winning the day. Didn't work our so well for Corel did it? Or Novel? Or Sun?
I assume you meant Novell.
Yeah, you're few good programmers will make better code, but my 100 code monkeys will make more of it.
Novell isn't really a good example. Starting in the late 90's, they began laying off employees in the states and replacing them with cheap labor in Bangalore. That didn't work out so well.
Especially telling was a blog post by then-CTO Jeff Jaffe sometime around 2008, where he talked about the superior quality of Novell's software. Only problem was that quality had been steadily declining for the past ten or so years. The comments section was full of Novell customers telling the CTO that he was full of shit.
Jaffe was fired (er, resigned) a year or so later, so that blog post is long-gone. Fortunately, the wayback machine has a copy.
The story yesterday said that they were having a problem with certificate validation. The routine they were using to validate certificate expiration must not have been able to handle the leap year. I wonder what non-standard API they were using to process the expiration date. That reminds me of another article that I read yesterday.
With RSA doing the keyfill at point of manufacture, the customer just needs to load the seed file for the entire batch onto their authentication server and then hand out the token
Don't forget that the tokens also expire every couple of years. If it customers were able to load a new seed themselves, then they wouldn't need to purchase new ones as often.
Interesting article, especially this little snippet:
re: surprise at lack of QA or automated unit tests — “most engineers are capable of writing bug-free code. it’s just that they don’t have an incentive to do so at most companies. when there’s a QA department, it’s easy to just throw it over to them to find the errors.” [EDIT: please note that this was subjective opinion, I chose to include it in this post because of the stark contrast that this draws with standard development practice at other companies]
This guy's obviously fresh out of college. It would be interesting to hear from someone with a little more real-world experience.
If it were, say, a private company producing this product, wouldn't they have subjected it to the normal quality control processes in software companies...
But what exactly is that process? The QA process can vary widely from company to company and product to product.
There are several factors that can influence the quality of QA:
How important is the product to the team/company/manager and middle-managers involved?
Is the QA team responsible for more than one product? If so, which product is given the most priority?
Is the QA team staffed to adequately test each product assigned to them?
What is the individual skill and experience level of each team member? Does anyone on the team have experience finding and testing for security vulnerabilities?
Does the company actually have a qualified "in house security specialist"? How involved is he/she in the product design and QA process? Such a specialist should review and approve both the initial product design and the test plan.
How much testing goes into each release? IE: Does the team perform a full regression (re-executing the entire test plan, which can take weeks or months), or do they focus their efforts only around the new features that were added, potentially missing bugs that may arise due to an unanticipated affects that new features might have on other components in the system?
Commercial software companies often ship products with serious security flaws, in spite of the reasons you listed. Some products receive through testing and others don't. It doesn't matter much whether or not the product is a commercial offering.
Most systems have a "three strikes and you're out for 5 minutes". So that kind of makes 65 guesses a minute impossible. You'd have 3 every 5 minutes.
You're missing the point. This isn't so much about guessing the password in network logon attempts as it is about guessing passwords on already-compromised machines. Since users frequently use the same password on multiple systems, a password file from a compromised workstation will sometimes yield valid passwords for other not-yet-compromised systems. Local passwords can also be useful in decrypting hard drive contents in cases where the encryption key is stored locally, wrapped with the user's password.
The faster an attacker is able to crack passwords in the password file, the more time he has to further compromise the network without being noticed.
Having been on both sides of the issue now, I think there's a lot to be said to matching your dress and other aspects of your personal image (hair, accessories, etc.) to the impression you want to create.
I could not have said it better. I experienced this first-hand just after finishing college. I had long hair reaching about half way down my back through most of my twenties. I noticed a significant difference in the way I was treated after cutting my hair.
The most notable difference was when I would go out with my wife. When I had long hair, about half the time the waiter would give her the check. Now that I'm clean-cut this almost never happens.
I was already a couple of years into my career before I cut my hair. I'm a software developer with a large company (not Microsoft), and managed to land this job and two previous jobs in this industry before cutting my hair. I'm happy with my job, but I wish I had cut my hair earlier. If I had, I belive that I would have had more opportunities after college, and as a result could probably have negotiated an ever higher salary.
Everyone judges you on your apperance whether they are aware of it or not.
Internet streaming music is great for people who have desk jobs because they're tethered to a machine that has Internet access.
