Broadband Developments

Efraim Schwartz over at ComputerWorld reported back in July the results of various studies that indicate that IT jobs will drop in 2009.  Contractors, projects, overall spending down.  The news is dire: “Almost no investment in cloud computing”.

Well, I don’t have any studies to refer to just gut predictions.
Like that old sly cop with the corduroy jacket on your favorite TV show, I got some hunches.

Shining up my crystal ball:

YES…….
Economy is kinda clouding things up, but yes, a few things seem clear..

1. Yahoo – Microsoft will scoop them up
2. Windows 7 – Unfortunately for Microsoft, this will probably dud, too many factors against it.
3. Ipod Touch Tablet – An internet-capable touch screen tablet –March or June
4. Chrome 2 – will run on cell platform and desktop, instant browser sync
5. Digg – Google property
6. Giants win the Super Bowl – not a tech prediction-that just popped in there.

Again, 1-5 are based on nothing but hunches here people.  #6 is something else entirely.  (We make no claims to the validity of any of these predictions, however)

Side note – Gizmodo posted this rumor about Steve Jobs on their website.  Nothing that wasn’t said before, but there are alleged reliable sources here.  Jobs is the Walt Disney of Computing™, let’s hope this rumor is not true.  Long live Jobs and I will take one of those Touch Tablets please…

Have a good 2009..

Yeah, Everyone does these.  Top 10 – etc.

I thought about it.  Techmeme did a nice job of the biggest stories.  Thanks end the end-of-year read.   So, I’ll analyze it.

1. The Yahoo-Microsoft Story – Yeah this had to be the story of the year.  Microsoft overbids it turns out for Yahoo.  Yahoo plays hard-to-get.  Yahoo cozies up to Google.  That doesn’t turn out so well.  Yahoo is worth a fraction of what Microsoft bid for it.  This one is not over by a long shot.
2. Apple Announces last year at MacWorld – The fanboys will be onboard anyway and this was their event.  (FYI – I carry an iPhone)  Apple has plenty of press nowadays, this is not much of a big deal.
3. Google Chrome – So far it has been ho-hum.  There was a big splash, some people tried it, but this is not a world changer as it turns out.  (FYI- it’s my second browser and I love it)
4. Apple Developer Connection – The App Store is the single greatest thing about the iPhone.
5. Google Spoken iPhone App – Cool and wow.  I like the sound of that and it sums up that app nicely.  It really does work well.  Now is this a story of the year?  Um.  It could lead to lots of exciting things, but to me, not really a story of the year.
6. Google/Valve buy – an interesting rumor that didn’t come true.  Google with all that money, all that cash and everyone talking about what to buy.  Kinda funny isn’t it?
7. RIAA Music lawsuits – Dropping the lawsuits against Grandma Jones, it means little as I expect the RIAA to increase the pressure on the internet providers.
8. Google>Microsoft> Digg – Once again see Comment for #6
9. Windows 7 – Reports are saying its a glossy version of Vista.  I think the timing of this OS may be unfortunate for Microsoft – with the economy stumbling and tech/personal spending in a crunch.  If Windows 7 is not a game changer, then this baby may thud.
10. iPhone 3G – This was a story that deserved to be way higher on the list.  Apple finally put it all together and delivered again a “game changer”.

Wasn’t there an Olympics or something?  What about LinkedIn?  I’ve been on that for maybe 2/3 years now, but it seems to really have blown up now.  Facebook anyone?  Twitter?  Not really news, but their influence and presence has grown..

The state of Florida wants to tap into the billions of venture capital dollars invested in young companies each year. It is seeking venture capital funds in which to invest money from the $29.5 million Florida Opportunity Fund, established by the state to funnel more venture capital to Florida start-ups.

The fund will look for regional and national venture capital funds that have done business in Florida and plan to invest in young Florida companies, particularly those developed at Florida universities and research institutions. Then, the fund will invest portions of its $29.5 million in those funds, with the goal of creating and growing Florida businesses.

