StratVantage Consulting, LLC — Mike’s Take on the News 08/24/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/24/01

Clipped from: http://www.stratvantage.com/news/082401.htm

The News – 08/24/01

The Ethics of Defense

Alert SNS Reader Andy Stevko raises some very good questions about a technique some server administrators use to deal with the Code Red and Code Red II worms .

First of all, the Code Red worm, in the news a lot recently, is basically a type of computer virus. Code Red exploits a security hole in Microsoft’s Internet Information Server, which is their Web server that runs on Windows NT or 2000 machines. (A variant also infects Microsoft’s Personal Web Server, which runs on Windows 95, 98, and ME.) The worm has infected hundreds of thousands of Windows servers, and even has attacked DSL routers . If you’ve been experiencing a slowdown in response time on your Internet connection recently, it could be because of this worm and its variants.

Code Red uses a technique, called an exploit, in which it overwhelms a part of the computer’s memory called a buffer. Once in, it copies a program to an area of the Web site and thus allows anyone to execute any command on the computer. This is called installing a backdoor, and this is a bad thing.

Another thing Code Red does is to flood the local network with traffic, looking for other vulnerable IIS installations. Once one is found, it repeats its dastardly deed, and so on and so on. The infected computer becomes a drone, with the aim of recruiting more drones to use in its ultimate goal of attacking the White House’s Web servers. Because of the techniques used in this attack, which are similar to a Denial of Service (DoS) attack, even if a target computer has been patched to resist the buffer overrun exploit, it still can end up spending all its time replying to bogus Web page requests with “Page Not Found” messages. So even if you’ve been smart, and you’ve protected yourself against Code Red, it can still affect your computer and your network.

Andy reports that an enterprising bunch of server administrators have decided to fight fire with fire. They’ve created a program called a FightBack script that takes advantage of the backdoor installed on infected computers. According to Andy, “The FightBack script reads the IP [network] addresses off the request and triggers another request sent back to the infected server.” This request uses the backdoor to reboot the infected server, without the knowledge or consent of that server’s administrator, who probably doesn’t know he or she is infected. Since the Code Red worm only installs itself in an infected computer’s memory and not on the hard disk, this clears the infection. But it doesn’t remove the backdoor.

In essence, the FightBack script acts as a “good virus.” Andy questions whether there is such a thing:

Worms and Viruses live mainly by exploiting software cracks to ‘own’ someone else’s computer. The most evil ones deliver a nasty payload.

Are there ‘good’ worms and viruses? A good virus could contain a neutral payload or perhaps fix/patch the expoit it used. Would you want one to touch your systems? Nearly every sysadmin says NO!

But DoS attacks provide little defense. They leach CPU and soak up bandwidth. It is very hard to even reset a remote drone.

FightBack servers can be built to control offending hosts. Is the cure any better than the curse? Would you ever admit to owning one?

Good questions, and ones that will be faced more and more often as the antisocial microcephalic morons who write viruses and worms proliferate. Because many exploits and viruses can be built using tools requiring little technical knowledge, more and more bored adolescents are likely to turn from low tech annoyances like T.P.ing your house or ringing the bell and running away to becoming script kiddies and a major threat to the Internet. System administrators may well become more and more desperate and more likely to use questionable defenses in order to keep their networks and servers operational.

In answer to Andy’s question regarding the ethics of FightBack scripts: I am uncomfortable with this approach, but unfortunately, taking the completely ethical approach could yield a disastrous outcome. Your network could crash. Your servers could crash. Your business could go out of business. So, yes, fighting back is an option. However, I think the more ethical way to fight back is to use a script to try to find the email address of the administrators of the offending computer. Then, email them and give them some period of time to rectify the situation. This at least gives them a fighting chance to take care of the problem themselves. If there is no response, and there might not be one in the middle of the night or on holidays, for example, do what you need to do and follow up with an email. And if at all possible, remove the backdoor. I assume this isn’t done in the Code Red case because it is not possible.

What do you think? Is it ever right to make changes on another person’s server? In the absence of other effective defenses, is a FightBack script ethical? Would you want your business’ Web server “repaired” without your consent? Send in your responses, even (especially!) if you’re technologically-challenged, and I’ll print the most interesting ones in future SNSes.

National Infrastructure Protection Center

Briefly Noted

  • Shameless Self-Promotion Dept.: My speech at the Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will You Have to Have It? What You Need to Know About Future Tech and Your Business,” is now available .

    Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .

  • Take Two Cameras and Call Me In the Morning: Alert SNS Reader Roger Hamm sends along a pointer to this innovation that many of us superannuated geezers will appreciate. Instead of having to swallow a pole for an upper-GI series, you soon may be able to swallow a wireless camera-in-a-capsule to check things out. The FDA has given Given Imaging its approval for use of the camera in upper-GI series. Each pill costs $450, so you’ll want to be real careful where you go, if you know what I mean. The company even has cool videos of the camera in action on its Web site. My first thought was, it’s pretty dark in there, how can it see? Turns out the camera has its own light source. The system comprises the camera, a set of wireless sensors worn around the waist, and a workstation to analyze the results. Now if they can just develop one for the lower-GI . . .
    Given Imaging

  • Passport Correction and Response: Alert SNS Reader Larry Kuhn corrected a couple of inaccuracies in the previous SNS regarding Microsoft’s Passport online credentialing system. He points out that not all cookies are cleartext, a fact I knew but forgot. The cookie used in the Passport scheme to hold your authentication credential is binary, and thus not human-readable. Larry agrees that cookies are easily retrieved from a user’s PC, but points out that “since the Passport service expires authentication keys on a regular interval (not sure what that interval is though... ), a stolen cookie is very soon useless.” This isn’t good enough for me to know that someone can steal my identity, but only for a little while. One bad transaction could ruin a person. In addition, Microsoft leaves it up to the Web site owner to ensure that the authentication cookie is deleted at sign out : “For security reasons, you must delete all Passport-related persistent and session cookies from a member’s computer when the member signs out by clicking the sign-out link or by closing their browser.” Sorry, that makes me nervous.

    Larry also takes issue with the assertion that your Windows XP password and your Passport password will be the same. I have to bow to his superior knowledge on this one, and note that I didn’t make any of this stuff up, but got it from noted security expert Avi Rubin , a researcher at AT&T Labs. Perhaps his information was dated. It is clear that Microsoft requires signing up for a Passport to use many of XP’s services.

    Larry offers some comments on the whole single sign-on and online authentication problem:

Larry Kuhn: “This whole issue is a catch 22 for consumers – from a convenience standpoint, I’d really like to only ever have to identify myself once all day long as I use various computers... (or better yet, have each computer just recognize me, the way my friends do when they meet me on the street) – but in order for that to happen – all these systems need to know me – and if they know me, well – they know me.

SNS: "So you’re saying, basically, Passport is cool, you’re OK with the level of detail Microsoft will be privy to, and the single point of failure problems don’t bother you, yes?"

LK: “Yes, I have the same type of problems with the multiple front door keys for my home that are floating around among my neighbors and relatives. They know all about my new TV when they see the delivery truck, they know all about my vacation when I ask them to let the dog out for a week while I’m gone. It’s a chance I take in exchange for having some options when I get locked out of the house.

“Also, one other point on "who ya going to trust?" – I figure MS has a lot more to lose than some no-name guy (or even the government!) in terms of brand equity if they let my info get stolen or if they use it for illegal or unsavory purposes. Plus, I might eventually need to sue someone for damages; it may as well be someone who can pay. So, there’s actually some value to me in enlisting them in protecting my personal data.

Leaving aside the existential question, “Can we ever truly know anyone?” Larry points out the fundamental difference between online life and offline life: On the Internet, nobody knows you’re a dog. To establish trust offline, you don’t need to know a person’s Social Security Number, mother’s maiden name, address, credit card number, and three references. You meet them, recognize them the next time you meet, work with them, and build trust.

