Most wireless network security is now based on 802.1X, EAP, and RADIUS. Wireless networks often drive the adoption of RADIUS. Even though it’s been around for what seems like forever, I’ve frequently had to assist in setting up a new RADIUS system before installing a wireless network.

Many wireless networks need to authenticate users against a Windows user database. In the Windows world, a RADIUS server can look up accounts in one of two ways. An operating system call can fetch user credentials from the security subsystem, or the request can get passed over the network to look up accounts. The local system call option is straightforward. If the RADIUS server is installed on a domain controller, the server process issues a system call, gets the user credentials, and does the authentication.

Installing software on a domain controller can be hard, though. Domain controllers are very important, so when they run, most people are reluctant to touch them in any way. The larger the organization is, the more likely it is that there will be change control procedures that get in the way, too. So, the net is that there’s a built-in preference to use network-based user credential lookup.

In Windows NT domains, the network protocols have been thoroughly reverse engineered by the Samba team, and the understanding they’ve given the world has allowed any RADIUS server vendor to look up NT domain accounts over the network, even from a Unix process. For example, the Radiator data sheet lists “Native Windows NT user database and domains (even from Unix!)” as a supported authentication method.

In an Active Directory network, the protocols are still closed. Microsoft’s Internet Authentication Server (IAS) can fetch credentials across the network using Active Directory communications, but no other RADIUS server can build that function. Instead, they need to run on a domain controller, pass the request down to the authentication subsystem on the domain controller, which then sends the lookup request through Active Directory. As an illustration, the previously-linked Radiator data sheet notes that Active Directory lookup is only possible on Windows 2000.

(As an aside, the Active Directory indirection creates a cost advantage for the Microsoft RADIUS server in most installations. Both third-party RADIUS servers and IAS need to run on Windows Server, but IAS has no additional cost over the Windows Server license.)

So, network administrators have a choice: use IAS, use a third-party RADIUS server on a domain controller, or run Active Directory in compatibility mode. The last option is generally not viable for many reasons. The bottom line is that if you want to use Active Directory for user accounts, be prepared to dedicate a domain controller for it, or run Microsoft’s IAS.

Practically speaking, if you need to talk to a Windows user database, the need to run third-party RADIUS servers on a domain controller effectively prevents them from running on anything other than Windows. (It also helps make IAS more attractive, but that’s another post entirely.) At least one RADIUS server vendor has an “appliance” that is based on Windows 2000–I wonder if the need to talk to talk to Active Directory figured in to choosing the operating system platform?

Related link: http://www.blogmaverick.com/entry/1234000523038163/

Mark Cuban writes about a panel at the Consumer Electronics Association show in which the head of the RIAA said it was obvious, according to their own “data,” that rampant piracy is the death of the music industry. My economics training has always made me suspicious of that contention. At the end of 2002, I decided to try my own test, but I had to give up for lack of data.

Many years ago, I studied econometrics. When you have a question about economic behavior, you can collect data and run a statistical analysis. It’s not definitive proof, but it’s as close as you can get in the social sciences. Even if it’s not guaranteed to be as accurate a result as in engineering, it’s still quite useful.

The objective is to correlate music sales against variables which you might feel are relevant. You’re trying to explain CD sales by changes in income (that pesky economic slowdown that started in 2000), price (I buy less of more expensive stuff, as do most people), and yes, the presence of file sharing.

As it turns out, I never completed the project, due to lack of data.

Data on prices and income is collected by the government’s bureau of economic statistics, and is easy to come by. No problem there. The stumbling block was that there is no useful data on music sales. The RIAA collects market data, but it is less than useless. They report what they ship to stores and its value at retail prices. It tells you very little about how much music people are actually buying, and even less about what they’re paying. Just because the list price is $17 doesn’t mean that people are actually forking over that amount. (Just ask the person General Motors who’s responsible for rebates on cars. The list price of a Chevy Cavalier keeps rising, but the price you pay is falling because the rebates are getting bigger, too.)

