" /> BP's Weblog: February 2005 Archives

« January 2005 | Main | March 2005 »

February 14, 2005

WhyPayForCalls? Why wait for hype?

Just a quick followup to my previous rant, the company providing the recommended VoIP service appears to be 3WTel. I think whypay4calls might not be the same company, but might not be much better, either.

Costs $5/mo, has all of the hype you'd expect from the “shocking expose”, including a cute movie. The only feature it appears to offer that Free World Dialup doesn't, besides hype and monthly fees, is their supposed “secured network”.

A waste of time, and overhyped, but that is all.

February 10, 2005

Environmental talk

Just attended a pretty compelling talk at PARC Forum on the environment. My summary of the speaker's points (but read the detail anyway):

We must do solar, big, and we have to justify it for non-economic reasons, because there’s not going to be a shortage of actual fuel available before there’s a huge climate shift from all the extra C in the atmosphere.

My full notes here

February 04, 2005

VoIP: Lies, and misdirection...

It shouldn't be a big surprise, but there are crooked crooks on the Internet, trying to pray off of your naivete to make a buck.

But, since not everyone can swim through it all, I'm going to have to go after a bad one that I just encountered. Hopefully, this will show up in web searches about these people (http://www.whypayforcalls.com), and save some people from a gruesome fate at the hands at some charlatans.

However, I'm going to dismember portions of their 17-page Lie Fest, usually only available if you sell your soul, I mean, give them far more personal information than is warranted for such a thing.

Before I go on, let me say that this disection of their somewhat untruthful document is going to involve excerpts. They claim a lot of copyrights on the thing, but, given that it's freely available on the web, and that I am going to excerpt for the purposes of discussing their facts, I believe this to be fair use. For the record, I hereby place this screed under a Creative Commons 2.0 Attribution License

First of all, the factual and logical errors in this document are pretty abhorrent. Take, for instance, this paragraph on page 9, about an operating system called “Lunix”

There are also illegal hacker operating systems made available. A Russian computer hacker named Lynos Torovoltos invented operating systems such as BSD, Lunix, Debian, and Mandrake. These operating systems are based on a program called “xenix” which was written by Microsoft for the US government. Hackers sell these programs so that they can break into other people's computers and steal credit card numbers, passwords, birth dates, social security numbers, etc. They are also used to steal music using the “MP3” program.

Where do I begin? It's spelled Linux. Linus Torvalds created it. He's Finnish, not Russian. It's not illegal. BSD is a different operating system, Debian and Mandrake are distributions of Linux. None of the above were based on (or, to my understanding, the basis of) Xenix. They aren't programs to break into anyone's anything, they're operating systems, just like Windows XP or Mac OS X.

MP3 is a codec (boy, for folks who later claim that the only safe way to do VoIP is via a proprietary codec, they're really not demonstrating a whole lot of knowledge, are they?), not a program. It doesn't make it easier or harder to steal anything - it's merely a representation of audio that a computer can use to store or regenerate audio. In fact, it would be possible to use mp3 for VoIP. Many radio stations have used mp3 for encoding audio that they use for remote guests in remote studios.

With me so far? These people don't have much clue.

Peer-to-peer services, as well as over 90% of all VoIP computer phone services, operate on industry standard codec and industry standard protocols. In other words, their lines are not secure.

And how, pray tell, do these guys propose to “secure your lines”? Proprietary codecs are not any more secure than open ones. To make matters worse, standards now include how to encrypt voice on the fly. It's called S-RTP, it uses AES, the current defacto “strong security standard” (ie, it's open and we understand it, and no known strong attacks exist). And a lot of vendors support it. There's hardware support for it in the Sipura SPA line, and there will hopefully be software support for it enough places to make it default to “on” soon.

Well, alright, there's no point in ripping them to shreds on every single paragraph, though I don't doubt it could be done. It can be attempted at some later point, for sport, perhaps. I'll stick to the gross issues:

  • Hacker motiviation: Yes, hackers like to steal/screw with you. They can do that a lot of ways. One of them is to install software on your machine that interacts with the legit software that's already there. The proposed solution to all these problems, use http://www.whypayforcalls.com's software, doesn't really solve that. A hacker can just as easily find another way into your system and intercept/interject audio. A “secure server” behind a “highly secure firewall” might help protect your credit card information, but it does little to protect your voice, in and of itself.