Online is a completely different story. You don’t necessarily recognize a person the second time you meet, and you lack a lot of the information and cues you use to establish trust. Thus, there’s a need for schemes like Passport, or like biometric methods of determining identity via fingerprints or iris scans. But there’s something fundamentally more intrusive about requiring intimate information about my life or my body in order to identify and trust me. I feel it is much easier to abuse our relationship if you have this information than it is if we work together or bank together or worship together in the real world.

As I said last issue, this is obviously a complex issue and one that businesses need to come to grips with if the Internet is going to evolve into the kind of marketplace many eCommerce pundits envision.

  • New Wireless SIG: Geneer has created the Midwest Wireless Application Developers Special Interest Group (SIG) a non-commercial group designed to promote discussion of wireless developer tips and tools. The first meeting is Tuesday, Sept. 18, 2001, and features Guest Presenter Rod Massie of Motient Corp., provider of eLinkSM and BlackBerry™ by Motient wireless email services. Rod’s topic is Developers’ Tips & Secrets for Motient’s Terrestrial Network and Motorola’s DataTAC Technology. The free meeting runs from 6:00 PM to 8:30 PM at the Marriott Suites, 8535 W. Higgins Road, Chicago, Illinois.

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/21/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/21/01

Clipped from: http://www.stratvantage.com/news/082101.htm

The News – 08/21/01

May I See Your Passport, Please?

Regular readers know I am not a fan of Microsoft’s monopoly tactics, although I am a fan of some of their software, and certainly appreciative of their leadership in creating the desktop revolution. But even died-in-the-wool Microsofties should be concerned about Microsoft’s Passport service and the company’s plans to make it ubiquitous.

The idea behind Passport is simple. It’s the idea behind a lot of Microsoft’s software, and it’s at the root of most of Microsoft’s security problems: Convenience. If you’re like me, you’ve created accounts at all sorts of Web sites. There are email accounts, discussion groups, white paper download registrations, eCommerce accounts – you name it. If you’re like most people, you have a problem remembering passwords. In fact, you may use names of family members or pets as your passwords (which is a really bad idea). Chances are, very few of your passwords are secure, meaning a cracker could guess them or use software to discover them quite easily. You may even use the same password for all your accounts (also a really bad idea; for more information on creating secure passwords, check this out).

Microsoft, to their credit, have offered to solve this problem with Passport. But there are some very disturbing aspects to the service. Basically, when you create a Passport account, which you must do, for example, to use MSN Messenger, HotMail, or Microsoft Support, you store lots of personal information on Microsoft’s servers. Already I have a problem with this. We trust all kinds of companies with intimate details of our lives and selves. MasterCard knows a lot about my purchasing habits. ATT knows a lot about my calling habits. Northwest Airlines knows a lot about my traveling habits. Having this sort of information in the hands of commercial interests is a necessary evil. Where the problem comes in is when this information is combined. For example, suppose thieves could access my electric bill, my Northwest account, and my MasterCard account. They could tell when I’m on vacation and come and steal the new TV I just bought. (Notice to thieves: This is a hypothetical scenario; I’m waiting for the HDTVs to come down in price before buying another.)

Using Passport, Microsoft becomes aware of a lot of your personal information as well as a lot of your behavior. The way the service works is, when you visit a site that uses Passport, Microsoft forwards your credentials to that site, and obviously knows what site it is. So if I have a yen for Japanese porno sites, Microsoft knows. If I purchase Viagra online, Microsoft knows. In fact, anything I do online, Microsoft knows. It’s a marketer’s dream, and a law enforcement dream. That’s problem number 1.

Another problem involves the way Passport actually works. There are two main concerning areas:

· First, Passport is being built in to Windows XP, Microsoft’s next operating system. Thus XP users will use the same password to log in to their system each morning as they use with the Passport system. Since people rarely use secure passwords on their personal systems, this is a problem. Also, if crackers compromise the Passport password, which is bad, they also have access to your computer, which is worse.

· Second, and more important, when you visit a Web site that uses Passport, a cookie containing your credential is placed on your hard drive. A cookie is a plain text file that contains information regarding a Web transaction. Cookies are normally used for things like identifying you by name when you return to a site, or saving the status of a transaction so it can be recovered if the connection is broken. By placing the credential in an insecure, easily readable file on your computer, you are left wide open to identity theft. It is quite easy to steal a cookie, and thus quite easy to masquerade as another user.

Finally, Microsoft has a children’s service called Kids’ Passport which many privacy advocates feel collects more information than necessary from this vulnerable group.

The issue is complex, and I encourage you to read the C|Net article linked below and view the video from the article to get up to speed on some of the issues. Businesses especially need to be aware of the possible impact of a Microsoft hegemony on authentication. If their scheme plays out, you may be forced to use them for all Web site authentication simply because they’ve established yet another monopoly. Given Microsoft’s dismal security record, that could be a problem.

C|Net

Briefly Noted

  • Shameless Self-Promotion Dept.: My speech at the Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will You Have to Have It? What You Need to Know About Future Tech and Your Business,” is now available .

    Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .

  • Planet of the Apps: There’s a tremendously funny video you’ll never see on World’s Funniest Videos but which has caused a bit of a stir in software circles. It seems Steve Ballmer, excitable head of the World’s Funniest Monopoly, Microsoft, got a little pumped up at the beginning of his keynote at a recent internal conference. Many wry commentators have suggested his antics confirmed the origin of the human species with the apes. You be the judge.
    Jump Jive and Wail (You’ll need a media player that can handle MPEG files like, say, Apple’s QuickTime)
  • Let Be Be Finale of Seem:You probably never heard of Be, but they created BEOS, a wonderful operating system, and were run by Jean-Louis Gassée of Apple fame. I’m not really sure what Palm’s got in mind here, but the acquisition, for $11 million in stock, sparked this wonderful quote from US Bancorp Piper Jaffray analyst William Crawford: “Where they have to go, Be already is.” Is you is or is you ain’t my OS?
    C|Net
  • Jargon Watch:This is a bit old, but I’ve just run across a new “C-level” title that made me laugh. Back in April, troubled Internet Service Provider (ISP) PSINet, in an effort to show exactly how serious they were about returning to profitability and surviving NASDAQ delisting, appointed Lawrence Hyatt, their chief financial officer, to the newly created position of Chief Restructuring Officer (CRO). Must not have worked. PSINet filed for Chapter 11 protection in early June, and then promptly contributed to a major Internet outage when ISP Cable & Wireless intentionally stopped peering with it. (Peering is the practice of swapping traffic and is part of what makes the Internet work.) When C&W quit peering, every PSINet customer could not longer see sites on C&W networks, and vice versa. Since smaller ISPs buy connectivity from larger ones like C&W and PSINet, this affected whole sections of the country. Nice restructuring, guys! Hyatt has returned to his old title, CFO.
    C|Net
  • Nothing To Disclaim At This Time: The UK site, The Register, which is a bit of a gadfly on the rump of information technology, ran a contest back in May to find the most outrageous disclaimers. You know disclaimers: that bunch of rubbish at the end of a report or a post or an email that intends to absolve the writer of everything short of being born. I particularly like the winner of the Longest Disclaimer competition, which was won easily by investment house UBS Warburg. This 1,081-word nauseous gasser ends with a declaration that truly reflects the uncertainty and even the futility of life: “E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.” So if we gave you a virus, tough bounce. I think I’ve lost the will to go on.
    The Register
  • Things That Make You Go Hmmmm Dept.: In April, Sony released a version of Linux for its PlayStation 2 console. What can they be thinking? PS2 already plays DVDs. Hmmmm. Could it be the uber-consumer-device a-borning? Thanks to Alert SNS Reader Todd Mortenson for the pointer.
    DI Wire

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/17/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/17/01

Clipped from: http://www.stratvantage.com/news/081701.htm

The News – 08/17/01

A POX on P2P

Once again consumers may lead a technology revolution that will advance technology that can be used by business. Many analysts have recognized that peer-to-peer (P2P) computing and wireless technology is a match made in heaven. You’ve got all these devices out there in people’s pockets. What if they could communicate directly with one another? The possibilities are endless. I particularly can’t wait for a wireless application to help me find kindred contacts at business networking meetings and conferences, for example.