As it turns out, there’s a company called SoundScan that collects data from the retail industry at the cash register. How many CDs did people actually buy, and what did they actually pay. Unfortunately, SoundScan data is very expensive, and they do not release anything for research purposes. I tried going into the microfiche archives of Billboard magazine at the public library to compile my own data series on sales at the cash register, but the data wasn’t reported reliably in Billboard, and I have yet to find a librarian who could help me track it down. Regrettably, I gave up on the project.

(By the way, the techniques that the RIAA uses to fiddle with the data were written up after I gave up on getting the data — see this story.)

In the course of trying to assemble the SoundScan data from music industry trade magazines, I found an article on the front page of the December 28, 2002 issue of Billboard, which said that “The music business went from bad to worse in 2002…the past 12 months have played like a repeat of 2001–during which sales dropped 2.8%–only with more severe declines.” According to the RIAA data, the total value at list price of music shipments dropped 4%, and the number of unit shipments dropped 10%. Either way you slice it, the SoundScan data shows a much gentler decline than the RIAA would have you believe. It also seems like quite a reasonable decline, given that median household income also dropped by 2% that year. (I would have expected music to act more like a luxury than it does.)

So, the real question for me is: what does the SoundScan data show? Would it substantiate the contention that rampant piracy threatens the livelihood of the music industry? Or does it just show how the RIAA fiddles their data? My gut feel is that a combination of price increases and a general economic slowdown explains the drop in music sales. The SoundScan data is the best way to settle this argument, but it’s not available. Coincidence or not?

About five years ago, the telecom industry tried to engineer a revolution. They called it convergence, and it was going to transform the way we communicated. Convergence was all about integrating telephones and computers.

And then it all came tumbling down.

I’m pretty sure the unfulfilled promise of convergence was a big part of what brought the telecom industry to its knees. Why? Because the industry never actually made the changes necessary to deliver the whole product in a way that allowed it to become ubiquitous – they didn’t open it up. The telecom industry was closed to a few large players with huge R&D budgets–and it was easy to stifle any true innovation. The few brave and innovative companies that gave it an honest try had a tough time of it; they had to interoperate with proprietary systems that had poor support mechanisms, adhered to few (if any) standards, and were only interested in this revolution if it proceeded at a controlled pace. The result? Products that cost far too much, and delivered far too little. It was inevitable that folks were going to stop buying all this - none of it was living up to its promise.

For the past five years the industry has been trying to engineer another revolution; they’re calling this one VoIP.

Voice over IP promises all of the same things that convergence was going to deliver (also promised by ISDN, back in its day) plus, of course, that elusive feature commonly referred to as “much more”. VoIP is supposed to spearhead the recovery of the entire industry. This time, we will attain dizzying new levels of enhanced capability and cost-savings.

Haven’t we heard this before? So what seems to be the problem, here?

It is often hard to understand why every other business technology is handled by an IT department, while telecom often remains off to the side. IT departments have been trying to integrate the telecom equipment, but there is a rift: the telecom stuff just doesn’t get along with the other equipment on the network. Not only that, but even with the manuals, it just doesn’t make sense.

Here’s a research project for you: go to your local bookstore and try to find comprehensive documentation on telecom in general, and your brand of PBX in particular. Weird, isn’t it?

One could spend a lot of time analyzing the telecom industry, but who cares? The bottom line is this: that old game is now over. Finally; honestly; unstoppably; the revolution has begun. This is not some marketing scheme, though, but a proper revolution, started by people who are sick of the status quo and are doing something about it.

So what is this revolution? It’s open-source telephony.

Telecommunications requires the same kind of flexibility that other communications technology enjoys, and the industry has had (and squandered) its chance to deliver it.

Perhaps you’ve heard of the PBX called Asterisk. The community that loves this little engine is fuelling the revolution, in exactly the same way that the Linux community did during the Internet revolution.

Asterisk is remarkable technology, not so much due to any new ground broken technically (although it does plenty of that), but rather for a far more important reason: Asterisk is open, and free (as in freedom).

Some of the factors contributing to Asterisk’s momentum:

• IT and Telecom geeks actually love talking to each other about it. If you don’t think this is significant, try talking to a few IT managers about how their telecom and non-telecom geeks get along.

