Feeding Frenzy
December 29, 2006 on 2:07 pm | In | Comments OffSeveral readers asked me to comment this week on a very entertaining blog post from New Zealand: A Cost Analysis of Windows Vista Content Protection, by Peter Gutmann (it is in this week's links). The essay characterizes the Digital Rights Management in Windows Vista as a suicide note from Microsoft because Vista's DRM is so draconian and is built into the hardware on such a low level that it is going to piss off the market and ultimately hurt (possibly even destroy) Microsoft, itself.
Except it won't.
This is Microsoft attempting to lead a revolution by running from behind. They didn't invent any of it, but they still want to control it. In order to make that kind of move a success, you have to mobilize immense resources primarily for the purpose of bribing potential partners into becoming partners, which is exactly what Microsoft is attempting to do. And the bribe comes in the form of exactly the currency for which both Big Media and the consumer electronics industry yearn for -- new stuff.
The most sublimely yet stupidly profitable periods for the recording and movie industries, respectively, were when music transitioned from vinyl records to Compact Discs and when home video transitioned from VHS cassettes to DVDs. Everybody bought new stuff -- the same stuff we already had but rebuilt using the new technology. We replaced our record collections with CDs and our video tape collections with DVDs -- exercises that generated untold billions for record companies and movie studios without any risk at all because all they were doing was repackaging established hits.
Having been through these seminal experiences in the 1980's and 1990's respectively, of course they now want to do it all over again, which Microsoft proposes to assist through their DRM technology.
But this desire to sell all new stuff goes far beyond movies and music and Microsoft, all the way to the televisions and stereo systems upon which these old hits are played. This is an especially exciting time for TV manufacturers, because they have never really been in a position to participate in such a feeding frenzy. In the U.S., the old NTSC video standard made all video content backward compatible right up until today. You can still watch American Idol just fine, for example, on an old DuMont TV from 1948, but not for much longer.
And it is not just TV and stereo manufacturers who want in on the game: PC hardware vendors, too, are eager to sell us all new parts, just as they always have been.
And into this confluence of greed and shared interest strides Microsoft and Bill Gates promising a technical solution that gives every potential partner exactly what they want. Content owners get a chance to sell everything over again and this time they'll be supposedly protected from piracy. Everyone will have to buy a new TV with an HDMI connector as well as all new video and stereo components of every type, just so long as they, too, use strictly HDMI connections. Problems of deliberate signal degradation and driver horrors will make all video cards and most processors obsolete, so we'll have to buy all new PCs. Mr. Gutmann characterizes this lack of backward compatibility or any shred of technical elegance as suicidal on Microsoft's part when, in fact, it is Microsoft's best imitation of brilliance.
Intel and AMD love it. ATI and nVidia love it. Thomson and Philips and Sony and Matsushita and Samsung and LG love it. Every movie studio, TV network, and record company loves it. The only people who don't love it are consumers, and neither industry nor government really cared much about them, ever.
Ironically, even the class of nerds represented by Mr. Gutmann loves it, because they LIKE to buy new stuff, too, even if they bitch about having to do so at the same time. In fact, that makes it even better because they can buy new stuff, complain about having to do so, and of course try to hack their way around the DRM technology all at the same time. Is this an anti-Linux strategy on Microsoft's part? Sure! Does it really bother the Linux vendors? Heck no, because they get to sell new stuff, too!
Remember that, as I wrote in an earlier Vista column just a few weeks ago, the OS (just as every earlier release of Windows) is entirely about getting people to buy new computers and that any lip service to upgrading current equipment is just that, lip service. If you want a Windows Vista media PC to deliver high-quality video and audio with no driver problems, just buy a new Windows Vista media PC from some big vendor like Dell, HP, or Sony and match it with other big-vendor stereo and video components that use strictly DRM-preserving HDMI connectors and therefore create no points of signal degradation along the path from hard disk to eye or ear.
