But there's this lovely new segment of lightly licensed spectrum in the U.S., the 3.65 GHz band. It's a non-exclusive licensed band available only in parts of the country that don't have pre-existing ground-to-satellite or radar uses that overlap. This omits most of the eastern seaboard and most major cities; Seattle is one exception.

The licensing mechanism allows any number of operators to obtain inexpensive licenses, and register the base stations they use by location. If interference arises among base stations, operators are required to work out the problems themselves. I wrote extensively about this band and its rules on 9-May-2008 in profiling Azulstar, formerly a metro-scale Wi-Fi firm, but now a big proponent of WiMax in 3.65 GHz. I also went over the rules for the band on 11-June-2007 when the FCC announced the arrangement.

Several firms offer base station and customer premises equipment for this band now, so close to the 3.5 GHz band more commonly exclusively licensed in Europe and elsewhere. WiMax equipment is available because the 3.65 GHz band can be used with WiMax without any modifications to that protocol, although limited to just 25 MHz of the 50 MHz that the FCC set aside.

Equipment that conforms to a more stringent set of rules about contention and other factors can use the whole 50 MHz, and that's where 802.11y comes in. It's an extension of Wi-Fi to cope with the specific needs--and to open Wi-Fi technology up to 20 W EIRP, a vastly higher power output. This could allow connections over 5 km, the group says.

The Wikipedia entry on 802.11y, clearly written by someone involved with the specification, notes that three specific additions are needed: a tweak to support the way in which the FCC wants contention among competing devices to work; a method for an access point to tell a station (a connecting radio) that it's about to switch its channel or its channel's bandwidth, and the station should do likewise; and a mechanism to handle a base station allowing or revoking permission to use the spectrum without uniquely identifying the user's system or broadcasting its precise GPS-based location.

The standard is near completion and initial approval. I don't have any knowledge about whether any mainstream Wi-Fi equipment makers or metro-scale equipment makers are looking into building 802.11y into their gear.

The fact is that this could be a great technology for the mostly sub-metropolitan markets that 3.65 GHz is available in, although it has the same pain as WiMax: all new gear on the towers and all new adapters for customers.

Anybody remember that slick marketing line?  You are a winner if you picked OS/2. OK I will admit it, I was an OS/2 user. I liked it much better than Windows 3.1 and used it even after Windows 95 came out. I still think it was a superior product to anything that the guys from Redmond put out.  Why don't we all run OS/2 today instead of Windows?  Good question, I ask myself that all the time.  Some say it is because Microsoft used strong arm tactics to persuade ISV's from developing apps for OS/2.  That may be true, but for me the real problem was IBM's strategy was instead of fighting the fight to get OS/2 apps developed, they said go ahead and run Windows and DOS apps on OS/2, we can run them better.  They could, but at the end of the day they were still Windows and DOS apps and this gave Microsoft an inherent advantage that could not be overcome.

I was reminded of this today while reading an article in eWeek by Joe Wilcox on how Microsoft is in so much trouble and how nobody is using Vista (better not tell the 100 million or so users of Vista that). Joe points out the recent Gartner report that says Microsoft is headed for a train wreck around 2011 or so because Windows is vulnerable (to competition that is, not necessarily to vulnerabilities.  Well actually it is vulnerable to those too, but that is for another blog).  Not to be outdone by the G-men, straight off the shrimp boat the Forest-er Gump crew come out with a pair of reports (here and here), that detail Vista's adoption issues.  The net of one is that while tech folks see the benefit of upgrading to Vista, it is a tough sell to the CIOs and CFOs of the world.  Many according to the article are saying they will wait for Windows 7, whenever that comes out.  I don't buy this myself. I remember similar talk when XP came out. 

Where I really disagree with Wilcox though is his comments regarding Mac OSX replacing Windows in the enterprise:

I disagree that Mac OS X is no alternative, particularly when businesses must swap out hardware anyway and Exchange-supporting Office 2008 is available. Mac OS X nicely plugs into Active Directory. I don't expect massive conversions to Mac OS X, but I strongly disagree with contention that it's "simply not a viable option."

