Site Sections
Posts
254
Comments
120
Trackbacks
120
March 2005 Entries
The Internet, the U.N., and the ITU

It probably comes as no surprise that even though I am a geek, I am also very American in many of my opinions. What got me thinking about this? A recent interview with ITU Director Houlin Zhao on the CNET News site discussing the likelihood of increasing levels of ITU involvement in the governance of the Internet.

It probably doesn't surprise anyone that I don't really think this is a good idea. But before anyone dismisses my opinions as those of yet another provincial American intent on denying the existence of anything outside of my national borders, read on.

First, let's start with a few quotes from Director Zhao:

“According to ITU's definition of ‘telecommunications,’ telecommunications covers almost anything. Therefore according to our own lawyers, the Internet is one of these telecommunications mediums. Others argue that ‘telecommunications’ is too wide and it does not include the Internet.”

Maybe my instinctive distrust of this statement does come from my American-bred distrust of government....but maybe it comes from my simple acknowledgement of human nature. The farther up any power structure you go, the more pressure you get from the temptations of wealth, power, and prestige. It takes a successively stronger sense of morals and ethics to withstand these temptations. At the same time, the nature of such power usually discourages the very people who have that strong sense of morals and ethics from seeking out those positions. I'm not saying all high-level executives are crooks -- that's demonstrably not true -- but I am saying that over time you're far more likely to get leaders who have learned the fine art of expedient compromise than who are staunchly committed to an unwavering set of principles. (For one thing, people who compromise tend to stay in position longer.)

“Anything which concerns the future development of the Internet will be part of the question of Internet governance. It covers a very wide range of topics not just related to technology development, service development, but also policy matters, sovereignty, security, privacy, almost anything.”

I have no reason to distrust Director Zhao. I also have no reason to trust that I will be able to say the same about his eventual successor. Bitter human experience has taught me that his successor is more likely to be a sinner than a saint, and I don't think it's wise to let someone with good intentions gather up the reigns to such an ill-defined range of power and make it easy for someone less savory to take it all away.

“I do not consider ICANN an enemy. We are founding members of ICANN's Protocol Supporting Organization. I myself signed that paper on behalf of the ITU. We tried to support ICANN as far as we could, but on the other hand you see that ICANN's mandate seems to be a little bit unclear...”

Okay, I spoke too soon. If Director Zhao doesn't consider ICANN an enemy, maybe I don't trust him. ICANN has already demonstrated a distressing tendency to be the lapdog of monopolists and big business, and with the various U.N. scandals of late, I don't trust the international community to get it any better. There is just too much money involved.

“In my opinion, freedom of speech seems to be a politically sensitive issue. A lot of policy matters are behind it. It's not in ITU's competence, but of course we can make some contributions.”

...

“On privacy, I think that a lot of things are not related to technology only; those are policy matters.”

Director Zhao -- and the recent track record of the ITU -- makes it clear that he wants the ITU to only consider technical matters. This is a highly optimistic course to take, one that speaks well of his intentions, but is ultimately unworkable. You can't effectively separate policy, technology, and politics, not on the international level. Heck, I have lost count of how many times have I written technical security guidance for Exchange or Windows that boils down to “get involved in the process your organization uses to create policy” because a very real technical issue cannot be effectively controlled by technology alone.

When technologists refuse to consider the non-technical ramifications of their work, they're leaving the door wide open for others to abuse their creations.

“Some people argued very strongly that ICANN's establishment based in California gives people some worries. This issue should be addressed. If ITU were to allocate addresses, anybody could have a choice between their national assignment or a regional or international assignment. That would be good for the development of the Internet.”

No matter where you base your central governing authority, some people will get worried. Geneva is no exception, nor is just about any other site you can think of. Whether you like California or not, they're a far less repressive regime than most in the world, which means it's a lot easier for ICANN to get on with business. (I just wish they would.)

“People say the Internet flourished because of the absence of government control. I do not agree with this view. I argue that in any country, if the government opposed Internet service, how do you get Internet service? If there are any Internet governance structure changes in the future, I think government rules will be more important and more respected.”

These would be the same governments that are trying to weaken security protocols so that they can eavesdrop on Internet communications, prevent the use of encryption, and grant monopolies to businesses that are clearly unable and unwilling to deploy useful Internet connectivity to their customers. Sorry, Director Zhao, but I think that rules from those governments should not be respected, nor do they have any place in deciding the governance of the Internet.