And to a certain extent we'll all go for it, too, because this is, for the most part, virgin territory. Most of us don't yet have media PCs OR HDTVs, so an all-HDMI strategy isn't crazy at all. And if the strategy appears to be anti-Linux or anti-Mac, that's only discriminating against 4 percent of the market, right?
So I simply don't buy Mr. Gutmann's argument. Microsoft's DRM strategy isn't a suicide note at all.
But that doesn't mean Microsoft will succeed with it and in this case IT refers to Microsoft's hope to take from Howard Stern the title King of All Media.
For one thing, Windows Vista will fail as both a preserver of digital rights and a maintainer of pristine end-to-end DRM'd content. Vista will fail because the job it is attempting to do is too hard, because Microsoft isn't especially good at these huge integration jobs, and because there is a smart hacker community determined to break Vista over and over again, which it will.
None of this means that Microsoft won't succeed in its real goal of maintaining PC market dominance. But the real threat to Microsoft in the mid- to long-term is Redmond's concentration on Big Media as the key source of content and that is bound to fail in time.
We are poised at the start of a revolution in user-generated content that is actually both useful and valuable. Social networking's ability to create small but measurable markets and new content creation technologies' ability to make cost-effective -- even brilliant -- programming for those new markets will mean more media moguls but smaller and none of those moguls will have a use for DRM OR for Microsoft. So enjoy it while you still can, Bill.
But hey, that sounds too much like a prediction, doesn't it? And my 2007 predictions column doesn't come until next week.
A Prius in Every Garage
December 22, 2006 on 5:08 pm | In | Comments OffChristmas is almost upon us, people are in a holiday spirit of sorts, and the national mood, while melancholy with the war and uneasy with this weird economy, could still be a lot worse, that's for sure. My personal mood is more of contemplation as I think about how things might have been and how they might be again if done right this time. I'm thinking, of all things, about the old National Information Infrastructure -- Al Gore's Information Superhighway.
The National Information Infrastructure, or NII, is one of those dark spots on our technical history, a good idea that may have been too early but was definitely screwed up, early or not. In case you don't remember, the U.S. Government came up with the idea of wiring first schools and then homes, primarily with fiber, with the goal of bringing high-bandwidth communication everywhere. The mechanism by which this was to have been accomplished was by encouraging through tax credits for telephone companies to upgrade their networks and by imposing a tax on telephone users to support the wiring of schools.
It didn't work. Our homes didn't get networked in any large numbers, not enough to keep up with much of Europe and Asia. Even many schools are still off the net, despite the fact that tens of billions of dollars in taxes were paid by consumers and hundreds of billions in taxes were forgiven to telephone companies. This failure can be blamed on the dot-com meltdown and subsequent recession, and on the failure of equipment suppliers like Lucent and backbone owners like Global Crossing, but a closer look shows that the truth is we were probably robbed. Money was gathered and spent in wiring the schools, yet many schools were missed. The telcos grabbed every tax credit they could "qualify" for (more than $200 billion in all), yet where is my real-time high-resolution video conferencing? We were cheated.
And most of the cheating dates from the summer of 2001 and after, a time of turmoil, sure, but also a time when government oversight of these particular programs came pretty much to a halt. BEFORE 9/11, the Federal Communications Commission appears to have stopped caring very much about these programs, though of course they were never halted, so the money kept moving whether it was being well spent or not. And after 9/11, well things went kablooey as government turned to stamping out terrorist cells and listening to your phone calls.
Since then, in addition to the $200+ billion thrown away paying for but not achieving the NII goals, we've spent another $500 billion (not including interest) on various foreign adventures intended to make us all feel safer. I just wonder what we could have got for that money, for the full $700+ billion, if we'd spent it more thoughtfully, perhaps more as a business might do?
This exercise is not intended to impugn anyone's patriotism, and hindsight is always easier than foresight, but I think it is still worth doing. I also think I was making the same point back in 2001 and nobody was listening then, either.