Now it’s looking like gaming may be the killer app for wireless P2P. Alert SNS Reader Andrew Hargreave sends along an item on toymaker Hasbro’s efforts to market their new peer-to-peer handheld game, POX. In a twist to the tired cliché, “viral marketing,” Hasbro operatives hit the playgrounds of Chicago asking kids, “Who’s the coolest kid you know?” They then found the cool kids in question, and asked them the same question. They continued in this way until they found a kid who replied, “Me.” (Is it just me, or is this kind of a creepy way to do marketing? Do you want strange adults asking these questions of your kids?)

About 1,600 of these so-called alpha pups were corralled in small groups and given the pitch for the POX game (which Alert SNS Reader Deb Ellsworth says should be referred to as a “game platform.”) Playing POX involves creating alien warriors, called Infectors, to use to fight other players and collect their body parts. The game contains a radio frequency unit that allows players within 30 feet to play, even through walls. Each alpha pup was given 10 of the $25 units to give out to their friends. The characters the players create can be set to do battle automatically with any fellow player who walks by, even while the unit sits in a school locker.

In other infectious news , 10,000 middle-school-aged students in Detroit, Miami, and Union City, New Jersey, are testing a program called "Cooties" on donated and pre-owned Palm PDAs. The University of Michigan’s Center for Highly Interactive Computing developed the classroom learning program, backed by a $16 million Palm and National Science Foundation grant, with the aim of teaching kids about the ways diseases spread. To spread Cooties, teachers beam a fictitious virus to selected Palms. Students break into smaller groups and map how the virus spreads throughout the class. Palm obviously hopes the project will show teachers that teaching using Palms is easier than using personal computers.

In Sweden, Ericsson R520 cell phone owners play the game BotFighters, in which the object is to create a robot and send text attack messages to a central game server and thence to your intended victim. While the game does not use P2P technology, the “bullets” you use have a limited range. You can use the game’s “radar” to determine the location of an opponent and players often pursue each other trying to get into range for a wireless shot. I shudder to think of what real-world methods fanatic players will use to bag their prey. European cell phone carriers need to find some reason to extract extra money from users since many of them paid exorbitant prices for the radio spectrum necessary for the next generation 3G wireless services. BotFighters players pay an extra $5 to $10 a month on top of their cell phone charges for the privilege of playing the game.

There are likely to be many more P2P wireless games in the near future. This past spring Pocit Labs of Sweden released its BlueTalk development kit which enables wireless applications using Bluetooth, the popular short-range wireless standard. This week, Impart Technology released its Java-based Impart Technology SDK, which creates applications that automatically configure ad hoc infrared connections among mobile devices. Most PDAs and some cell phones feature infrared connectors. The company said Bluetooth will be supported by the end of the year.

Despite the fact that businesses are ordinarily not too concerned about games (except when they impair productivity), enterprises should keep an eye on the wireless P2P gaming arena, as it will probably generate several innovations that can be put into practice in business computing. Besides, knowing this stuff helps you look cool (OK, somewhat more cool) to your kids.

New York Times

Briefly Noted

  • Shameless Self-Promotion Dept.: My speech at the Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will You Have to Have It? What You Need to Know About Future Tech and Your Business,” is now available .

    Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .

  • PDF Virus Spreading: One doesn’t often worry about virus infection when opening any of the myriad of Portable Document Format (PDF) files on the Internet. Traditionally, Adobe’s PDF files have been considered benign, much safer, for example, than Microsoft’s Word documents, which can contain nasty viruses. Alert SNS Reader David Dabbs passes along an item concerning a PDF virus called Outlook.pdf. Although the virus is considered experimental and not very deadly, it can presage a new infection type that is likely to now become popular. According to a ComputerWorld article:

In order to spread itself, the virus uses Adobe Acrobat and functions of Microsoft Corp.‘s Outlook that have never been used before. According to both researchers, the worm uses Outlook to send itself hidden in a PDF file. When opened using Acrobat, the file will launch a game that prompts the user to click on the image of a peach. After the user clicks on the image, a Visual Basic script is run and the virus gets activated, they said.

The virus spreads itself using all the addresses from the e-mails in any Outlook folder, not just the program’s Address Book, and it will send itself in a PDF file, and disguising itself by changing the e-mail’s subject, body and attachment lines every time, they said. An image from the game can be seen at HispaSec’s Web site.

Fortunately, you don’t need to worry unless you have the full version of Adobe’s Acrobat. Most people use the Acrobat Reader that allows you to read PDF files. The full $249 Acrobat package lets you create PDF files as well. There’s no telling whether just reading a PDF will ever spread a virus. So be careful out there.
ComputerWorld

  • Another One Bites the Dust: Apparently, the Industry Standard magazine is closing up shop and seeking a buyer. This is a pity, as I rather enjoyed their coverage of eBusiness. The company blames the cost of splitting off from IDG and readying for an IPO. The Web site thestandard.com will continue for the time being, employing the remaining 20 of the 180 workers. Thanks to Alert SNS Reader David Dabbs (in another SNS twofer) for the pointer. Also noted: Beenz follows Flooz into the dumper. Online currency vendor Beenz has declared the end of the Beenz economy as of August 26th. Their demise couldn’t have had anything to do with their stupid name, right?
    C|Net

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — StratVantage News Summary 08/15/01

From Evernote:

StratVantage Consulting, LLC — StratVantage News Summary 08/15/01

Clipped from: http://www.stratvantage.com/news/081501.htm

The News – 08/15/01

Congress Puts the Squeeze On ICANN

Poor Vint Cerf. The guy practically invents the Internet (by inventing the TCP/IP transport it runs on) and this is his reward: to preside over a bureaucracy that should be the most powerful force on the Internet, but which is mired in global politics and has little independent power. Cerf is Chairman of ICANN (The Internet Corporation for Assigned Names and Numbers), the non-profit corporation that is supposed to be the authority on a number of technical workings of the Internet, including the assignment of domain names. Domain names form part of the human-understandable addresses you type into your Web browser. Examples include yahoo.com, aol.com, and StratVantage.com.

Over the last year or so, ICANN has struggled to identify and release what are known as Generic Top Level Domains (gTLDs). The current gTLDs include the popular .com and .net as well as .gov, .edu, and .mil. While it is possible for companies or individuals to make up and register any arbitrary second level domain (the yahoo, aol, or StratVantage portions of a Web site address), ICANN is the only recognized entity that can authorize the creation of new gTLDs, although others have tried (for example, New.net, as previously reported in SNS). ICANN authorized the creation of seven new gTLDs (.biz, .info, .pro, .name, .coop, .aero, .museum) last November. These new gTLDs are in the process of being rolled out now, as previously reported here and here .

ICANN’s major problem is summarized in its backgrounder document:

ICANN has no statutory or other governmental power: its authority is entirely a consequence of voluntary contracts and compliance with its consensus policies by the global Internet community. It has no power to force any individual or entity to do anything; its ‘authority’ is nothing more than the reflection of the willingness of the members of the Internet community to use ICANN as a consensus development vehicle.

