“... when it comes to delivering broadband to businesses, he recognizes that a superfast gigabit connection to a business will have a very different usage pattern than one delivered to a consumer. ... “With our stance on no capping, I [Jasper] have a little bit of concern delivering 1 gig to a business at $89.95 and them using half of it, because that could really happen.”

“Consumption is still constrained by the number of TVs and hard drives and even though everyone eventually has more stuff, practically speaking it really does end up normalizing down to a reasonable level,” Jasper says. … But a business might hook a data center or several servers up on a gigabit connection and use that to send a lot of traffic out. And that could get expensive.”

This is my take away from this article: Currently consumers use the connection mostly to download content and there is a natural limit on how much they can use it for. In other words, Sonic.net is relying on the empirical cap. what happens if the usage pattern changes and the empirical cap is not acceptable anymore? What happens if consumers place low-cost servers to serve their content by themselves? What if some OTT player distributes Nano Data Centers to Sonic.net’s customers? After all rate arbitragers would love this, won’t they?

There is a more damning indictment with regards to businesses. Sonic.net has decided to not offer gigabit access to businesses, just so they can cling to “no cap” policy. What would be our reaction if AT&T Worldnet decided not to offer DSL, but stick to just dial-up modems for some policy reasons. Isn’t it better for businesses to pay for consumed bandwidth, but still get gigabit access? After all the major benfit of high-speed access is reduced latency.

So I say to Sonic.net and other proponents of “no cap” policy: fanatical adherence may be robbing the very same customers you think you are protecting.

The paper is clearly written and is based on a well designed experiment. Apparently, the authors have alerted Skype of the problem and the authors lament that Skype has not taken any steps to address the issues. But it looks, on the surface at least, it is simple to thwart the attack.

1. easily identify the Skype Id of a person using some commonly known information of a user
2. determine the IP address of a Skype user and track this information with out the user being aware of
3. use the learnt IP address to see whether any Bit Torrent activity going on at that address to conclude the user behind that activity.

I don’t think that many will find it very alarming that one can so easily find out the Skype ID aof a person. After all it is widely known that Skype provides a directory service. After all, with White Pages, we could reasonably get a person’s address. Also, determining Bit Torrent activity is outside the scope of Skype. So our focus really is how are they able to determine the IP address at which a Skype user is connected.

It turns out that Skype clients and the supernodes generate a signature pattern of datagrams during a session setup, thereby identifying the IP address of the target Skype client. In the following A is the Skype client originating the session and B is the target Skype client. When A initiates a session with B, A is given the IP addresses of a bunch of supernodes AND that of B (if B is not currently connected then the last connected address). Even though A does not know which is B’s, the researchers have identified a weakness in Skype’s protocol design that can be exploited to identify B’s address.

As part of session initiation, Skype protocol initiates TCP connection to all of them. If the TCP connection attempt to B fails, then A and B exchange bunch of UDP datagrams of predetermined length. Interestingly, this does not happen with other nodes. Additionally, if the TCP connection between A and B fails, then B does not indicate the presence of an incoming call on the UI. In other words, the user of B does not know of a malicious call attempt. The researchers suggest that one can exploit these two flaws to determine and track the IP address at which B is connected to the Internet. Specifically, the researchers prevented the establishment of any new TCP connection by dropping all outgoing and incoming SYN packets to all IP addresses. Then monitor UDP traffic to identify B’s IP address.

It is not clear why Skype has not addressed this issue thus far. A simple solution is clear: Skype needs to hide B in plain sight. They just have to make all the nodes to behave the same way when TCP connection fails. In other words all the nodes have to exchange UDP packets. Since the content is encrypted and obfuscated, the infrastructure nodes can be saying “let us pretend to talk”. As an added mesaure the length of UDP packets should be varying from instance to instance. It is simple to add a random length of padded bytes. The fact that they have not fixed the flaw suggests that there must be operational reasons why this apparently simple solution will not work.

In any event, Skype must add these malicious call attempts to the call logs, even if they do not want to inform the user via UI. The call logs can give the information of the Skype ID, their IP address (isn’t that poetic justice?) who made these surreptitious call attempts. This way at least users will be aware of they being tracked.

It is likely that this is a known flaw. I recall that one of the suspects in the murder of a British student in Italy was tracked in Germany after he attempted to use Skype. It is possible that the authorities used this mechanism.