My goals in spending $700 billion would be economic development and energy self-sufficiency for the U.S., not specifically to develop the Internet. That just naturally follows. Notice that Iraqi and Middle Eastern politics aren't even an issue here.
It may sound simplistic, but what would have happened had we simply bought a Toyota Prius for the 10 million American households that currently burn the most gasoline? This wouldn't be a matter of forcing people to take a free car, but how many would turn one down?
Toyota probably couldn't make that many cars in time, so the government would have had to license the Prius design and have it built by ALL domestic car manufacturers. Economies of scale would kick in, so let's put the average cost of those Prius clones at $20,000 each, with 10 million Prius clones costing $200 billion.
For that $200 billion, we'd lower our unleaded gasoline consumption by 30 percent (remember these cars go strictly to people who drive the most), cutting our total energy demand by 9 percent. With 10 million extra cars to make, the U.S. auto industry would have boomed and with it, at least to a certain extent, the overall economy. Even more important, greenhouse gas emissions and overall air pollution would decline, as would the need to build new oil refineries. Nine percent doesn't seem like much, but it would be enough to bring the U.S. almost into compliance with the Kyoto Protocol to combat global warming.
There are lots of side effects of this car-building boom, too. Pumping 10 million 2,500 poundPrius clones onto the highways would mean dragging off the highways 10 million 4,000+ pound gas guzzlers. Overall highway safety would improve, but the influx of scrap metal into the world economy would also go a long way toward mitigating some of the resource scarcities currently caused by that big sucking sound coming from China. Yes, we'd still need scrap to make those Prius clones, but a lot less of it, with the rest leaving for China.
To further attack the energy problem, we might spend another $300 billion on alternative fuels. Brazil's success with ethanol alone suggests that we might cut another 10 percent out of our oil import bill in this manner, so now we're down almost 20 percent overall. I am not saying ethanol is the answer, by the way, but I AM saying that the broad variety of alternative fuel programs being privately funded lately (private money being generally smarter than public money) could probably achieve that result with a $300 billion investment.
Finally, let's look at the Internet, but with a highly specific goal -- to help people work from home, thus further cutting oil consumption tied to commuting. Forget about schools, interactive TV, any of that stuff. All we are trying to do is build big pipes to houses and open up virtual private network connections. There are 110 million households in America, of which perhaps 20 million are suitable for working at home yet aren't presently being used for that purpose. That's $10,000 per connection, which would be more than enough to bring fast fiber to every one of those 20 million homes.
The residual impact of pumping $200 billion not into tax credits for telephone companies but directly into installing fiber to homes and backbones to support that fiber would be huge. Network equipment prices would plummet, bandwidth costs would decrease, and neighbors and schools alike would benefit whether they were part of the program or not. And keeping 20 million people at home would probably save another 5 percent on our energy bill as well as allowing millions more to watch Dr. Phil or All My Children.
For our $700 billion, then, we would have pumped up the economy and driven down energy consumption by about 25 percent. Our network improvements would further encourage economic development, and with fewer people driving smaller cars our infrastructure would be in somewhat better shape.
But would it be enough to matter? Yes it would. Markets are strange things and they thrive on scarcity. The result of a 20-25 percent drop in U.S. oil consumption would be a substantially larger drop in world oil prices analogous to the steep declines of the late 1980s where the triggering supply surpluses were actually much smaller. And in this case, since we'd be supplanting oil with alternative fuels, any withering of the oil industry would be okay, even good.
My major point here is that there are many ways to look at a problem and sending troops to enforce some imagined status quo isn't always the only solution, or even the best one. There must be room for new ideas.
Have a great holiday. At the Cringely household, where there are three boys under the age of five, this Christmas we're going all-Power Rangers, all the time.
