Category: Writing

Categories
Links Writing

Canadian Carriers: No, You Can’t Compare Our Plans

I’ve talked about trying to pull together a measurable comparison of Internet service in Canada for a while, but as of yet haven’t had the resources to build a tool which meets my criteria. Industry Canada had a similar idea for basic cell phone services. Specifically, the government department created a calculator to help Canadians easily compare text/voice plans across Canada’s various mobile provides. We’ll never see the calculator, however, because:

Internal departmental records released to Postmediareveal that Clement’s decision came after direct lobbying from the likes of Rogers Communications, Telus and the Canadian Wireless Telecommunications Association. Clement defended the decision to shut down the calculator by stating that it was “unfair” in that it didn’t include bundled services mainly offered by, yes, the big telecommunications providers.

It’s incredibly unfortunate that this tool wasn’t provided – it would have been of real assistance to the large number of Canadians that aren’t using bundled services. What’s worse is that, rather than providing the tool in a ‘basic’ state and then scaling it depending on demand (the approach planned by Industry Canada) the whole project was scrapped. Not even the source code has been made available. Consequently, Canadians paid a fortune to develop a tool which met its basic design specs, and have nothing to show for it save for a large government bill and the continued hassle of trying to decipher the cacophony of mobile phone plans. Carriers: 1 Canadians: 0.

Categories
Writing

I get that indexing encrypted backups is a royal pain in the ass, and that doing this well is challenging to boot. That said: the notion RIM would provide discrete, encrypted, backups of the PlayBook rather than solving the problem of indexed backups is absolutely absurd.

Even in an era of 500GB+ hard drives, ‘paying’ 13GB+ for each backup is ridiculous; this kind of storage cost simply doesn’t lead to a sustainable long-term backup schema (especially when you head north to 55GB+ backups). Most users, in response, will dial back to non-encrypted backups and thus reduce the security profile of what is meant to be a secure device. This is incredibly bad form for RIM, made worse by the company’s (often contrasting) focuses on (a) consumer markets; (b) professional – and thereby more security-conscious – markets.

Apple had the same problem with storing encrypted disk profiles in the previous iteration of their operating system – OS X Snow Leopard – though this was resolved in Lion. While the lessons learned by Apple likely are not perfectly equatable to RIM’s own situation, RIM needs to move the ball ahead if they are to simultaneously deliver to their dual markets. At this point they cannot afford to satisfy only one market or the other and hope to remain competitive.

Categories
Links Writing

User vs Corporate Understandings of ‘Security’

A really interesting paper on social authentication has just been released that looks at how facial identification ‘works’ to secure social networks from unauthorized access to profiles/records. The authors note that users of social networks are most concerned in keeping their interactions private from those who know the users. Specifically, from the abstract:

Most people want privacy only from those close to them; if you’re having an affair then you want your partner to not find out but you don’t care if someone in Mongolia learns about it. And if your partner finds out and becomes your ex, then you don’t want them to be able to cause havoc on your account. Celebrities are similar, except that everyone is their friend (and potentially their enemy).

Moreover, a targeted effort to identify a users’ friends on a social network – and examine their photos – will let an attacker penetrate the social authentication mechanisms. While many users would consider this a design flaw Facebook, which uses this system, doesn’t necessarily agree because:

[Facebook] told us that the social captcha mechanism was used to solve the problem of large-scale phishing attacks. They knew it was not very effective against friends, and especially not against a jilted former lover. For that, they maintain that the local police and courts are an effective solution. They also claim that although small-scale face recognition is doable, their scraping protection prevents it being used at large scales.

What Facebook is doing isn’t wrong: they simply has a particular attacker-type in mind with regards to social authentication and have deployed a defence mechanism to combat that attacker. Most users, however, are unlikely to consider that the company has a different attack scenario in mind than its end-users, leading to anger and concern when the defence for wide-scale attacks fails to protect against targeted attackers. While I don’t see this as a security or policy failure, it is suggestive that companies would be well advised to explain to their users how different security inconveniences actually interact with different hack/attack scenarios. Beyond educating users as to what they can expect from the various defence mechanisms, it might serve to raise some awareness about the different kinds of attackers that companies have to defend against. In an ideal world, this might serve as a beginning point in educating users to become more critical of the security models that are imposed upon them by corporations, governments, and other parties they deal with.

