wish to spend $425 per month, so even in larger metros, FTTP is a very speculative venture. Rural FTTP is simply insane. The reason I mention FTTP is that many power providers already have fiber optic systems embedded in their top groundwire (called FOGwire - Fiber Over Ground). They use it to manage their transmission network. It's just absurdly expensive to deliver fiber to the residence or business - well beyond what anyone would pay.
All you hams should get a computer and learn to use email instead of tieing up valuable spectrum with your silly talking.
Normally it isn't prudent to respond to humor masqueraded as flamebait, but I thought I'd add some perspective for those who might be curious about the reality of such criticisms. Here are a few thoughts:
Many of the carrier network CCIEs I work with are "hams" - licensed amateur radio operators. I'm only a lowly CCIP in process (actually with a CISSP and CISA, with a management/finance background, worked with Linux since Linus had it on two floppies (ala "pre distribution"), build a mean kernel and program in Python). I'm a general license ham and work with microwave communications over MPLS networks daily.
There is considerable innovation done in modulation schemes, such as PSK, which increasingly gets integrated in the commercial wireless broadband world. I've constructed IPv6 over mesh protocol networks in amateur frequencies, and the best thing about the extensive range of amateur bands is that there's certain to be one for your open source project. One of my projects that needs more attention is my Python software repeater that controls a Piexx.com Motorola VHF-L, VHF-H or UHF radio from Linux.
Amateur radio is very much open source radio, where broadband over powerline is closed source. If you're interested in open source and radiofrequency, amateur radio is where you go to get the open tools to experiment. Care to understand what really is happening in your 802.11? The theory is all contained in amateur radio. You'd be shocked how much you learn when you compile in AX.25 into your kernel, build the tools, and construct a whopping 56 kbps network on UHF (or even better, 1200 on some old Kantronics TNCs). You can keep up with Ethereal on a saturated network at those speeds, and suddenly basic IP and lower layer fundamentals click. Some of the best wireless security people I've met are hams. Just as a real kernel hacker is a better OS security person, a knowledgable ham is going to beat a "user" of 802.11 any day (anyone who claims to be a wireless security expert that simply knows how to click on an icon in NetStumbler is a joke).
The BPL initiatives are unfortunately highly destructive to a very wide band of RF - not just HF. Low VHF frequencies are seriously degraded as well. BPL is a property grab no different than abusive software patents. It is theft of a third of the public radiofrequency commons for no reason other than corporate profit.
The best analogy I can give a non-radio person on BPL is to imagine if Microsoft Longhorn would cause a 60% to 70% consumption in IP networks by having uncontrolled, sustained blasts of ICMP, TCP and UDP traffic. Microsoft's explanation that this just "had to happen because there is a demand for Longhorn" wouldn't pass with the rest of us who know there are better solutions. Forcing it if it doesn't fix is never a good approach.
BPL suffers problems due to RF theory, not implementation. Just as I had to work around 1-2 second latencies in international satellite voice network engineering (no "negative latency inducer" could bail me out), transmission and distribution power systems are designed to radiate energy based on the RF injected (hence the 60 Hz hum one often hears). They are big antennas, but fortunately most electronics has worked around the awareness that 60 Hz is noisy and blankets the environment. Now induce HF to VHF and you've destroyed RF (and we're not factoring for harmonics and other higher band interference which is certain to occur).
Incidentally, regarding this amusing comment:
If you really want to you can still use morse code over IP. . Screw the radio, screw broadcast TV, screw emergency services. They should all be using broadband.
Someone needs to learn the OSI model. He might be surprised to learn that his IP is riding over VHF, HF, or another frequency blasted by BPL. Our weather network in western Iowa uses mobile IP (IPv4oAX25) on lower VHF frequencies to monitor storms for the National Weather Service. Given BPL interference, you might be well served telling people they just have to die for their BPL since emergency service and amateur spectrum isn't important.
I read this as users having no anonymity and paying through the nose for it.
Paying through the nose is close, if you assume current high bandwidth usage behavior. Clark understands the economics of a time-share network that has become less time-share and more reserved capacity in its model.
Consider for a second the direction your broadband service is going. Factor in MPLS or whatever quality of service protocol you like. Imagine a broadband connection that gives you reserved bandwidth to anywhere for voice and VPN. Suddenly your model isn't timeshare anymore. Timeshare infers best-effort transport, meaning if the network is being used (ala busy), you just have to wait a bit longer. Result? FTP takes 10 minutes instead of 5. QoS means you're locking up capacity from location A to Z. Packets are delivered in sequence, under a strict deadline. Now we're back to virtual engineered circuits ala Bell TDM 1970. Granted, your VoIP isn't taking a full DSO (64 kbps) - perhaps somewhere between 8 and 16 kbps, but you're still demanding that reserved capacity on my network.
If you're reserving it from your home community to someplace 1,000 miles away, I have a cost. International? Even greater cost (in a former life I dealt with Americas-1 E1 circuits, at 2 Mbps, a circuit cost $35K per month to a given South American country). It doesn't take a lot of VoIP to chew up 2 Mbps. (Politically, don't count the ILECs and PTTs out - VoIP might be killing them, but there's nothing like the NSFNET to come in and rescue the blue bloods from technology disruption).
So what Clark is inferring, per my understanding, is probably measured use or some corrolary. Say goodbye to endless P2P. Pay per packet or per Mbps connection rate. If you want to lock up carrier capacity, you're going to have to foot the bill for all these circuits internationally that have real and significant costs (my cable broadband friends say it's a matter of time you all will see bandwidth caps convert to nice fat bills - rather than shut you down for all that porn download, they'd much rather just bill you $300 for the convenience. Coming soon to a cable Internet network near you). Plus, when you understand that more complicated pricing and billing schemes are a barrier to entry for bottom feeding disruptors, you'll understand how measured use makes sense to telcom's fat cats.
*scoove*
For those of you that follow Clayton Christensen's disruptive technology models, I have a question for you (those of you that don't know it, but want to run tech companies, get your ass to Amazon and buy this book yesterday, or else learn the hard way as I did thru several companies before Clayton figured out some rather important rules). As a career disruptor, I was shocked to read my comment as follows:
:)
My customers would tell me they expect me to do these things already at no additional cost to them. Absent additional capital, it ain't happening in today's telecom market). Lacking a killer ap that only works in IPv6 land, the finance people won't back any infrastructure upgrade. Here's the rule: either make money or save money.
Damn if I sound like an old IBM suit.
Clayton's model says my thinking is what plowed DEC (Digital Equipment Corp) into the ground. I'm wondering if Clayton is off... what if the "right answer" only came from a bunch of irrational entrepreneurs who threw caution into the wind and bet on new technologies before any financial analysis would ever prove it out? Sort of an irrational charge of ten thousand barbarians against the city gates, of which only five might survive, but in doing so, the win?
Take my pragmatic thinking as detailed above in the quote. I've been through startup hell and have grey hairs. I'm an old guy in Internet time. I've finally agreed with all the financial rules. What if being 20-something, irrational and fearless gives you an unbeatable advantage vs. the rational "IBM" decision making models? We've gone from Innovator's Solution to Innovator's Nightmare. Instead of a viable solution for business redevelopment, we have a scenario where you throw a thousand lemmings at a new technology, most sink and die (a farce, yes, and a funny Apple ad), but the one that makes it breeds and kills the old guys.
I'd be very curious at the thoughts of those that have walked in these shoes... slashdot five-figure IDs or less certainly
*scoove*