BellSouth Wants to Rig the Internet | & "Airport Security" HoaxFest

Slashdot | BellSouth Wants to Rig the Internet

Go ahead, be liable for it
(Score:5, Insightful)
by Red Flayer (890720) Alter Relationship on Thursday December 01, @03:39PM (#14161033)
(Last Journal: Thursday November 03, @05:54PM)
FTS: "Internet service providers should be allowed to strike deals to give certain Web sites or services priority in reaching computer users, "

As soon as they do this, then they should become legally responsible for all content that crosses their network.

Either ISPs are passive conduits, or they are not. If they can easily differentiate between packets from different sources, and filter those packets for different handling procedures, then they can take responsibility for not allowing 'illegal' packets on their network.
--
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
===============

Re:They just never quit
(Score:5, Insightful)
by Pope (17780) Alter Relationship on Thursday December 01, @03:40PM (#14161037)
(http://www.kabong.ca/)
That first class ticket doesn't reduce his time in the air though. He arrives the same time as the coach standby folks do.

Typical thought process for high-end executives who are used to bullying and paying through the nose to get what they want NOW.
===============


Can you say "Akamai?"
(Score:5, Informative)
by Spazmania (174582) Alter Relationship on Thursday December 01, @04:27PM (#14161569)
(http://bill.herrin.us/)
A traffic prioitization service already exists. It's Akamai's whole business model: They buy pipes to strategic locations with many service providers, cache servers near the customer and route requests to the best-choice server. You buy space on their servers and your data gets to the customer faster.

What Mr Smith wants to do is, well, asinine. He wants to allow the data pipes on his network to fill to 100% and then prioritize the traffic based on who pays. This suggests such a flawed understanding of the technology that as the chief technology officer, he should be fired.

See, here's the problem: For a router to make a priority-based switching decision between packets, it has to have more than one packet cached in memory waiting for free space in the outgoing pipe. But, if you havn't started transmitting the first packet by the time the second packet finishes arriving then you've already lost the speed game. Fast service means that you don't hold on to the packets. You send them out the next link as soon as you get them. Any other architecture would result in transmission speeds that are two to three times slower, even for the highest priority packets! Duh!

So if you don't want your network to suck rocks, you still have to keep the utilization below 80%, and if you keep the utilization down then except for rare bursts of traffic the prioritization function will never be used.

As a search engine, why on earth would I buy priority on your network knowing that either A) it almost never gets used or B) your network is piss slow either way? Answer: I wouldn't.

Fire Mr. Smith. He doesn't understand the technology he's charged with overseeing.
====================

Airline Security a Waste of Cash

By Bruce Schneier

Story location: http://www.wired.com/news/privacy/0,1848,69712,00.html

02:00 AM Dec. 01, 2005 PT

Since 9/11, our nation has been obsessed with air-travel security. Terrorist attacks from the air have been the threat that looms largest in Americans' minds. As a result, we've wasted millions on misguided programs to separate the regular travelers from the suspected terrorists -- money that could have been spent to actually make us safer.

Consider CAPPS and its replacement, Secure Flight. These are programs to check travelers against the 30,000 to 40,000 names on the government's No-Fly list, and another 30,000 to 40,000 on its Selectee list.

Security Matters

They're bizarre lists: people -- names and aliases -- who are too dangerous to be allowed to fly under any circumstance, yet so innocent that they cannot be arrested, even under the draconian provisions of the Patriot Act. The Selectee list contains an equal number of travelers who must be searched extensively before they're allowed to fly. Who are these people, anyway?

The truth is, nobody knows. The lists come from the Terrorist Screening Database, a hodgepodge compiled in haste from a variety of sources, with no clear rules about who should be on it or how to get off it. The government is trying to clean up the lists, but -- garbage in, garbage out -- it's not having much success.

The program has been a complete failure, resulting in exactly zero terrorists caught. And even worse, thousands (or more) have been denied the ability to fly, even though they've done nothing wrong. These denials fall into two categories: the "Ted Kennedy" problem (people who aren't on the list but share a name with someone who is) and the "Cat Stevens" problem (people on the list who shouldn't be). Even now, four years after 9/11, both these problems remain.

