Sunday, February 28, 2010

ICT - Ten Years After The Dotcom Boom

The March 2010 issue of Wired Magazine has an interesting piece titled 10 Years After: A Look Back at the Dotcom Boom and Bust. Here's some striking numbers comparing today to ten years ago:

Then (2000)
Now (2010)
ECommerce Sales (Annual)
$19.5 Billion
$156 Billion
Hard Drive Storage (per GB)
Bandwidth for Streaming Video (per GB)
Web Storage (monthly, per GB)
Domain Registration (per year)
Hosting (monthly per MB)
24-pack of Red Bull

Note: Numbers have been adjusted for inflation.

This is only a tiny sample of what is in the March issue - it brings back a lot of memories. Things certainly have changed lots!

Thursday, February 25, 2010

Simulation and Modeling in Technology Education (SMTE) Project

This is the third of three videos demonstrating the use of the Moodle QA database we'll be using for the Survival Master game for STEM learning development team. The video goes over how to access the database, how to write up a bug report, and how to view bugs that have already been reported.

You can follow along via the project website at

Wednesday, February 24, 2010

Simulation and Modeling in Technology Education (SMTE) Project

I'll post the third video in the set in my next post. You can follow along via the project website at

Tuesday, February 23, 2010

Simulation and Modeling in Technology Education (SMTE) Project

I'll post the second and third videos in the set in my next two posts. You can follow along via the project website at

Friday, February 19, 2010

Mixed Results for 4G Wireless Trials

Cox Communications released some interesting results at the Mobile World Congress trade show in Barcelona, Spain yesterday. The company has been testing Long Term Evolution (LTE) wireless delivery on both its AWS and 700 MHz spectrum in San Diego and Phoenix. I've written here in the past about the 700 MHz spectrum range - back in 2005 Congress passed a law that requires all U.S. TV stations to convert to all digital broadcasts and give up analog spectrum in the 700 MHz frequency band. This law freed up 62 MHz of spectrum in the 700 MHz band and effectively eliminated channels between 52 and 69. The Federal Communications Commission (FCC) held a 700 MHz auction in 2008 with Cox and others buying some of that spectrum for technologies like LTE. The Advanced Wireless Services (AWS) band is similar to 700 MHz but operates at a higher frequency, representing 90 MHz of spectrum in the 1.7- to 2.1-GHz range.

Some industry people have been saying fourth generation (4G) technologies LTE and WiMAX will effectively backfill areas where high speed "wired" broadband services (Cable, FTTN, FTTH, etc) are not available. I've been one of those with my fingers crossed, hoping 4G technologies will eventually provide high-bandwidth services to underserved areas of our country. If Cox's test results are any indication, it does not appear this will be the case though. Stephen Bye, Cox's vice president of wireless services presentation is referenced in a Fierce Wireless post yesterday:

Cox's LTE trials showed peak speeds of around 25 Mbps with 2x2 MIMO technology over a 2x5 MHz channel in the carrier's AWS spectrum. However, those speeds were for a single user very close to the cell site.

On the cell edge, that same single user would only get around 10 Mbps, according to Cox's tests.

Multiple users on the cell edge would see far slower speeds.

To put those numbers into perspective, Bye said Cox's wired Internet subscribers average around 8 GB per month of data use, and the top 1 percent carrier's most active wired Internet users access 200 GB of data per month (those users enjoy wired Internet speeds of up to 50 Mbps, he said).

Bye said Cox has witnessed a 200 percent growth rate in 12 months in its customers' wired Internet usage.

In his presentation, Bye described wireless as "complementary" to the MSO's wired network and explained that LTE will never handle the traffic loads that fully wired Internet users generate.

A dose of reality - unfortunately - I have to agree with him. The consumption and desire for more and more bandwidth is not slowing. Even if a wireless provider like a Cox, Verizon or AT&T could provide 25 Mbps sustained to underserved areas - in the end it is still not going to be enough when compared to much higher bandwidth "wired" services we're seeing in many parts of the U.S. and other countries.