A couple of days back, New York Times had a story on a recent research paper that was presented at Usenix Workshop on Hot Topics in Cloud Computing. The idea is to spin a cloud using servers placed inside the homes and use the heat generated by these servers to heat the homes. In the paper, the authors point out an earlier study that suggested the use of home routers as Nano Data Centers (NaDa) for content caching.

I think Social Sharing service based on NaDa is a better alternative than the content caching and distribution service that explored in the paper. Users may perceive that Content Cachnig and Distribution service really benefits the ISP and so may be reluctant to share their resources to offer service to others. Additionally, these gateways and modems require storage capability that may not be available readily. Social Sharing service on the other hand is directly beneficial to the hosting user and they will be willing to supply storage devices to store their content. More importantly, users will be assured that their content is at all times in their possession and privacy is assured. ISPs will be able to position this in positive light compare to privacy issues that plague public social networks.

As part of his "5 Myths of Social Software", Jon Mell dispels a myth that one needs "lots of people for social tools to be a success." He points to this famous diagram by Chris Rasmussen and his own positive personal experience at a three person startup to conclude that "placing social tools in the context of their existing workflows (like email) and targeting identified business problems (even if they initially involve small groups) is far more successful than trying to get large numbers of young people using Facebook-like tools for the sake of it."

So the bottom line is social software must allow for "guests" before they become full fledged users. Of course for this to happen, the software must allow for browser based access and allow third party authentication tools like OpenID/OAuth.

So how will I assert my identity with different RPs who may want to verify different attributes. If an RP would like to know my current employer, I will present OpenID issued by my employer and the RP can request the needed attributes like, start date, salary or other personnel information. I would use the OpenID procedure to allow or restrict access to such information as is appropriate. If an RP is interested in ensuring that the individual is school going student, they would require IP to be an accredited school and RP could access the age of the individual to further restrict age appropriate material. If an RP is interested in my address, they could require OpenID from DMV or an utility company. And so on.

To summarize, the technology is in place. We should evangelize and advocate use of this technology for wide adoption.

I am surprised to note that Trunking providers do not provide SLA for call blocking. If they were to offer reserved instance and so on, it is imperative on stating the call blocking probability. Otherwise reserved trunks do not have a meaning. So I anticipate the market move on these two aspects of the service.

Smartphones and tablets have thus far dominated the discussion on the topic of post-PC devices. These devices are expensive, mobility focused and mainly facilitates users with consuming information. But I would like to consider another set of devices which are inexpensive to own and operate, stationary and distributes information.

All these examples have somethings in common. All are essentially software applications that require an always on hardware that is inexpensive, low in power consumption and operationally silent. If such a hardware platform is available that too from multiple vendors, then the same sort of “App Store phenomenon” can happen in this segment as well. I am here to report that such a platform is here and available now.

For about two years, I have been following the developments related to “plug computers” put forwarded by Marvell. They have put out a reference design built on an ARM processor. There have been reports that Marvell expects that plugs will retail for as low as $49. Pogoplug is built around this design and Chumby is also a simliar device. But they are all one of a kind. They are closed both in hardware and software. Yes, Chumby allows third party to build Flash-based applications, but that is all. Plug computers are not widely available. Marvell identifies a couple of third party OEMs who can build products based on their reference design. But there are no generally available products targeted at the consumer market. But last month I came across a device called Efika MX Smarttop, marketed by Genesi.

The platform is very similar to plug computers. It is a compact device measuring 160x115x20mm. It is built around Freescale i.MX515 (ARM Cortex-A8 800MHz), with 512 MB RAM, 8 GB SSD. It has 10/100 Mbps Ethernet, 802.11 b/g/n WiFI, a SDHC card reader and 2 USB 2.0 ports. A display unit can be connected via a HDMI port. It comes with a derivative of Ubuntu 10.10. In other words, for all purpose, it is a PC with a full fledged OS. The unit consumes about 5W to fully operate. The device currently retails for $129 from their website. But I suspect that there is room for the price to be much lower once the volume picks up.

Another noteworthy thing is that Ubuntu 10.10 has something called Ubuntu Software Center. It is like Apple App Store or Android Marketplace. It is easy to discover and install software. No need to fudge with sudos and apt-gets.