What will enable this Mac revolution? Virtualization according to Wilcox and those who believe as he does. This is where they step in the footsteps of OS/2 before them.  If OSX is a better OS, fine. But don't fool yourself. If you are going to rely on Microsoft Exchange, Microsoft AD and other Microsoft server products plus Microsoft applications and you are going to run your Mac hardware running Windows in a virtual hypervisor on top of it, you are just a "better Windows than Windows" but you still run Windows.  Microsoft will use its stranglehold on the applications to make sure that they run better, faster, cheaper on the real Windows.

Gartner, Forester and Joe Wilcox miss the point here.  Windows will not be in serious danger of losing its preeminent position on the desktop until there are enough applications that run natively on another OS and don't run on Windows.  I don't see many application developers willing to walk away from the Windows market for that to be a reality.  That makes desktop Linux, Mac OS and the rest just more OS/2s.

Anybody remember that slick marketing line?  You are a winner if you picked OS/2. OK I will admit it, I was an OS/2 user. I liked it much better than Windows 3.1 and used it even after Windows 95 came out. I still think it was a superior product to anything that the guys from Redmond put out.  Why don't we all run OS/2 today instead of Windows?  Good question, I ask myself that all the time.  Some say it is because Microsoft used strong arm tactics to persuade ISV's from developing apps for OS/2.  That may be true, but for me the real problem was IBM's strategy was instead of fighting the fight to get OS/2 apps developed, they said go ahead and run Windows and DOS apps on OS/2, we can run them better.  They could, but at the end of the day they were still Windows and DOS apps and this gave Microsoft an inherent advantage that could not be overcome.

I was reminded of this today while reading an article in eWeek by Joe Wilcox on how Microsoft is in so much trouble and how no body is using Vista (better not tell the 100 million or so users of Vista that). Joe points out the recent Gartner report that says Microsoft is headed for a train wreck around 2011 or so because Windows is vulnerable (to competition that is, not necessarily to vulnerabilities.  Well actually is vulnerable to those too, but that is for another blog).  Not to be outdone by the G-men, straight off the shrimp boat the Forest-er Gump crew come out with a pair of reports (here and here), that detail Vista's adoption issues.  The net of one is that while tech folks see the benefit of upgrading to Vista, it is a tough sell to the CIOs and CFOs of the world.  Many according to the article are saying they will wait for Windows 7, whenever that comes out.  I don't buy this myself. I remember similar talk when XP came out. 

Where I really disagree with Wilcox though is his comments regarding Mac OSX replacing Windows in the enterprise:

I disagree that Mac OS X is no alternative, particularly when businesses must swap out hardware anyway and Exchange-supporting Office 2008 is available. Mac OS X nicely plugs into Active Directory. I don't expect massive conversions to Mac OS X, but I strongly disagree with contention that it's "simply not a viable option."

What will enable this Mac revolution? Virtualization according to Wilcox and those who believe as he does. This is where they step in the footsteps of OS2 before them.  If OSX is a better OS, fine. But don't fool yourself. If you are going to rely on Microsoft Exchange, Microsoft AD and other Microsoft server products plus Microsoft applications and you are going to run your Mac hardware running Windows in a virtual hypervisor on top of it, you are just a "better Windows than Windows" but you still run Windows.  Microsoft will use its stranglehold on the applications to make sure that they run better, faster, cheaper on the real Windows.

Gartner, Forester and Joe Wilcox miss the point here.  Windows will not be in serious danger of losing its preeminent position on the desktop until there are enough applications that run natively on another OS and don't run on Windows.  I don't see many application developers willing to walk away from the Windows market for that to be a reality.  That makes desktop Linux, Mac OS and the rest just more OS/2s.

Blogger: Dan Blum

There are two groups actively working to create a common event standard that allows event logs and audit records to be shared and understood across many products, and the good news is that they’re talking to each other:

• Common Event Expression (CEE) language, by Mitre 
• X/Open Distributed Audit Standard (XDAS), by Open Group 

The business benefits of creating a common event standard would be considerable:

• Reduced log management and security information event management (SIEM) system integration costs 
  • Reduced volume of event data and simplification of SIEM architecture 
  • Reduced need for (and increased effectiveness of) normalization 
• Reduced cost of integrating new solutions with security management infrastructures and frameworks 
• Lower cost of integrating event management and audit into cross-enterprise applications (such as federated identity management)
• Faster and simpler data exchange between organizations, vendors and incident response services supporting real time response to threats and attacks 
• Better forensics for a common defense 

