Digital Common Sense

While I do cross-post some blog entries here and on the Realtime VoIP Conversation, there are many things within the community site and posted over there that I don’t cross-post.

Today I had the pleasure of interviewing Dmitry Goroshevsky from Popular Telephony. The results of our chat are posted in Realtime Interview with Dmitry Goroshevsky, Popular Telephony for those of you who are interested.

Technorati Tags
VoIP
IP Telephony
Voice Over IP
VoIP security
Peerio
Popular Telephony<
Vonage
Dmitry Goroshevsky
Peer-to-Peer
P2P
telephony
VoIP Community
Realtimepublishers
Realtime
Realtime VoIP Community

Filed by Ken at 10:01 pm under Unified Communications
No Comments

Om Malik’s article The Black Box That Would Conquer Telecom went online on CNN Money the other day. For those of you who may not follow or be famliar with Om, he’s a senior writer at Business 2.0 and author of Broadbandits: Inside the $750 billion telecom heist.

The article is about Vyatta, a startup that’s built a commercial open-source router. The intent it obviously to compete with Cisco at the low end. That’s an interesting enough story. We all follow the David and Goliath stories. (and yes, we know Goliath almost always wins).

Om also opens the door to the idea of open source telecommunications. Here’s what he had to say:

The scramble for open source in networking comes because two primal forces tearing the old telecom order apart. First, the Internet-based technologies are replacing the closed legacy phone systems, thus helping the convergence of computer and the phone systems. In old times, in order to build a networking box, companies would design specialized chips, and run specialized software on them to get the best performance. Now you can buy extremely powerful processors like Advanced Micro Devices’ Opteron chips for a few hundred dollars, run special networking software on them, and get similar performance. There are nearly half-a-dozen open source projects that capitalize on the cheap processing power.

Five specific open-source products are identified:

Asterisk, the ultra low cost PBX
Nagios, a network monitoring tool
Open VPN, for virtual private networking
Snort, a longtime firewall, IDS, antihacking favorite
XORP, the router based on any PC

Let’s follow the Asterisk trail briefly It’s the most directly related to our VoIP focus, and Alex Saunders posted something that also made me think about it the other day when he posed the question How Big is the Asterisk Market, Really?.

Asterisk is the wildly popular open source PBX software that’s been taking many sectors by storm. It requires minimal resources to run what can effectively scale to a substantial PBX system replacement. I have an Asterisk server running on a Dell laptop in my office for some testing and experimentation.

I’m trying to honestly get some real-world perspective on VoIP penetration rates with numbers that make real sense. Alec couldn’t find solid numbers from the analysts, and I can’t either. He noted that “in January 2004, Mark Spencer reported 20,000 Asterisk installations globally. In June 2005, he was saying 200,000. In January of 2006 he said “over 250,000″. 250,000 installations is a number that soungs big, but isn’t really. When you think of the number of PBX systems and key systems installed in the US alone, a quarter million systems is a drop in the bucket at best. It shows growth and positive results, but I don’t know if it’s enough to be viewed as a trend. And the numbers don’t indicate any enterprise size. Most of the companie’s I find using Asterisk are small business, heavinly in the tech sector, so they already have the skills in house to manage the system.

For me, substantial penetration in the small business market will be apparent when non-tech sector companies (real estate brokerages, auto parts stores, insurance offices, title companies and the like, are seen installing and maintaining their own systems. At the very least, managing the operations. Key systems today may be installed by resellers, by the admin assistant (that gal up front who really runs the company) doubling as the operator is who really keeps that thing going.

Alec mentioned chatting with Jeff Pulver who observed that half his FWD users were online using Asterisk. FWD is great for people involved in the growing VoIP market, and it does work wonderfully. But again, the penetration rate statistically against the PSTN and global deployment isn’t, in my mind, a statistically valid or accurate sample.

Don’t misunderstand me. I think Asterisk, and the other open source efforts are the real centers of innovation in VoIP technologies. With apologies to Cisco, they haven’t shown us a real innovation in quite some time. They buy innovation. The small companies, the open source efforts, the entrepreneurial spirits - these are where innovation lies, and they are the true R&D of VoIP.

FWD and Jeff’s work demonstrate innovation from the network perspective. Without Jeff’s tireless efforts, VoIP would be 3-5 years behind its present maturity and penetration. His personal contribution to the success of VoIP can’t be measured. But FWD remains a niche in networking. It’s the nature of being the strident voice on the fringe pushing for innovation and new ideas. That’s not a bad thing.

