December 28, 2005

2006 - The Year of the Bull

2005 was when the Snail lost its identity. What is to come in 2006? Prediction always being a fool's game compared to the wiser trick of waiting until it happens and then claiming credit, here's a list of strategic plays for the year to come.

1. Government will charge into cybersecurity. So far, the notion of government involvement has been muted, as there have been enough voices pointing out that while the private sector may not have a good idea, it certainly has a less bad idea than the government. Cybersecurity departments have been duly and thankfully restricted.

I suspect in 2006, the Bull will begin to Roar through our China Shop. Calls seem to be escalating in all areas. This is a reflection of many factors:

For all that, calls to send in the cavalry will increase. Oh course, we know that we the user will be more insecure and poorer as a result of the Bull market for cybersecurity. What we don't know is how much worse it will be, and I daren't predict that :)

2. Anti-virus manufacturers will have a bad year. Not so much in profits, which might perversely go up, but in terms of their ability to make a difference. Kapersky of eponymously named company points out that it is getting much harder. We know the crooks are getting much more focussed due to their revenues cycle. Also of note is that Microsoft has entered the game of selling you (not me) protection for their OS breaches - bringing with it a whole messy smelly pile of conflicts which will make it even harder for the "independent" anti-virus providers.

3. Firefox will continue to grow. My guess is that it will get past 15%, probably to 20%. Microsoft won't fight back seriously, they have other battles, even though this would leave them at say 70-75% (Safari, Opera, Konqueror take 5-10%).

3.b But sometime by the end of the 2006, Firefox will be seriously bloodied as it runs into security attacks targetted directly at it. What does this mean? Firefox crosses GP sometime soon, in terms of financial fraud.

The only ones this will surprise will be Mozilla. Most observers with a clue have realised that Firefox has enjoyed its reputation due to reasonably sound factors, but these factors are just basic engineering issues like a re-write and solid coding practices, not those high level practices that distinguish the security projects (BSD, PGP, etc).

This probably won't hold back Firefox's growth, as their mission to give browser users a choice remains aligned with our needs, and it remains tremendously useful even if the security rep takes a knock. So be it. But by the end of the year, expect some hand-wringing and moaning and more than usually confusing comments from Mozo Central's revolving security spokesman of the day.

3.c Also expect Mozilla to start talking about the next step in commercialisation -- the IPO. The discipline of the public company will start to look very attractive to those tasked with sorting out intractable internal conflicts inherited from the touchy-feely open source world.

4. In payments, the number of non-bank payment systems looks like it will increase dramatically. Gift card systems are exploding as companies discover that they take the money up front so they get financing at a better rate than the bank offers -- Free! -- and the wastage rate is better than any retail margin seen outside monopoly products. It doesn't take much for these to be integrated into an online account system - after all, what is a gift card but a psuedonymous account identifier. Then, once the alignment takes place, adding user-to-user payments is just a switch to throw one the weekend when your bank isn't looking. Maybe 2006 will be the year of the indie payment system?

5. No predictions for the gold sector. Even though the gold unit is skyrocketing and will continue to do that, there are continuing woes facing the issuers which they haven't sorted out long term. The bounty of people rushing up the gold price curve is offset by the cowboy image of the gold issuers.

6. Mac OSX will get to 7 or 8% of the market, maybe 10% if the intel change goes well. Given the aggressiveness of the PC world, that can be considered to be a stunning result. The BSDs and the Linuxes still won't penetrate the desktop as much as we'd like, but it will become reasonable to talk about a Microsoft-free environment.

6.b I might finally acquire a Mac. Not because I want to -- I hate the UI, the keyboards suck, and they haven't got the reliability of the old thinkpad workhorses -- but for reasons too irrelevent and arcane to go into today.

7. Google will grow and prosper and survive. This might be an odd thing to predict, but the thing with Google is that it is a bit like a Netscape with an endless supply of revenue. As one insider put it to me recently, it was a boon to the world when Netscape was cleaned out as that meant we could get on with business. Unfortunately, google has lots of revenue, so the mad cats will be financed and the projects just go on and on and on... I expect by the end of the year, though, we'll see adverts for cat herders as long term insiders realise that some chaos is good but most is just chaos.

8. Microsoft will not succeed in sorting out its security mess and will continue to lose market share. Let's get this in perspective - it will probably drop down from around 90% to around 80% allround. Nothing worth crying over, and indeed, it will give the company some sorely lacking focus.

Some time around the end of 2006, some soul searching will result in serious investigation of other operating systems. So, who wants to bet on what OS Microsoft will pick up? Here's my anti-picks: it won't be Unix, and it won't be Java (which in its J2EE form is more or less a server OS, and then there's Swing...).

9. Macs won't be seriously hit by security issues, but will suffer a few minor embarrassments which will be trumped up in the press. The Mac application space will come under attack. On the other hand, Apple doesn't look ready for a security war, and will muff it, regardless. Welcome to the Hotel California!