So what can one do with Efika. The Software Center has MySQL available. Even though Apache is not listed, there is no reason why one can not be made available. This means, users can run their web sites on Efika. With open source software, attaching a USB drive one can make Efika into a NAS. I am able to install and run Twinkle, a VoIP client. So with ah appropriate USB device with an FXS, one can make it into an ATA. I am sure one can make it a DECT base station or a WiFi router. But they require additional hardware. So the next generation of Efika must have something like “expansion slot” from the PC era. With this specific hardware or processing power can be augmented to support specific application. For example, for DECT base station, the additional hardware will perform the required radio function and also provide FXO port. To make it a wifi router, it will be required to have LAN ports. I envision that such application specific hardware will be made available by the corresponding app developer.

All in all it is like PC market all over with one big difference: the OS is free and open source. There is no one entity that is in control, save for ARM. I really hope this particular segment of consumer electronics sees lots of action.

1. Sine the end points know that there is an end to end IP path, they can decide on the codec, especially a wideband one. Contrast this to the current mode of operation where the call is forcefully routed through PSTN which translates to transcoding and the attendant quality degradation.
2. Since the signaling is end to end, the originating entity can convey the purpose of the session in the SIP INVITE message and the destination entity can use this to decide on the proper response.
3. The originating entity can utilize Rich Presence information of the destination entity to decide on the proper mode for the session.
4. The end points have the option of changing the mode of communication from text chat to voice to video or gradually escalate the mode of communication.

Given all these varied benefits of SIP URI based dialing why am I being less enthusiastic? A short answer is that this putting the cart before the horse. Let me give a more detailed answer below.

Till recently most of the VoIP deployments have used VoIP ATA with the standard telephone set. So the SIP signaling is not truly end to end. In other places, we all celebrate the end to end nature of Internet and everybody will quote the famous paper by Saltzer et. al. But what is not usually observed is that one of the points that was vigorously debated was where to terminate error correction and acknowledgment procedures of the transport protocol. Those days the Network Interface card was outboard and some were content to terminate these procedures in these cards. But ultimately the end to end proponents prevailed. If you think about it these ATAs are analogous to the outboards of those days and we have been content with terminating SIP signaling in these boxes. Now finally the proliferation of mobile VoIP and enterprise applications have made it possible to have real end to end SIP signaling. But that is a small step.

Even those systems that have native SIP clients do not have the needed UI for users to populate the Subject header in the SIP INVITE message. I do not know of very many SIP VoIP providers who allow its users to populate their Rich Presence information or make them available to their potential callers. Finally I wonder how many SIP VoIP providers dabble in multi modal sessions or gradual escalation of modes. Let us face the fact that for most of the VoIP providers and their subscribers, the focus has been PSTN termination, pure and simple.

If we have a horse and no cart, at least some of us can ride the horse. But if we have only the cart, what good is it?

More importantly, these providers by issuing an ATA and asking their customers to connect a “standard telephone”, I contend that it is the service providers who are asking their customers to view themselves as a replacement service. It is the service providers who reinforce this further by issuing just phone numbers. Let us compare how email providers rolled out the service a couple of decades back. At that time, email advocates ridiculed postal service, just like VoIP advocates deride the incumbents. But they didn’t use postal address as email address; they didn’t suggest that they will transcribe written letters to email format, just because that is what the customers are used to. They took the bold step of requiring necessary modifications to user experience and user interface so as not to stifle the services the technology can offer. To be sure, the adoption may have been was slow, but once it is adopted, email service provided a totally, radically different service.

So what features and services that VoIP providers could have offered, FCC regulations or not?
Since VoIP out-of-band signalling mechanism, many services that Plain Old Telephone Service can not hope to offer. A caller can find out called user’s availability in a less intrusive manner rather than asking in person. But standard telephone/ATA combination does not allow for this. SIP, the predominant protocol used by VoIP providers allow for conveying th subject of the call, just like email does. But alas, there is no way to convey that to a telephone/ATA end point. And I could continue for some length. None of the FCC regulations force VoIP providers not to offer any of these services/features. It may be convenient or fashionable to rally the base by faulting the incumbents or FCC, but the reality is that VoIP industry could offer many new, exciting features and it is solely our fault that we haven’t even made an attempt to get market reaction on these services and features.