ICANN has shown itself to be a player in the political game, much to the detriment of the Internet. Bad as they are, though, replacing them with an international bureaucracy just slows the whole thing down even further. The ITU has a lot of expertise that would be valuable for Internet governance, but it needs to be one voice among many.

posted @ Thursday, March 31, 2005 6:26 PM | Feedback (1)
Windows Server 2003 SP1

Windows Server 2003 SP1 is out. Read more about it and grab it from Microsoft (where else?). Highlights include:

  • Available for 32-bit x86 and Itanium systems (all 25 of them)
  • CD, single machine installer via Windows Update, or multi-machine network installer
  • Release notes at KB 889101
  • List of fixes listed in KB 824721
  • Updated Support Tools listed in KB KB 892777 (such as LDP, one I work with a lot)
  • Introduces the Security Configuration Wizard, a role-based tool that helps you tighten down your box's services, ports, registry, and audit settings
  • Windows Firewall is included (related to the code in Windows XP SP2), as are Group Policy updates for Windows Firewall management
  • Introduces Post-Setup Security Updates, which blocks incoming network traffic on newly installed machines until they're updated with the latest patches
  • Data Execution Prevention is now supported on appropriate hardware
  • Increased security for RPC and DCOM
  • VPN Quarantine! Very much looking forward to this one
  • WebDAV Redirector, Ineternet Explorer, and Outlook Express security updates
posted @ Thursday, March 31, 2005 1:25 PM | Feedback (0)
The demise of SunSolve as we know it

Sun has long had an impressive amount of documentation and support material on their website, in the form of SunSolve. That appears to be changing in the near future. From the Sunsolve website:

Sun is streamlining online support, and access to information on SunSolve and in the Sun System Handbook will change.

SunSolve and the Handbook provide information to two different audiences:

(1) the general Sun Community
(2) Sun Service Plan or Contract customers

The type of information available to these two audiences will be changing starting on April 5, 2005.

At least this doesn't appear to be affecting their online documentation.

This is, in my opinion, not the smartest move for Sun to be making. It really makes me wonder why they are bothering to open source Solaris, if they're going to shut off a lot of the support content that is currently available to the Sun community and instead make it dependent on having purchased a support contract. The open source operating systems have most of this information publicly accessible; heck, even Microsoft makes it available.

Sun enthusiasts need to contact Sun and urge them to rethink this. I'm not sure who to talk to, but someone at Sun must know. I'll try linking to Jonathan Schwartz's blog and hope he sees the trackback. It doesn't look like the software they're using supports trackbacks, though.

I'm posting this entry to the Sun Rescue mailing list, run by Bill Bradford of sunhelp.org and invite folks to blog about this. Feel free to trackback to this entry; it will be interesting to see how far this can go.

[Edit: I forgot to check Bill Bradford's sunhelp.org blog before I posted this, or I would have seen his post about this and linked to it originally. Sorry, Bill.

posted @ Thursday, March 24, 2005 10:37 PM | Feedback (3)
Microsoft Data Protection Server

Have you heard about Microsoft Data Protection Server (DPS) yet?

If not, you can see what Windows IT Pro's Karen Forster has to say about it in her recent Q&A session with Microsoft's Ben Matheson. Or you could check out what Microsoft has to say about it on the DPS home site.

It will be interesting to see this product in action. Karen's article shows that it really leverages the Windows Server 2003 Volume Shadow Copy Service (VSS) to provide some tangible benefits. I personally think that VSS was one of the more important innovations in Windows 2003, but it doesn't seem to be well understood or utilized.

What's even more impressive, though, is to look at the list of partners who are working with Microsoft on DPS. I count 36 separate partners and those include some big names in the server protection and backup business. I'm especially amused to see Sun in that list and I wonder what kind of product or support they're going to be incorporating.

posted @ Thursday, March 03, 2005 2:56 PM | Feedback (2)
Upgrading to Service Pack 1 for ISA 2004

Microsoft has released Service Pack 1 for ISA Server 2004.

It's fairly straightforward and so far seems to just be mostly bugfixes and minor features upgrades, such as allowing the co-existence of form-based authentication and RADIUS.

I just upgraded my home firewall setup over lunch; it went very smoothly. Here's the procedure I followed:

  1. I downloaded the SP1 upgrade, the Release Notes, and the Windows Installer 3.0 upgrade (you don't need this on any XP SP2 management stations you might have, but you should have it on your Windows Server 2003 boxes before you apply the service pack).
  2. I actually read the Release Notes. They're small and unassuming.
  3. I made sure to run Windows Upgrade on my firewall machine to make sure all the latest OS patches were present. I did not reboot when prompted, because...
  4. I then installed the Windows Installer ugprade. After that, I rebooted.
  5. I exported a current copy of my configuration and saved it to a separate machine.
  6. I ran the SP1 installer and rebooted when asked.
  7. I waited for the firewall to come back up and verified that everything was still working as it was supposed to.

Pretty simple, really. If you have any plug-ins (like the useful ones from GFI), you might want to verify they are SP1-compatible before applying the patch, but I don't know of any reason off-hand to think they wouldn't be.

posted @ Thursday, March 03, 2005 2:28 PM | Feedback (0)
News

Devin has moved on
to new adventures.
This blog is preserved
for historical purposes.

Please follow his
personal blog at:
Devin on Earth

Virtual Devin
Article Categories
Archives
Post Categories
Data Protection
DCAR
Exchange
Other
Security
Unified Communications
Windows