"consumers hate tokens."

"Everyone wants to be the single federation platform for everyone else."

"Federation will never work. It won’t work because the single most important consumer Web applications in the world are scared of it. Banks hate the concept because it becomes a weakest link in the chain problem."

"Tokens don’t actually solve most security problems, like man-in-the-middle, phishing, and keystroke-logging malware."

"Oh yes, and finally, consumers are going to have to carry around 13 of them just to make sure they can log into whatever they need to log into since no one will federate."

"Global federation is nowhere near a solid concept in the consumer space, despite what the vendors will try to sell you."

"This is a long term problem. If you work on it and make any progress against it, you'll find yourself much smarter at the far end, than you were at the near end.

When I was in Norway about 5 years ago, I was there very close to the summer solstice. I was wandering around town at 2 o'clock in the morning and there was plenty of light out. You come to a sign that says New Minsk about 60 km and it points south.

And I ask the lady "what country is this?"

She scratched her head for a bit, and said "well I think its Norway"

I said "well who plows the roads?"

"well Norway does, but he have to pay them."

There is a triple boundary in this town that I was in between Norway, Finland and Russia.

But what I did there, was, I had a card about wallet size, I stuck it into a machine, I punched in four digits, and it gave me about 2,000 krone, whatever the hell that is.

Now there are a lot of participants in that transaction. When I put a card into that machine, punch in a pin, and it gurgles for awhile, and finally gives me, a fairly large amount of money. There are a lot of participants in that transaction. The bank that owned the machine that gave me the money, it gave some money away -- that bank wants it back. The pin is necessary to convince my own bank that I'm me. But I don't want my pin to be broadcast all over the world. My bank in the us, it hasn't really given out or taken in any money, really. But there is a lot of credits involved here. Somebody needs to charge somebody else for having more money available. Even though there was actually no cash transfer.

And the problem that I have in mind is
- who are all the participants in an ATM transaction?
- what do those participants need to satisfy their problems?
- how is that in fact done?

In a general way, does the atm system actually work in some reasonable sense? To which the answer is by the way: yes. The atm system damn well works. With extremely high reliability and accuracy. It surprises me. Its quite a bit different than voting machines.

When I'm not traveling, I like to work from home some days rather than endure the trek from Seattle to Redmond (although it's much better now that our own employee transit service has expanded into my neighborhood -- the existence of which is sad commentary on the availability and reliability of Seattle's public transit companies).

This means, of course, that I need fast and stable network connections. Comcast with their PowerBoost is working very well for me. But I just can't find a decent wireless router at all. My Lenovo T61p (with Intel 4965abgn adapter) just won't stay connected to my D-Link DIR-628 and IT'S DRIVING ME CRAZY! (Yes, I've tried various driver versions, from both Lenovo and Intel.)

My house is in an area with a lot of wireless activity -- sometimes I can see nine or ten SSIDs. I'm running draft N on 2.4GHz (which occupies two non-adjacent channels, currently 1 and 4), and I suspect the problem is collision interference. I could shift the router to 5.2GHz, which I probably would help, but then the rest of the computers in my house won't connect. Why, you ask? Well get this: the DIR-628 is part of D-Link's RangeBooster N family. So I stayed in the family and got two DWA-542 adapters for the desktop computers. Yet they only do 2.4GHz! Silly me, I assumed that being in the same family means full support of the router's capabilities.

I'm very tempted to replace my router again -- and I'm thinking that the best option is to get one with dual radios. That way I can move my T61p to 5.2GHz and replace the desktop adapters, while still having single-channel 802.11b/g on 2.4GHz for the Wii and my PlayStation Portable.

Now my request: tell me about your experience with home routers. What do you really like, and why? What should I buy?

He's not very positive about it, because his research shows a mismatch between claims and work. He writes that an unnamed American airline executive is frustrated by the delay in launching the 3-to-6 month pilot on their trans-continental fleet; that Aircell hasn't submitted paperwork for Virgin's Airbus models for certification; and that the FAA just received a request to certify Delta's MD-80 craft, which makes a launch with 75 planes this year on that airline less likely.

Competitor Row 44 doesn't fare better in his analysis, as they promised spring and summer 2008 tests that still haven't happened, with Southwest and Alaska Airlines.