The Florida Opportunity Fund hopes to create more venture capital activity in the state, said Gail Rayos, a spokeswoman.

The fund is managed by Florida First Partners, which is a joint venture between Milcom Venture Partners, a Florida venture capital fund manager, and a Credit Suisse investment group that runs similar funds in Ohio, Michigan, Indiana, New York and Oregon.

The Wall Street Journal has a great perspective on how regulation is hurting entrepreneurship. Add the lack of research mentioned here (below) and the opinion is complete.

Businessweek had a post last week about Silicon Valley wealth machine. Silicon Valley is going through another downturn. It’s the second major downturn in less than 10yrs. I’ve been on the ground for all of those years. It’s down, but not completely ‘out’.

Silicon Valley is a special place for entrepreneurship, and it continues to be. The issue is not that there is a wrench in the machine, but that the machine is broken. It’s rebooting.

One thing I love about Silicon Valley is that there are no handouts. It’s the ultimate entrepreneurial meritocracy. Change happens and it happens both from the bottom up (entrepreneurs) and the top down (capital market). The question is which force is driving the change.

Redistribution of wealth is upon us. The entrepreneurs and investors that move on this current market opportunity will capture the proverbial “chips on the table”. As an entrepreneur, I love this market. Opportunities are everywhere. Unlike the dot com bust, this tech (entrepreneurial) market never really crashed. Everywhere I look I see discounts and new opportunities. Smart money will move around, but in select places. Is the market scary? If you’re an incumbent it sure is scary.

Silicon Valley Web 2.0 is hurting, but not for the obvious reasons. A bigger force is at play here - massive redistribution of wealth is taking place. Some are scared, and some are welcoming the opportunity of possibly acquiring the wealth “on the table”. I think that Facebook and Twitter are great examples of what might be possible. Facebook will become the next Google. The only thing holding them up is that the ‘new revenue’ model that is soon to arrive at the “station”. When that “train” arrives (and it will) Facebook will say Goodbye to all the naysayers.

Research & Development Void?

The bigger picture is more long term and that’s all about research and development. Judy Estrin recently came out to talk about something really important - the innovation gap. Let me translate her thesis - we are screwed if we don’t have steady research unencumbered by short term agendas. Think how important institutions like Stanford, MIT, and SRI have been to Silicon Valley and entrepreneurship. Without these deep research institutions we would not have many innovations that created wealth - hello Ethernet; hello Apple; hello Cisco; hello Google, ..etc.

The lack of institutional research leaves a void in the Silicon Valley ecosystem. John Markoff postulates in his book “What the Dormouse Said” that the culture and research of the 60s drove the PC revolution. The question now is what revolution are we developing and where is the research? Will we miss the next important energy, medical, or tech breakthrough? Where is our modern day moonshot mandate?

How will it play out? The future is unwritten.

I find it interesting that its interesting that Cisco, Infoblox, and F5 have come together very quickly around this Infrastructure 2.0 meme.

Interested in Infrastructure 2.0 from Cisco then click here to register.

Network infrastructure will be transformed in coming months by new levels of automation and intelligence driven by new system and endpoint demands and new IT initiatives. Find out how you can boost network availability and flexibility while reducing TCO by transforming your static network infrastructure into a dynamic network infrastructure capable of responding quickly to the needs of more dynamic systems and endpoints. Attendees will learn about:

• Cisco’s perspective on the biggest revolution in data center networking technology since TCP/IP
• Why new initiatives, from RFID/supply chain to voip/wireless and virtualization will require dynamic infrastructure
• Why core network services automation and “connectivity intelligence” are a critical part of the evolution to Infrastructure 2.0

Speakers:
Stuart Bailey, Founder and Chief Technology Officer, Infoblox
Doug Gourlay, Senior Director, Cisco

Moderator:
Richard Kagan, VP Marketing, Infoblox

Sign up now for this announcement HERE.

There is a great post going on over at F5 devcentral by Lori MacVittie.  She calls it  How VM sprawl will drive the urgency of the network evolution.