Agreed. I do indeed work a desk job, and typically listen to streaming music then entire time I'm at my desk.
Last year I rented a car for a road trip that was equipped with a Sirius radio system. While it certainly beat listening to FM, I still could not really find any stations that I liked. I like stuff that's on the "heavier" end of the music spectrum, and the only stations they offered in this genre were an 80's hair-metal station and a death-metal station. I hate death-metal, and I can only tolerate hair-metal in small doses. My wife, however, loved it because they had a station that played a bunch of stuff from the 90's that she likes.
I look forward to the day when wireless internet access is available throughout all the major cities at a reasonable price. At this point someone will make an appliance that will allow me to listen to streaming music in my car. Of course, once this happens the RIAA will start trying to kill streaming music the same way they're trying to kill P2P now. Anything that gives independent artists exposure to mainstream audiences is a threat to their business model.
Everyone on Slashdot, regardless of whether you like this band, should buy their album to signal to musicians and record labels that we agree with this editorial.
Better yet, everyone should start buying their music from independent artitst to let the major labels know what we really think about their business practices. Then recording artists would no longer have to sell their souls to the record labels in order to have a shot at being successful. But who am I kidding? We all know this will never happen.
There's lots of great independent music out there. I seldom listen to any major label artists since discovering internet radio. Some of my favorites can be heard here and here, but you can find lots more on services like SHOUTcast and Live365.
The question is, does Zango use that hook to collect mouse and key info, even for a short time, or are they using the hook for other purposes? What would those purposes be?
Yes, my thoughts exactly. The longer 180 fails to disclose this information, the more it looks like they are doing something nasty.
That said, I see no evidence that Zango is specifically targeting Windows OneCare or Microsoft Antispyware as TFA implies. The fact that zangohook.dll is being loaded into these processes is *NOT* evidence of this. Zango is setting a system-wide hook, which means that their hook DLL (zangohook.dll) will be automatically loaded into every process in the system that generates one of the events they are trying to hook.
There are legitimate uses for system-wide hooks. Many Single Sign-On products use them, for instance. The real question is, why exactly does Zango need to set a system-wide hook in the first place? I can't think of any legitimate reasons.
In addition the download you point out was NOT readily available almost two years ago (Posted: 28 Jun 2004 ) when we were looking to implement our solution
Actually, I remember first hearing that Novell was offering their RADIUS server as a free download just a few months after attending Brainshare in April '03. Novell has been pushing FreeRADIUS as their preferred RADIUS solution since then. The original pages (posted several months prior to 28 Jun 2004) that pointed to the free download seem to have been removed from Novell's site.
I should also point out that I have been running a VPN client in conjunction with Client32 on my laptop for several years now. I've never run into any problems with Client32, and I've never had to tweak any setting in Client32. It just works.
You don't need Client32 on your workstations to run a VPN client. Perhaps you didn't really need Client32 at all?
We're talking in excess of $10,000 for RADIUS services that I ended up setting up for free using FreeRADIUS on preexisting hardware running Linux.
I suppose you were not aware that Novell's RADIUS server has been available as a free download for nearly two years now.
And I guess you also didn't know that Novell has contributed code to the FreeRADIUS project to facilitate CHAP, MSCHAP, LEAP, and PEAP authentications against the eDirectory Universal Password. Novell even provides an administration guide for configuring FreeRADIUS with eDirectory.
How does this new fangled technology handle prog rock concept albums? Got to keep the album tracks together and sequential or else the whole thing is just pointless.
Exactly! I was starting to think that I was the only person here on/. who actually preferrs to listening to all the tracks on an album in the order the artist intended.
I own an Rio Carbon, and I love it. I like it better than my wife's iPod Mini. Among other things, it actually has a built-in EQ (instead of a bunch of stupid EQ presents) and I find the controls easier to use than that silly "thumb-dial thing" on the iPod. Also, iTunes does not seem to have any features over the Rio Music Manager that I would actually use. If memory serves, my RIO was ~$75 cheaper than a comparable iPod when I bought it.
But I suppose I'm the exception rather than the rule. I'm 32, and I don't listen to any of the crap they play on the radio when I can help it. My wife on the other hand, listens to top-40 almost exculsively and loves the "shuffle" feature on her iPod.