While the Internet has always worked on “rough consensus and working code,” the consensus has gotten rougher and harder to obtain since the Internet became commercialized in 1995. The rest of the world has resented the control the US government has had over the Internet, and especially the arbitrary rule of Network Solutions, which used to have the monopoly on assigning domain names until ICANN and the US government opened the task to competition in 1999.

As if dealing with global squabbling over domains wasn’t enough, now ICANN Chairman Vint Cerf has to deal with pressure from Congress which, in its typically clueful way, has decided to hop on the bandwagon by demanding that ICANN add even more gTLDs. The House Energy & Commerce Committee and the Internet Subcommittee sent a joint letter Monday to Commerce Secretary Donald Evans urging him to lean on ICANN to create a .kids domain. Apparently our elected representatives feel if there’s a .kids domain, somehow kids will be safer on the Internet. In order for that to happen, of course, we’d need some kind of oversight organization to approve not only the applicants for these domains, but also all content. Hmmm. Sounds like censorship. But it’s for the kids! Who could complain? Anyway, the oversight organization is not likely to be ICANN, with its 14 staffers and 19 board members (OK, what’s wrong with that picture? More bosses than workers?). Why, this sounds like a job for SuperCongress!

Strangely enough, Congress is missing the point. More gTLDs are not going to solve anything, as I argue in the TrendSpot and a previous SNS. Basically trademark owners will register in every unrestricted gTLD. In addition to coke.com, coke.net, and coke.org, you’ll see coke.biz, coke.info, coke.name, even coke.kids, all owned by the Coca Cola Company. How does this help? Rather than opening up opportunities and widening the name space, the new gTLDs will just increase the number of domains trademark holders will register. While restrictions on some of the gTLDs will help (.pro is only open to accountants, lawyers, and physicians), I think the new system will just foster confusion. I can even see Coke arguing that they should be granted coke.museum because they run a museum of Coca Cola products.

Whatever happens, businesses need to be aware that the opportunities for registering their trademarks in the new gTLDs may be drawing to a close. The sunrise period, the period during which trademark owners can make their case for ownership of a domain name, for the .info domain ends August 27th, for example. If you don’t register your name, what are the chances your competitor or a domain squatter will? So if you’ve got a .com, you need to be acting now to secure your new .biz or .info domain name.

Newsbytes

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. today, Tuesday, August 14th in St. Paul, MN. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.”Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .Plus, I’ve updated my Resources page to include several interesting links to eCommerce, online news, information, and opinion Web sites. These are some of the sources I use to compile SNS. The page is a bit disorganized at the moment, as I’m still adding to it.
    MN Entrepreneurs
  • I’m Getting a Bit Floozy: Flooz (stupid name alert), the online incentives vendor used by firms such as P2P hive computing firm DataSynapse , has ceased operations and is looking for a merger or acquisition. Flooz worked as sort of an online trading stamps (remember S&H Green Stamps or Gold Bond Stamps?) provider. Companies would buy Flooz points and distribute them to users. In DataSynapse’s case, they used Flooz to compensate members who donate computer time to their P2P network. Visits to Flooz’s Web site produce a message that they can’t handle your transaction now, but are working to remedy the situation. In a press release, Flooz said they have suspended operations due to the effect that economic conditions have had on its client base. The statement also said that capital market conditions have proved challenging and that the company is engaged in merger discussions with more than one company.
    Flooz
  • The New Harrow Report: As previously reported here , Jeffrey Harrow has left Compaq and the newsletter he wrote for 15 years, the Rapidly Changing Face of Computing, and struck out on his own. He recently released the inaugural issue of The Harrow Technology Report, which, oddly, looks a whole heck of a lot like the old RCFOC, for which we’re grateful. Harrow promises to broaden the scope of his new newsletter beyond the familiar computing, wireless, nanotechnology, and related emerging technology focus of RCFOC.
    The Harrow Technology Report
  • Access Up In the Air: Also as previously reported in SNS , chances are getting better that your next Internet access provider will service you from at least 50,000 feet straight up. Two more companies are pursuing the goal of delivering access from perpetually flying high altitude aircraft. AeroVironment’s Helios unmanned 254-foot flying wing uses solar panels and a water-based fuel cell to fly at 65,000 feet around the clock. The company recently completed an 18-hour record-setting continuous flight and on Monday, broke the high altitude flight record, crusing at 85,100 feet. The company will offer up to 150Mbps service. Unlike the Helios, which would land every 6 months or so for servicing, Advanced Technology Group’s StratSat blimp will stay aloft at 60,000 feet for up to five years at a time. The Teflon®-coated airship will also use solar power and can carry a payload the equivalent of three 747s.Newhouse News Service
  • E911 To Be Delayed: While we’re at it, another update to a previously-reported story: Verizon and the other major US wireless carriers are warning that they won’t make the October deadline for compliance with the FCC’s E911 initiative. E911 specifies that carriers be able to locate a cell phone making a 911 call to within 167 feet for 67 percent of calls, and 500 feet for 95 percent of calls. The 1997 mandate has already been delayed, but Verizon claims the technology to enable compliance has only just now come on the market. Companies not showing significant progress could be fined. Locating cell phones will open up the possibility of location-based services, as well as location-based advertising. See the TrendSpot for more information.
    New York Times (it’ll cost you)
  • Oh, How the Mighty Have Fallen, Part DXCIII: Web site webmergers.com reports that at least 592 Internet companies have folded since January 2000, 32 in July alone. Well, this is not quite a quit-business failure, more of a bailure: The founder of Buy.com has bought all outstanding shares of the company, which once traded as high as $209, for 16 cents apiece. On a positive note, July’s failures were the lowest since September 2000, and buyers spent more than $3 billion acquiring 99 dot-coms during the month.
    eCommerce Times

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/10/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/10/01

Clipped from: http://www.stratvantage.com/news/081001.htm

The News – 08/10/01

A Grand Conspiracy Theory

Alert SNS Reader David Dabbs sends along a pointer to Robert X. Cringely’s polemic, “The Death of TCP/IP: Why the Age of Internet Innocence is Over.” This was actually one of the top links listed on Blogdex , which was covered in a recent SNS.

Anyway, Cringely blames Microsoft and its “business decision” not to include security in its operating systems or applications for the sorry state of affairs today. Any enterprising moron can create and release a virus based on Microsoft’s Visual Basic and its ever-helpful Outlook email client. Cringely states that the impending Windows XP “is the first home version of Windows to allow complete access to TCP/IP sockets, which can be exploited by viruses to do all sorts of damage. Windows XP uses essentially the same TCP/IP software as Windows 2000, except that XP lacks 2000’s higher-level security features. In order to be backward compatible with applications written for Windows 95, 98, and ME, Windows XP allows any application full access to raw sockets.” If you’re not sure of what raw sockets are, basically what Cringely is saying is that XP is bad because virus writers and crackers will have tremendously more power to wreak havoc.

Cringely doesn’t stop there. He says he’s heard from several sources that Microsoft’s Grand Plan is to make the TCP/IP protocol that runs the Internet unusable so the company can ride to the rescue with its own proprietary protocol. He even postulates that Microsoft would get Congress to mandate the new protocol to solve kiddie porn and other disgusting Net problems. It is a tribute to Microsoft’s already considerable conspiratorial efforts that this “rumor” doesn’t sound implausible. The company is already pushing its Passport technology as the standard for managing users’ personal information on the Internet, for a fee, of course. Hook Passport to a proprietary protocol from Microsoft, and you’ve got a pretty believable scenario for Web hegemony.

Personally, I’m skeptical that Microsoft would be willing to damage the Web in order to gain control over it. I’m much more willing to believe that the addition of raw sockets access without sufficient security is just another blunder by a company that can’t seem to buy a security clue (despite $12 billion a year in research). Nonetheless, I do not doubt that Microsoft will employ its very effective “embrace and extend” technique to try to gain control of the Internet. I fully expect to see some kind of “value-added” proprietary communications protocol come out of the monopoly. But it seems very unlikely that Microsoft would sabotage one of its products to bring about total control of the Net. But that’s just my opinion, and I could be wrong.