Changing the Game
December 15, 2006 on 6:21 am | In | Comments OffThere was a time in Silicon Valley when starting a company meant building something that you wanted to have, then other people came asking to buy one and you were in business. Companies in those days absorbed little venture capital and had the quaint notion that prior to going public it was a good idea to actually be profitable. As an example look at Apple Computer, which was financed in part by legendary VC Arthur Rock who invested -- get this -- $37,500 in the company. Apple was six years old before the company even had a budget, simply because there was no way prior to then that Apple could even think of ways to spend all the cash they were generating.
Those were the days.
Then the 1990s brought the dot-com era where this system was thrown on its head. Start-ups took gobs of venture money, a lot of it simply used to figure out what it was they really intended to do when they grew up. IPOs no longer required profitability. In fact profitability was seen as a bad idea all around, since it implied that some money wasn't being used to: a) finance rapid growth or b) buy Super Bowl commercials.
Those weren't the days.
And now we've entered the crazy era of AJAX and AJAX-related start-ups where a new hybrid rule set applies. Companies no longer need to raise lots of cash, no longer need lots of people, no longer need to even directly sell anything at all to be considered successful. They need revenue, of course, but that's mainly through advertising. And they need to create something people want to use. But Super Bowl ads? Forget those.
Lately I've been interviewing experienced entrepreneurs from these earlier eras and for the most part they have jumped into the new way of doing things. Recently it was Jerry Kaplan and Robert Carr, who together raised and lost something like $80 million inventing pen computing in the 1990s and being destroyed in turn by Microsoft. Today each man has a self-funded start-up with a handful of workers. In Carr's case, it is just he and his brother. Remember, this is the guy who led 250 developers at Autodesk to create AutoCAD 14 -- the most successful release ever of the world's number one CAD program. Now it is just Carr & Carr, and what's weird is they'll probably make more money as a twosome than Robert ever made at Autodesk.
What's driving this phenomenon is a lot of technology at the right point in its development combined with a lot of rich nerds who cashed out of the dot-com era earlier than the rest of us and can therefore self-finance their new ventures. But most importantly what's driving the new start-ups is the fact that broadband Internet is approaching ubiquity. This month 75 percent of Americans who have Internet service have broadband Internet service and that's probably the tipping point for our Internet futures.
Every market that involves the schlepping of bits is in turmoil as a result. This most especially extends to entertainment because we have always spent an inordinately large portion of our lives listening to music and watching bad television. The new era we're entering will provide a lot more of both, along with more good stuff, too. It's becoming a viewers' and listeners' market, which is good in the long run for artists and bad for record and movie companies.
But everyone knows all this, right? I'm wondering what effect it will have on the venture capital industry, which isn't nearly as clear.
We're already seeing a change. To put things very simply, VC's hid after 9/11 and only recently began to invest again as an alternative to giving back to investors the money they've been sitting on (and taking management fees for) since 2000. Right now it is easier than ever to get venture financing because if these funds aren't fully invested -- even in bad investments -- the various partners will have to give money back that they've already spent.
So there is plenty of money available -- nearly $1 trillion -- but it is coming at a time when, as I have just described, a whole new class of start-ups has appeared that doesn't want VC money -- at least not very much of it.
So just as the VC industry morphed into excess and gluttony in the 1990s, so it is now reconfiguring itself for the realities of this millennium. The big question is, "What do we do with our $1 trillion?"
And the answer is that the VCs are reconfiguring the food chain to take their cuts at a different level.
The old model was for top firms (those run by intelligent people) to look at 800 deals per year and invest in two to six, pumping them with enough money to assure success while also killing off the founders and pushing for an early IPO and VC cash-out. The other VC firms just watched what the top firms were doing, then bought in on B or C rounds where the risks and returns were proportionally lower.