I guess my point to all this is as much a set wondering questions as anything else - Where does open source software fit in telecommunications? Perhaps the large question, where does it fit in corporate or enterprise business? Does open source represent a avenue that large business can or will adopt and embrace in any widespread fashion? I think that’s a great unknown, but my experience with enterprise business is that they will always lean toward established commercial solutions. That outdated mindset “nobody ever got fired for buying IBM” hasn’t changed much in the last twenty years - just substitute a different name…pick one. For me, they key to consider really came in Om’s conclusion:

The biggest interest in XORP and future Vyatta products will be in emerging economies like China and India, which are not cash rich, but have broadband ambitions. No one wants to pay for expensive commercial routers. “In the near future there would be ad-hoc networks on a person, and that could conceivably need a router with a tiny footprint, like XORP,” Ghosh predicts.

The emerging economies of India and China are emerging quickly. Many countries aren’t trapped in the corporate mindset of the US and much of Europe.

Business as usual is being invented every day in these areas. Perhaps it’s time to rethink business as usual. We need to rethink how we use open source, innovative networks, peer-to-peer technologies and a host of other solutions that small business and individuals are already leveraging to competitive advantage.

Technorati Tags
VoIP
IP Telephony
Voice Over IP
XORP
FWD
open source
Asterisk

Filed by Ken at 11:06 am under Unified Communications
No Comments

February 20, Channel Register (UK) — Spammers adopt stealth tactics. Botnet controllers are switching to stealth tactics in a bid to avoid detection. Instead of mass mail−outs of spam and malicious code, they are adopting slower distribution tactics in a bid to avoid appearing on corporate security radars. UK−based Web security firm BlackSpider Technologies reports that one huge botnet, responsible for issuing 50 million identical spam e−mails per day, compromises at least 150,000 distinct IP addresses. The use of a large number of machines −− each sending out an average of 330 e−mails a day or around 40 per hour during the course of a working day −− is a change from prior botnets when only a handful of compromised e−mail servers would have been used to do the same job. It’s well known that packages such as Send−safe.com are used by spammers to control the distribution of junk mail broadband−connected PCs infected by viruses such as SoBig, but BlackSpider’s figures on the mail−out rate from compromised machines add a fresh perspective to the problem. BlackSpider Technologies CTO James Kay said this low mail−out rate means users of compromised machines will not notice anything unusual with their net connection. Because they don’t notice anything amiss, the spambot remains undetected.
Source: http://www.channelregister.co.uk/2006/02/20/stealth_spam

—

I hope nobody’s surprised that spammers are shifting tactics to up the ante. It’s sort of a duh ephiphany.

Filed by Ken at 11:06 am under Technology
No Comments

February 17, Tech Web — Gartner: Turn off file sharing in Google Desktop. Tech research firm Gartner Inc. is recommending that enterprises turn off the file−sharing feature in Google Inc.’s desktop software. In a research posting on its site, Gartner said businesses allowing employees to use Google Desktop 3 Beta, which was released February 9, should start using the enterprise version of the software immediately. In addition, it said businesses should disable the Search Across Computers feature. The feature enables people to share files in their computers. Google does this by storing index copies of the files on its server for up to 30 days. The information is encrypted, and computer users decide which files they want to share. The problem with the feature, according to Gartner, is that employees are not always reliable in identifying documents that should not be shared. Such files could include those with regulatory or security restrictions, the researcher said.
Gartner’s report
Source:

—

Note: The Google Desktop has always contained some element of risk. Risk is inherent with that sort of an application.

Filed by Ken at 11:05 am under InfoSec, Technology
No Comments

February 17, Federal Computer Week — DHS official lays out cyber security responsibilities. The Department of Homeland Security (DHS) wants its technology procurements to meet recognized standards for security and privacy, a senior DHS official said Thursday, February 16. DHS is working with industry and standards bodies to create procurement requirements that meet those standards, said Jonathan Frankel, director of law enforcement and information−sharing policy in DHS’ Office of Policy Planning and International Affairs. Once the standards are in place, the procurement policies will ensure that the government only buys from vendors that meet them, Frankel said at the RSA Conference 2006. Speaking for DHS, Frankel said the department’s role is establishing a national strategy and providing an overarching vision of cyber security. DHS is improving its situational awareness of cyber attacks through the U.S. Computer Emergency Readiness Team, he said. The department is also working to manage cyber attack risks through the National Infrastructure Protection Plan.
Source: http://www.fcw.com/article92362−02−17−06−Web

