I don't think so. Facebook is the same pet rock fad as MySpace. Something will eclipse it, as Zuckerberg et al don't get the privacy message. Once people start feeling secure again, a more useful site that has a better economic model will be the next pet rock. Apple only markets their own pet rocks.
There are consolidations, but also process validation through the use of Linux appliances, and the ease of licensing, and incredible ease of virtualization. The old days of Microsoft sales guys with the CEO on the golf course doing deals has met the reality of people with low budgets just rying to get a reasonable job done. Add in the posturing, the lawsuits, and being way behind in a market they actually helped to create, and Microsoft's incredible warmth (yeah, I'm being facetious) just doesn't do it any more.
Ballmer needs a smart young turk (and not a Jonathon Schwartz type) to pound out a new vision, thin the ranks, and behave like a visionary geek instead of a bi-polar sales guy.
T-Mobile, like the other telcos, will try to snow the FCC any way they can. If their network is misconfigured, underprovisioned, or just plain badly designed, lots of data traffic will buckle it. But they'll try to charge for it anway, then complain that people are digesting too much of what they paid good money for.
The reason that the iPhone isn't on Verizon today is the fact that Verizon *knows* that their EV.DO/EV.DOa network would go berserk- to the detriment of their existing customers. Once they move to LTE that's built-out to tolerable coverage, watch how fast the iPhone becomes available. The Android-based phones are newer, and get a cap on data today, unlike their older 'unlimited' contracts.
These guys aren't fools. They know who to lie to and bribe/lobby, and with what kind of BS.
You're right. An eye for an eye, a tooth for a tooth, and soon you need seeing-eye dogs and dentures.
With two million botted machines in the US alone (a conservative estimate), you could piss off a lot of homies, too. I don't think Chartoff realizes just how many pawns there are, ready to march, and give him a bad day. That we don't consider those pawns as attackers-in-waiting is a fool's blindness.
What a gentle and meaningful way to solve a problem!
Instead, why not drive a bugged vehicle to some interesting destinations?
After all, a paranoid Castle Doctrine threatening to execute federal workers or contractors wouldn't get you under any kind of real suspicion, would it? After all, this is just between us, right?
True. This is because traditionally, voice and data were two separately tariffed ideas. Landline equipment can be tip/ring or can be DSL VoIP.... or a cable VoIP-- depending on what state and which part of the world you're in.
QoS and low latency to support voice are a bit different when you use bi-directional telephony on top of data lines. I'm not trying to justify what PTTs and telcos charge here. But voice telephony is different than data telephony and VoIP is different still. Personally, I prefer Skype. But Business Skype is an oxymoron. Those in the business VoIP business range from reasonable to totally sucks. The "free" part of the OP's message is what I have issue with. Data is asynchronous, and voice is isochronous and the two take different equipment and have different historical infrastructure. When voice is data and actually rides over wires in bit frames, it may or may not be part of IP protocols. If it rides over IP as isochronous media, then call quality depends on deterministic routing as well as low fundamental line latency.
If you use SIP or ENUM/ENUM2, then the additional problems of gateway protection is important and costs money. Don't pay the money or let a fool guard it, and you get $100K surprises.
But then there's the cost of the Internet connection. There's a capex cost of the home router you use, and the cost of the power it uses as well as your 'phone' device, whatever that might be.
The ISP then has a last mile capital cost, to run a cable to your place or deliver a wireless signal that you can use.
Then there's the interconnect equipment that's used on the backhaul, landline gateway interconnect costs (capex and opex), the rent for the building, the power, the people, their benefits, the diesel generator if you're lucky. Then there are the returns paid to the people that invested in all of that; taxpayers in some realms, stockholders in others.
Then there are the costs associated with upstream routing. Maybe there's a SIP server with its incumbent costs, support, programmers, power, and so on.
The Internet isn't free. Phone costs aren't free. Each has a cost.
But what happened in the TFA is that people exploited SIP security and found a way to make people's toll avoidance become a nightmare for them. Not free. Not at all.