1. There is no way to calibrate whether the caller is conveying valid information or not. Indeed Vodafone subsequently stated that the government used emergency powers to send mass SMS messages, but with out identifying the sender. So it is conceivable the government can use its supporters to call in and provide misleading information.
2. Since this service concept is new, many potential callers did not know the existence of such a service and organizers didn’t have a way to disseminate the access numbers.

So recognizing that the service concept is useful and applicable in other situations - both political and apolitical - it will be useful to develop a more general, scalable version of this service. That is the objective of this post.

In abstraction, the idea of the service is to record a caller’s voice and post a link (with translation and transcription) to Twitter where the recorded message can be played. Many of us have voicemail that can of course record callers’ voice. Since our phone numbers act as access numbers, there is no need to disseminate them. The owners of voice mail account can act as translators and transcribers. So the only thing that needs to be developed is for the callers to instruct the voice mail system that the message must be sent out as a tweet under the voice mail owner’s name, with owner specified tag. Since the tweets will be under the owner’s name and normally the owner’s friends will be using this service, the credibility of the tweets could be associated with the owner.

A possible use case scenario is the following: I administer my voice mail account to prompt the callers to enter a specified digit if they want the message to be tweeted with a specified hashtag. Then the caller enters the specific digit and the system will be ready to record the message. After the caller completes the message the voice mail system can generate a tweet, just as Speak2Tweet does. If necessary I can hear the message and update the tweet with translation and transcription.

Such a service meets the service objectives of Speak2Tweet and also addresses the identified issues like scalability, authentication and access number dissemination. I hope Google Voice, Skype In, Ribbit Mobile and others consider including this capability as part of their service.

1. The scheme must allow for scalable and fault tolerant network
2. Building an ever larger server that can handle a large number of end points is not realistic. So it is better to focus on scaling a cluster of small servers.
3. The post had identified a couple of issues that must be addressed by cluster approach.

In the absence of the details of the post, I thought I will document my thoughts on this topic and solicit feedback from you.

Though the full details of the architecture that Skype uses are not known, there is a general understanding on how it operates and scales. There is a central “name server” that Skype clients authenticate themselves at login. Subsequently, the end-point approaches a set of supernodes (one by one, from a list provided by the name server) that has capacity to act as a proxy to the client. It is not known how Skype ensures that the name server scales and is fault tolerant. But with the P2P architecture, Skype can add/remove supernodes at any time and they all will collectively maintain routing information among them. This allows Skype to scale. Even though this architecture allows Skpe to recover from failed supernodes, I think all the clients currently connected to a failed supernode must go through the login procedure to be assigned a new supernode.

Monkey Infers, Monkey Does

1. Casandra is the Name Server:

   So my great idea is to replicate the inferred Skype architecture. So as a first step, we need to have a name server, but something more. Our name server will contain all the users’ information like userid and credentials. It will also contain information about all the deployed Proxy servers - IP address and set of clients associated with them. To ensure scalability and fault tolerance, the name server will be a Casandra system running on commodity servers. Additionally, it will store for each userid, information about registered clients and associated Proxy servers.

2. Networking the Proxy Servers:

   The set of Proxy servers are networked using Chord, a distributed hash table indexing. Also these Proxy servers will use Cassandra to store active session information.

3. Assignment of a Proxy server:

   When a client authenticates itself with the Name Server, the Name Server will provide the client with a set of Proxy servers. The client can register itself with one of the Proxy servers. If no Proxy server is available then it will request a new set of Proxy servers from the Name Server.

4. Routing a Call:

   When a user initiates a session from a client, the associated Proxy server will query the Name Server for the list of clients of the called user and the associated Proxy servers. Then the originating Proxy server will use Chord to reach the Proxy servers associated with the called user.

5. Failure of a Proxy server:

   The clients associated with a failed Proxy server will notice the failure. When that happens, the client will try to connect with another Proxy server from the list provided by the Name Server.

Analysis

It is clear that the proposed system is highly scalable. A failed proxy server can be functionally replaced. Furthermore, all the active sessions will either be brought under control or will be forcefully closed by the Proxy server with the session information stored in the Casandra.

There are so many consumer pain points that can be alleviated with proper consumer technology. For example we all have had frustrating experience of being put on hold when we call a call center. Shai Berger describes a service called virtual hold and apparently three approaches are being deployed. In particular one approach being pursued by Lucyphone is getting good press and at the same time has some potential privacy concerns. Of course this approach deployed as a consumer premise solution would alleviate the privacy concerns. Obi110 could have added this capability.