PBS

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.

    Also, I’ve re-ranked the trends in the TrendSpot , and added a new one, Remaking the Web.
    MN Entrepreneurs

  • Test Your Security: By now, you might be wondering if you need some protection against viruses, worms, cracker attacks, and all the other baddies on the Internet. A good place to start is Steve Gibson’s Shields Up site, which will analyze the current security of your computer and make recommendations on improving it. One thing everyone should have is a personal firewall such as the free Zone Alarm from Zone Labs. Even if you have a hardware firewall, Zone Alarm can protect you against Trojans, programs that mimic real, useful programs, but do bad things like sending your passwords to an Internet server. BTW, you should always run a firewall when using a dialup connection to the Internet. Once you do, you’ll be surprised at how many times Zone Alarm alerts you to an intrusion attempt it has blocked.
    Zone Alarm
  • Of Patents and Matchmaking: Alert SNS Reader John Gehring had a couple of comments about the previous SNS: “Regarding patents, the plant biotech industry went through the same process. I handled media relations when our competitors issued news releases announcing extremely broad patents. Every time our employees and dealers freaked, and the courts overturned every broad patent in the end.

    ”The P2P dating app reminded me of a bar that I went to in NJ in 1989. In a cruder version of what your source describes, each table had a large number posted, and a phone that you could use to call other tables. No caller ID back then, though.” Sure, there are lower tech versions of the matchmaking app, but one difference could be the amount of control involved. If you go to one of those bars, you’re looking to meet someone. But if you happen to forget to turn off that function on your PDA, or if you can’t turn it off, that could be disoptimal.

  • With This Ring, I Thee Scan: Alert SNS Reader David Dabbs noticed that UPS is implementing what is being called the largest wireless LAN and short-range wireless Bluetooth network. It involves a wireless Bluetooth ring-based scanner that workers throughout its worldwide distribution hubs will use to scan barcodes on packages and transmit the information through a hip-based 802.11b wireless terminal. The brown-suited Lords of the Rings are expected to help the company reap a payoff of $13.7 million per year over a five-year period. After a pilot at their Chicago facility, UPS plans to rollout 50,000 Motorola terminals next year to its 2,000 worldwide distribution centers. This project is especially notable since Bluetooth and 802.11b, which operate on the same unlicensed wireless frequencies, have been known to not get along too well.
    ComputerWorld

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/08/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/08/01

Clipped from: http://www.stratvantage.com/news/080801.htm

The News – 08/08/01

IBM Legitimizes P2P

IBM is investing $4 billion to build 50 computer server farms around the world to try to turn computing into a utility like electricity or water. Based on the peer-to-peer (P2P) computing concept variously known as grid computing, distributed computing, or hive computing, IBM will allow users to purchase supercomputer-grade computing power that is produced by combining the resources of dozens or hundreds of relatively inexpensive servers. IBM will use an Open Source distributed computing system from Globus , a cooperative effort involving several universities, NASA, and the Argonne National Laboratory.

To say that this validates the hive computing approach is an understatement. There are various dot-com startups trying to develop the hive computing market, including DataSynapse , Parabon , Distributed.net , and United Devices . Many have found it tough sledding. Two of the most publicized early entrants, Popular Power and Process Tree, closed their doors earlier this year. These and other hive computing companies are listed in the P2P for Business Directory .

The target market for hive computing currently includes companies with large computing needs – companies that otherwise would need to buy expensive supercomputer time. These include companies in the life sciences (gene sequencing, protein folding, cancer cures), oil exploration (crunching massive geological databases), meteorology (climate prediction), automotive and aerospace (crash simulation, virtual wind tunnel tests, design rendering), entertainment (animation, special effects), and financial (derivatives pricing) markets. However, if hive computing is legitimized and becomes affordable, the market could open to pretty much any large enterprise and used for such mundane tasks as nightly database updates or payroll processing. There’s more on hive computing in my white paper, The Buzz About Hive Computing .

Of course, there are also many darker applications, such as nuclear weapons design and encryption-breaking. Indeed, any privacy or security scheme that depends on bad guys not having access to tremendous computer resources should be rethought. In fact, an early demonstration of the power of hive computing was the 1997 breaking of RSA’s 56-bit encryption key by a network of thousands of computers linked over the Internet.

Also, not every large computing application will be appropriate for a hive computing solution. Any application requiring real time response or tremendous coordination between resources will not benefit from loosely federated hive clusters due to the amount of network latency (delay from transporting information across the Internet or other network) inherent in such an approach.

What the IBM announcement means is that the idea of computing as a service has really arrived. IBM’s $4 billion investment is one more step toward a future where computing is no longer a place you go (to sit in front of a keyboard and monitor) but rather a service of the environment around you. In this case, supercomputing has become not a tremendously expensive investment in hardware, air conditioning and raised-floor data centers, but something you buy by the piece. Businesses with large investments in computing capacity and any business with CPU-hungry applications should definitely explore this new trend. Even companies without accelerating computing needs should be aware of hive computing. Be on the wave or under it™.

Wall Street Journal (requires subscription)

Briefly Noted

  • Shameless Self-Promotion Dept. Correction: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.

    Also, the P2P for Business Directory has been listed on the University of Tennessee’s P2P Information Page .
    MN Entrepreneurs

  • VenueMaitred Networks People: Alert SNS Reader John Gehring sent along information about a new service that will debut at the Wireless World 2001 trade show in New York in late September. VenueMaitred (stupid name alert: Wouldn’t VenueMaitreD be better?) is a suite of wireless information tools for conference-goers and other travelers. It uses the 802.11b protocol, AKA WiFi™ or WLAN, to connect users to information and services at hotels and conference venues. But of more interest is the possibility of enhancing business networking and even, dare we say it, dating. Cruising a tradeshow and cruising for a simpatico companion are very similar. Both are terribly random, except at least prospects at trade shows have business cards. The chairman of Wireless World 2001 puts it this way: “I could see Hooters or college bars setting up a wireless LAN, or cruise ships. If people had more pocket PCs and every bar has a wireless LAN, you could be walking down the street and you might pass a bar, search the profiles of the people there. You see that there are 30 girls with certain vital statistics, all looking for someone like you. It is amazing, the implications it could have.” There’s no need to point out that Wireless World Chairman Jonathan Sarno is a guy, is there?
    mCommerce Times
  • More Signs the Patent Office Doesn’t Get It: Alert SNS Reader Andrew Hargreave sends along news that antivirus vendor McAfee was recently granted a patent on software as a service. The patent covers both the business and technology models used to deliver software services through a browser. CEO Srivats Sampath gloated, “You either work with us, or you work around this patent.” Here we go again. There have been a number of extremely broad patents granted since the early ‘90s. Quarterdeck’s patent on swapping memory and Compton NewMedia’s patent on multimedia spring to mind. More recently, Amazon got a patent on the idea of clicking once to buy a book. In general, time has cured these incredible goofs by the USPTO. We can only hope it will again.
    InfoWorld
  • Don’t Get Gatored: There’s a new, rather unsavory, ad practice becoming popular on the Web. Named for the software plug-in that started it all, gatoring means to pop up a window from a rival Web site when a user visits a competitive site. For example, users who go to 1-800-Flowers.com see a pop-up ad offering a discount at FTD.com. The culprit is the Gator plug in, which is a password and user ID management program that users download and use with their browsers. Unbeknownst to many of these users, Gator has sold keywords to advertisers and pops up ads when the user visits a related site. But the practice is not limited to Gator. Other companies such as TopText, eZula, and Microsoft all have similar technologies. Microsoft’s version, Smart Tags, was profiled in an earlier SNS. To make matters worse, it can be hard, if not impossible, to remove these obnoxious plug-ins once installed. LavaSoft makes a program called Ad-Aware that can help uproot the little buggers.
    ZDNet

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — The News – 08/06/01

From Evernote:

StratVantage Consulting, LLC —

The News – 08/06/01

Clipped from: http://www.stratvantage.com/news/080601.htm

The News – 08/06/01

The Cashless Society and Your Privacy

The recent SNS article, Wireless and Cashless , provoked a response from Alert SNS Reader John Skach. During an email exchange, we debated whether the dual technologies of wireless position-sensing (the ability to find you by tracking your cell phone) and cashless transactions (the ability to track your purchase behavior) represent a slippery slope toward Big Brother-ism. I expressed the opinion that I almost preferred the government knowing more about me than corporations, because there’s at least some possibility of controlling what the government does with the information. John begged to differ. The following is an edited version of his response, which brings up some of the issues around our use of these new technologies.

