Net neutrality concerns and China’s Telecommunication Act

CNET reported public, drastic debate of the Net Neutrality, and careful considerations of a bill at backside, among stakeholders. As the representatives of the new voice from internet, those giants, Google, Yahoo, Microsoft criticized that the Net Neutrality bill might bring unpredicted potential demage to the internet users, while leaving a loophole to those triple-players or tradional operators who own and operate the internet transmission services. A good blog post pointed out what the world will become if the net neutrality is killed off:

In other words, customers might only get to run applications approved by the carriers. Not only would that result in dramatically higher costs for consumers and businesses, but many speculate it would seriously hamper innovation.

Of course, there must be a long way for the Net Neutrality into a real bill, but this kind of argument will help improve the maturity,integrity, fairness, will eventually benefit the end users.

At China, the anticipated Telecommunications Act is not enacted yet, under longer than 25 year's tough development. The Act, at its draft stage, according to the MII, will be finalized at 2006. It was said the reason for continuously postponing was the uncertainty of the convergency of three networks (telephone, vedio, and data). Comparing to the openness and public participation reflected by the above report, we might better our legislation process to let more people and experts, enterprises involved.

Technorati Tags: telecom, 3G, china, p2p, skype

Rails releases latest version 1.1.0

At March 28, the ruby-based open source rapid application development framework – Rails released its latest version 1.1.0 with a bunch of new features and plugins. See their official site at: http://www.rubyonrails.org

Technorati Tags: Rails, RoR, Ruby, "web2.0"

MySpace Used as Forensics Tool

See post at Schneier's blog on "MySpace Used as Forensics Tool".It's a lesson to web surfers. Before you fill up those personal into the forms by BBS/BLOG/IRC/Mailinglist and other Myspace-like cyber sites, you'd better prepare to let those info known by everybody in the planet. Or don't do that.

At other side, that reflects the value of the technology of web data mining, not just web search engines like Google, Yahoo, and Baidu, and not just so-called community search engines like Google Blog Search and Qihoo, etc. The next generation web info mining tools should cover more applications where valued data hide themselves. The mining technology, just as today's search engine, is a kind of dual-edge sword. You can use it to protect  yourself, others can make use of it to hurt you.

SOC and MSS worldwide

From its first appearance, SOC (Security Operations Center) was created for MSS (Managed Security Services). At 2002, when I tried to dig information on SOC with Google for the first similar project at China, I found the top matches came from ISS and its subsidiary organizations (ISS had 6 SOCs worldwide then), such as ISSKK, and its Taiwan agent – ISSTW.,but this was not my target.

Another significant description of SOC is from NTT. NTT built up its SOC to provide MSS service to their customers! ie. Security can be sort of value-added service, besides being competitive advantages. See the following diagram on NTT's SOC: Read the rest of this entry »

Identity is the foundation for everything we do

Sarbanes Oxley is bring blossoming business opportunities not only to the big 4 accounting firms, but also to a lot of software vendors, Among those technologies and products involved in SOX compliance programs, identity management is the focal point that a lot of giant vendors fight for, Microsoft, IBM, CA, BMC, HP, Oracle, Novell, Sun and …. I am very happy to see the following diagram:

where John Jackson from GM said "Identity is the foundation for everything we do".

"Ten years ago, the prevailing assumption was that if you were on the GM network, then you were a GM employee," says Jackson, who is on the board of the Liberty Alliance, a consortium developing protocols for sharing identities.

"Today, we have dealers and suppliers [on the network] that are not a part of GM. Add the fact that we are completely outsourced, and it becomes critical to track who you are and what rights you have so we can make sure that people only get to the information they are allowed to get to. Identity is the foundation for everything we do," he adds.

So important is this that GM has a 12-person identity group within the security team. The group continues to consolidate internal directories while expanding its identity federation deployment and building out virtual directories and SSO capabilities.

Users and analysts agree that identity is seeping into corporate infrastructure.

"In five years, what we talk about today as identity and access management will just be another part of the infrastructure, and it won't be sold separately. It will be part of your security foundation," says Sally Hudson, a security research manager at IDC.