Don't forget it's not just direct profits that payola causes. Payola is a large factor in preventing independent musicians from getting adequate airplay, so it actually supresses the competition and reinforces the RIAA cartel's position. That alone has to be worth way more than $10m.
Exactly. This is why the RIAA has been going after file swappers with a vengence. It's also part of the reason why many independent artists support P2P.
All of the major labels do this. Sony can't stop this practice if they want to remain competetive. Payola is not going away until it's no longer profitable, which won't be anytime soon. Independent artists don't stand a chance without a million dollar marketing budget. (See this post for a more detailed explanation).
There are lots of great payola-free internet radio stations out there. Shoutcast, Live365, Audiorealm, each carry hundreds, if not thousands.
They've invented a faceless entity called the "RIAA" who does every evil thing you can imagine. I hear they even rip off artists! Though I never cite an actual, specific instance.
First let me say that I have no interest in getting into a pissing contest over the ethics of piracy with you. I couldn't care less. However, as a 15 year veteran of the Salt Lake City music scene, I take exception with the above statement. The major labels *DO* screw over the recording artists.
It's common knowledge to anyone who knows much about the business end of the recording industry how bad the contracts are that the major labels offer to new bands. (No, I'm not talking about you're average garage-band teenager who is trying to figure out how to play the latest pop-punk song of the week, but folks who actually know what happens when you sign a record contract.) Since you apparently have never seen any evidence of this, a quick Google search for "record contracts" turned up this link and this link. There's lots more evidence out there. This is just what a quick search turned up.
Both of those articles are rather lengthy, so I've quoted a few sentences from the end of the second article here:
The band is now 1/4 of the way through its contract, has made the music industry more than 3 million dollars richer, but is in the hole $14,000 on royalties. The band members have each earned about 1/3 as much as they would working at a 7-11, but they got to ride in a tour bus for a month. The next album will be about the same, except that the record company will insist they spend more time and money on it.
Does that sound like a good deal to you?!
In reality, the RIAA has nothing to do with the contracts artists sign. The RIAA is just a lobbying group for the record labels, and artists hire entertainment lawyers to work out their contracts with the labels. And then willingly sign them.
This is technically true, but you're completely missing the point. Why do you suppose that bands sign with major labels? The younger bands probably have no idea what they're getting themselves into, and the rest know that signing to a major label is their only possible chance of "making it big." Why is this, you ask? Because the major labels are the only ones with the big marketing budgets and distribution channels necessary to get your music played on Clear Channel and sold at WalMart. You have to be a big name artist with a couple of hit albums to your credit before the majors will negotiate a decent contract with you.
Do you suppose the majors see P2P as a threat to their iron grip on the distribution channel? One can only speculate. If an independent artist could get mainstream exposure through the internet, then why would they sign a major label contract? Technology is to the point now that even a $5k recording budget can yield a professional sounding album at a local studio. Even if the record industry's argument that P2P hurts records sales is legit, this does make one wonder if lost record sales are the only motive for their actions.
But logging into your local computer or the LAN is different, and 2 factor authentication could be helpful.
I think this will be most useful against attackers who are sniffing password hashes off the wire. The article is light on details, but presumably these hashes would be generated from one-time passwords so that an attacker who brute-forces the hash can't reuse the password.
If they're talking about using using smart cards instead of tokens, then I imagine this hash would consist of some random server challenge signed with the private key from the card. This would still be much more difficult to break than the password hashes Windows uses today.
...and enhance security of systems that are physically compromised.
I'm not sure how this would enhance the security of a system that has been physically compromised. You could still bring the system up with a boot floppy (or Knoppix, or something else) and replace the administrator credential with one of your choosing.
Well, Dexter Holland (singer of Offspring) was majoring in Bionuclear Engineering at USC, and then decided to start a punk band...seems to me that the options are limitless as far as what degree goes well with another...
So what's your point? Was Dexter Holland also working on in a degree in music when his band was signed?
Musical talent has absolutely nothing to do with being signed to a major label. The majors are concerned with the marketability of the "artists" they sign, and musical talent is secondary. The thinking is that they can make virtually anyone sound good with the right producer and enough money. Thanks to the wonders of autotune and Pro-Tools, they're right.
Are you saying that Dexter Holland is a candidate for a music degree because he sings for a major label band? Can he even sing on key without autotune? The only people who likely know are the ones who were in the studio when he layed down his vocal tracks.