Late last year, our Burton Group Security and Risk Management Strategies (SRMS) group decided to push the question of event standards with vendors, trade press, and standards groups. But we felt that we needed evidence of end user enterprise interest and involvement to start doing so. Happily, as we began researching the space, we found that Mitre’s CEE was being driven by the EU, NATO and DoD as well as log management and platform vendors. Burton Group held a conference call discussing common event standards and SIEM with members of the International Information Integrity Institute (I-4), and key stakeholders showed up. The Open Group reports that enterprises as well as vendors are getting involved with XDAS. Clearly, enterprises seem ready to focus on this topic.

Of course, there are challenges ahead. Not only is there no complete common event standard out in the field today, there are many partial standards or solutions, including Syslog; the IETF’s Intrusion Detection Message Exchange Format (IDMEF) and Incident Object Description and Exchange Format (IODEF); the Java Specification Request (JSR) 47 Logging API, WS-Management subscribe/publish APIs and so on. Any comprehensive standard released in the future should work with existing technologies like these as much as possible. Also, there are a number of complexities, including mapping event semantics between different systems, synchronizing time while managing clock drift, and maintaining dynamic event handling policies.

Fortunately, the Mitre and Open Group efforts are gaining traction. Mitre has put up a CEE web site and one can ask to subscribe to the CEE mailing list. Mitre has described its scope as covering standard event taxonomy/terminology, log syntax, log transport and recommendations on what types of events and data elements systems should log. Mitre’s specifications are in the draft stage, and publication for comment is “expected 2008” according to the website. That’s pretty indefinite. But we are told that while not complete, these draft documents will reflect a considerable amount for work that has already been done and can be built upon. It is positive that a CEE community representative says Mitre plans to begin by seeking comments on the underlying goals and requirements for event standards. But to establish a broadly accepted industry standard anytime soon, Mitre and the government/defense community it servers will have to accelerate overly lengthy document review cycles and possibly streamline handling procedures designed for classified information rather than open standards deliberation.

As my colleague Bob Blakley wrote in “An Auditing Standard: Has this rough beast's hour come round at last?” last July, Open Group revived prior work on a specification called “X/Open Distributed Audit Standard” (XDAS).  XDAS addresses the concerns necessary to build a robust distributed security auditing system in a mature and complete way, but its 1990s era C and UNIX interfaces need to be updated. Novell, whose Bandit Project incorporates XDAS, has contributed source code to a new open-source project called OpenXDAS (http://openxdas.sourceforge.net/) which makes an XDAS implementation widely available.

As these two standards efforts proceed, we hear mixed signals. There have been some indications of contention; for example, CEE representatives purport to have a strong emphasis on “simplicity,” while some observers have expressed concern that XDAS may be “too complex.” Of course, the other side of the argument could be that CEE will over-simplify issues, but it’s hard to have that discussion when specifications for CEE aren’t publicly available yet.

Fortunately, olive branches have been extended as well. During the Open Group meetings in January, 2008 Burton Group observed the XDAS and CEE leadership discuss ways they could coordinate and avoid overlaps. For example, CEE and XDAS could make sure that XDAS APIs become a CEE-compatible logging transport and, if both organizations produce data dictionaries for events, they could be perhaps formulated to use a common taxonomy and to avoid schema conflicts and overlaps. We’re also hoping that vendors such as Arcsight, Oracle and CA – who have been proactive about proposing specifications or encouraging the industry to create a common event standard – will be become part of the convergence on a common solution.

In the coming weeks and months, Burton Group will keep watching the event standards space and post more information on how matters develop. Please let us know by commenting on this blog if there are other standards efforts we should be watching, compatibility concerns to address, or other issues and questions you’re concerned about. We hope to continue being a voice for convergence and standardization that helps put the industry on the road to a common event standard by 2009.