I'm a little more positive about the future of in-flight broadband. There's no particular conspiracy. It's hard to make it work. Development and testing is tricky due to FAA limits, and getting in-flight handoffs to work for seamless service at 35,000 feet is far more difficult than, say, cellular handoffs in a moving car at 100 feet above sea level. My suspicion is that tuning the service to be entirely reliable at launch is what's taking so long.

Brancatelli blames the high price of Connexion on its failure, but I don't think the $27 fee for long-haul flights deterred users. Lufthansa, which deployed all its long-haul fleet, apparently had very good usage. Most other airlines had few craft equipped, which didn't allow business travelers, able to expense several hours of work for a $27 fee, the reliability of having on-board Internet when they needed it. Connexion also had many reports of spotty service in certain areas.

Connexion's failure came from deploying technology that was old when it was deployed, which weighed too much, and which was too expensive to install. Connexion's revenue and expenses were forecast based on having several hundred aircraft with Connexion service--recall that it was supposed to be a domestic U.S. service, too. In the end they had about 100, I believe.

Brancatelli is also modest when he says Boeing "lost" $300m. That's part of what they wrote down. My sources say they spent more than a billion in R&D, transponder leases, ground station operation, airline incentives, and payoffs at the end.

Stacey Higginbotham adds a “dose of reality” to the cloud computing craze in her post on “10 Reasons Enterprises Aren’t Ready to Trust the Cloud”. Check the link for the full list which include security, portability and reliability. Cloud Computing – the next big thing, emphasis on “next”.

This just tickled my funny bone. And made me feel sorry for a certain technical marketing manager… But really, if it’s that hard to explain where the name came from, you’re not paying your marketing people enough. ;-p

As IT spending growth slows, virtualization (and the ROI it promises) rises to the top. According to a Goldman Sachs report, “server virtualization” and “consolidation” are the top priorities for technology executives. Goldman predicts the overall growth in spending to slip from “7 percent to 5 percent this year.”

Butler Group analyst Roy Illsley shares his advice for implementing holistic systems management or “simplification, so that the IT department can manage the technology stack at a higher level, and therefore enable it to manage a wider range of technologies more efficiently. Hmm… simplifying IT, breaking down silos, automation, visibility across heterogeneous infrastructure…sounds very very familiar.

ShareThis

But in the end, it seems like Tucci didn’t have faith that Greene had the chops to run the successfully growing company anymore. So she could build it to the stature it has now but just as MS comes out of the gates, all of a sudden she’s no good? Boy, I can’t wait for Greene’s book on this. CEOs, take heed – don’t be too successful or the board will fire you. (Or alternatively don’t let the guy who doesn’t like you stack the board!)

So where does VMware go from here? Rachel Chalmers, Research Director for Infrastructure Management at The 451 Group, places a bet on cloud computing – saying that VMware plans to offer a new suite of cloud computing at the next VMworld Conference. And here’s a nice piece on the Burton Group’s Data Center Strategies Blog that suggests another multi-pronged winning strategy.

Oh no. The virtualization management space, if it didn’t before, is beginning to remind me of the Internet boom time when everyone and their brother (literally, ask me about it sometime) got into the act. Introducing, DynamicOps and their product, Virtual Resource Manager (VRM). The two-week old company and product are spinouts from Credit Suisse, where the original solution was home-grown and in production for more than 2 years, managing thousands of virtual machines. I’m really interested in taking a closer look at it and seeing just what VRM does differently to meet the unique requirements of virtualization management at such a scale.

Forrester Research released a research report on “the Five Essential Metrics for Managing IT.” The study relates the “Operational Health” metric to the measuring of IT failures. Dave will be happy to note that the report uses one of his favorite phrases – talking about the “dial-tone reliability of IT services”.

ShareThis

TechCrunchIT reported today that a Rackspace data center went down for several hours during the evening due to a power grid failure. Because Rackspace is a managed service provider (MSP), the downtime affected several businesses hosted in the data center.

When companies think of disaster recovery and downtime, they typically think of catastrophic events such as hurricanes, tornadoes, and earthquakes. What companies don't realize is that the most common cause of downtime is power failures. In a joint study by Forrester Research and The Disaster Recovery Journal of 250 disaster recovery decision-makers and influencers, 42% of respondents indicated that a power failure was the cause of their most significant disaster declaration or major business disruption.

To prevent power failures, businesses must ensure that they have multiple diverse connections to the power grid as well as install backup power generators and uninterruptible power supplies (UPS) at the data center. But it's not enough to have these preventative measures in place, businesses must test the ability to switch over to backup power must at least twice year. And if your business has a recovery data center, it's best if the recovery data center is on a different power grid and is also equipped with backup power generation.