The new model is venture capital masquerading as a combination of hedge funds and investment bankers. Seed rounds are the only rounds and they are limited to angels, friends, and family. Very few companies go public and those that do are unique in their niches. Acquisition has always been the other exit strategy, but if the VCs don't have a piece of the company being acquired, they can't enjoy the benefits of a sale, so what's to do? The VCs start acquiring companies, that's what, in a classic hedge fund maneuver called a "roll-up."
A roll-up means buying many companies in the same market niche, say convenience stores. A private equity group buys, for example, four to five chains of convenience stores totaling 2000 locations. They consolidate the chains saving fixed costs, obtain some economies of scale through bigger purchase orders, but mainly they sell off poor-performing stores for their real estate value, and eventually take the new company public or sell it for a profit to an even larger competitor.
Today's high-tech version of VC-managed roll-up means buying a bunch of similar high-tech companies, consolidating their products and services, then selling the whole or taking it public, simple as that.
What's driving this trend beyond the simple needs of VCs trying to find good places for all that money is Google. Will there ever be another Internet success to rival Google? Not in this decade there won't. So rather than even trying to repeat Google, VCs participate in the Google ecosystem, the best example of which is YouTube, which just made a few VCs a LOT of money when it was purchased by Google for $1.65 billion.
But the very success of YouTube strongly suggests that there won't be another YouTube, simply because one site downloading 58 percent of all Internet videos and that site, in turn, being acquired by the second-biggest video downloading site that also has more money than God, well the YouTube guys would have to commit mass suicide to blow their lead at this point and I don't see that.
But this doesn't mean there aren't a lot of suckers, er, motivated investors out there for the other 99 video-sharing sites. They just need some visibility, hence the roll-up. Buy 20 such sites for $200 million, throw away the bad technology and (hopefully) the poor-performing people, get everything running under one brand name, then either take it public (doubtful) or sell it to Barry Diller, Rupert Murdoch, or some other tycoon who needs to be a part of the latest Internet miracle but may not fully understand the nature of that miracle.
Buy west and sell east, they'll call it, and the strategy will be a key one for the next decade. It will buy a whole new fleet of Porsches and jets for the boys and girls of Sand Hill Road.
And if you are an engineer with a good idea, it will bring the certainty of faster liquidity and maybe even a double payday when your company is sold and then when it is resold as part of the greater whole.
So I am not saying this is bad at all. I'm just saying that the game has changed.
It Takes a Monopoly
December 9, 2006 on 12:41 am | In | Comments OffWindows Vista is finally here, a shadow of what it was once supposed to be, but here nonetheless, and now the pundits are holding forth on whether or not Microsoft's new operating system will succeed. What a waste of good punditry: of course Vista will succeed, and those who think it will fail simply do not know what they are talking about.
There have been good operating systems from Microsoft and bad operating systems from Microsoft, but of those only one that I know of can truly be said to have failed -- Bob, the so-called social interface operating system I always figured was really named after me.
Bob was a functional failure, a user catastrophe, but Microsoft had weathered those before. Remember DOS 4? What might have made Bob fail was its design, which was flawed to say the least, or as my mother would put it -- crappy. But what ALLOWED Bob to fail was something much different -- the fact that the operating system wasn't strategic for Microsoft OR for users. Nobody needed Bob and nobody was forced to use him against their will, which sounds a lot like my old dating life but is actually more profound than that. Microsoft practically guaranteed that Bob would fail by creating no artificial situation (say the forced retirement of the last pre-Bob OS) that forced people to use Bob whether they wanted to or not.
Microsoft -- a company that eventually learns from its mistakes -- will not make that particular mistake again, certainly not with Windows Vista, in which they have a $5 billion investment.
What we'll see for ourselves and read about over the next six months, then, are users complaining about Vista instability, an inevitably emerging vulnerability to hackers, and applications that don't work as well as they do under XP. Enterprise customers will hold back in droves. But does any of that make Vista a failure? Nope.