In addition to the site you linked (www.ind-music.com), you can find lots of great indie-label bands here and here. I can't remember the last time I listened to music from a major label artist.
I guess once they got their high-speed net to all the city buildings and schools, their interest pretty much fizzled, leaving the city-zens still not quite on of the game... I still can't get DSL.
Either that, or the cable/telco lobby quitely put a stop to all of the fiber talk. Where I live that same lobby ran this company out of business after they managed to run fiber to two local communities, Springville and Spanish Fork. The cities adopted the networks after the company went belly-up, and residents of those communities have had cheap, fast internet connections for the past five years.
This is Qwest's worst nightmere. Now thanks to this project Qwest can kiss their monopoly goodbye. Qwest didtheirbest to kill it.
RFID cannot and does not provide a method of tracking exact locations.
This is pure speculation on my part, but given a powered badge and two readers, it should be possible to triangulate the loaction of the badge, right? But then you could do the same thing a cell phone...
I know you were specifically referring to unpowered badges, but unless you remove the battery (and most probably won't), badges like these have a range of fifteen feet. I've worked these badges in the past, and I've been able to pick them up from longer distances on may occasions.
Using this example it should be easy to see that this reaction from telecom (i.e. Bell) is natural survival instinct. They _will_ kick and scream louder and louder until they get their way. POTS *may* be able to support higher then rolled out data speeds but with fiber being rolled out is it worth it? Or are they just trying to make it look like they don't really need fibre optics so they don't look desperate.
You hit the nail on the head. I've watched this process firsthand for the past several years in Utah. USWest (or USWorst, as we locals used to call them) was not in any hurry to upgrade their infrastructure, and Qwest does not seem to be either. As far as I know, my previous residence in Orem, which was less than two blocks from the largest shopping mall in the state, still cannot get DSL. DSL was not available there when I moved out in 2001. My current residence (also in Orem) does have DSL, but my neighbor across the street cannot get it.
Meanwhile, back in the late 90's, a small company called Airswitch tried to run fiber to several of the cities in my area, only to be stopped and run out of business by lobbying groups for Qwest and Comcast. They managed to wire a few cities (Springville, Spanish Fork), and residents of these cities, many of whom are co-workers, have enjoyed cheap, high speed internet access for the past five years.
Now the state is finally working on the UTOPIA project despite the best efforts of Qwest and Comcast to block it. As part of the UTOPIA project, fiber will be run to most of the homes in Salt Lake City and outlying communities. As I speak, there is a crew laying fibre a block down the road from my home. It's about time; Airswitch should have been allowed to do it five years ago.
Slashdot Mirror
I hope you enjoy having the service track everywhere you go and when you do so, so they can sell it to marketers.
You mean like carrying a smart phone?
Presumably you mean certificates using NSA-generated key pairs, but that are otherwise identical to the "customer certs".
I assume you meant Novell.
Novell isn't really a good example. Starting in the late 90's, they began laying off employees in the states and replacing them with cheap labor in Bangalore. That didn't work out so well.
Especially telling was a blog post by then-CTO Jeff Jaffe sometime around 2008, where he talked about the superior quality of Novell's software. Only problem was that quality had been steadily declining for the past ten or so years. The comments section was full of Novell customers telling the CTO that he was full of shit.
Jaffe was fired (er, resigned) a year or so later, so that blog post is long-gone. Fortunately, the wayback machine has a copy.
The story yesterday said that they were having a problem with certificate validation. The routine they were using to validate certificate expiration must not have been able to handle the leap year. I wonder what non-standard API they were using to process the expiration date. That reminds me of another article that I read yesterday.
Don't forget that the tokens also expire every couple of years. If it customers were able to load a new seed themselves, then they wouldn't need to purchase new ones as often.
This guy's obviously fresh out of college. It would be interesting to hear from someone with a little more real-world experience.
If it were, say, a private company producing this product, wouldn't they have subjected it to the normal quality control processes in software companies...
But what exactly is that process? The QA process can vary widely from company to company and product to product.
There are several factors that can influence the quality of QA:
How important is the product to the team/company/manager and middle-managers involved?
Is the QA team responsible for more than one product? If so, which product is given the most priority?
Is the QA team staffed to adequately test each product assigned to them?
What is the individual skill and experience level of each team member? Does anyone on the team have experience finding and testing for security vulnerabilities?