Categories
Links Writing

parislemon: What If… (Office For iPad Edition)

parislemon:

Watching the back-and-forth yesterday about the whole Microsoft Office for iPad thing was nothing if not amusing. The basic rundown:

It’s coming, here it is.” “That’s not it.” “Yes it is.” “No it’s not, but we didn’t say it’s not coming.” “A Microsoft employee showed it to us.” “No…

MG has an interesting analysis on what Office for iPad might mean. I have to admit, if MS partners with Apple to bring real office software to the iPad then another sword will be levied at Google’s throat. I still – as a professional writer – despise using Google Docs for anything but the most minimal tasks: it just doesn’t meet my requirements for ‘real’ word processing.

The takeaway? Office would add to the ‘professional’ status of the iPad without taking away from the iPad’s ‘consumer friendly’ branding. This would further exacerbate the issues that Google’s tablets face while simultaneously challenging RIM’s own advertising that the PlayBook is ‘the’ tablet for professionals. It would definitely be a coup for both companies against their competitors, and so well worth watching for.

Categories
Links Writing

Want to Claim Congestion? Then Expect Real Audits

Free is a really interesting new mobile carrier in France, which offers a cheap entry rate of service. It seems as though the incumbent they’re partnered with wasn’t expecting Free’s success and so they want to raise rates on the basis of congestion. Specifically,

France Telecom said its network was being stressed by a rapid growth in traffic brought on by its hosting of new mobile entrant Iliad and vowed to protect its clients from service interruptions, its CEO told magazine Le Point…Iliad’s Free Mobile service upended the French telecom market in January when it launched its main offer at 19.99 euros per month for unlimited calls to France and most of Europe and the United States, unlimited texts, and 3 gigabytes of mobile data.

It’s entirely possible that the network is stressed … but it’s equally possible that other issues are leading to stresses that are real or imagined. If incumbents get to call congestion whenever the market turns against them, then they should be subjected to real, honest to god, tests for congestion by engineers who are (at best) neutral. Ideally the engineers should be downright hostile in order to force the incumbent to demonstrate beyond a shadow of a doubt that the network is indeed strained, and that such strains aren’t the result of poor management, investment, or technical configuration.

If it turns out that the incumbent is responsible then they should pay for the audit and be required to meet contractual service demands that were offered to partners and be prohibited from engaging in predatory pricing in the future. Congestion is now a particularly tired big-bad-wolf, and it’s time that ISPs that call wolf are actually forced to demonstrate, in peer-reviewable empirical terms, that the wolf is actually at the doorsteps or ravaging the sheep.

Categories
Links Writing

SSL Skeleton Keys

From the Ars lede:

Critics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn’t own.

The so-called subordinate root certificate allowed the customer to issue SSL credentials that Internet Explorer and other major browsers would accept as valid for any server on the Internet. The unnamed buyer of this skeleton key used it to perform what amounted to man-in-the-middle attacks that monitored users of its internal network as they accessed SSL-encrypted websites and services. The data-loss-prevention system used a hardware security module to ensure the private key at the heart of the root certificate wasn’t accidentally leaked or retrieved by hackers.

It’s not new that these keys are issued – and, in fact, governments are strongly believed to compel such keys from authorities in their jurisdiction – but the significance of these keys cannot be overstated. SSL is intended to encourage trust: if you see that a site is using SSL then that site is supposed to be ‘safe’. This is the lesson that the Internet industry has been pounding into end-users/consumers for ages. eCommerce largely depends on consumers ‘getting’ this message.

The problem is that the lesson is increasingly untrue.

Given the sale of ‘skeleton key’ certs, the hacking of authorities to generate (illegitimate) certs for major websites (e.g. addons.mozilla.com, hotmail.com, gmail.com, etc), and widespread backend problems with SSL implementation, it is practically impossible to claim the SSL makes things ‘safe’. While SSL isn’t in the domain of security theatre, it can only be seen as marginally increasing protection instead of making individuals, and their online transactions, safe.

This is significant for the end-user/consumer, because they psychologically respond to the difference between ‘safe’ and ‘safer’. Ideally a next-generation, peer-reviewable and trust agile, system will be formally adopted by the major players in the near future. Only after the existing problems around SSL are worked out – through trust agility, certificate pinning, and so forth – will the user experience be moved back towards the ‘safe’ position in the ‘safe/unsafe’ continuum.