Those who are trying to figure out if Vista will be successful haven't yet grasped the concept that Vista will be forced on the market, and in time it will be the only operating system you can buy from Microsoft. Of course it will be successful. Will people upgrade their existing systems? Of course not. Microsoft operating systems are always designed for future PC's, not for the installed base. Part of the plan is to make Vista work poorly on current computers so we'll all have to buy new ones. This strategy has been around for years and there is no reason to believe we won't fall for it again. Sure, some percentage of people and firms will upgrade, but most of the upgrades will come with whole new computers.
Think back to the Windows 95 introduction, where one of the selling points was that the new OS would work fine on a 66 MHz 486 computer. The truth was that it would RUN on a 486, but not well, so after a try of Win95 on our old hardware, rather than go to some other operating system we all bought new machines. And we'll do that again with Vista.
Following a trend that started with Windows 98, when consumers were hit with the double whammy of a new operating system that was hardware constrained and a new Internet culture that suddenly couldn't get enough storage or processor power, consumers will lead the Vista adoption cycle. But where home users go, corporations soon follow, because people aren't going to long tolerate work systems that are slower and less full-featured than what they have running in their kitchens.
And think about it, what's the alternative to Vista, but Windows XP? Those who don't jump to Vista right away will stick with XP, an operating system into which Microsoft will no longer be investing, making it even more profitable. So even if Microsoft loses they win. In 2007 at least, if people don't like Vista they will, for the most part, still stick with Microsoft rather than jumping to Linux or to the Mac. Maybe that will change in future years, but for 2007 at least, Microsoft's empire is secure and they know it.
More good news for Microsoft is that they have won, for now, the game console war. To be fair, though, it isn't just that Microsoft won but that Sony lost. Blu-ray laser diode shortages are constraining PS3 production just at a time when Microsoft has a shot at breaking even on the production cost of its xBox 360s, which are gaining economies of scale. But the most important win here is the hearts of game developers, and those will go to whatever platform has the greatest number of units in the field, which, for high-end game consoles, means Microsoft.
Don't get me wrong, Sony's PS3 is technically superior to Microsoft's xBox 360, but NOT SUPERIOR ENOUGH. Wooing game developers from 12-15 million xBox 360s to instead write games for a couple million PS3s would require those PS3's to be an order of magnitude better as a game platform. Just somewhat better isn't enough, so for this round, at least, Microsoft wins.
And if Microsoft wins, that means HD-DVD wins, too, leaving Blu-ray as the Betamax of HD optical drives. And like Beta, Blu-ray will probably find its (much smaller) niche in professional markets that can take advantage of its eventual greater capacity.
If Microsoft wins the next-generation game console battle, does that mean Redmond also wins the living room for its video content? That depends mainly on Apple.
There is a logical argument that we'll only have so many devices in our living rooms and one of those is likely to be a game console. Microsoft has already proved more than once that we don't want to drag a full-fledged PC into the room, even if it does a beautiful job of grabbing and storing TV shows. We may be able to sneak a PC into our stereo stack (what's an xBox 360, really, but a game-oriented PC?), but even Microsoft is losing faith that a PC frontal assault on the living room will succeed.
Apple, meanwhile, is sneaking into the room through the use of its iTV wireless video adapter box. Where is that thing, anyway? There's no way Apple won't introduce it, though apparently 2006 will be another iPod Christmas. I'd look for the iTV by MacWorld in January where Apple's 802.11n networking will suddenly be available across a huge range of Apple products.
Apple is all about convenience, and 802.11n is the first wireless standard with enough bandwidth and range to support a true no-wires religion. So we'll see video adapters like the iTV, with its built-in H.264 hardware decoder, but we'll also likely see similar audio adapters intended to link our iPods into the home, possibly with Bluetooth networking, too.
