Not your typical TPRC speaker. His heroes include “risk takers” Rupert Murdoch and Pat Buchanan, but not Ted Turner. Netflix was not mentioned. I was the first (but not the last) to stand up to question what he said.
Picture by John S. Quarterman, 27 September 2013.
-jsq
Reviewing Bruce Schneier’s 2004 book Secrets and Lies, much of which was written in 2000, reminds us of something really basic. You can’t just fix security. Security is a process, most of which is about knowing what’s going on. Detection is more important than prevention. To which I add that for detection we need comparable Internet-wide metrics on security performance so every organization can see what’s going on and will have incentive to do something about it because its customers and competitors can see, too. Sound familiar? That’s what SpamRankings.net is about.
Joe Zack posted in Joezack.com on Bastille Day, 14 July 2013, Secrets and Lies: Nine Years Later,
2. “Detection is much more important than prevention”
Schneier keeps coming back to this point. He had this epiphany in 1999 that “it is fundamentally impossible to prevent attacks” and “preventative countermeasures fail all the
time.” Security is “about risk management, that the process of security was paramount, that detection and response was the real way to improve security.” (emphasis mine)
I had formerly thought of security as largely being about prevention. A year ago, if you have asked me about “InfoSec” I might have prattled on about firewalls, injection attacks, encryption and good passwords. That’s still important, but now I know that there’s a lot more to it.
Zack says he thinks Schneier was like Nostradamus for having such insight before NSA PRISM and even before Facebook. Sure, Bruce has always been ahead of his time. But that basic insight was not unique to him, and Continue reading
Egypt returned to the Internet
about 09:30 GMT today (2 February 2011).
This sudden return after being as suddenly disconnected
one week ago (27 January 2011)
is obviously not due to ordinary causes such as congestion,
cable cut, or router failure.
This political disconnection of an entire country does not seem
to have helped the regime responsible for it; quite the opposite.
-jsq
On 27 January 2011 the Egyptian government cut off cell phone and
Internet access to the outside world.
Here’s what routing looked like to six destinations inside Egypt
as that happened.
The InternetPerils
PerilWatch has further detail.
-jsq
David G. Ross ofThe David Ross Group Inc. at
NANOG 50
talked about
data cables under the sea, in which he revealed that Internet growth
has not only not paused during the recession, it has increased,
and it continues to increase in every region in which his company operates,
including Asia, Middle East, and Africa.
North Atlantic hasn’t had any new submarine capacity in years,
in “the most competitive capacity market on Earth”.
It will probably run out in a few years, so now there is demand
to build new cables there.
Each cable costs about $200 million to install.
Slight downside: early remark that he was sure things were the same as they were when he worked for a telephone company.
-jsq
Peter Svensson gives an old and quite serious problem some mainstream press
in this AP story from 8 May 2010:
On April 25, 1997, millions of people in North America lost access to all of the Internet for about an hour. The hijacking was caused by an employee misprogramming a router, a computer that directs data traffic, at a small Internet service provider.The Pakistani incident is illustrated in the accompanying story and video by RIPE.A similar incident happened elsewhere the next year, and the one after that. Routing errors also blocked Internet access in different parts of the world, often for millions of people, in 2001, 2004, 2005, 2006, 2008 and 2009. Last month a Chinese Internet service provider halted access from around the world to a vast number of sites, including Dell.com and CNN.com, for about 20 minutes.
In 2008, Pakistan Telecom tried to comply with a government order to prevent access to YouTube from the country and intentionally “black-holed” requests for YouTube videos from Pakistani Internet users. But it also accidentally told the international carrier upstream from it that “I’m the best route to YouTube, so send all YouTube traffic to me.” The upstream carrier accepted the routing message, and passed it along to other carriers across the world, which started sending all requests for YouTube videos to Pakistan Telecom. Soon, even Internet users in the U.S. were deprived of videos of singing cats and skateboarding dogs for a few hours.
In 2004, the flaw was put to malicious use when someone got a computer in Malaysia to tell Internet service providers that it was part of Yahoo Inc. A flood of spam was sent out, appearing to come from Yahoo.
This problem has been known for a long time. Why hasn’t it been fixed? Continue reading
Rodney Van Meter, co-teaching a class by Jun Murai, posts notes
on why Albert-László Barabási (ALB) is both right and wrong about
the Internet (it is more or less a scale-free network when considered
as a network of Autonomous Systems (AS), but contrary to ALB's assumption John Doyle and others have pointed out that the bigger nodes are not central, an AS as a node would be somewhat
difficult to take out all at once, there are both higher and lower
layer topologies that make the Internet more robust, and
the Internet's biggest problem isn't topology at all:
The most serious risks to the Internet are not to individual "nodes" (ASes), but rather stem from the near-monocropping of Internet infrastructure and end nodes, and the vulnerability of the system to human error (and political/economic considerations):
Monoculture, who would have thought it?
For that matter, the Internet's ability to reroute has been very useful to ameliorate topological link breaks at the physical layer, for example undersea cables in the Mediterranean Sea twice last year.
Well, it depends on what you count as the beginning of Internet mail, but Sendmail, Inc., naturally counts from when Eric Allman wrote the first version of Sendmail in 1981, and is holding a shindig tomorrow, 25 October 2006 at the Computer History Museum in Mt. View, California.
Of course, Ray Tomlinson beat that by a decade when he implemented the first known networked mail system in 1971, and Tom Van Vleck implemented mail on CTSS at MIT in 1965, as well as Multics mail, about 1969.
But the Internet didn’t exist back then, and at least the experimental Internet did in 1981, so Eric’s got a fair claim on the beginning of Internet mail.
-jsq
Effective January 27, 2006, Western Union will discontinue all Telegram and Commercial Messaging services. We regret any inconvenience this may cause you, and we thank you for your loyal patronage.A little less than 162 years before, Samuel FB Morse sent the first telegram, saying:Western Union Telegram, 27 January 2006
What hath God wrought?It took some years for telegrams to become commercially available, and it’s possible there is some company still sending telegrams today, but more than a century and a half is a pretty long run for a technology. Continue reading