Is that IP address the camera we think it is? Is it an iPod Touch? Is it a Blackberry? Is it hijacked, compromised, or generally a nuisance?
The world domination thing is probable. The problem of vetting the state of everything remains a problem. Admittance control is unlikely to be the answer, sadly.
There is much paranoia in what you say. Microsoft doesn't give enough $$ to politicians to have owned them. Yet.
Policy or technology, the threats are real. Since this I responded in this threat, I've had another 1000 or so attacks on my servers. It's a normal day. I don't run Microsoft servers, but not far away from me at my ISP, another non-Microsoft user's public face business server was cracked on Tuesday. It shut itself down, but there's several thousand dollars in rework to get it back moving again.
While Microsoft has a huge statistical attack surface, they're not the only ones vulnerable. This isn't about Microsoft, this is about Microsoft and all of us that put an IP out on the Internet.
>>>It would be easy to detect and block spam/DDOS zombies and a fair number of known worms just by network inspection. Not 100%, but a lot of them are high traffic and patently obvious.
That's if the machines, having been botted, are ordered into action. It's my guess that well over 2/3rds of botnets aren't in use at any one time. Why use all your soldiers at once?
XPSP2 was a godsend for those of us that had to scrape malware sludge from other people's machines. It gave us a needed short break. It demoted various processes and made MS think about user space isolation. Now it's session isolation with out a valid manifest.
MS can only cover their own products in terms of vetting integrity or trust. I agree with others that aren't interested in TPM, either-- it's too easy to crack and spoof. Every device on a network has to be individually and separately maintained for security purposes.
There are brute force, random attacks, dumb bots, smartbots, and the real motivation: $$ and control.
Along the way, somebody gets root on money machine and has a good time. Windows machines are likely prospects, but there are a lot of unpatched machines out there. Tons. Zillions.
Changing protocols a little here and there might help. Ultimately, it's behavioral analysis that figures it out. One day we might get lucky and throw a few in jail.
Now user Magee needs to access his email on his iPad. First, there's the pop3 account. Then there's gmail. He surfs. A complex page cites more than a dozen (often dozens and dozens) of other IP addresses.
You're presuming that there's such a thing as a trusted perimeter. There simply is not. Each device needs to have a protection state. But how do you do this with a half-dozen client OSes and a half-dozen major smartphone OSes, etc? Answer: you don't.
And how long does it take to employ a method that says: I'm ok, my virus defs are cool, I'm patched to your favorite level, so gimme the IPSec connection and credentials for this user: trusteddomainadminJoey?
You're right that trusted systems would help. One day....
Ah, were it true. While I follow your logic on COICA, it's not just Microsoft whose software can be swiss-cheesed, given enough attempts.
Today, one of my servers was under attack. I sent complaints to vsnl.in and their abuse and postmaster accounts bounce. No one is at the switch... or perhaps they're sleeping. So I tried to characterize the attacker. It's a Linux box running an old version of CentOS. As I write this, it's dutifully trying to logon with single letter logon names.
Yet Microsoft Windows users represent not just the statistically largest attacking surface, but the one with the most plentiful cracks that have botted machines. Bots come in all sizes, shapes and characterizations. They're not exclusive to Microsoft, just the most statistically significant.
There are better ways to prevent attacks, and better kill switches to partition-out attackers. We just have to agree on how to deploy them, rather than give the enemies of genuine freedom the tools to kill the friendlies.
I double dog dare you to vet a wifi-connected smartphone. No bases covered *at all*. Your idea only works on flat networks, rather than multi-tiered, as well. It isn't as easy as it looks.
And when you get close, your help desk lines light up with people that can't get logged on because you set your criteria too tightly and they don't have remediation for their Ubuntu 10.10.... or even their freaking Macs. The whole rubric here is to sell more Microsoft stuff underneath the perceived goodwill proffered by trying to vet then shackle machines whose state is unknown.