For the commercial side – no I don’t mind. There are strong market forces at work there. First time they screw up and expose me to something insidious, they’re toast and they know it. Despite all the hoopla surrounding online credit card transactions, more fraud occurs from retail personnel lifting numbers and names during physical activity than any bad stuff on the web. Something funny actually happened when someone pointed out that little fact to the credit card agencies: Suddenly the carbons disappeared – almost overnight.

On the other hand . . .

When my ex-wife went thru five years of hell with breast cancer, we didn’t get the genetic test done for a reason. Given her heritage (Ashkenazi Jew), there is a 75% chance she would have tested positive on the BRCA 1 and BRCA 2 [breast cancer gene] tests. However, since we had no idea what that information may do to our daughter’s future insurance eligibility – we didn’t get the test done. Hell, we already knew my ex-wife had cancer. That family history alone at some point in my daughter’s life will give her problems with insurance companies.

The government – now that’s a whole other story. Twenty-dollar bills are popular for a reason. There are pros and cons to all information trading. Gee if I could get rid of my yearly nightmare of tax filing by sharing a tad more information (what exactly remains to be seen), I would most certainly allow that information to be gathered.

Amex is probably on the right track with the one-time credit card numbers but I’m not sure where that goes.

Each day we make little decisions about how much of our privacy to release and how much to hold back. There is a constant trade off of effort and convenience. The price we pay more and more is that little bit of privacy. How do we stay connected and keep it? Use garbage email accounts like Yahoo Mail or Hotmail, or anonymous IP address providers. How much do you want to spend versus what you get? [I particularly like this point. We should all put a value on our personal information and consider giving it up as a form of spending that we watch as closely as any other spending.]

Don’t know that this is all that new a thing actually. The woman I am dating is from a small town outside Peoria. Everyone, and I mean EVERYONE, just knows that she is dating a drug dealer from Chicago who drives a BMW instead of a mild-mannered software engineer with great taste in cars. <wink, wink> How much privacy is there really in a small town where everyone knows everyone’s business anyway? Metropolitan life offered privacy simply through the ability to lose oneself in a crowd. Nowadays though, one of the script kiddies’ favorite things to do is to bang on your next door neighbor’s IP address on the shared broadband connection and see just exactly what is on their hard drive. I used to watch all the attempts on my firewall when I was connected via cable instead of DSL. Was kind of funny. The moral equivalent of school kids peeking in windows to see if it’s true about what they heard about the young school teacher’s evening entertainment.

This reminds me of a similar point about window peeping, made in John Keller’s rant, Big Brother :

The socialist’s dream of constant observation as a means of people control is arriving, albeit 17 years behind Orwellian schedule. Like Will Smith, in “Enemy of the State,” the g-men know where we are, and what we are doing at all times. Well, not at all times, just when we’re in “public”. So far Tampa and Virginia Beach are the only two cities stupid enough to announce what they’re actually doing. No doubt some cities with “traffic cameras” propped up all over the place have designs or have already linked similar software to track specific vehicle or personal movements from camera to camera. All to more safely design highways, and understand traffic patterns, you see. We’re Government, and we want to serve you, our customer! [For a more insidious potential threat, there’s a company building video capabilities into highway lane reflectors. I profiled them in my speech, The Next Wireless Killer Apps: Will You Have to Have It? ]

Finally, people are starting to wake up. The apologists’ argument for this system usually goes along the lines of “If you haven’t done anything wrong, you don’t have any reason to object to it.” Sure. Why don’t we let stalkers and Peeping Toms use the same argument in court? Because it’s an invasion of privacy. The folks in the streets, the ones who know Soviet-style thought control when they see it, understand that this changes the dynamic completely. You aren’t considered innocent until proven guilty under this system. You have no right to privacy, not in public at least, and the government is a master of making the steepest slippery slope arguments look prophetic in hindsight.

A pet peeve of mine is the response I often get when I bring up privacy concerns: “Well, I don’t do anything illegal, so I don’t really care.” What you do is not illegal yet. And I’m sure you never, ever, exceed the speed limit, or take too many items into the express checkout lane at the supermarket. Anyway, John Skach wraps up:

I’m not saying that the loss of privacy is good, merely observing that once again the pendulum swings.

Unfortunately, the pendulum could stay swung, especially if Microsoft’s HailStorm service takes over authentication and user information validation services on the Internet. The service is based on Microsoft’s Passport service, which, by the way, you have to sign up for if you want technical support from the software monopoly. Passport stores information about users—ranging from their address to their credit card numbers to their favorite Web sites—on server farms operated by Microsoft.

So what’s the big deal? Microsoft plans to charge you for access to your own information, that’s what. According to Summit Strategies, “It expects to charge an as-yet-undetermined subscription fee to HailStorm customers and also to charge some usage-based fees—for example, fees for customers that require more than a base-level storage capacity for their Web-based data and documents.” That’s some catch, that Catch-22 . Other problems with the proposed service include the vulnerability of a single location that stores important information to not only typical Web site glitches, but also to hackers.

Regardless of how serious you think the question of privacy is, or how likely a Big Brother scenario is, businesses need to decide for themselves how much personal information to require of customers, and what the permissible uses of this information are. On the flip side, what kinds of information are being gathered about you, and how is it being used? If your business doesn’t have a privacy policy , you should get one. And if you don’t know what your doctor’s or hospital’s information-sharing policies are, I suggest you find out before information you’d rather remain private escapes.

TechRepublic

Briefly Noted

  • Shameless Self-Promotion Dept. Correction: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.
    MN Entrepreneurs
  • Metricom Out of Business: Success has many fathers; failure has many analysts. Ricochet sounded like such a good idea: Offer 128Kbps wireless Internet access in major metropolitan areas. That’s more than twice the speed of dialup modems. Who wouldn’t want it? Well, lots of folks, it turns out. They stayed away in droves, and now Metricom, after filing Chapter 11 only a month ago, is quitting business. The analysts are in a feeding frenzy, trying to determine how a can’t miss proposition went south. Some blame the price, $70/month. Some blame the positioning: It probably wasn’t smart to target consumers rather than businesspeople. Whatever the reason, some lucky company can receive a potential windfall as the entire Ricochet wireless network, which consists of 17 wired cities, the company’s patents, its spectrum and its subscribers, goes up for auction August 16th.
    The Standard

Return to Mike’s Take

StratVantage Consulting, LLC — The News – 08/06/01

From Evernote:

StratVantage Consulting, LLC —

The News – 08/06/01

Clipped from: http://www.stratvantage.com/news/080601.htm

The News – 08/06/01

The Cashless Society and Your Privacy

The recent SNS article, Wireless and Cashless , provoked a response from Alert SNS Reader John Skach. During an email exchange, we debated whether the dual technologies of wireless position-sensing (the ability to find you by tracking your cell phone) and cashless transactions (the ability to track your purchase behavior) represent a slippery slope toward Big Brother-ism. I expressed the opinion that I almost preferred the government knowing more about me than corporations, because there’s at least some possibility of controlling what the government does with the information. John begged to differ. The following is an edited version of his response, which brings up some of the issues around our use of these new technologies.