The bottom line is the the network infrastructure is capable of being smarter.  The opportunity (for companies) is to create or enable the “Dynamic Enterprise.”.   Like Web 2.0 did for web sites and web apps, Infrastructure 2.0 will do for networks - addressable, discovery, intelligence, and policy will be at the center of the Infrastructure 2.0 equation.  The network needs to be smarter and automated to new functionality and benefits.

Lori writes:  “VM sprawl is predicted to be one of the outcomes of early adoption and excitement over virtualization. Just as IT struggled to manage the explosion of PCs and servers across the enterprise, it is predicted that now it will need to find a way to manage the explosion of virtual machines as they pop up all over the enterprise with surprising alacrity.

Part of the difficulty in managing new technology is the rogue deployment of X. Whether that’s physical or virtual servers is irrelevant, the challenges associated with managing what are essentially unmanaged applications and servers deployed outside normal organizational processes are the same.

One of the reasons these rogue deployments are so difficult to manage is that they are, effectively, invisible to the management systems and IT staff tasked with controlling them. They simply come into existence in what appears to be a whim, taking over network resources such as IP addresses and ports. This spontaneous existence is problematic, because those network resources may be needed for other, business critical uses.”

Microsoft is now shedding a little more light on the zero-day XML vulnerability.  It seems some Hong Kong-based pornography sites are dropping the trojans Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ on unsuspecting PC users.   This in addition to exploits discovered on a popular Taiwan search engine.  The details are here. A release to patch this vulnerability is to be released today.

(BTW I wonder what that job is like – “Just checking on potential viruses chief”)   I digress – really I appreciate all the MS team does to keep us in the dark keep us up to date on this serious security flaw in every instance of that little blue E on all the desktops in the world.  I mean if Hong Kong porn is not safe, then who is…?

All kidding aside can we stop the Patch Tuesday nonsense?  We now have a second “out of band” update this year.   Hackers are now celebrating “Exploit Wednesday” - look it up.   Some environments take weeks to approve these type of updates, even emergency ones.  I bet there are plenty of steamed folks out there about this little escapade.   Reports say this XML exploit started the day after the last regular patch.

I know things get exploited – fine.  And don’t start with the Mac and Linux tripe.  It’s just a fact that everything can be pwned.  I just have issues with the notification and resolution.  How you deal with it is what really determines how protected an organization is.  Patch Tuesday must die.  It’s like putting a sign on your lawn that says, “I am not home from the hours of 8am-530pm”.  Let’s put the call out today to put a nail in this thing.  Stop Patch Tuesday.  We need updates as they happen.  30 days is too long think about it.  Think about all the little vulnerabilities that don’t get the press.  Hacker releases exploit on Wednesday, if it gets found, it might make the next round of patches.  IT gets the update, tests on systems, releases to production – That could be 6 weeks of password-stealing, PC Zombie fun.

NOTE: I know there are crews at MS that have busted to get this thing identified and fixed – Thank you.  Again, I just don’t think the announcement strategy is working.  I know I will get some flames for this and some people who agree.  If someone has a better way, then speak up.

The Zero-day XML vulnerabilities once reported to only be affecting IE7 targets are now prompting warning from Microsoft to its customers across all supported versions of its Internet Explorer Web Browser.

http://www.microsoft.com/technet/security/advisory/961051.mspx

Workaround centers on setting Internet security settings to high and disabling the Ole32db.dll via ACL - not an end user-friendly operation.  Apparently the noted attacks have predominantly been noted against IE7 and on Chinese sites.  It exploits the way IE handles XML.  The exploit could potentially be used to access several types of sensitive data, however thus far it is only reported to be stealing passwords for computer games.

There are reports that Microsoft is considering fixing the flaw through an emergency software patch outside of the standard “Patch Tuesday”.

Now is a good time to give Google Chrome a try.

Yahoo was hit by a massive DNS problem today reported by GigaOm.

Some are saying quietly that there was a DNS cache poisining that effected Yahoo’s main DNS nameservers.  Yahoo is not talking to me about this.  Of course I’m interested in this because of all the recent DNS security risks which have been well documented by the DNS industry leading company Infoblox.