Filed by Ken at 11:05 am under InfoSec
No Comments

February 17, Washington Technology — IG: DHS intel systems lack information security controls. The Department of Homeland Security cannot yet guarantee that its top−secret intelligence systems are out of reach from hackers, according to a new report from the department’s inspector general, Richard Skinner. Based on a review of the department’s classified intelligence IT systems conducted from May to September 2005, the IG expressed major concern with the management structure overseeing its intelligence systems as they relate to inventory, certification and accreditation, incident detection and response, and information security training and awareness. DHS officials agreed with the recommendations and have begun taking action to address the issues, the report said.
Declassified summary of the IG report
Source

Filed by Ken at 11:03 am under InfoSec
No Comments

February 17, National Journal’s Technology Daily — Government wants court hearing on BlackBerry usage. A court adjudicating a patent spat over the BlackBerry communications device needs to hold a hearing on the technical details of exempting government users from a potential blackout, the Bush administration said Thursday, February 16. The Justice Department filing is the latest salvo in the ongoing saga over whether Judge James Spencer will order the BlackBerry maker Research in Motion to stop distributing and supporting its ubiquitous communications device in the United States. Under federal law, government users are exempt from injunctions in patent−infringement cases and instead can pay royalties. But the government is worried about the effectiveness of any technical solutions implemented to shield government BlackBerry users and its thousands of contractors from an injunction. To exempt users from a service blackout, government officials and contractors first must be identified. As outlined in the government’s brief, there appears to be several methods of doing so, but the process of collecting the information involves significant legwork.
Source

—-

All this noise is really about organizations (government in this case) putting all their eggs in a single basket and not performing due diligence in contingency planning. Shame, shame, shame.

Filed by Ken at 11:03 am under Technology
No Comments

I tagged this post the other day, but with everything going on this week, I have not had time to dig deeper. I know having taught several CISSP courses that this concerns me deeply. Thanks to Xavier for the post.

There are few certifications I consider worthwhile (MSCE is not among them. Even CCIE has become, in my mind, very questionable as to value). CISSP and GIAC certifications carry respect and have been earned by merit. If the CISSP study guides are plagued by plagiarism, the whole process becomes questionable for me.

Security Dump has the scoop.

Filed by Ken at 10:19 am under InfoSec, Technology
No Comments

Sometimes you just can’t add anything except amen. It’ll be coming around…

Oracle’s Hubris: Punishment is Coming

In case you missed it, Oracle has put the world on notice to “turn security rhetoric into action”. That was the theme of Evelyn Sell’s (Senior Program Manager with Oracle) presentation last week at SECURECon; basically she took the stage to tell all of us security practitioners and developers that there is no excuse for security rhetoric that isn’t backed up by action. Wow. Do I even need to say it? Does “unbreakable” ring a bell? Or when Larry Ellison said “we haven’t had a vulnerability in twenty years”? Clearly they aren’t and clearly they have. Once again, I am flabbergasted by the hubris and hypocrisy coming out of that firm.

Now I thought I was about as irritated at Oracle’s as I was going to get - but clearly I was wrong. For anybody who hasn’t been paying attention, Oracle is not a the standard for software security - despite what their marketing department might tell you. I remember studying Attic Greek at one point in the distant past, and there are a few things I remember about Hubris: first, I remember that the quality of hubris (‛′Υβρις) is the principal downfall of characters in the tragedies. I also remember that it was one of the worst personality characteristics that the Greeks could imagine a person having. Almost any time that a character demonstrated the trait in tragedy, they were struck down (usually by the gods). To illustrate how much the Greeks hated this quality, the word can mean either “insolence” (akin to the sense we use it in today) or “violent crime” and was punishable by death under Athenian law. The Greeks loved to see those people on a “high horse” get their lumps.

I think the Greeks were on to something; I think the security community is starting to react to Oracle’s bull. Gartner has said they are no longer a “bastion of security”, researchers are working overtime to poke holes in their products, and they’re spending increasing amounts of money to bolster their image. The stage is set, and I think we’re there’s some major divine wrath on the horizon.