They've been championing 'network admittance control' for a long time. It's pretty difficult to do, especially in a heterogeneous OS network. Add smartphones and other possible attack vectors, and it's nigh impossible.
Yet it's a nice idea to block machines that probe servers on ssh ports with logon names like 'oracleadmin' and so on. Isolating suspect systems has to be coupled with a method to vet systems, and therein lies the rub. Unless you use pattern matching to watch system traffic for phone-homes and wierd characterizations, it's simply too tough to get anything but a homogeneous (read Microsoft clients only) network intrusion detection system to work.
Yet we have a copyright-abuser local newspaper worried that others might usurp them by having a sued candidate for govenor getting in bed with Fox News http://mediamatters.org/blog/201009220018 instead of them.
Agreed. AT&T is Southwest Bell with lipstick. They had the worst customer service, lousiest coverage, and weakest share. Apple needed to have a CDMA phone along with its GSM offering. They could have covered all bases, but had to capitulate to the fact that AT&T and most of the world is GSM. So they made their choice.
I stuck with Verizon not because of any love whatsoever, rather they have coverage and a decently designed data coverage network. At the top are the same bunch of monopolistic-minded greedy execs seeking to suck every last coin out of your pocket-- customer churn be damned.
Android isn't a piece of cake, but on the whole, the values behind it (and not Google as a company behind it) will continue to overtake Apple. Verizon should careful; in the post-9/11 market capitalization atmosphere, they could follow Sprint's fate easily, IMHO. Quality and service count. If they keep their eye on this, they'll do well.
There's a difference between observation, criticism, and DDoS. Concerted efforts to stifle information-- no matter what the information is-- are onerous attacks on everyone who wants the same right to voice their own.
Slashdot Mirror
I don't think so. Facebook is the same pet rock fad as MySpace. Something will eclipse it, as Zuckerberg et al don't get the privacy message. Once people start feeling secure again, a more useful site that has a better economic model will be the next pet rock. Apple only markets their own pet rocks.
There are consolidations, but also process validation through the use of Linux appliances, and the ease of licensing, and incredible ease of virtualization. The old days of Microsoft sales guys with the CEO on the golf course doing deals has met the reality of people with low budgets just rying to get a reasonable job done. Add in the posturing, the lawsuits, and being way behind in a market they actually helped to create, and Microsoft's incredible warmth (yeah, I'm being facetious) just doesn't do it any more.
Ballmer needs a smart young turk (and not a Jonathon Schwartz type) to pound out a new vision, thin the ranks, and behave like a visionary geek instead of a bi-polar sales guy.
Slow news night, folks. It's ok to move on to something more interesting.
T-Mobile, like the other telcos, will try to snow the FCC any way they can. If their network is misconfigured, underprovisioned, or just plain badly designed, lots of data traffic will buckle it. But they'll try to charge for it anway, then complain that people are digesting too much of what they paid good money for.
The reason that the iPhone isn't on Verizon today is the fact that Verizon *knows* that their EV.DO/EV.DOa network would go berserk- to the detriment of their existing customers. Once they move to LTE that's built-out to tolerable coverage, watch how fast the iPhone becomes available. The Android-based phones are newer, and get a cap on data today, unlike their older 'unlimited' contracts.
These guys aren't fools. They know who to lie to and bribe/lobby, and with what kind of BS.
You're right. An eye for an eye, a tooth for a tooth, and soon you need seeing-eye dogs and dentures.
With two million botted machines in the US alone (a conservative estimate), you could piss off a lot of homies, too. I don't think Chartoff realizes just how many pawns there are, ready to march, and give him a bad day. That we don't consider those pawns as attackers-in-waiting is a fool's blindness.
Also a good idea.
There are lots of potential destinations.
But waving a big red flag in front of an FBI bull isn't very wise.
What a gentle and meaningful way to solve a problem!
Instead, why not drive a bugged vehicle to some interesting destinations?