  • P2P is bad: Let's see. These folks would like you to have to pay them to send all of your voice data to them. In fact, it seems to answer the question in their website: Why Pay For Calls? Because we want your money! P2P networks allow you to send your data directly to the person who you want to communicate with. This saves money, often makes call quality better (because the speaker-to-speaker latency is less). It might even make it slightly harder to intercept your call audio data, by sending it through the shortest route, rather than always the same one (making route targeting harder).

Further, why is being a supernode necessarily bad? Well, presumably you're going to be spending some of your own bandwidth to maintain the network. It doesn't make you any more susceptible to attacks, really. You're just as identifiable as anyone else in the network. It probably doesn't use disk space, or wrack up other real losses - such would be against the interests of the P2P network design, because it would make being a supernode a bad thing, and the network would suffer. So, designs tend to account for that, and make supernodes a light-enough-to-bear node.

  • Industry Standards are Bad: Ok, this is, actually, the biggest problem with the whole diatribe. Let's just say this concept has been thoroughly debunked. A whole book which covers this very well is called Secrets and Lies, by Bruce Schneier. In a nutshell: open standards mean they've been better evaluated for security and design issues, and that you can find competitive vendors who can interoperate. Any surprise that a small company writing FUD would want to avoid having their system be well enough understood to find problems with it, and lock-in their customers to their technology?

February 03, 2005

Dang you, Microsoft!

Much to my dismay, I've discovered yet another way that Microsoft has built pathetically unreliable stuff.

I currently own one machine running Windows (and this is part of why). It's an eMachines from about a year ago, running Windows XP Home. When I got it, I stuck a recently purchased 160gb drive into it, so that it had two drives. I use the 160gb drive for my pics, media staging, family video project work, etc.

Apparently, that drive has been failing for some time. How do I know this? I went to preview some photos last night, and Adobe Photoshop Album (er, Elements 3.0 or whatever it is now) complained it couldn't find a recent pic it needed to show. I went looking. The directory was missing, and its parent directory appeared empty, even though that parent directory should contain subdirectories holding all of my roughly 5400 pictures. Hrm.

So, I go about diagnosing the problem. The other subdirectories read, so Windows is being screwy about finding files. Odd. Run a scandisk, get this:

Waah? That's not helpful. Really, just “Ok”, no “further info”, no “scream, then call for help”. That's from running scandisk, folks.

So, I figure, grab what I can, and start looking for missing bits from backups (I should at least have backups of all or nearly all of my photos.). I drag the offending directory, which probably does still hold about 3500 or so photos (none of which show up in Explorer) to an external network drive. That quickly results in this message:

Verrry helpful. Thank you so much! No files at all were copied before I got this message.

Much more digging, far beyond the level of the average XP Home user, discovers that, starting on January 17th, my machine has been logging disk sector errors for that drive. Yes, 2 1/2 weeks ago, it logged enough sequential disk errors that it, reasonably, should have alerted the user, yet I was told nothing. The average XP Home user has never even heard of the Event Log, so wouldn't even know to look there for an explanation given what I've already encountered.

Give me a break. This is pathetic error handling. There's no excuse for the first notification I get of this coming from application code unable to load files from a filesystem. And there's really no excuse for giving the user absolutely no help when apparently catastrophic problems occur. Heck, had I not gone looking, I might've just assumed that drive was ok, and continued to throw my precious bits into the great bitbucket in the sky. This needs to be fixed, more than we need a new graphics layer, or support for PCI Express, or any other new feature.

Microsoft, are you listening?

February 01, 2005

Building a growing column...

originally uploaded by bpendleton.

More info in the initial set view at Flickr. (No, it's not done yet. I was trying to explain the weird pics I've been putting up on Flickr. I'll post again when we've got one or two of these together)