For the commercial side – no I don’t mind. There are strong market forces at work there. First time they screw up and expose me to something insidious, they’re toast and they know it. Despite all the hoopla surrounding online credit card transactions, more fraud occurs from retail personnel lifting numbers and names during physical activity than any bad stuff on the web. Something funny actually happened when someone pointed out that little fact to the credit card agencies: Suddenly the carbons disappeared – almost overnight.

On the other hand . . .

When my ex-wife went thru five years of hell with breast cancer, we didn’t get the genetic test done for a reason. Given her heritage (Ashkenazi Jew), there is a 75% chance she would have tested positive on the BRCA 1 and BRCA 2 [breast cancer gene] tests. However, since we had no idea what that information may do to our daughter’s future insurance eligibility – we didn’t get the test done. Hell, we already knew my ex-wife had cancer. That family history alone at some point in my daughter’s life will give her problems with insurance companies.

The government – now that’s a whole other story. Twenty-dollar bills are popular for a reason. There are pros and cons to all information trading. Gee if I could get rid of my yearly nightmare of tax filing by sharing a tad more information (what exactly remains to be seen), I would most certainly allow that information to be gathered.

Amex is probably on the right track with the one-time credit card numbers but I’m not sure where that goes.

Each day we make little decisions about how much of our privacy to release and how much to hold back. There is a constant trade off of effort and convenience. The price we pay more and more is that little bit of privacy. How do we stay connected and keep it? Use garbage email accounts like Yahoo Mail or Hotmail, or anonymous IP address providers. How much do you want to spend versus what you get? [I particularly like this point. We should all put a value on our personal information and consider giving it up as a form of spending that we watch as closely as any other spending.]

Don’t know that this is all that new a thing actually. The woman I am dating is from a small town outside Peoria. Everyone, and I mean EVERYONE, just knows that she is dating a drug dealer from Chicago who drives a BMW instead of a mild-mannered software engineer with great taste in cars. <wink, wink> How much privacy is there really in a small town where everyone knows everyone’s business anyway? Metropolitan life offered privacy simply through the ability to lose oneself in a crowd. Nowadays though, one of the script kiddies’ favorite things to do is to bang on your next door neighbor’s IP address on the shared broadband connection and see just exactly what is on their hard drive. I used to watch all the attempts on my firewall when I was connected via cable instead of DSL. Was kind of funny. The moral equivalent of school kids peeking in windows to see if it’s true about what they heard about the young school teacher’s evening entertainment.

This reminds me of a similar point about window peeping, made in John Keller’s rant, Big Brother :

The socialist’s dream of constant observation as a means of people control is arriving, albeit 17 years behind Orwellian schedule. Like Will Smith, in “Enemy of the State,” the g-men know where we are, and what we are doing at all times. Well, not at all times, just when we’re in “public”. So far Tampa and Virginia Beach are the only two cities stupid enough to announce what they’re actually doing. No doubt some cities with “traffic cameras” propped up all over the place have designs or have already linked similar software to track specific vehicle or personal movements from camera to camera. All to more safely design highways, and understand traffic patterns, you see. We’re Government, and we want to serve you, our customer! [For a more insidious potential threat, there’s a company building video capabilities into highway lane reflectors. I profiled them in my speech, The Next Wireless Killer Apps: Will You Have to Have It? ]

Finally, people are starting to wake up. The apologists’ argument for this system usually goes along the lines of “If you haven’t done anything wrong, you don’t have any reason to object to it.” Sure. Why don’t we let stalkers and Peeping Toms use the same argument in court? Because it’s an invasion of privacy. The folks in the streets, the ones who know Soviet-style thought control when they see it, understand that this changes the dynamic completely. You aren’t considered innocent until proven guilty under this system. You have no right to privacy, not in public at least, and the government is a master of making the steepest slippery slope arguments look prophetic in hindsight.

A pet peeve of mine is the response I often get when I bring up privacy concerns: “Well, I don’t do anything illegal, so I don’t really care.” What you do is not illegal yet. And I’m sure you never, ever, exceed the speed limit, or take too many items into the express checkout lane at the supermarket. Anyway, John Skach wraps up:

I’m not saying that the loss of privacy is good, merely observing that once again the pendulum swings.

Unfortunately, the pendulum could stay swung, especially if Microsoft’s HailStorm service takes over authentication and user information validation services on the Internet. The service is based on Microsoft’s Passport service, which, by the way, you have to sign up for if you want technical support from the software monopoly. Passport stores information about users—ranging from their address to their credit card numbers to their favorite Web sites—on server farms operated by Microsoft.

So what’s the big deal? Microsoft plans to charge you for access to your own information, that’s what. According to Summit Strategies, “It expects to charge an as-yet-undetermined subscription fee to HailStorm customers and also to charge some usage-based fees—for example, fees for customers that require more than a base-level storage capacity for their Web-based data and documents.” That’s some catch, that Catch-22 . Other problems with the proposed service include the vulnerability of a single location that stores important information to not only typical Web site glitches, but also to hackers.

Regardless of how serious you think the question of privacy is, or how likely a Big Brother scenario is, businesses need to decide for themselves how much personal information to require of customers, and what the permissible uses of this information are. On the flip side, what kinds of information are being gathered about you, and how is it being used? If your business doesn’t have a privacy policy , you should get one. And if you don’t know what your doctor’s or hospital’s information-sharing policies are, I suggest you find out before information you’d rather remain private escapes.

TechRepublic

Briefly Noted

  • Shameless Self-Promotion Dept. Correction: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.
    MN Entrepreneurs
  • Metricom Out of Business: Success has many fathers; failure has many analysts. Ricochet sounded like such a good idea: Offer 128Kbps wireless Internet access in major metropolitan areas. That’s more than twice the speed of dialup modems. Who wouldn’t want it? Well, lots of folks, it turns out. They stayed away in droves, and now Metricom, after filing Chapter 11 only a month ago, is quitting business. The analysts are in a feeding frenzy, trying to determine how a can’t miss proposition went south. Some blame the price, $70/month. Some blame the positioning: It probably wasn’t smart to target consumers rather than businesspeople. Whatever the reason, some lucky company can receive a potential windfall as the entire Ricochet wireless network, which consists of 17 wired cities, the company’s patents, its spectrum and its subscribers, goes up for auction August 16th.
    The Standard

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/03/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/03/01

Clipped from: http://www.stratvantage.com/news/080301.htm

The News – 08/03/01

Attack of the Blogdex!

MIT’s Media Lab has released Blogdex , and index of, what else, blogs. Blogs are random musings published by those who think the world will care, like me . Basically, blogs make it easy to publish Web pages to any site you have FTP access to. The idea behind Blogdex is that most blogs have hyperlinks in them, and thus blog authors represent a good sampling of what people are interested in on the Net. Blogdex visits 9,000 blogs a day, and extracts the links. It then ranks the links by popularity.

The service is still getting off the ground. The number one link on today’s Blogdex was mentioned in only eight blogs. Number two is pseudonymous commentator Robert X. Cringely’s article on TCP/IP. The number 10 link was www.iwantanewgirlfriend.com , which is itself a blog, and which is sponsored by a sex toy I’ve never heard of: the world’s only oral vibrator, Tongue Joy. Others on the list concern the 20th anniversary of the PC, the fatness of Americans, and the poor guy who got nailed, literally, in the eye.

