Thursday, June 12, 2003
iTunes Music Store: A Quick Pass
It's midnight, but I want to add a few thoughts on the iTunes music store. "Is this model sustainable," asks Jeron. Well, I don't have a crystal ball, but yeah, I think it's sustainable. I don't think, though, that it's the only sustainable model for online music. Current offerings like eMusic and Rhapsody charge a monthly subscription in return for unlimited songs. This is a little like the new satellite radio industry--for a relatively small monthly fee, subscribers get unlimited music. The downsides to this model are that the songs can only be listened to on a computer connected to the Internet and cease to play if your subscription lapses.
When Apple claims that people prefer the purchase model to the subscription model, what they're really saying is that people don't want to be connected to the Internet to listen to their music. They want it on their iPods (or Nomads or whatever). They want it on their CD players. They want to listen without dialing up. And they want to listen on all their computers.
I see Apple's contribution to the online music business as these three points:
The Music Store's volume (if you'll pardon the pun) has dropped off, going from an average of nearly 1,000,000 songs/week in the first to weeks to more like 500,000 songs/week. This is to be expected, though, as the novelty wears off and people settle into more normal purchase patterns. When I consider, though, that Apple is selling 500,000 songs every week to the tiny fraction of the population who (a) use Macs and (b) have adopted OS X, I have to conclude that the iTunes Music Store is here to stay.
It's midnight, but I want to add a few thoughts on the iTunes music store. "Is this model sustainable," asks Jeron. Well, I don't have a crystal ball, but yeah, I think it's sustainable. I don't think, though, that it's the only sustainable model for online music. Current offerings like eMusic and Rhapsody charge a monthly subscription in return for unlimited songs. This is a little like the new satellite radio industry--for a relatively small monthly fee, subscribers get unlimited music. The downsides to this model are that the songs can only be listened to on a computer connected to the Internet and cease to play if your subscription lapses.
When Apple claims that people prefer the purchase model to the subscription model, what they're really saying is that people don't want to be connected to the Internet to listen to their music. They want it on their iPods (or Nomads or whatever). They want it on their CD players. They want to listen without dialing up. And they want to listen on all their computers.
I see Apple's contribution to the online music business as these three points:
- Flexible DRM. Apple was the first to get the RIAA to agree to a "digital rights management" system (DRM) that doesn't strip the consumer of pretty much all their fundamental rights.
- Subscription-free service. While I don't think this is as big a deal as some would make out, the low-commitment, one-click buying system makes splurge purchases easier. It also allows them to draw low-volume consumers who can't justify a monthly fee.
- Integration. As one would expect, music from the iTunes Music Store is seamlessly available for use as soundtracks in iMovie, iPhoto, and iDVD. Personally, I think this may fuel a surprising number of sales, as people decide they just have to have "California Dreamin'" in the background of their beach video. (And then try to decide which of the 8 available versions they want.)
The Music Store's volume (if you'll pardon the pun) has dropped off, going from an average of nearly 1,000,000 songs/week in the first to weeks to more like 500,000 songs/week. This is to be expected, though, as the novelty wears off and people settle into more normal purchase patterns. When I consider, though, that Apple is selling 500,000 songs every week to the tiny fraction of the population who (a) use Macs and (b) have adopted OS X, I have to conclude that the iTunes Music Store is here to stay.
Wednesday, June 11, 2003
Vindication? Not from one report.
Jeron, those are very interseting statistics. You didn't post the report, so I won't spend time trying to critique it. If true, it's certainly indicative of something. It may even indicate that Linux/OSS are less secure than closed-source software, though there are plenty of other explanations. I'd be happy to share some, but I think it's much more fun to poke holes in other people's sources. Or rather, to let experts poke holes in their sources.
Regardless of this particular source, however, it's clear this topic isn't going away. As Linux/OSS continues to evolve, and as Microsoft continues it's recent push to improve security, I'm sure we'll see numbers all over the map. And as we find them, we'll revisit the issue. After all, security is a dynamic and relative thing.
Jeron, those are very interseting statistics. You didn't post the report, so I won't spend time trying to critique it. If true, it's certainly indicative of something. It may even indicate that Linux/OSS are less secure than closed-source software, though there are plenty of other explanations. I'd be happy to share some, but I think it's much more fun to poke holes in other people's sources. Or rather, to let experts poke holes in their sources.
Regardless of this particular source, however, it's clear this topic isn't going away. As Linux/OSS continues to evolve, and as Microsoft continues it's recent push to improve security, I'm sure we'll see numbers all over the map. And as we find them, we'll revisit the issue. After all, security is a dynamic and relative thing.
Monday, June 09, 2003
RFID Tags: Early Uses
OK. Enough about security. Let's move on. I want to talk about RFID tags. The basic idea as I understand it is that these are bar codes with antennae. Initial uses are supposed to occur primarily in the supply-chain management and shrinkage management areas. Some companies, like Bennetton have already tried to embed RFIDs in clothing but met with a gigantic uproar among personal privacy activists and eventually revoked the program. I would like to focus a bit on what uses beyond supply-chain management RFID will likely have and whether or not it will be successfully and quickly adopted for those uses.
OK. Enough about security. Let's move on. I want to talk about RFID tags. The basic idea as I understand it is that these are bar codes with antennae. Initial uses are supposed to occur primarily in the supply-chain management and shrinkage management areas. Some companies, like Bennetton have already tried to embed RFIDs in clothing but met with a gigantic uproar among personal privacy activists and eventually revoked the program. I would like to focus a bit on what uses beyond supply-chain management RFID will likely have and whether or not it will be successfully and quickly adopted for those uses.