• Commoditization of hardware and software. Twenty-five years ago, if you bought an IBM server, you also had to buy an IBM network, and IBM terminals. Now, a multitude of PCs, switches and servers can co-exist on a network. Shouldn’t the same be true with telecommunications?

• Finally, there is a toolkit that allows telecom professionals to devote their skills to the solving of customer problems, instead of finding kludgy ways around the limitations of proprietary systems.

Tim O’Reilly’s article Paradigm Shift, speaks about a lot of this. Telecom needs this kind of transformation–badly.

Asterisk can be programmed to emulate the capabilities of nearly any PBX in existence, and it’s still just a baby! I can’t help but compare this phenomenon to the way that NCSA Mosaic and HTML changed the face of the Internet. The Net had been around for many long years, but suddenly it was usable by anyone. Today, nobody uses Mosaic anymore, and pure HTML is rare, but together, they spawned a revolution. I often feel that Asterisk is a little bit like that.

Telecom is no longer closed: anyone can play. Phones have suddenly become fun!!!

If you’ve got an old machine sitting around, you can build your own PBX!

Viva Zapata!

Are you using Asterisk? If so, how?

Related link: http://www.betterhumans.com/News/news.aspx?articleID=2004-12-06-3

If you’re a geek who graduated high school before about 1994, then you’re probably familiar with the very first mainstream sci-fi novel about the future of the Internet. The novel, Neuromancer, is William Gibson’s culty book about hacking against a machine-encrusted world of binary social injustice. In this best-selling 1984 book, the main character, Case, uses the international computer matrix (a concept that resembles and somewhat predates today’s Internet) to fight through a campy conspiracy plot while having a soulless affair with a bionic woman (she has mirrored, electronic eyes). Molly, an easy, streetwise operative, wants to take down an artificially intelligent being that is making trouble for her employer, and Case is the guy for the job.

The book is not an easy read; the narrative is stumpy and Hemmingway-ish. It’s not even a particularly original plotline, though its plot devices and setting are ingenious, if even prophetic. Many of the book’s technological predictions have either been fully or partially realized today. Indeed, Gibson probably did as much for the nascent cultural impact of the Internet as DARPA and the Free Software Foundation combined. In Neuromancer, Gibson invented the word Cyberspace and envisioned a globally-accessible network called PAX, equal in many respects to the World Wide Web. While some may suggest that the book’s ideas are dated, I think that the book’s prophecies are closer and closer to reality as the years go by.

In Neuromancer, the global computer matrix, i.e. the Internet, isn’t just a network that computers connect to, like our real-world Internet. Instead, Gibson’s matrix is a bio-interfaced network that humans can literally plug their brains into using electrodes and neural interfaces called “decks”. When they “jack in”, their minds enter a realm named after a word we now take for granted, Cyberspace. Gibson describes Cyberspace as the “consensual hallucination” of the global computer matrix. Beyond site and sound, this experience isn’t really a hallucination at all–it’s the user interface that allows the characters to navigate the novels’s techno-mental equivalent of the Web.

So, hacking is a bit different to a fictional Cyberspace cowboy than it is to a real-world hacker today. Instead of a keyboard to type in C programs that exploit security holes, a Cyberspace cowboy cybernetically applies his own brain power to duel it out with artificial intelligences and other software which’ve been charged with defending key systems online. And unlike real-life hacking, where you might get thrown in jail for attacking a system, Neuromancer’s Cyberspace adversaries can overwhelm your brain with information attacks–vollies of data that can render you brain-damaged or even kill you if you don’t escape the neural battle soon enough.

Something I once found intriguing about Neuromancer was Gibson’s depiction of life inside the computer matrix. In some ways, his descriptions bear a similarity to other works of fiction that have visualized the electronic realm of the purely logical. On one hand, Neuromancer paints a picture of Cyberspace that reminds us of the film Tron, where video game warriors fight on endless plains of neon-colored graph paper or in rooms that have glowing, disco-like walls and floors. Gibson’s matrix has features that look like endless translucent chessboards or glowing, spiral constellations. I can’t help but think of these very simple spatial concepts in the primitive terms of Tron. (This isn’t an endorsement of Tron, but it could easily be a knock on Neuromancer. Perhaps the book is just dating itself.)