After all, a paranoid Castle Doctrine threatening to execute federal workers or contractors wouldn't get you under any kind of real suspicion, would it? After all, this is just between us, right?
True. This is because traditionally, voice and data were two separately tariffed ideas. Landline equipment can be tip/ring or can be DSL VoIP.... or a cable VoIP-- depending on what state and which part of the world you're in.
QoS and low latency to support voice are a bit different when you use bi-directional telephony on top of data lines. I'm not trying to justify what PTTs and telcos charge here. But voice telephony is different than data telephony and VoIP is different still. Personally, I prefer Skype. But Business Skype is an oxymoron. Those in the business VoIP business range from reasonable to totally sucks. The "free" part of the OP's message is what I have issue with. Data is asynchronous, and voice is isochronous and the two take different equipment and have different historical infrastructure. When voice is data and actually rides over wires in bit frames, it may or may not be part of IP protocols. If it rides over IP as isochronous media, then call quality depends on deterministic routing as well as low fundamental line latency.
If you use SIP or ENUM/ENUM2, then the additional problems of gateway protection is important and costs money. Don't pay the money or let a fool guard it, and you get $100K surprises.
Point to point personal VoIP can be pretty free.
But then there's the cost of the Internet connection. There's a capex cost of the home router you use, and the cost of the power it uses as well as your 'phone' device, whatever that might be.
The ISP then has a last mile capital cost, to run a cable to your place or deliver a wireless signal that you can use.
Then there's the interconnect equipment that's used on the backhaul, landline gateway interconnect costs (capex and opex), the rent for the building, the power, the people, their benefits, the diesel generator if you're lucky. Then there are the returns paid to the people that invested in all of that; taxpayers in some realms, stockholders in others.
Then there are the costs associated with upstream routing. Maybe there's a SIP server with its incumbent costs, support, programmers, power, and so on.
The Internet isn't free. Phone costs aren't free. Each has a cost.
But what happened in the TFA is that people exploited SIP security and found a way to make people's toll avoidance become a nightmare for them. Not free. Not at all.
AMEN.
Is that IP address the camera we think it is? Is it an iPod Touch? Is it a Blackberry? Is it hijacked, compromised, or generally a nuisance?
The world domination thing is probable. The problem of vetting the state of everything remains a problem. Admittance control is unlikely to be the answer, sadly.
There is much paranoia in what you say. Microsoft doesn't give enough $$ to politicians to have owned them. Yet.
Policy or technology, the threats are real. Since this I responded in this threat, I've had another 1000 or so attacks on my servers. It's a normal day. I don't run Microsoft servers, but not far away from me at my ISP, another non-Microsoft user's public face business server was cracked on Tuesday. It shut itself down, but there's several thousand dollars in rework to get it back moving again.
While Microsoft has a huge statistical attack surface, they're not the only ones vulnerable. This isn't about Microsoft, this is about Microsoft and all of us that put an IP out on the Internet.
Bingo. You read between the lines well.
>>>It would be easy to detect and block spam/DDOS zombies and a fair number of known worms just by network inspection. Not 100%, but a lot of them are high traffic and patently obvious.
That's if the machines, having been botted, are ordered into action. It's my guess that well over 2/3rds of botnets aren't in use at any one time. Why use all your soldiers at once?
XPSP2 was a godsend for those of us that had to scrape malware sludge from other people's machines. It gave us a needed short break. It demoted various processes and made MS think about user space isolation. Now it's session isolation with out a valid manifest.
MS can only cover their own products in terms of vetting integrity or trust. I agree with others that aren't interested in TPM, either-- it's too easy to crack and spoof. Every device on a network has to be individually and separately maintained for security purposes.
So I guess I don't agree with you much at all.
There are brute force, random attacks, dumb bots, smartbots, and the real motivation: $$ and control.
Along the way, somebody gets root on money machine and has a good time. Windows machines are likely prospects, but there are a lot of unpatched machines out there. Tons. Zillions.