Wednesday, February 17, 2010

Steganography Podcast - Embedding Secret Messages in Online Conversations

On February 15, 2010, Mike Qaissaunee and I recorded a podcast titled Vice over IP: Embedding Secret Messages in Online Conversations. In the podcast Mike discusses embedding secret messages in images and Voice over IP sessions using a technology called steganography. The podcast is based on an excellent article in this months IEEE Spectrum titled Vice Over IP: The VoIP Steganography Threat. Here's a list of some of the questions Mike answers:

Before we delve into this new topic, lets provide the audience with a little background. First what is steganography - sounds like a dinosaur?
Can you give us some examples?
How does steganography work?
How do we stop it? Can we?
How would spectrum analysis help detect these messages?
What is network steganography and how does it work?
What are the three methods or flavors of network steganography that researchers have developed? Can you describe each?
Should we be worried?

Fascinating and interesting stuff. Here's how to listen:

To access show notes and audio of Mike Q and my 24 minute and 5 second podcast titled
Vice over IP: Embedding Secret Messages in Online Conversations, click here.

Listen to it directly in your web browser by clicking here.

If you have iTunes installed you can subscribe to our podcasts by clicking here.

Tuesday, February 16, 2010

Cookies, AT&T, Facebook And Your Privacy

This post is based on a question received via Twitter from @mmurfsurf. I apologize for the delay in my reply.

Last month, you may have seen a story or two about an AT&T Wireless / Facebook security problem. Some AT&T mobile Facebook users were being logged into other Facebook users accounts. The Associated Press ran an interesting story about a Georgia mother and her two daughters that logged onto Facebook from mobile phones and wound up in a startling place: strangers' accounts with full access to troves of private information. That AP article said the glitch was the result of a "routing problem" at the family's wireless carrier, AT&T -- revealing a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users. In each case, the Internet lost track of who was who, putting the women into the wrong accounts.

Both AT&T and Facebook claim this particular problem has been fixed but, it's brought to the front some major security issues with sites that require authentication. Iljitsch van Beijnu in an excellent post titled Facebook, AT&T play fast and loose with user authentication over at ars technica claims 99% of all sites implement user authentication themselves with some doing it right and others not doing it right. Here's more from Beijnu:

Putting a password in a normal text box means it's transmitted in the clear. To avoid this, it's necessary to use an encrypted HTTPS session, at least to transmit the password. Some sites do this, others simply send it in the clear where it can be intercepted relatively easily, especially—but not exclusively—on unencrypted Wi-Fi networks, such as Wi-Fi hotspots.

The second problem with home-grown user authentication is that it really only secures a single page. If the user later loads the page again, or loads another page, she would have to type the password again to really be secure. The solution to this problem is for the server to store some information in the form of a "cookie" on the user's system. Cookies for a certain site are automatically transmitted along with every HTTP request made to that site, so the server can recognize the user by the information in the cookie. So far so good. (Ignoring the fact that cookies can also easily be intercepted if sessions are unencrypted.)

Beijnu lists a couple of cookie related possibilities for the AT&T/Facebook snafu:

Possibility One

When mobile phones first gained the ability to access the Web, a lot of work was done to optimize the experience on slow, memory-starved devices with a slow connection. Much of that magic involves Web proxies. One way for this particular Facebook user authentication issue to come up on AT&T's mobile network would be if there is a caching proxy in between the server and the user that doesn't pay attention to cookies. So if user A with cookie X visits Facebook, the proxy caches the page user A gets. Then, when user B comes along with cookie Y, the proxy simply sends the cached page to user B, which is of course the page that only user A is supposed to see.

Possibility Two

Another possibility is that AT&T uses proxy cookies. WAP, a protocol that was used to create a Web-like experience for phones not capable enough to show the real Web, doesn't support cookies. This makes life hard, so proxies that let WAP clients talk to Web servers often implement "proxy cookies," where the proxy stores the cookies on behalf of the client. However, in that case it's essential that the proxy knows which user it's proxying for at any given moment, otherwise it sends the wrong cookie to the server and the user is logged in as someone else.

It's not clear exactly what was fixed and what happened - at least from the information I have access to. However, it looks like both AT&T and Facebook were at fault - AT&T for mixing up cookies and Facebook for using clear text cookies. It's important to understand it is not just an AT&T/Facebook problem.

How can user information and privacy be better protected? The solution is simple and Beijnu says it well - encrypting all sessions would solve these problems: passwords and cookies can't be intercepted and proxies can't get to the data.