So the living room is a toss-up depending on the successful integration platform (xBox 360 or iTV) and the slate of services lined up behind each. I tend to give Apple the nod here, based partly on apparent positive momentum in the product space, but even more because of Microsoft's prediction this week that it would sell one million Zune MP3 players by the end of its fiscal year. Such a sales estimate can't be based on initial sales figures, meaning it has to be Microsoft marketing's version of a Hail Mary pass: if we predict it, maybe it will come to pass. Probably not.
In a Jam
December 1, 2006 on 2:46 pm | In | Comments OffMy son Channing, who is four years old, recently celebrated Pajama Day at his preschool when everyone -- even the teachers -- came to school in their pajamas. In this instance at least, Channing was a month ahead of Google, which will in December hold its own Pajama Day when the company's global workforce will be encouraged to come to work in their jammies. As usual for Google, though, this first Pajama Day will be treated as a beta release with specific exemptions for people from "cultures where pajamas are not worn." No word yet on the proposed etiquette for Googlers who sleep in the buff.
I am not making this up.
Here is something I wish I were making up. A good friend of mine noticed last June a sudden and precipitous decline in his volume of incoming e-mail with the numbers dropping by 80-90 percent. Was he less popular, less interesting than before? Or maybe some Bayesian filter had been imposed by his ISP (Earthlink) to suddenly spare him completely from spam. No such luck.
The trend continued so my friend, who has long been in the networking business, himself, started running experiments. He sent messages from other accounts to his Earthlink address, to his aliased Blackberry address, and to his Gmail account. For every 10 messages sent, 1-2 arrived in his Earthlink mailbox, 1-2 (not necessarily the SAME 1-2) on his Blackberry, and all 10 arrived with Gmail.
Swimming upstream through Earthlink customer support, my buddy finally found a technical contact who freely acknowledged the problem. Since June, he was told, Earthlink's mail system has been so overloaded that some users have been missing up to 90 percent of their incoming e-mail. It isn't bounced back to senders; it just disappears. And Earthlink hasn't mentioned the problem to these affected customers unless they complain. The two groups affected are those who get their mail with an Earthlink-hosted domain and those with aliased e-mail addresses like my friend's Blackberry.
Were they thinking these thousands of affected customers simply wouldn't notice? And what about those customers whose livelihood depends on e-mail communication? There are both ethical and business questions here and Earthlink doesn't look good on either scale. Fortunately the company says it is installing new software and hopes to have the problem resolved before the end of the year. Lucky us.
This sort of ISP dissembling happens more often than many of us might guess as companies play the odds and pray that their faults aren't noticed. These mistakes, by the way, typically aren't actionable thanks to our blindly clicking on those Terms of Service agreements that we never read. In Earthlink's case, if they don't deliver your e-mail, well that's just tough.
But there are instances where even if you think you have a guarantee, you often don't. I have a backup business DSL account from Megapath, a national broadband ISP which is the only DSL provider here in Charleston who offered static IP addresses when I was shopping around. Of course the DSL actually comes from BellSouth, which I think of simply as The Devil for its poor service and vindictive ways, from which Megapath presumably would protect me for only three times the price. My Megapath account even came with a Service Level Agreement that guaranteed 99+ percent uptime with money back for any interruptions that exceeded certain reassuringly slim limits.
Then my Megapath service went out for a whole week and I learned the bitter truth. Lucky for me this was my backup account used regularly on just a single notebook in the bedroom, but its failure did put a temporary crimp in my wife's eBay obsession.
Of course I filed a trouble ticket with Megapath, which they cheerfully acknowledged, then 24 hours later told me what was already obvious -- I had no Internet service. The problem was a bad DS3 leased line to Atlanta that was giving them trouble, but it would be back up in a matter of hours. It took days. And the problem (this was last year) continued to happen intermittently for months. One thing I learned from this experience was that Megapath, seeking good customer service stats, times out its trouble tickets WHETHER THE PROBLEM IS ACTUALLY FIXED OR NOT. If you want them to keep working on the problem you have to keep opening new trouble tickets. And one important measure for them of customer satisfaction is the percentage of trouble tickets that are closed which, of course, has to be nearly 100 percent.