Blogger: Dan Blum

There are two groups actively working to create a common event standard that allows event logs and audit records to be shared and understood across many products, and the good news is that they???re talking to each other:

• Common Event Expression (CEE) language, by Mitre 
• X/Open Distributed Audit Standard (XDAS), by Open Group 

The business benefits of creating a common event standard would be considerable:

• Reduced log management and security information event management (SIEM) system integration costs 
  • Reduced volume of event data and simplification of SIEM architecture 
  • Reduced need for (and increased effectiveness of) normalization 
• Reduced cost of integrating new solutions with security management infrastructures and frameworks 
• Lower cost of integrating event management and audit into cross-enterprise applications (such as federated identity management)
• Faster and simpler data exchange between organizations, vendors and incident response services supporting real time response to threats and attacks 
• Better forensics for a common defense 

Late last year, our Burton Group Security and Risk Management Strategies (SRMS) group decided to push the question of event standards with vendors, trade press, and standards groups. But we felt that we needed evidence of end user enterprise interest and involvement to start doing so. Happily, as we began researching the space, we found that Mitre???s CEE was being driven by the EU, NATO and DoD as well as log management and platform vendors. Burton Group held a conference call discussing common event standards and SIEM with members of the International Information Integrity Institute (I-4), and key stakeholders showed up. The Open Group reports that enterprises as well as vendors are getting involved with XDAS. Clearly, enterprises seem ready to focus on this topic.

Of course, there are challenges ahead. Not only is there no complete common event standard out in the field today, there are many partial standards or solutions, including Syslog; the IETF???s Intrusion Detection Message Exchange Format (IDMEF) and Incident Object Description and Exchange Format (IODEF); the Java Specification Request (JSR) 47 Logging API, WS-Management subscribe/publish APIs and so on. Any comprehensive standard released in the future should work with existing technologies like these as much as possible. Also, there are a number of complexities, including mapping event semantics between different systems, synchronizing time while managing clock drift, and maintaining dynamic event handling policies.

Fortunately, the Mitre and Open Group efforts are gaining traction. Mitre has put up a CEE web site and one can ask to subscribe to the CEE mailing list. Mitre has described its scope as covering standard event taxonomy/terminology, log syntax, log transport and recommendations on what types of events and data elements systems should log. Mitre???s specifications are in the draft stage, and publication for comment is ???expected 2008??? according to the website. That???s pretty indefinite. But we are told that while not complete, these draft documents will reflect a considerable amount for work that has already been done and can be built upon. It is positive that a CEE community representative says Mitre plans to begin by seeking comments on the underlying goals and requirements for event standards. But to establish a broadly accepted industry standard anytime soon, Mitre and the government/defense community it servers will have to accelerate overly lengthy document review cycles and possibly streamline handling procedures designed for classified information rather than open standards deliberation.

As my colleague Bob Blakley wrote in ???An Auditing Standard: Has this rough beast's hour come round at last???? last July, Open Group revived prior work on a specification called ???X/Open Distributed Audit Standard??? (XDAS).  XDAS addresses the concerns necessary to build a robust distributed security auditing system in a mature and complete way, but its 1990s era C and UNIX interfaces need to be updated. Novell, whose Bandit Project incorporates XDAS, has contributed source code to a new open-source project called OpenXDAS (http://openxdas.sourceforge.net/) which makes an XDAS implementation widely available.

As these two standards efforts proceed, we hear mixed signals. There have been some indications of contention; for example, CEE representatives purport to have a strong emphasis on ???simplicity,??? while some observers have expressed concern that XDAS may be ???too complex.??? Of course, the other side of the argument could be that CEE will over-simplify issues, but it???s hard to have that discussion when specifications for CEE aren???t publicly available yet.

Fortunately, olive branches have been extended as well. During the Open Group meetings in January, 2008 Burton Group observed the XDAS and CEE leadership discuss ways they could coordinate and avoid overlaps. For example, CEE and XDAS could make sure that XDAS APIs become a CEE-compatible logging transport and, if both organizations produce data dictionaries for events, they could be perhaps formulated to use a common taxonomy and to avoid schema conflicts and overlaps. We???re also hoping that vendors such as Arcsight, Oracle and CA ??? who have been proactive about proposing specifications or encouraging the industry to create a common event standard ??? will be become part of the convergence on a common solution.

In the coming weeks and months, Burton Group will keep watching the event standards space and post more information on how matters develop. Please let us know by commenting on this blog if there are other standards efforts we should be watching, compatibility concerns to address, or other issues and questions you???re concerned about. We hope to continue being a voice for convergence and standardization that helps put the industry on the road to a common event standard by 2009.