Comments: 2007: year in review...

my two bits on some of the subjects

part of the payment issue is whether it is a transaction business or a risk management business.

if it is a transaction business ... then one might expect lots of efforts to make it more efficient and less risky.

if it is a risk management business ... then it might be construed that if all risk were to be eliminated ... there wouldn't be much to manage anymore.

for more than a decade there has been predictions that telcos would move in and take over the payment transaction business ... because they are already extremely efficient at managing call record transactions. there has been numerous claims that has yet to happen because telcos haven't figured out how to do the risk management end better.

some recent posts related to pdas/cellphones moving into payment transactions
http://www.garlic.com/~lynn/2007u.html#11 Public Computers
http://www.garlic.com/~lynn/2007u.html#47 folklore indeed
http://www.garlic.com/~lynn/2007v.html#37 Apple files patent for WGA-style anti-piracy tech

and for some cybercrime issues ... recent post
http://www.garlic.com/~lynn/2007v.html#35 Inside a Modern Malware Distribution System

There referenced modern malware articles make mention of the "new, 40+ yr old" technology ... however, my first exposure wasn't until the last week of jan68 as an undergraduate (a few weeks short of 40yrs). However, over the next two years ... as an undergraduate, I significantly redesigned and rewrote much of the original kernel.

The malware article is also somewhat related to the virus/trojan attacks on online banking systems ... which (with a little topic drift) raised in this post:
http://www.garlic.com/~lynn/aadsm27.htm#65 MITM spotted in Tor

there have been several ongoing themes that the "new 40+ yr old" technology will be the saving solution to all sorts of current computing ills
(and whether or not 2008 will be the year of virtual machines).

Posted by Lynn Wheeler at December 22, 2007 04:03 PM

Hmmm... it's true! I never mentioned the rise and domination of the VM. Perhaps because it has little to do with FC? I don't see it as much more than a distraction, in that we have as many machines as we need, and VMs just give us more. Dunno...

I disagree on one point; just because IBM had virtualisation back in 1968 (how embarrassing...) doesn't mean that virtualisation is "old hat". Moving it from the stratospheric ranges of the IBM world to the $300 PC cheapie is still a big deal.

Posted by Iang at December 22, 2007 05:28 PM

re:
http://www.garlic.com/~lynn/aadsm27.htm#66 2007: year in review

some amount of new 40+ yr old technology is about server consolidation and being green

i.e.
http://www.garlic.com/~lynn/2007s.html#0 Marines look for a few less servers, via virtualization
http://www.garlic.com/~lynn/2007v.html#13 Ageing data centers limiting benefits of new technologies

however other activities involve "virtual appliances" (what we use to call service virtual machines) ... which are much simpler and targeted monitors. they are considered somewhat more secure because they are less complex and KISS.
http://www.garlic.com/~lynn/2007o.html#3 Hypervisors May Replace Operating Systems As King Of The Data Center
http://www.garlic.com/~lynn/2007s.html#4 Why do we think virtualization is new?
http://www.garlic.com/~lynn/2007u.html#39 New, 40+ yr old, direction in operating systems

the new 40+ yr old technology is also being touted as addressing some of the existing cyber vulnerabilities. part of (simpler) virtual machine technologies ... is it can provide very strong partitioning (approaching "air gapping"). One of the major compromising vectors is via browser interaction on the internet. One of the internet browsing scenarios involves creating a brand new targeted browsing environment for each session ... which goes poof and evaporates (along with any compromises) when done.
http://www.garlic.com/~lynn/2007q.html#64 Virtual Browsers: Disposable Security

many of these virtualizing techniques date back nearly 40 yrs. some slight different topic drift (I disclaim knowledge of it at the time):
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm

Now on the other hand ... given control of the machine ... virtual machine technology can hide in lots of ways that conventional compromises can't. The referenced malware discussion points out case where the bad guys are looking to see if they are in such an environment controlled by the good guys. However, there has also been discussions about potential for the reverse ... i.e. the bad guys in control ... for instance in machines located in public environments (and figure they can evade detection).

and somewhat back to 2007: year in review ... my first post of the year
http://www.garlic.com/~lynn/2007.html#0 Securing financial transactions a high priority for 2007

referencing article in late 2006 ... and a thread that continued thru much of 2007 mostly about how it hadn't happened.

Posted by Lynn Wheeler at December 22, 2007 09:57 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x560f348f4f50) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.