I will try to dig into this and see if Dan Kaminsky has any insight into this.

DNS problems went mainstream after I started reporting about it here and then John Markoff reported about it on the NYTimes.

Some more info here

Top-line results indicate that despite the fact that most organizations are running recent versions of BIND and no longer using Microsoft DNS Servers for their external DNS servers, many organizations have not taken the necessary precautions to limit access to recursion or secure zone transfers. In addition, many still have not upgraded to the latest DNS software to protect against the recently discovered Kaminsky vulnerability and associated risk of DNS cache poisoning.

“Given the heightened awareness of DNS server vulnerabilities due to the recent Kaminsky discovery, it is surprising to see how many organizations are still leaving their DNS systems as potential victims of attack,” commented Cricket Liu, Vice President of Architecture at Infoblox and author of O’Reilly & Associates’ DNS and BIND, DNS & BIND Cookbook, and DNS on Windows Server 2003. “Even if an enterprise has gone to the trouble of patching against the Kaminsky vulnerability, there are many other aspects of configuration, like recursion and open zone transfers, that should also be secured. If not, organizations are essentially locking their door to their house, but leaving the windows wide open. Organizations clearly need to pay more attention to configurations and deployment architectures that are leaving their DNS infrastructures vulnerable to attacks and outages.”

DNS servers are essential network infrastructure that map domain names (e.g., yahoo.com) to IP addresses (e.g., 66.94.234.13), directing Internet inquiries to the appropriate location. Domain name resolution conducted by these servers is required to perform any Internet-related request, whether for Web browsing, email, ecommerce, or cloud computing. Should an enterprise or organization’s DNS systems become compromised by attacks, the results can be devastating, ranging from loss of a company’s Web presence, inability of employees to access any outside Web services, and perhaps most damaging, redirection of Web and email traffic to bogus sites, resulting in data loss, identity theft, ecommerce fraud and more.

Following are the key 2008 DNS survey results, which are based on a sample that included 5 percent of the IPv4 address space, nearly 80 million addresses.

GOOD NEWS

--  90% of name servers that run BIND run one of the most recent versions
    of BIND 9; a small but significant number of administrators continue to run
    older versions of BIND on Internet-facing name servers, putting their
    organizations at risk.

--  Only .17% still rely on Microsoft DNS Server, down from 2.7% (2007);
    usage of unsecure Microsoft DNS Servers connected to the Internet is
    vanishing.

--  Support for Sender Protection Framework (SPF) within DNS for spam
    reduction increased from 12.6% of zones sampled to 16.7%; despite the
    complexity of SPF configuration, validating email senders is increasing in
    importance and organizations are taking email fraud seriously.

BAD NEWS

--  One in four DNS servers does not perform source port randomization --
    the "patch" for "the Kaminsky vulnerability"; the effort by vendors and the
    Internet's DNS community to encourage administrators to upgrade their name
    servers after the announcement of the Kaminsky vulnerability paid off;
    however, a surprising number have not been upgraded and are very vulnerable
    to cache poisoning.

--  More than 40% of Internet name servers allow recursive queries; there
    are still millions of open recursors on the Internet, a danger both to
    themselves and others -- they are vulnerable to cache poisoning and
    Distributed Denial of Service attacks.

--  30% of DNS servers surveyed allow zone transfers to arbitrary
    requestors; this leaves servers as easy targets for denial-of-service
    attacks.

--  Only .002% of DNS zones tested support DNSSEC; administrators have not
    been convinced of its importance -- perhaps intimidated by its complexity
    -- but new mandates could mean a significant change in the near future.

MISC.

--  Usage of IPv6 name servers continues to increase from .27% to .44%;
    while enterprises are investigating IPv6 and concerned about increasingly
    scarce IPv4 address space, adoption of IPv6 is still low -- address
    scarcity isn't yet considered a serious concern and they feel no urgency to
    adopt IPv6.