10. I've predicted these before and not seen them so I'll predict them again:

  • class action suites on security against suppliers.
  • the perfect phish - one that includes the SSL+certs within, rather than goes around
  • Also look for a real-time phish to defeat the two-factor authentication tools that the banks are rushing out now.

In the security world, it is important to avoid the disclosure of being completely and utterly wrong; these above predictions are my way of avoiding that terrible fate. Neat, huh? On the other hand, I probably needn't have bothered. The security discipline is missing, presumed dead. Experts have hummed and hahed and shuffled feet over the mess for so long that it is now at the point where when anyone hears a so-called 'security expert' talk, they mentally discount most of what is said.

Try it! By the end of the year, I predict open derision of anyone who pretends to be a security professional. Dilbert, anyone?

11. By the end of 2006, the secure browsing system that we know and love to hate -- SSL, $30 certificates, popup madness and that sodding padlock -- will have been bypassed. By the good guys, I mean -- it's been bypassed by the bad guys for several years, already.

It will no longer be part of the security model for browsing. What will become the security model will depend on what sector is doing the securing:

  • banks will have their two-factor tokens because they were told to,
  • smart users (and their mothers) will have their Trustbars and Petnames,
  • smart companies will customise the above plugins, and
  • even smarter operators will send out confirmations by email and by cell/mob

That's for the lightweight stuff. For the heavyweight stuff, look for alternate plaforms, like....

12. We'll see the much more use of two-factor authentication by cellular or mobile phone. I.e., SMS messages, or downloadable programs on phones to calculate the challenge/response. Why? Everyone's got a phone and they are a separate means of communication. (Why it's taking so long bothers me - is there something I'm missing?)

13. Unluckily for authors, artists, and blog writers, nothing much will change in DRM. Music sellers will sue file swappers, concentrating on the demographic of 12-17. File swappers will continue to swap, and learn how much better their own music is. The techniques of both sides will advance and both will be widely copied and nobody will make any money.

My bulls here are courtesy, and if I made any money from this blog, I'd be one sorry matador. Some time around 2007, all IP owners will realise they cannot win this war, and all swappers will get religious about DRM. A papal bull will be issued and a property love-in will ensue. Nobody will fight over the rights for the book, musical, philosophical or TV. By then we will have worked out the killer rights paradigm - convenience.

Hopefully we will be invited back for the love-in. Merry Xmas, Happy New Year, Season's Greetings, and may your packets move at Kelvin speed. I wish you a happy Year of the Bull.

Some other predictions:

Posted by iang at December 28, 2005 04:14 PM | TrackBack

On Wed, Dec 28, 2005 at 04:35:17PM +0000, wrote:

>> .
>> .
>> * countries have woken up to the fact that at the end of the day, the
>> USA controls enough of the core to have its way, and as a policy won't
>> give that up. This annoys some and worries others, so expect the fires
>> of UN committees on Internet governance to be well stoked, along with a
>> dozen other global copycats.

I don't think that is necessarily an accurate picture of the situation. More of a common misconception that the US administration has a vested interest in perpetuating.

The problem is that the people that are worried don't understand the technology, and the US has fooled the rest of the world into thinking that control of the Internet is theirs to give up if they should so choose...

If you believe them, then I have a bridge I would like to sell you...

In considering 'control of the Internet', the implementation of two key technologies are critical and largely independent - DNS and IP.

Consider the first for example. A simplified description of the basic strategy is as follows:

1. Dumb.
For the vast majority of hosts, such as Windows PCs, the strategy is simply 'I don't know but I know someone who does'. The ISP or other trusted party provides the name translatin (by supplying an IP address of a 'nameserver' to do the work).
2. DNS server
This is any host running a DNS server, such as a Unix system running named. It does the following:
a. If the target is in a domain managed by someone under my domain, pass on the next level down
b. If the target is outside my domain, pass the request on to one of of the root servers at the top of the tree.
c. If the target is in the directly managed domain, return the host if found, else return error.
3. Root Server.
For the root servers, the strategy is simply
a. If the target is in a domain managed by someone under my domain, pass on the next level down
b. Reject request - Non-existent host/domain

The crux of the control question is action 2b. The only differences between the 'root servers' and any other server are

1. It has no higher authority to refer to because it believes it knows everything defined in the top level domain
2. lots of other servers are configured to voluntarily defer to it.

So how do we confiscate these toys from the Whitehouse? Not as hard as everyone seems to imagine. You don't need the blessing of someone in the US, or a critical mass of rebels. You just need a machine on the Internet running a slightly modified DNS server.

