spread the dot jenett.radio.randomizer - click to visit a random Radio weblog - for information, contact randomizer@coolstop.com

Cox Crow

Asking the Stupid Questions Since 1971
 Friday, December 06, 2002

Choosing an Internet Access Provider

Paul Krugman sounds upset. Like mine, his choices for better Internet access are simple

  1. cable

You may notice that on this multiple-choice test, there's only one answer.

3:12:32 PM # Google It!
categories: Industry

Stupid Is as Stupid Does

Krugman then claims that telco providers will both 1) jack up broadband prices to maximize profits AND 2) restrict access to large sections of the Internet. These two things are inherently contradictory as cutting of large sections of the Internet will lower the value of access, and so reduce telco profits. But Krugman believes that these guys are some opaque combination of evil and stupid which limits their greed, harming both their profits and the public good at the same time. I, on the other hand, believe they are merely average in their intelligence, but limitless in their greed, so consumers are quite safe in their hands.
Zimran Ahmed

That cracked me up. From my seat, it's often hard to tell the difference between the two, though I don't think you have to be evil — merely stupid is enough — to block off large sections of the Internet based on marketing agreements with content providers. For evidence of how stupid, compare the effectiveness of WAP and i-mode. The difference between the two being that WAP portals are, or were, captive.

2:04:11 PM # Google It!
categories: Industry

If You Can't See It, It Can't See You

A few days back, Scott Mace, referring to a Gartner report on deep packet inspection, makes some comments about the network's edge, in the sense that firewalls redefine what the end-points are. Well, yeah, but his comments are confusing:
[T]he edge is creeping closer to the nodes originating the service or providing the client.
Isn't that the functional definition of the edge, those nodes? His conclusion, that service must move out of the network itself, is the end-to-end model.

Brett Morgan points out that some Aussie students routed around firewall-based service degradation by encrypting their packets. I mentioned the same thing in June after reading an article trying to sell content inspection as a means of differentiating service levels: You can't inspect the content if you can't read it. Think of a border guard charged with keeping subversive content out of the country: if he can't read German, how can he tell the difference between Mein Kampf and Das Kapital?

In its conclusion, Gartner states,

Web services will force perimeter defenses to be more aware of what types of traffic they allow to access the network via port 80 as code, such as SOAP elements, and control messages, such as XML statements. Firewall vendors must offer solutions that can control this traffic.
The perimeter cannot defend against these attacks without knowing what's inside the perimeter. Without that, the perimeter device cannot predict what effect a particular SOAP message might have. What the perimeter device can defend against would be known attacks on flaws in the infrastructure. Though it may be able to identify attempts at buffer overflows and such, doing so will require application developers to think about the size of the messages they are passing — and that's highly unlikely.

Effective security balances usability with stumbling blocks. If the security precautions make things too unusable, then 1) they will impair the work that was meant to be done in the first place, and 2) the users will ignore them.

11:21:01 AM # Google It!
categories: Industry, Security, System Administration


10:09:53 AM #

Package Manglement

Matt Croydon points to an OSNews article on Autopackage. I hadn't heard of that one before. Package management is one of those things that is reinvented over and over and over again. I'd like some incremental improvement in this area that doesn't require us to throw out existing systems just to get the nifty features.

The problem with most of the package systems I've seen is that they assume that you'll use only them; they are monolithic. In a heterogenous environment, even a POSIX-compliant one, that's an invalid assumption. Some packages will be installed by simple copying of the binaries. And then there are the OS vendors themselves, who insist on changing things without notice.

So what to do? I have a fantasy of a build farm that takes source from the repository, compiles it for a particular target platform, makes a vendor-specific package, then installs it on the host. Sounds like the BSD ports system, doesn't it? There's a significant difference in that my fantasy inserts one step: make a vendor-specific package, including Microsoft Installer files.

But like I said, it's a fantasy, perhaps a masochistic one.

10:01:20 AM # Google It!
categories: System Administration

A Religious Question

Larry Staton and I were discussing famous marks. He's of the opinion that they should be something more than well-known, recognizable by the majority in an opinion poll. So I went out and bought two famous marks. The question I have is this: Which do you pour first in a black and tan? The ale? Or the stout?

8:31:47 AM # Google It!