Filed by Ken at 12:12 pm under InfoSec
No Comments

This morning I was invited to speak at the 13th annual 2006 Politics Online Conference, March 7th and 8th at The George Washington University’s Marvin Center, specifically in a panel about VoIP and politics, titled “Making Next Generation Phone Calls.” For the last decade this conference has been the premier national gathering of academics, companies and political professionals involved in politics and issue advocacy on the Internet.

Here’s a conference bullet about the panel discussion:

If free phone calls sounds to good to be true, then it’s time to learn about how you can use Voice over IP (VoIP) technologies such as Asteriskâ„¢ to reach out to your constituents, voters and supporters using just your existing Internet connection!

The event is sponsored by the Institute for Politics, Democracy & the Internet. IPDI is the research arm of the Graduate School of Political Management at George Washington University.

From a lead-time perspective, I can’t coordinate making the trip to DC to participate, but I have offered to join via video teleconference if the conference audio-visual team can support that sort of collaborative effort in the time allotted. I’ll post more news as we work through details and as I learn what might be available online for any of you who are interested.

Technorati Tags
VoIP
IP Telephony
Voice Over IP
Technology and Political Process
Politics Online Conference

Filed by Ken at 9:56 am under Unified Communications
No Comments

I need to create a gaping void in my reading. Now that Hugh has a Tablet PC, his once cutting cartoons come in colors that make me retch and are far less cutting or interesting. But on the down side, they’re huge effin bitmaps that take forever to load. Aesthetically unappealing and make me wait while is loads at a snails pace even in Bloglines. There’s a winning combination. Not. Then again, if Scoble or Guy Kawasaki like it, what the (*&$ does Ken know? Well, he knows how to create a gaping void where someone he once read passionately used to be.

Filed by Ken at 8:47 pm under Technology
No Comments

Thanks tothe head lemur

It will be interesting to see just how long this thing lasts, because this idea is the dumbest thing to hit the internet since Punch the Monkey

my blog bladder just burst.

bullshit 2.0, stupid ideas, punch the monkey

Filed by Ken at 8:33 pm under Technology
No Comments

Filed by Ken at 6:55 pm under General
No Comments

In No EVDO VoIP today, Rich Tehrani makes a couple of really good points. He mentions again, Fred Goldstein’s post Network Neutrality is an Answer to the Wrong Problem from a few days back.

Fred’s article emphasizes that latest FCC subsidization of the Bells (incumbent telephone companies who pay legislators to do whatever they, the telcos, wish the owner of the wire - the incumbent local phone company - will soon have total control over the information content that flows over the wire. It’s interesting that Fred’s post refers to them as the Bells, because they really are. The old independent telcos have reinvented themselves as the old Bell system in three divisions. Ok. maybe three companies, but they behave as monopolistic divisions of the same Bell company. They are, at their core, still Bellheads.

Their business model focuses on “value added services” yet they are nothing more than plumbing providers. The have the same monopoly your local water company has. They own the pipes the bring you water. Plumbing. Nothing more.

In Rich’s article, he notes that Verizon’s Terms of Service restrictions. I’m going to reiterate Rich’s highlights here because they’re important:

Unlimited NationalAccess/BroadbandAccess:
Subject to VZAccess Acceptable Use Policy, available on www.verizonwireless.com. NationalAccess and BroadbandAccess data sessions may be used with wireless devices for the following purposes: (i) Internet browsing; (ii) email; and (iii) intranet access (including access to corporate intranets, email and individual productivity applications like customer relationship management, sales force and field service automation). Unlimited NationalAccess/BroadbandAccess services cannot be used (1) for uploading, downloading or streaming of movies, music or games, (2) with server devices or with host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, Voice over IP (VoIP), automated machine-to-machine connections, or peer-to-peer (P2P) file sharing, or (3) as a substitute or backup for private lines or dedicated data connections. NationalAccess/BroadbandAccess is for individual use only and is not for resale. We reserve right to limit throughput or amount of data transferred, deny or terminate service, without notice, to anyone we believe is using NationalAccess or BroadbandAccess in any manner prohibited above or whose usage adversely impacts our network or service levels. Verizon Wireless reserves the right to protect its network from harm, which may impact legitimate data flows. We also reserve the right to terminate service upon expiration of Customer Agreement term.