Vindication: Recent News about Linux Security
After initially revising some my historical data about the security of Linux vs. MSFT and recognizing the failure of a crucial part of my argument, I maintained that in the long-run, it will be hard for Linux to remain as secure as MSFT. A recent article in the SC Infosecurity Newswire appears to back my claim:
LINUX ATTACKS ARE UP, ACCORDING TO NEW SURVEY
"Cyberattacks worldwide hit record levels last month, with more than
three-quarters of successful breaches made against Linux-based systems,
according to a new report by London-based mi2g.
"The company says an analysis of attacks the past three months--mainly to
determine the digital impact of the Iraqi war--show compromised
Linux-based systems accounted for a whopping 76 percent, or 19,208
breaches, between March and May. Microsoft's Windows-based systems, mainly
IIS servers, were the victims of most other attacks, according to several
published reports.
"A record 2,576 attacks were recorded May 4 and 23,009 for the month of
May, according to one news account. However, members of the Web site
Zone-H.org confirmed Friday that the analysis does indicate Linux attacks
have widened while Windows breaches have waned since January 2003.
"Mi2g attributes the upswing in Linux attacks to misconfigured systems and
the lack of standard security practices for online server management
within the open-source community. The security firm also blames Linux's
growing popularity, which makes its systems bigger hacker targets."
The article makes two of the points that I was trying to make--open source servers tend to lacks the standard security practices employed by closed source servers and as Linux becomes more popular, it will increasingly become a target. In fairness to Thom, it does appear that many of the attacks are simply due to misconfigured systems. However, it is probably likely that open-source servers are more likely to be misconfigured than are servers running IIS, etc.
After initially revising some my historical data about the security of Linux vs. MSFT and recognizing the failure of a crucial part of my argument, I maintained that in the long-run, it will be hard for Linux to remain as secure as MSFT. A recent article in the SC Infosecurity Newswire appears to back my claim:
LINUX ATTACKS ARE UP, ACCORDING TO NEW SURVEY
"Cyberattacks worldwide hit record levels last month, with more than
three-quarters of successful breaches made against Linux-based systems,
according to a new report by London-based mi2g.
"The company says an analysis of attacks the past three months--mainly to
determine the digital impact of the Iraqi war--show compromised
Linux-based systems accounted for a whopping 76 percent, or 19,208
breaches, between March and May. Microsoft's Windows-based systems, mainly
IIS servers, were the victims of most other attacks, according to several
published reports.
"A record 2,576 attacks were recorded May 4 and 23,009 for the month of
May, according to one news account. However, members of the Web site
Zone-H.org confirmed Friday that the analysis does indicate Linux attacks
have widened while Windows breaches have waned since January 2003.
"Mi2g attributes the upswing in Linux attacks to misconfigured systems and
the lack of standard security practices for online server management
within the open-source community. The security firm also blames Linux's
growing popularity, which makes its systems bigger hacker targets."
The article makes two of the points that I was trying to make--open source servers tend to lacks the standard security practices employed by closed source servers and as Linux becomes more popular, it will increasingly become a target. In fairness to Thom, it does appear that many of the attacks are simply due to misconfigured systems. However, it is probably likely that open-source servers are more likely to be misconfigured than are servers running IIS, etc.
Tuesday, June 03, 2003
Intrusion Detection and Prevention--A Model for Making a Market out of Artificial Intelligence Software?
While reading a recent McKinsey Quarterly article (you may have to register to see it) on artificial intelligence, I couldn't help but to think about the recent popularity enjoyed by the intrusion detection and intrusion prevention markets. Intrusion detection is one of the few technologies that has remained hot despite the technology slowdown, and it is one of the few artificial intelligence technologies that has gained significant market traction. I cite as evidence for intrusion detection's popularity and market traction Symantec's 1999 acquisition of Axent, 2002 acquisitions of Recourse Technologies and SecurityFocus, NetScreen's 2002 acquisition of OneSecure, Network Associate's 2003 acquisition of IntruVert and Entercept, and Cisco's 2003 acquisition of Okena. Intrustion detection and prevention software combines the full gamut of AI functionality--numerical analysis systems, rules-based decision systems, and autonomous execution systems.
I would predict that there are a few more security software solutions that could implement AI functionality and receive a warm welcome in the market.
While reading a recent McKinsey Quarterly article (you may have to register to see it) on artificial intelligence, I couldn't help but to think about the recent popularity enjoyed by the intrusion detection and intrusion prevention markets. Intrusion detection is one of the few technologies that has remained hot despite the technology slowdown, and it is one of the few artificial intelligence technologies that has gained significant market traction. I cite as evidence for intrusion detection's popularity and market traction Symantec's 1999 acquisition of Axent, 2002 acquisitions of Recourse Technologies and SecurityFocus, NetScreen's 2002 acquisition of OneSecure, Network Associate's 2003 acquisition of IntruVert and Entercept, and Cisco's 2003 acquisition of Okena. Intrustion detection and prevention software combines the full gamut of AI functionality--numerical analysis systems, rules-based decision systems, and autonomous execution systems.
I would predict that there are a few more security software solutions that could implement AI functionality and receive a warm welcome in the market.