Call to Action

Based on these statistics, there are some clear calls to action for organizations with external DNS servers. Instead of waiting until they are attacked, all organizations should assess their DNS infrastructure and immediately take the necessary steps to make them more reliable and secure. Infoblox provides a number of free, automated tools that enable organizations to test their DNS infrastructure and identify weaknesses and vulnerabilities.

uTorrent has released an alpha client that uses UDP for P2P traffic delivery. UDP makes up roughly 2% of all Internet traffic today, and generally isn’t used for data delivery because it doesn’t guarantee either the delivery or the quality of the data being delivered (nor is it quite as easily managed). While the migration to UDP could potentially make filtering of P2P more difficult — raising the hackles of some anti-network-neutrality ministers and ISPs — BitTorrent tells us the decision was aimed at actually making BitTorrent more friendly.

According to posts at the uTorrent forum, the new version lays uTP, the micro transport protocol, on top of UDP, which provides for better flow control and prevents the kind of TCP RST packet attacks Comcast has used to throttle upstream P2P traffic. Robb Topolski, the DSLReports user who first discovered Comcast’s packet forgery tactics, thinks the shift to uTP/UDP is a good one:
It’s a very good thing for the network. This new protocol YIELDS to other streams. In other words, it’s less aggressive. The idea, eventually, is that background file transfers are handled like — well — background transfers — similar to the way that background processes take a lighter toll on the CPU while you’re actively using the computer. P2P users have the same concerns — this change keeps their interactive uses snappy, and during crunch time it ought to help others as well.
Yet Richard Bennett, perhaps the Internet’s most vocal opponent of network neutrality, pens a piece over at The Register proclaiming that the shift will result in an Internet meltdown — and worries that network neutrality laws would prohibit ISPs from taking on this new throttling challenge. The author quietly states his case by suggesting that those who would support the use of UDP for P2P transfers (like apparently, BitTorrent creator Bram Cohen), are little more than selfish junkies, mindlessly braying for the looming apocalypse:
Some of the people who use this system are spoiled children with no more concern for the greater good than junkies looking for their next fix. They can’t be allowed to spoil it for the rest of us, and the only practical means to prevent their doing so is to unleash effective management upon them. . .The best way to ensure that uTP doesn’t kill the internet is to throttle it at the source, and any law that stands in the way of ISPs exercising that level of management is deadly to the internet.
Simon Morris, head of Product Management at BitTorrent, thinks Bennett is a little confused.

While it’s true that a UDP-based P2P network will cause some problems for ISP throttling (something confirmed by our users), that isn’t the goal. “We’re doing this to implement our own more sensitive congestion control on top of UDP,” he notes. “We felt that TCP’s congestion control was problematic in that it relies on looking for packet loss as an indication of congestion. TCP spots the problem only after it has occurred.”

“By contrast, our prototype UDP-based protocol (called uTP) detects congestion by measuring transmission times between peers – if packet delivery *slows down* then we infer that congestion may be about to occur and immediately throttle back on delivery speed,” he says. “The point here is a protocol that is more sensitive, NOT a protocol that is more greedy,” insists Morris. “The idea we’d “declare war” is unfortunately sensationalist nonsense.”

Yet according to Bennett, “even the downloading fiends who haunt the message boards at Broadband Reports” can see the use of UDP for P2P transfers will result in an Internet implosion. Any thoughts, haunting downloading fiends?

Update: The reviews are in!

GigaOM notes that when it comes to Richard Bennett, “a little scaremongering can go a long way to make the case for an ISP-based network management clampdown on P2P traffic.”

Torrent Freak proclaims that a significant chunk of what Bennett’s saying simply isn’t true (but it does get the Register plenty of hits).

The Industry Standard says Bennett offers broad assumptions with few references.

Writer Robert Hallock pens an interesting explanation of TCP vs. UDP in a counter piece to Bennett, suggesting “we wait to attack the potential problem with data and evidence rather than suppose and conjecture our way into the unforgiving embrace of network non-neutrality.”