Changing protocols a little here and there might help. Ultimately, it's behavioral analysis that figures it out. One day we might get lucky and throw a few in jail.
Sounds good on paper.
Now user Magee needs to access his email on his iPad. First, there's the pop3 account. Then there's gmail. He surfs. A complex page cites more than a dozen (often dozens and dozens) of other IP addresses.
You gonna shut him down? I don't think so.
You're presuming that there's such a thing as a trusted perimeter. There simply is not. Each device needs to have a protection state. But how do you do this with a half-dozen client OSes and a half-dozen major smartphone OSes, etc? Answer: you don't.
And how long does it take to employ a method that says: I'm ok, my virus defs are cool, I'm patched to your favorite level, so gimme the IPSec connection and credentials for this user: trusteddomainadminJoey?
You're right that trusted systems would help. One day....
Ah, were it true. While I follow your logic on COICA, it's not just Microsoft whose software can be swiss-cheesed, given enough attempts.
Today, one of my servers was under attack. I sent complaints to vsnl.in and their abuse and postmaster accounts bounce. No one is at the switch... or perhaps they're sleeping. So I tried to characterize the attacker. It's a Linux box running an old version of CentOS. As I write this, it's dutifully trying to logon with single letter logon names.
Yet Microsoft Windows users represent not just the statistically largest attacking surface, but the one with the most plentiful cracks that have botted machines. Bots come in all sizes, shapes and characterizations. They're not exclusive to Microsoft, just the most statistically significant.
There are better ways to prevent attacks, and better kill switches to partition-out attackers. We just have to agree on how to deploy them, rather than give the enemies of genuine freedom the tools to kill the friendlies.
I double dog dare you to vet a wifi-connected smartphone. No bases covered *at all*. Your idea only works on flat networks, rather than multi-tiered, as well. It isn't as easy as it looks.
And when you get close, your help desk lines light up with people that can't get logged on because you set your criteria too tightly and they don't have remediation for their Ubuntu 10.10.... or even their freaking Macs. The whole rubric here is to sell more Microsoft stuff underneath the perceived goodwill proffered by trying to vet then shackle machines whose state is unknown.
They've been championing 'network admittance control' for a long time. It's pretty difficult to do, especially in a heterogeneous OS network. Add smartphones and other possible attack vectors, and it's nigh impossible.
Yet it's a nice idea to block machines that probe servers on ssh ports with logon names like 'oracleadmin' and so on. Isolating suspect systems has to be coupled with a method to vet systems, and therein lies the rub. Unless you use pattern matching to watch system traffic for phone-homes and wierd characterizations, it's simply too tough to get anything but a homogeneous (read Microsoft clients only) network intrusion detection system to work.
I like your reasoning.
Yet we have a copyright-abuser local newspaper worried that others might usurp them by having a sued candidate for govenor getting in bed with Fox News http://mediamatters.org/blog/201009220018 instead of them.
Politics makes such odd bedfellows.
Agreed. AT&T is Southwest Bell with lipstick. They had the worst customer service, lousiest coverage, and weakest share. Apple needed to have a CDMA phone along with its GSM offering. They could have covered all bases, but had to capitulate to the fact that AT&T and most of the world is GSM. So they made their choice.
I stuck with Verizon not because of any love whatsoever, rather they have coverage and a decently designed data coverage network. At the top are the same bunch of monopolistic-minded greedy execs seeking to suck every last coin out of your pocket-- customer churn be damned.
Android isn't a piece of cake, but on the whole, the values behind it (and not Google as a company behind it) will continue to overtake Apple. Verizon should careful; in the post-9/11 market capitalization atmosphere, they could follow Sprint's fate easily, IMHO. Quality and service count. If they keep their eye on this, they'll do well.
There's a difference between observation, criticism, and DDoS. Concerted efforts to stifle information-- no matter what the information is-- are onerous attacks on everyone who wants the same right to voice their own.
No one saw the viagra humor in it, I guess.