But the worst part of this experience came when I tried to invoke my Service Level Agreement and get some money back. They should have owed me a free month of service. Nope. You see the service they were guaranteeing wasn't actual Internet connectivity, they explained, but my connection to the DSLAM half a mile across town at The Devil's office. As long as the log showed that I had a continuous connection to BellSouth (a connection that I am sure was guaranteed by BellSouth under THEIR Service Level Agreement with Megapath) then Megapath was off the hook. The ever-cheerful Megapath customer service agent explained that just because I couldn't get on the Internet for days at a time that wasn't their problem. They guaranteed presence, not utility. In fact, the whole Service Level Agreement scam wasn't even their problem since all they were really guaranteeing to me was something that they were, in turn, guaranteed by The Devil. And when all you have left is a guarantee from The Devil, well you know you are in trouble.
Then they closed my trouble ticket, chalking up another satisfied customer.
If you are still with me, here's the part of this week's column that I find the most interesting. It's yet another example of how the world doesn't really work the way we think it does. Your homework assignment in this case is to read all 269 pages of RFC 3261, which defines the Session Initiation Protocol (SIP) which is the basis of many Voice over IP (VoIP) telephone services as well as other fun things like various video, audio, and text chat services. You'll find the complete text of RFC 3261 in this week's links.
Finished? I'm especially interested in Section 26, which details threats to SIP security and how SIP defends itself. Not so well, it turns out. In fact, the very insecurity of VoIP (services like Vonage, for example, are based on SIP) is unnerving.
To understand this, we have to distinguish between end-to-end encryption, and hop-by-hop encryption, both of which are supported by SIP but are used under different conditions.
With end-to-end encryption, the packet header is open (naked) and the payload is encrypted. If the encryption is set up correctly, then the payload is safe. However, the packets can be subjected to traffic analysis of the header information as well as Denial of Service. So someone with the appropriate software can know who you are talking to and when even if they can't listen in. And if they dislike you enough, they can keep you from talking at all.
With hop-by-hop encryption, the packet header is open (naked) and the payload is encrypted. It's just like end-to-end encryption, except for the problem of proxy servers. In order for the proxy to properly route the packet forward, it must examine the payload to extract the destination information. The proxy will decrypt the payload, read the destination address, modify the already open header, re-encrypt the payload, and then forward the packet. At the instant that the packet payload is decrypted at the proxy, it can be copied. That's the attack point. There are many other problems, of course, about how the successive re-encryptions are done with what key, with what Certificate Authority, with what authentication? This is security?
But wait, there's more!
Session Border Controllers (SBCs) are hardware devices that make SIP work over the heterogeneous Internet. There are thousands of them at every ISP. SBCs require that the packet payload be made naked, period. This is absolutely necessary to do transcoding, perform NAT traversal, etc. That's the attack point.
Even more.
The Communications Assistance for Law Enforcement Act (CALEA -- I've written about this one before) requires "managed" VoIP operators to provide law enforcement agencies a point of interception so they can tap your VoIP calls. What's a "managed" VoIP service? Packet8, Vonage, Comcast, and AT&T all certainly qualify, but does Skype? Yes, if you think of billing as management, now that there is SkypeOut and SkypeIn. And given the current management at the U.S. Department of Justice, "managed" could mean pretty much anything.
VoIP interception is usually done at the SBC/proxy. The network operator's SBCs perform decryption/encryption on the "secure" packets as they go through the node. It is a matter of "trust," as they say in the industry. If you want to encrypt you must also be willing to trust an SBC/proxy in China, Russia, wherever. That's the attack point.
Remember this is the technology that will shortly be the basis for nearly all telephone service.
On second thought, I think I prefer writing about Pajama Day.
Powered by WordPress with Pool theme design by Borja Fernandez.