But since the book’s heyday, I’ve wondered why Gibson used an abstract visualization instead of using an experience readers could immediately identify with–like a world that resembles our own? This is what was done in the film The Matrix, where the global computer network’s consensual user interface is an experience that is a mirror of the human condition. That is, when users are “jacked in”, they see a world just like the one they see when they are off line. The software agents they encounter inside the network look like people–men in black suits, women in red dresses, etc. So, Gibson’s early portrayals of a meta-neural global network are primitive, a la Tron, while the Matrix portrays the global network as appearing just like its users physical reality. One could guess that Gibson couldn’t have envisioned a Cyberspace world any less abstract than the one depicted in Tron, a film that hit theaters while he was writing Neuromancer.

Yet today’s microcomputers are capable of depicting, if only on screen, elaborate, realtime graphical environments. Since the birth of Cyberspace in the early eighties, graphics ware has grown to create immersive, life-like 3D environments. Skeptics of the realism of today’s graphics systems need only turn off the lights and play the first level or two of Doom 3 to be convinced. This grotesque, horror-filled game is proof of the immersive, emotionally deep nature of today’s video games. Perhaps that’s why Doom 3 has been hailed as the scariest game of all time. Now, to apply Neuromancer’s fictitious human interface technology: the “consensual hallucination”. Imagine that the creepy sounds, dark 3d enclaves, and physical trauma of combat with Doom’s horrific, gut-sucking demons was transmitted directly into the player’s nervous system using electrodes rather than using a color monitor and speakers. The experience would be not just immersive, but downright terrifying.

This is how I envision the agents of Cyberspace when I expand on Gibson’s metaphors. They aren’t hovering yellow globes surrounded by rings of glowing ice, floating in an endless sea of neon constellations and transparent checkerboards. Hell, that sounds like a description of the Strip in Las Vegas. No, in my Cyberspace, the defenders of high-value systems are like the monsters of Doom 3–marauding demons that you do not want to mess with. These guys can rip you limb from limb, just like they do in the video game, but Gibson’s idea of a neurological interface means that monstrous anti-intruders can actually kill you, the hacker. This is far and away scarier than just watching your character’s health-o-meter dribble down to zero. Take enough damage, and you enter a state Gibson calls “flatline”–that’s when the system you’re doing battle with defeats you. In laymen’s terms, death. Could hacking enemy systems ever be so deeply–so biologically–risky?

Enough of Gibson’s ideas have come to fruition to tempt the imagination. In Neuromancer, Gibson used prosthetics and medical sci-fi to promote the idea of natural, organic and manufactured cybertnetic body parts playing almost equal roles in the human condition. He also used the concept of servitude to the electronic lifestyle prominently. Today, electronic dependency is the norm. Just think about how much you surf the web, how many people you know who’ve had pacemakers, prosthetic limbs, laser vision correction, or intra-ocular lenses, and how much time you’ve spent synchronizing your Palm or reloading your corrupted hard drives over the years–do you ever feel like a slave to all your gadgets? It’s ironic that Neuromancer, written exclusively on a typewriter in the early eighties, used all of these paradigms, not merely as flashy sci-fi predictions, but as essential plot devices.

In another twenty years, more of the book’s ideas could come to light. Is it really a stretch to think you could control a Cyberspace alter-ego with your mind, when you can already control applications using natural motions? I recently read an article on Better Humans (see the blog link) about a technique that allowed human participants to draw on-screen graphics using thoughts and thoughts alone as their mechanism for manipulating a cursor. This could be the seed of the nervous system interface Gibson envisioned: a device which allows humans to interact with virtual electronic worlds using only their brains. Chuck the LCD display, keyboard and mouse, baby–we’re going neural.

In Part 2 of this blog, I’ll ramble about how advances in social networking and visualization could create the ultimate playground for industrial espianoge–a la Neuromancer. Give me a few weeks to write it up.

Do you think Neuromancer has dated itself?