Fonolo made its debut by attempting to eliminate irritating IVR experience by offering a service that they call “deep dialing”. Here is another example of a real consumer need being met with an intermediary service. Consider an alternate approach: websites provide the key sequences to reach each leaf of the IVR tree, visiting consumers can pass the appropriate one to the Obi110 box (after all the browser and the box are on the same LAN) and the box dials aout the IVR sequence at the appropriate time. This way, the two end points eliminate the pain point without involving a third party.

We all are used to the benefits of SMS on our mobile phones. As Google Voice has demonstrated that this could be offered to landline numbers as well. But there are no indications that incumbents are even considering such a service. So a third party can step in and offer a form of SMS service if only appropriate equipments are at home. Since Obi110 is connected to the internet, it could receive the text messages sent by the service provider. If they also provide cordless phones like Ooma, the base station can deliver the text messages using DECT technology.

Like these one can add additional, useful services and capabilities to consumers. Of course the industry has consistently failed to offer any of them during the past 10 years. Many in the industry talk “Intelligence at the End” talk, but their walk is decidedly “bellheaded”. I hope this changes in the near future.

Viber is like many other VoIP services with 2 very important twists. Firstly it uses iPhone’s phone number for id. Secondly it uses Contacts stored in iPhone as the buddy list. Once the app is installed, it copies the local Contact list and appends a special icon to all the contacts who are also Viber users. The iconized list is updated whenever a person in the Contact list joins the service. From now on, this new Contact list will be used for calls. The app will use Viber service to call other Viber users and for all others, the app will direct to the native phone application.

Observations:

1. Viber reminds me of PhoneGnome. It also uses landline number to derive the SIP URI it assigns to the device. Indeed they have patented this process. It is not clear to me whether Viber infringes on this patent or not. Apple’s FaceTime also uses the phone number as the id for its service.

2. This app is developed by the same team that had developed and operating iMesh, a P2P network. But Viber itself is not strict P2P. The devices talk to dedicated “proxy servers” (it is not clear whether the signaling protocol is a proprietary one or SIP). But as I had observed a long time back in the context of Skype, Viber is using iMesh technology to scale its infrastructure. Essentially they have integrated iMesh supernode and the required “proxy server” function. This way they can easily scale up and down as the number of active users vary.

3. If the app is running in the background or has been closed, the service will use Apple Push Notification Service to prompt the user of an incoming call. Once the user opts to take the call the app will be launched and the call will be answered. This has multiple benefits. First is this helps in extending the battery life. Secondly, this scheme reduces data consumption. Finally, this reduces load on the service’s infrastructure because only active devices will be maintaining signalling connection.

4. This use of APNS may introduce call setup delay, since the app may have to be launched, connected to the server before call can be answered. It is not known to me how long is the delay and whether some callers may prematurely abandon the call attempt. We have to wait for a while to hear anecdotal data.

5. An iPhone with Viber installed could potentially be involved in two calls one on Viber and another on the native app. It is not clear how and who handles the feature interaction. For example, if a user is on a Viber call and a call comes in on the native side. Will the phone ring or the user gets a call waiting tone? How does the user answer the call? Is UI different? PhoneGnome handles it beautifully. Again, we have to wait before we collect some empirical data.

There is a report that EU will be funding a research effort into Cloud Storage Technologies to the tune of $21.4 M. This project will be spearheaded by IBM’s research team in Haifa and it will take three years for the projet to complete.

The following paragraph in that story is my focus today: “The project will explore other advanced features for cloud storage, such as flexible but secure access control. For example, a company may want to distribute a video to participants of a conference, but they may not want to give access credentials to those people for its own network. The project will look into ways the video can be shared securely under those conditions while also being accessible by people through any device, Kolodner said.”

The idea is when a company wants to distribute video to participants of a conference, they will create a “Note” and identify the conference organizer as the issuing authority and the name of the conference as the associated tag. When somebody tries to access this Note, the system will use OpenID procedure to authenticate the visitor and then use OpenID Attribute Exchange to query the conference organizer to confirm the visitor’s participation in the conference. Once this done, the system will allow access to the Note. Use of user-centri id like OpenID ensures that access is flexible and at the same time using an issuing authority to control acccess makes it secure.