It’s pretty easy, at this point, to manipulate rankings based on such a small sample. Since Blogdex users can link back to the original blogs, being on the list means your blog can be exposed to more people. In a shameless display of oneupsmanship, I’ve added the top 10 sites to my Stratlets blog. Let’s see if I end up on the list. BTW, as yet another lesson of how important it is to have your own important business marks turned into domains, www.blogdex.com is not registered to MIT, but to an enterprising entrepreneur hoping to make a buck.

I’m having a hard time seeing this as representative of where ordinary mortals are going on the Web. A far better pulse can be gotten at Google’s Zeitgeist , which is a ranking of the most popular search terms on one of the Web’s busiest search engines. Here’s today’s top ten with my glosses:

1. sircam SirCam is an Internet worm that is actively spreading.
2. max payne Max Payne is a popular video game.
3. planet of the apes Popular movie
4. code red virus Obnoxious computer virus
5. howard stern Apparently there was a fist fight on Howard Stern’s radio program recently.
6. george harrison There have been a lot of rumors and counter rumors about Beatle George Harrison’s health.
7. etna Mt. Etna is erupting
8. heather mills Heather Mills is hot and engaged to Sir Paul the Cute One.
9. israel Who knows?
10. rivaldo Brazilian soccer midfielder

Now this is more like it: more sex, some rock and roll, some mayhem, and something for the geeks.

Those wanting a second opinion can check Lycos’ Top 50 , which includes with each listing an explanation of why they’re popular. Whichever list you look at, it behooves business people to realize that the Internet has become a mass market phenomenon, and there’s all kinds of people using it for non-business uses. No matter how popular your business site is, it’s not likely to appear in one of these lists.
Blogdex

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 7th in St. Paul, MN. The meeting is at the Minnesota Business Academy . My topic is "Will You Have to Have It? What You Need to Know About Future Tech and Your Business."
    MN Entrepreneurs
  • Sunrise Period for .info Domain: From now until August 27th, registered US and EU trademark owners can register their .info domains. BulkRegister is charging a registration fee for $5 per name, with a discount for volume. Registrations must be for a minimum of 5 years. Like all registrars, BulkRegister does not guarantee that the trademark owner will actually get the domain name. But there’s a better chance now than in the next phase, called Landrush, when names will go to any registrant. I have no idea how trademark ownership will be determined during the Sunrise phase. I’d be very surprised if the process can be completed by the deadline.
    BulkRegister.com
  • Open Services Coming? Gene Kan, ex-Gnutella, ex-InfraSearch, current JXTASearch leader, writes about an evolving technology trend akin to Open Source, which brought us most of the tools that the Internet runs on. An outgrowth of the peer-to-peer (P2P) movement, Open Services involve the sharing of idle resources, which, due to Moore’s Law , have become extremely abundant. As Kan puts it:

The price of performance is decreasing constantly while the performance itself is increasing ridiculously. That means I’m pretty happy to share my Pentium 8 50gHz with you because I only need all that horsepower while Windows boots. After that, the CPU is hardly utilized because I can’t hit 50 billion keys in a second. Between keys, my computer could be cracking RC5 or musing on colon cancer.

Nice dig at Microsoft there, BTW. Anyway, what Kan and others are proposing is a codified way to share your computing resources a la current P2P schemes like SETI@Home , Parabon, AllCast , and Envive .
OpenP2P

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/01/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/01/01

Clipped from: http://www.stratvantage.com/news/080101.htm

The News – 08/01/01

Online Advertising = Online Branding

A new study by Jupiter Media Metrix estimates that the Return On Investment (ROI) from online advertising may be 25 to 35 percent higher than most advertisers believe. The reason for this is that most marketers don’t measure the branding effects of online advertising. This is a point I have stressed in the past with my clients: Even if the ad campaign doesn’t drive huge volumes of customers to buy your product, there is a halo effect of making prospects aware of your brand, and in the development of that brand’s equity. Very few marketers (15 percent) conduct formal online branding measurement, probably because it’s harder to do than tracking direct response metrics, including click-rate (60 percent) and cost per conversion (75 percent).

Part of the problem in measuring online advertising’s effect on branding is that online is still a secondary factor in most companies’ brand development, said Jupiter. In fact, online advertising only delivers 17 percent of the traffic to a Web site, with the rest coming from search engines, word of mouth, or other advertising and branding efforts.

It doesn’t look to get any easier for marketers to measure online advertising effects due to the fractured reach of most major sites. Jupiter points out that Yahoo, one of the best ad vehicles on the Net, splits traffic among 438 separate domains, making it hard to track advertising.

All this means that if you’re only measuring click through rates, you’re really not understanding all that online advertising is doing for your business.

Asia.Internet.Com

Briefly Noted

  • Shameless Self-Promotion Dept.: News Flash: Shoemaker’s Children Get New Shoes. You’ll notice I’ve added a search capability to the StratVantage Web site, courtesy of Atomz. Atomz makes a pretty full-featured search engine available to small potatoes sites like this one for free. The lateness of this addition is ironic because for years I’ve insisted that you don’t have a Web site unless you have a search capability. I even wrote a book chapter on the subject. Well, do as I say, doggonit, not as I do! Anyway Atomz is a pretty cool product. The search engine code stays on their server and they spider your site once a week and maintain the index for you. If you have more than 500 pages, you’ve got to pay. Brevity is the soul of wit.
    StratVantage
  • Nokia Readies 850MHz GSM Phone: For a while I’ve been scratching my head and wondering how cell phone network giant ATT Wireless was planning to introduce GSM in the US. GSM is the cell phone standard used by more than 550 million subscribers in more than 170 countries outside North and South America. ATT’s network is based on the TDMA standard, which, although related to GSM, is not compatible. Turns out Nokia is working on GSM cell phones that work on the 850MHz spectrum that ATT’s TDMA phones use. The cell phone maker claims this technology will allow TDMA carriers to transition to GSM, and from there to the higher speed GPRS, EDGE, and eventually WCDMA standards. If you’re confused by the acronyms, think, fast, faster, fastest wireless data access. I understand the evolution from GSM to GPRS to EDGE, as they are all related technologies. But I just don’t get how GSM-based networks are going to convert to WCDMA, an evolution of the totally incompatible CDMA standard. Bottom line: all kinds of good things are forecast for ATT’s network, especially considering ATT is also planning on introducing Japan’s i-mode standard by year end. If you’re not confused about wireless, you’re not paying attention.
    Nokia
  • OK, I Gotta Mention Code Red: In case you haven’t heard the breathless media alerts, the Code Red Internet worm (a kind of virus) has relatively easily infected hundreds of thousands of Microsoft Web servers and is poised to take action today. I’m wondering why anyone would use Microsoft’s Internet Information Server on the Internet. When’s the last time you heard of the Apache Web server being hacked and hundreds of thousands of Sun sites infected with a virus? Yet these two pieces of technology run the bulk of the Web, vastly outnumbering Windows-based Web sites. Windows has its place. It’s not on the Internet. Of course, that’s just my opinion, and I could be wrong. You know, I thought I was wrong once in 1987, but I was mistaken. Ö¿ð
    C|Net
  • Not Another Microsoft Story! OK, I tried to resist. I really did. Honest. But this wonderful quote from Microsoft spokesperson Vivek Varma regarding AOL’s inking of an exclusive deal to feature their online service on Compaq computers is just priceless: “(AOL) is paying PC makers to eliminate consumer choice.” To which AOL spokesperson John Buckley retorted, “It’s called competition.” Glad he pointed that out, as Microsoft may not be familiar with the term. You may remember that Microsoft used to charge PC makers for Windows even if they preinstalled a competitive operating system.
    USA Today

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take