The configuration would look like this

4. Rebel DNS server
This is any host running a DNS server, such as a Unix system running named.
a. If the target is in my directly managed domain, return the host if found, else pass request to legacy root server.
b. If the target is managed by someone under my domain, pass on the request to that host
c. If the target is outside my domain, pass the request on to one of of the rebel root servers at the top of the tree.
5. Rebel Root Server.
a. If the target is managed by someone under my domain, pass on the request to that machine
c. else pass the request on to one of of the legacy root servers.

The trick is that we are now free to define new domains and hosts without any control from the old heirarchy. Any name search will be satisfied locally if possible, but come from the old tree if not. Effectively we have a union mount with the rebel system bound before the old.

There is a positive incentive for everyone to change, because those that do not only have a subset of the new Internet at their disposal.

There is the problem that the US servers can go ahead and define new hosts/domain that conflict with rebel ones (or rebel managers could pre-empt existing legacy domains) making part of the Internet inacessible to rebel net users. However there is a disincenive here, in that most people will not want to register a DNS name that they know will be masked from some of the net.

A strategy aournd this would be to put the entire current Internet into a sub-domain under the rebel tree - so complaints, for example, might need to be emailed to if we decided to confiscate the '.gov' domain from Washington to use for our 'Internet Governance' organization. And of course the Whitehouse could not email any complaints to us unless they switched to the rebel servers.... ;)

This would be a trivial modification to the rebel servers above - the Rebel Root just recognizes the '.yank' domain as meaning 'strip the .yank and pass the result to one of the old servers..' But some things would break, such as web sites refering to conflicted names.

It would be a lot cleaner and simpler to just avoid any overlaps with the existing top level domains, making the rebel net a strict superset of what is provided by the US servers. The US administrators could fight back by deliberately defineing new domains in conflict, but that would be such an overtly hostile act that it would most likely hasten the stampede to the independent servers.

The point is that DNS control is democratic, and we vote by pointing our DNS servers at a nominated higher authority. There is no need to take over the existing roots, you just define a better alternative. Any of us could set this up, (I have been running one for years, but there was no point in advertising it because most of names I have defined are on my private internal network) and any of us would be free to point our DNS servers to such a site. We would then has an 'in' Internet to manage as we wish - perhaps offering a '.free' domain for free registrations. If badly managed, people will simply go elsewhere.

The strategy for IP is a little different, and takes a bit more infrastructural co-operation. I will leave that as an exercise for now..


Posted by: DigbyT at December 28, 2005 02:53 PM

The Rebel Root thing has been tried quite a number of times in the past, and has always gone down in flames eventually from lack of uptake. Unless there is sufficient momentum for the network effects to kick in and everyone decides to use the same Rebel Root, you just end up with fragmentation.

See the Late 90's DNS Wars and "which .biz is that?" madness. There were for a time a number of alternate Rebel Roots, some of which had overlapping domains, at least one of which (.biz) eventually DID get added to the Canonical Roots.

The problem is that such hierarchal naming schemes are a natural monopoly, and the network effects will drive everyone to use one system, so you need to somehow bootstrap up off of the current canonical root servers without having a future conflict be possible. Oy, that's a tall order, and I have yet to see a proposed solution that dodges the bullet on that one.

Posted by: David Mercer at December 28, 2005 04:59 PM

If I can make enough money next year, I will hire people to code up a distributed, non-hierarchical DNS system based on PGP WoT trust model. The RFCs are already out, it's just a matter of implementation.
There is a marked demand in the p2p world for an independent, cheap nameserver infrastructure. I hope, the indestructible .p2p TLD will be rolled out in 2006 or in 2007.
Of course, foo.p2p might not mean the same for you and for me, but it's not as much of an issue as some people think it is. If we want to do business, we will decide (freely) to trust the same name providers. The same way we have done with PGP keys.

Posted by: Daniel A. Nagy at December 29, 2005 06:22 AM

Just some quick notes in response to your year of the bull article.

I expect Macs to get their virus comeuppance, if not in 2006 then in 2007, because of the Intel switch. What has prevented this from happening before is security through PowerPC obscurity. The vast majority of virus writers are x86 hackers. And OS X is no more secure than the open source software it employs and infrequently updates.

Also, imagine the following scenario: you run OS X, Windows and some BSD on the same hardware, with a recent CPU that has all of the virtualization enhancements. Windows is attacked by a worm or virus which installs itself on the harddisk and runs Windows as a virtualized OS. The virus could do the same with the other operating systems installed...

Posted by: Felix at December 29, 2005 03:20 PM

Hi I am a student at Mayfield School Essex

I am writting this to try and gain your permission to use the picture bull1_dan_kozen.jpg.I am doing a coursework in DIDA at my school so I am only allowed to use a picture with the permission. I will give you my word that i wont use this pictureto sell or anything else i just want to use the fantastic picture.

Please email me back asap on

Your concern in this matter will be appreciated
Hansen Raj

Posted by: Hansen Raj at December 5, 2008 07:39 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.