Does the company actually have a qualified "in house security specialist"? How involved is he/she in the product design and QA process? Such a specialist should review and approve both the initial product design and the test plan.
How much testing goes into each release? IE: Does the team perform a full regression (re-executing the entire test plan, which can take weeks or months), or do they focus their efforts only around the new features that were added, potentially missing bugs that may arise due to an unanticipated affects that new features might have on other components in the system?
Commercial software companies often ship products with serious security flaws, in spite of the reasons you listed. Some products receive through testing and others don't. It doesn't matter much whether or not the product is a commercial offering.
Most systems have a "three strikes and you're out for 5 minutes". So that kind of makes 65 guesses a minute impossible. You'd have 3 every 5 minutes.
You're missing the point. This isn't so much about guessing the password in network logon attempts as it is about guessing passwords on already-compromised machines. Since users frequently use the same password on multiple systems, a password file from a compromised workstation will sometimes yield valid passwords for other not-yet-compromised systems. Local passwords can also be useful in decrypting hard drive contents in cases where the encryption key is stored locally, wrapped with the user's password. The faster an attacker is able to crack passwords in the password file, the more time he has to further compromise the network without being noticed.
FTA: Rock music blaring from boomboxes has proved one of the best defenses against an annual invasion of Mormon crickets.
Yeah, but you get one alone and he'll drink all your beer.
+1 Funny. Unfortunately, it probably went over the head of anyone who hasn't lived in Utah.
Always take at least two Mormons fishing with you or the damned Jack Mormon will drink all your beer.
The most notable difference was when I would go out with my wife. When I had long hair, about half the time the waiter would give her the check. Now that I'm clean-cut this almost never happens.
I was already a couple of years into my career before I cut my hair. I'm a software developer with a large company (not Microsoft), and managed to land this job and two previous jobs in this industry before cutting my hair. I'm happy with my job, but I wish I had cut my hair earlier. If I had, I belive that I would have had more opportunities after college, and as a result could probably have negotiated an ever higher salary.
Everyone judges you on your apperance whether they are aware of it or not.
Last year I rented a car for a road trip that was equipped with a Sirius radio system. While it certainly beat listening to FM, I still could not really find any stations that I liked. I like stuff that's on the "heavier" end of the music spectrum, and the only stations they offered in this genre were an 80's hair-metal station and a death-metal station. I hate death-metal, and I can only tolerate hair-metal in small doses. My wife, however, loved it because they had a station that played a bunch of stuff from the 90's that she likes.
I look forward to the day when wireless internet access is available throughout all the major cities at a reasonable price. At this point someone will make an appliance that will allow me to listen to streaming music in my car. Of course, once this happens the RIAA will start trying to kill streaming music the same way they're trying to kill P2P now. Anything that gives independent artists exposure to mainstream audiences is a threat to their business model.
There's lots of great independent music out there. I seldom listen to any major label artists since discovering internet radio. Some of my favorites can be heard here and here, but you can find lots more on services like SHOUTcast and Live365.
That said, I see no evidence that Zango is specifically targeting Windows OneCare or Microsoft Antispyware as TFA implies. The fact that zangohook.dll is being loaded into these processes is *NOT* evidence of this. Zango is setting a system-wide hook, which means that their hook DLL (zangohook.dll) will be automatically loaded into every process in the system that generates one of the events they are trying to hook.
There are legitimate uses for system-wide hooks. Many Single Sign-On products use them, for instance. The real question is, why exactly does Zango need to set a system-wide hook in the first place? I can't think of any legitimate reasons.
I should also point out that I have been running a VPN client in conjunction with Client32 on my laptop for several years now. I've never run into any problems with Client32, and I've never had to tweak any setting in Client32. It just works.
You don't need Client32 on your workstations to run a VPN client. Perhaps you didn't really need Client32 at all?
And I guess you also didn't know that Novell has contributed code to the FreeRADIUS project to facilitate CHAP, MSCHAP, LEAP, and PEAP authentications against the eDirectory Universal Password. Novell even provides an administration guide for configuring FreeRADIUS with eDirectory.
I own an Rio Carbon, and I love it. I like it better than my wife's iPod Mini. Among other things, it actually has a built-in EQ (instead of a bunch of stupid EQ presents) and I find the controls easier to use than that silly "thumb-dial thing" on the iPod. Also, iTunes does not seem to have any features over the Rio Music Manager that I would actually use. If memory serves, my RIO was ~$75 cheaper than a comparable iPod when I bought it.