I know quite a lot about this. I was a member of the government's Secure Flight Working Group on Privacy and Security. We looked at the TSA's program for matching airplane passengers with the terrorist watch list, and found a complete mess: poorly defined goals, incoherent design criteria, no clear system architecture, inadequate testing. (Our report was on the TSA website, but has recently been removed -- "refreshed" is the word the organization used -- and replaced with an "executive summary" (.doc) that contains none of the report's findings. The TSA did retain two (.doc) rebuttals (.doc), which read like products of the same outline and dismiss our findings by saying that we didn't have access to the requisite information.) Our conclusions match those in two (.pdf) reports (.pdf) by the Government Accountability Office and one (.pdf) by the DHS inspector general.

Alongside Secure Flight, the TSA is testing Registered Traveler programs. There are two: one administered by the TSA, and the other a commercial program from Verified Identity Pass called Clear. The basic idea is that you submit your information in advance, and if you're OK -- whatever that means -- you get a card that lets you go through security faster.

Superficially, it all seems to make sense. Why waste precious time making Grandma Miriam from Brooklyn empty her purse when you can search Sharaf, a 26-year-old who arrived last month from Egypt and is traveling without luggage?

The reason is security. These programs are based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That's simply not true.

What these programs do is create two different access paths into the airport: high-security and low-security. The intent is to let only good guys take the low-security path and to force bad guys to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to exploit the low-security path. Why couldn't a terrorist just slip an altimeter-triggered explosive into the baggage of a registered traveler?

It may be counterintuitive, but we are all safer if enhanced screening is truly random, and not based on an error-filled database or a cursory background check.

The truth is, Registered Traveler programs are not about security; they're about convenience. The Clear program is a business: Those who can afford $80 per year can avoid long lines. It's also a program with a questionable revenue model. I fly 200,000 miles a year, which makes me a perfect candidate for this program. But my frequent-flier status already lets me use the airport's fast line and means that I never get selected for secondary screening, so I have no incentive to pay for a card. Maybe that's why the Clear pilot program in Orlando, Florida, only signed up 10,000 of that airport's 31 million annual passengers.

I think Verified Identity Pass understands this, and is encouraging use of its card everywhere: at sports arenas, power plants, even office buildings. This is just the sort of mission creep that moves us ever closer to a "show me your papers" society.

Exactly two things have made airline travel safer since 9/11: reinforcement of cockpit doors, and passengers who now know that they may have to fight back. Everything else -- Secure Flight and Trusted Traveler included -- is security theater. We would all be a lot safer if, instead, we implemented enhanced baggage security -- both ensuring that a passenger's bags don't fly unless he does, and explosives screening for all baggage -- as well as background checks and increased screening for airport employees.

Then we could take all the money we save and apply it to intelligence, investigation and emergency response. These are security measures that pay dividends regardless of what the terrorists are planning next, whether it's the movie plot threat of the moment, or something entirely different.

- - -

Bruce Schneier is the CTO of Counterpane Internet Security and the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. You can contact him through his website.

Ten Ajax myths debunked | Loek Bakker's weblog:

Loek Bakker's weblog: 10 Ajax myths debunked

4. Ajax is about client side technology
Wrong again. There is no such thing as a successful Ajax implementation without a solid server side implementation of the capabilities. The fact that with any good Ajax implementation the user does not experience a latency problem, is due to the fact that the back-end processing server side is of superior quality, and optimized to serve responses very fast.

9. Ajax is Google, not Microsoft
Maybe it is because Microsoft do not want to fuel the Ajax concept for obvious reasons, but indeed the Redmond guys are very quiet so far on the Ajax front. This does not mean however that they do not do anything with the idea of Ajax. Microsoft likes to point out the pioneer's role it has taken on when developing Outlook Web Access (or: OWA to throw in a TLA), and reportedly the new generation ASP.NET has something called script callbacks which is Microsoft's implementation of Ajax.
And for Google: yes they have done a lot of work, and developers all over the world are examining and improving the code of GMail, and are publishing snippets of it on web sites and blogs.
So both companies have embraced Ajax, and in fact they both have in common that they are not promoting the name Ajax much.
----------------