Rich says it’s frightening. I say it’s huge. and I see even further problems. I use a Treo 700w on this unlimited plan. I’s not a cheap device if you’re an existing Verizon customer. They really don’t care that you’re going to increase their billing $50/month for the data plan. They directly provide incentive for existing customer to not make the change to the Treo. But the Treo comes with Windows Mobile Media Player built into ROM. And a load of bookmarks and links to show you how to stream movies and music in direct violation of the terms of service. That’s right, they sell you a device and then tell you not to use the features. How’s that for value added?

And lest you think that it’s the FCC in the states alone, read Alec’s dilema with Rogers in When Does Unlimited Mean Unlimited? Our Canadian neighbors to the north are just as screwed by their providers. Alec got nailed for an extra $72 because he didn’t realize that unlimited really means tightly controlled.

Do those puveryors of plumbing stuck in yesteryear’s Bellhead mentality really think they can add value to the water? Or are they just pissing in the stream? Net neutrality is an issue garnering more and more attention from those of us who are on the downstream end of whatever it is those telcos have been drinking. And many of us are devising ways to seize control of the water supply and leaving them high and dry.

Technorati Tags
Net Neutrality
VoIP
IP Telephony
Voice Over IP
Verizon
EVDO
FCC
Bellheads

Filed by Ken at 5:18 pm under Technology, Unified Communications
No Comments

Put on a Happy Face

Originally uploaded by kencamp.

Filed by Ken at 1:45 pm under General
No Comments

Chief Security Officer

Originally uploaded by kencamp.

Filed by Ken at 1:45 pm under General
No Comments

We’ve been making several changes and enhancements over at the Realtime VoIP Community and on the community blog. First, we moved the blog over to Typepad. The community site runs on another software package that’s great for laying out a community of interest, but doesn’t have quite as powerful a blogging package as some of the other choices available. We built up some newsome new icons that show up on my sidebar too.

            

For me, perhaps the most exciting thing is that I’m ramping up a series of interviews and product reviews. I’ve been working with Andy Abramson to identify some great interviews of people who are shaping VoIP solutions for the next generation. If you don’t read or know Andy, I gotta tell you, that is one busy, hustling guy. I’m beginning to wonder if he sleeps at all. Andy’s a ball of excitement, ideas and goes full out.

I’ve found I don’t post or blog nearly as much here as I once did, but I’ve got a lot of faithful friends and readers who still read here. I have no intention of abandoning my writing here. But if it seems light here, and you’re interested in VoIP, you might take a look over here instead. I’m pretty focused on some cool new things there and putting a lot of attention into that blog for now.

Technorati Tags
VoIP Community
Realtimepublishers
Realtime
Realtime VoIP Community
VoIP
IP Telephony
Voice Over IP

Filed by Ken at 12:59 pm under General
No Comments

In an open letter to flickr, Jeanene says:

flickr that’s just not funny.terminate me.

I’ve never been anything but a very casual user of Flickr at most, but they can fluck off if they think I have the time or interest in figuring out what they’re doing. Photosharing is just too damn easy to bother with a service that just rang their own death knoll on the bell.

Filed by Ken at 6:46 pm under Technology
No Comments

I’ve had some mixed experience with the newest Skype for PPC, but haven’t had that much time to really work with it. I did just get voice mail on Skype from Andy Abramson via his PPC-6700. I’m not sure where Andy is. Somewhere Europe and headed to France tomorrow. But he was on Skype on his PPC-6700 using the WiFi connection and it was pretty darn tolerable. It was a bit noisy at first, but that could have been background. When he and I can manage time, we’ll do PPC to PPC and see how bearable that is.

Filed by Ken at 4:19 pm under Unified Communications
No Comments

February 15, Tech Web — Chertoff says IT weaknesses hurt Katrina response. Department of Homeland Security Secretary Michael Chertoff took responsibility for the poor response to Hurricane Katrina Wednesday, February 15, but he also blamed the department’s inability to conduct surveillance, communicate efficiently, track shipments, and handle Web traffic. Testifying before the U.S. Senate Committee on Homeland Security and Governmental Affairs, Chertoff said the Department of Homeland Security and the Federal Emergency Management Agency need interoperability, hardened communications, a tracking system for shipments, improved surveillance resources, upgraded software and better hardware. Without hardened communications equipment, leaders could not obtain the information they need to make proper decisions during disasters, Chertoff said. Improvements are underway, but the department has to come up with agreements for supply chain management and real−time monitoring, Chertoff said.
Chertoff’s remarks
Source

Filed by Ken at 12:54 pm under InfoSec
No Comments