But I suppose I'm the exception rather than the rule. I'm 32, and I don't listen to any of the crap they play on the radio when I can help it. My wife on the other hand, listens to top-40 almost exculsively and loves the "shuffle" feature on her iPod.
All of the major labels do this. Sony can't stop this practice if they want to remain competetive. Payola is not going away until it's no longer profitable, which won't be anytime soon. Independent artists don't stand a chance without a million dollar marketing budget. (See this post for a more detailed explanation).
There are lots of great payola-free internet radio stations out there. Shoutcast, Live365, Audiorealm, each carry hundreds, if not thousands.
It's common knowledge to anyone who knows much about the business end of the recording industry how bad the contracts are that the major labels offer to new bands. (No, I'm not talking about you're average garage-band teenager who is trying to figure out how to play the latest pop-punk song of the week, but folks who actually know what happens when you sign a record contract.) Since you apparently have never seen any evidence of this, a quick Google search for "record contracts" turned up this link and this link. There's lots more evidence out there. This is just what a quick search turned up.
Both of those articles are rather lengthy, so I've quoted a few sentences from the end of the second article here:
Does that sound like a good deal to you?!
This is technically true, but you're completely missing the point. Why do you suppose that bands sign with major labels? The younger bands probably have no idea what they're getting themselves into, and the rest know that signing to a major label is their only possible chance of "making it big." Why is this, you ask? Because the major labels are the only ones with the big marketing budgets and distribution channels necessary to get your music played on Clear Channel and sold at WalMart. You have to be a big name artist with a couple of hit albums to your credit before the majors will negotiate a decent contract with you.
Do you suppose the majors see P2P as a threat to their iron grip on the distribution channel? One can only speculate. If an independent artist could get mainstream exposure through the internet, then why would they sign a major label contract? Technology is to the point now that even a $5k recording budget can yield a professional sounding album at a local studio. Even if the record industry's argument that P2P hurts records sales is legit, this does make one wonder if lost record sales are the only motive for their actions.
Ever wonder why so many independent artists support P2P? Apparently it's not hurting their record sales. If the artist makes $.56 per album who is really getting screwed by P2P?
If we're lucky, P2P and internet radio will make the major labels completely irrevelent. There's lots of great independent music out there.
If they're talking about using using smart cards instead of tokens, then I imagine this hash would consist of some random server challenge signed with the private key from the card. This would still be much more difficult to break than the password hashes Windows uses today.
I'm not sure how this would enhance the security of a system that has been physically compromised. You could still bring the system up with a boot floppy (or Knoppix, or something else) and replace the administrator credential with one of your choosing.
Musical talent has absolutely nothing to do with being signed to a major label. The majors are concerned with the marketability of the "artists" they sign, and musical talent is secondary. The thinking is that they can make virtually anyone sound good with the right producer and enough money. Thanks to the wonders of autotune and Pro-Tools, they're right.
Are you saying that Dexter Holland is a candidate for a music degree because he sings for a major label band? Can he even sing on key without autotune? The only people who likely know are the ones who were in the studio when he layed down his vocal tracks.
In addition to the site you linked (www.ind-music.com), you can find lots of great indie-label bands here and here. I can't remember the last time I listened to music from a major label artist.
This is Qwest's worst nightmere. Now thanks to this project Qwest can kiss their monopoly goodbye. Qwest did their best to kill it.
I know you were specifically referring to unpowered badges, but unless you remove the battery (and most probably won't), badges like these have a range of fifteen feet. I've worked these badges in the past, and I've been able to pick them up from longer distances on may occasions.
Meanwhile, back in the late 90's, a small company called Airswitch tried to run fiber to several of the cities in my area, only to be stopped and run out of business by lobbying groups for Qwest and Comcast. They managed to wire a few cities (Springville, Spanish Fork), and residents of these cities, many of whom are co-workers, have enjoyed cheap, high speed internet access for the past five years.
Now the state is finally working on the UTOPIA project despite the best efforts of Qwest and Comcast to block it. As part of the UTOPIA project, fiber will be run to most of the homes in Salt Lake City and outlying communities. As I speak, there is a crew laying fibre a block down the road from my home. It's about time; Airswitch should have been allowed to do it five years ago.