The Web 2.0

One great thing about our industry is that a lot of people working in it are really inventive. The last couple of months I have been blogging about a lot of stuff that have been slammed together now and has been branded "The Web 2.0". As a matter of fact, there even has been a real brainstorm at something these guys call a FOO Camp (I invite you to click this link, it gives an insight in what a FOO Camp is -> I had no clue what it was, now I do). Here is the result of that brainstorm:

From what I understand of it, Web 2.0 is considered to be a concept where the Web is a platform for applications, maybe you could even say that it is an applied web service model. It is basically a collection of technologies which all have in common that they rely heavily on a broad band connection. The trends are such, that more and more people are having a broadband connection, and stuff like P2P networks (with BitTorrent explicitly being named in the Web 2.0 mememap), Wikipedia, blogs and rich user experience (RIAs and/or AJAX for instance). Add the rise of the SOA and web services to that, and you can see there is momentum for Web 2.0

I know it is easy to say that all the stuff / technologies being named in the picture are or have been somewhat hyped, but the essence of Web 2.0 is in the game, not in the players. And the game is that anyone can participate in it and has the Right to Remix (it is the "some rights reserved" part of Web 2.0). Interesting thing, I suppose we will hear more from it in the coming months.
===========
What has changed though, is that Web 2.0 is in the center of attention, and that for the first time in a long period Microsoft is not the dominant player it once was and they admit/know it. Could they turn the tide by fully open-sourcing the C# language for instance? Should they give the full .NET framework to the IT / OS community? Have they investigated this possibility? MSFT's arch rivals (when it comes to development) Sun have taken the strategy to open-source all their new products / initiatives, so you could say that they have embraced the Web 2.0 business model. The same goes to a certain extent for IBM, who are actively participating in OS initiatives, although they still make a lot of money on licences for WebSphere for instance.

IT companies should ask themselves two key questions:

1. Should we adopt the Web 2.0 business model (in which the open source business model fits to a certain degree), where we give up something expensive but considered critical, hoping to get something valuable for free that was once expensive? (take into consideration that this could be a huge risk!)
2. If we do so, just exactly what should we give up? Is open-sourcing one of our products (maybe all?) enough, or should we come up with something different, as more and more companies are open sourcing their offerings.

This in fact could be one of the main challenges for CEO's and CIO's of IT companies / vendors in the next couple of years, and it goes beyond the open source discussion.

==================
7. SOA requires standards that can be depended upon across all vendors’ implementations of SOA.

Correct, you know how I feel about vendors and SOA. Take someone off your SOA team if he or she says that you should purchase your SOA from your favorite vendor. I would restate Judith's statement to: SOA requires open standards that can be depended upon across all vendors' implementations of SOA.
http://loekb.blogspot.com/2005/11/reality-check-on-10-principles-of-soa.html

===========xx
---------------------
http://www.cnn.com/2004/TECH/ptech/01/09/bus2.feat.geek.camp/
Simon Cozens, an author and programmer from England, presented Twingle, a program that helps you find things in your e-mail archives (who doesn't need that?).

...For relaxation, campers drank microbrews, tossed Frisbees, and disassembled a Toyota Prius, then put it back together again (it was a rental). Clearly, this was not your average technology conference.
--------------------

http://www.webservices.org/

http://www.zapthink.com/

http://www-306.ibm.com/software/data/iminer/

http://www.grokker.com/

http://www.micropersuasion.com/2005/11/ten_technorati_.html
------------------------
http://www.cbdiforum.com/bronze/journal/2005-11/SOA_Governance_Chaos_to_Order_2.php

Framework Bingo

Faced with marginalization within the IT department, many enterprise architects occupy their time, energies and wallspace attempting to populate nxm matrixes. The best known of these is probably the Zachman framwork. Such frameworks prescribe a series of models, and the job of the Enterprise Architect is interpreted as making sure all these models are properly completed and coordinated. Some sceptics refer to this activity as Framework Bingo.¹

Generalization isn't Abstraction

SOA calls upon designers and architects to operate at a higher level of abstraction.

One mode of abstraction commonly associated with enterprise architects is generalization - they are often thought to operate mainly with generalized business objects/processes, such as CUSTOMER and SALES.

But this is actually not where the real architectural challenges lie.

Instead, architects need to reason explicitly about system structure and dynamics - cohesion and coupling, composition and decomposition, change and emergence. They need to understand granularity and stratification as active choices, rather than text-book patterns.