But despite all these measures, failures might still happen, in the case of the Rackspace power failure, the company successfully failed over to its backup power generators but some of its chillers did not start up correctly.

In North America, the risk of power failures is likely to remain high for the foreseeable future. According to a 2007 report by the North American Electric Reliability Corporation (NERC), long-term capacity margins are still inadequate and significant investment in transmission is still required.

So businesses must not only invest in preventative measures such as backup power generators, they must think about where they locate their data centers. You must avoid areas that have clearly identified congestion issues and focus on areas that have access to cheap and abundant power. And, don't take it for granted that your service provider has effectively managed the risk of power failures.

1. A very fun read from Patrick Mueller (ex-Neohapsis now turned lawyer): "Facing The Monster: The Labors Of Log Management." I am happy that log management has been finally granted a monster status :-)
2. I am happy to see that one of the "five questions to ask before sending your data in the cloud" is "Will I have access to logging and auditing data?" This is indeed a big deal (well, it will be soon) and you will be hearing more about this. I call this "a case of log ransom," since you might need to pay the ransom to see what is "yours" - the logs
3. Again on leaving [some] logs behind. Remember, the point is not that "collecting all" is a good idea, it is that figuring what to pick is IMPOSSIBLE, while "collecting all" is simply very hard :-)
4. This is hot stuff: "Ten reasons you will be unhappy with your SIM solution" (no, I didn't write it :-), but this is mine)
5. Why HA for log management from our star engineer. Those thinking about the reliability of their logging systems should read it.
6. Fun info on web server log analysis for different purposes.
7. "Why Logs and Logging Matters - Part 1" and "Why Logs Matter - Part 2, A Letter" present really good intro logging for compliance and other purposes (even specifically saying "what you do with the logs that matters.")
8. "Smart Business Leaders Support Effective Log Management Practices and Necessary Resources" from Rebecca Herold is a nice basic piece, especially for those outside the circle of logging literati.
9. More from Sanford on logging standards: "Drawing Lines", an awesome post indeed.
10. A MUST read on SIEM and log management from Greg Shipley (I promise this is a coincidence! :-)) In this piece, Mr Neohapsis drop kicks more than a few "latest generation" SIEM tools. Guess which product review mentions "pain" 3 times on one page :-)
11. Finally, this is also worth a read: "Ode to Log Management" where Mr Baum laments logs being pigeonholed in to "another IT management tool" silo despite their broad relevance. He is right - but focusing on one use case after another works...
    

Enjoy!

One of the nice things about having started the SBN was that I have gotten to meet (mostly virtually) many security bloggers from around the world.  Some of the most prolific contributors to the content of the SBN has been the members of the Belgian Security Bloggers Network.  I received word today from one of the authors of one of the blogs, belsec, that they are under assault by the EU government.  It seems in their wisdom, the European Parliament has decided that in the interests of "media pluralism", all blog owners should declare their ownership, affiliations and status of weblog authors.

The explanatory notes of the proposed regulation says this:

In this context the report points out that the undetermined and unindicated status of authors and publishers of weblogs causes uncertainties regarding impartiality, reliability, source protection, applicability of ethical codes and the assignment of liability in the event of lawsuits.
It recommends clarification of the legal status of different categories of weblog authors and publishers as well as disclosure of interests and voluntary labelling of weblogs.

As the belsec author points out, disclosure of their identities would effectively silence their voices.  There is no first amendment freedom of speech or freedom of press constitutional right in Europe. Of course if forced to do so, the Belgian authors could take up blogs based here in the US and escape the disclosure laws of the EU, but why should they have too.  The EU is a democratic, progressive entity.  Forcing these bloggers to make their "status and identity" public should not be mandatory here.

Blogs are todays pamphlets.  Basic freedom of expression, speech and press have been protected for hundreds of years. Forcing these bloggers to identify themselves is a violation of their rights.  What would Thomas Paine and others like him think of this restriction?

If you feel that this is an unfair and unjust restriction on bloggers rights, blog about it. It is our right and to do so and we should use the medium to do so.  If you are a EU citizen write to your representative and demand that this proposed regulation does not go into effect!

Do not take your right to blog lightly.  If you don't stand up for it, it can be taken away from you.

"The world is my country, all mankind are my brethren, and to do good is my religion." - Thomas Paine