Categories
Writing

Stupid Problem with BlackBerry Data

I use my mobile phones a lot and most batteries just barely last me through a day on a single charge. With my iPhone and Windows Phone, when the batteries are almost exhausted, various functions (including radios) are disabled to make the last bit of juice last as long as possible. My BlackBerry does the same thing.

I’m fine with this.

What’s I’m not fine with is the following: once I charge the BlackBerry and the radios are re-activated, I have to pull the battery and fully reboot the device to get access to the various services that course through the BIS. If I don’t pull the battery, I get a warning that my plan doesn’t cover data services and thus I cannot access the phone’s various Internet-related functions. On the face of things, it seems that after charging the device, RIM’s software fails to indicate to their network infrastructure that I have a data plan and thus can access the BIS.

Needless to say, this is absurd.

I cannot believe that I’m the only person running into this and regardless of whether the problem is with my particular carrier, or the device, it isn’t something that I should ever experience. These are the kinds of problems that should be sorted out well before a device is put in the consumer’s hands.

Categories
Links Writing

The rules of a creators life

Creative Something: The rules of a creators life

I’d suggest that these 9 principles are essential to guiding me through daily life. I would want to add a tenth item though:

10. Be willing to fail, and fail often, and just be sure to learn a little from each failed project.

Categories
Links Writing

MegaUpload’s Shutdown: Financial Implications for Artists

Mike Masnick points out something that a large portion of the media missed in initial discussions surrounding the MegaUpload seizures:

There’s a key point in all of this that we missed in our earlier analysis about paid accounts at Megaupload. In the indictment, the government seems to assume that paid accounts are clearly all about illegal infringing works. But that’s not always the case. In fact, plenty of big name artists – especially in the hip hop world – use the paid accounts to make themselves money. This is how they release tracks. You sign up for a paid account from services like Megaupload, which pay you if you get a ton of downloads. For big name artists, that’s easy: of course you get a ton of downloads. So it’s a great business model for artists: they get paid and their fans get music for free. Everyone wins. Oh… except for the old gatekeeper labels.

There were certainly a large number of files that were potentially infringing – with the ability to ascertain whether something is or isn’t infringing being impossible to conduct automatically using digital systems because of legal ambiguities – but there were also many clearly non-infringing files. Those that were directly uploaded by artists for download were amongst this latter category.

While some artists who have already made it big might suffer a decrease in revenue/earnings, but still enjoy a life dedicated to creating new works, those who have yet to ‘break through’ will suffer disproportionately from losing an easy-to-use service that could generate some revenue. The smallest artists lose, the largest lose, and consumers lose. I’m not even certain that the labels themselves ‘win’, insofar as generating bad will likely hinders their ability to establish strong (positive) brand relationships with prospective consumers.

Categories
Links Writing

It’s Time to Stop Buying the Capacity Crisis Myth

From DSL Reports,

As usual though, actually bothering to listen to and look at the data tells a different story. Nobody argues that spectrum is infinite, but buried below industry histrionics is data noting that there really isn’t a spectrum crisis as much as a bunch of lazy and gigantic spectrum squatters, hoarding public-owned assets to limit competition, while skimping on network investment to appease short-sighted investors. Insiders at the FCC quietly lamented that the very idea of a spectrum crisis was manufactured for the convenience of government and industry.

Burstein correctly reminds us that there’s nothing to fear, and with modern technology like LTE Advanced and more-than adequate resources, any wireless company struggling to keep pace with demand is either incompetent or cutting corners (or both). The idea that our modern networks face rotating oblivion scenarios lest we not rush to do “X” is the fear mongering of lobbyists, politicians, and salesmen. All of them use fear by trade, but the key failure point when it comes to capacity hysteria seems to continually be the press, which likes to unskeptically repeatwhatever hysterical scenario gets shoveled their direction each month.

I think that this really strikes to the heart of things: while all parties recognize the (literally) physical differences between different physical layers that are used to deliver broadband services, hysterics (on both sides) have stifled rational discussion. We really need to have the engineers come forward to talk about things in a manner that lets them evade corporate ‘loyalties’. Moreover, we need to acknowledge that spectral bandwidth is one component of data transmission, not the entirety of it. New codecs, new compression algorithms, and new efficiency protocols can all enable much higher bandwidth volumes and throughput while using identical amounts of spectrum as older, less effective, means of using spectral resources. We need to holistically look at these resources, and get away from as much FUD as we can.