Technorati Tags: IAM, Security, AAA,SOX

Good To Great – Hedgehog Concept by Jim Collins

A Hedgehog Concept is a simple, crystalline concept that flows from deep understanding about the intersection of the following three circles:

1. What you can be the best in the world at (and, equally important, what you cannot be the best in the world at)?
   This discerning standard goes far beyond core competence.  Just because you possess a core competence doesn’t necessarily mean you can be the best in the world at it.  Conversely, what you can be the best at might not even be something in which you are currently engaged.
   
2. What drives your economic engine?
   All the good-to-great companies attained piercing insight into how to most effectively generate sustained and robust cash flow and profitability.  In particular, they discovered the single denominator – profit per x – that had the greatest impact on the economics.  (It would be cash flow per x in the social sector.)
   
3. What you are deeply passionate about?
   The good-to-great companies focused on those activities that ignited their passion.  The idea here is not to stimulate passion but to discover what makes you passionate.
   

Despite its vital importance (or, rather because of its vital importance), it would be a terrible mistake to thoughtlessly attempt to jump right to a Hedgehog Concept.  You can’t just go off-site for two days, pull out a bunch of flip charts, do breakout discussions, and come up with a deep understanding.  Well, you can do that, but you probably won’t get it right.  It would be like Einstein saying, “I think it’s time to become a great scientist, so I’m going to go off to the Four Seasons this weekend, pull out the flip charts, and unlock the secrets of the universe.”  Insight just doesn’t happen that way.  It took Einstein ten years of groping through the fog to get the theory of special relativity, and he was a bright guy.

It took about four years on average for the good-to-great companies to clarify their Hedgehog Concepts.  Like scientific insight, a Hedgehog Concept simplifies a complex world and makes decisions much easier.  But while it has crystalline clarity and elegant simplicity once you have it, getting the concept can be devilishly difficult and takes time.  Recognize that getting a Hedgehog Concept is an inherently iterative process, not an event.

The essence of the process is to get the right people engaged in vigorous dialogue and debate, infused with the brutal facts and guided by questions formed by the three circles.  Do we really understand what we can be the best in the world at, as distinct from what we can just be successful at?  Do we really understand the drivers in our economic engine, including our economic denominator?  Do we really understand what best ignites our passion?

– Extracted from Good To Great by Jim Collins

VoIP in China

There was a report on "VoIP in China" at TMCnet.com and Theregister retailed it yesterday. VoIP technology is a revolution brought by the IP prevalence. It lowers the operation costs of both the carriers and the consumers. See my previous post on "Skype blocked at China", where I expressed my points on the way in China for Skype and other web phones.

In fact, the revenue growth of those two fix line operators (China Telecom and China Netcom) depends on their broad-band internet access and some of the value-added services. But the growth of such two kind of services can not fill the revenue hole by voice revenue decline. Especially when the leading mobile operator – China Mobile claimed a few days ago that they would by far lower their roaming and inbound call price. That's a hard time for CTG and CNC, hurted by the "replacing consumption". The contribution of their PHS products is just to collect money by burning more money.

At 2007, the main four operators will get their own 3G licenses. And the consolidation and upgrade of their BSS/OSS systems will be reaching a milestone to support more multiple-play products. It's a critical point for CTG and CNC, who have huge scale local communication networks. Theoretically they will have a fair competition base.

Currently there are a drastic argument at engadget.com, arose by a post on "China gives VoIP two year sentence". I agree and appreciate the comments from Terence and LG and etc. China never ban Skype, never claim Skype illegal. People can use Skype just as other part of the world. China just doesn't want to grant such a license to permit INTERCONNECT with PSTN. That's the right of a government to decide when and how to grant such licenses, no business with the socialism and politics. Read the rest of this entry »

SOC in China

SOC (Securit Operations Center) keeps abuzz in China security market after 2003. In fact, I kicked off the first SOC project at Nov. 2002, internally when I worked for iS-One as the Chief Strategy Office. After the project initiation, I digged a lot of web information related to SOC. At that period of time, SOC were mainly operated for MSS (Managed Security Service) providers, e.g ISS had six SOC globally. I tried to transfer the concept of SOC from MSS to enterprise security operations and was lucky to win the customer’s buy-in. Then we don’t have such product or even Proof of Concept (PoC) platform at all. We negotiated with eSecurity and made the final decision to build our first SOC upon it.

The first SOC project was finished at about June 2003 and thereafter SOC became a warming-up security market opportunity.

Today most of the major players at China security market claim to have their own SOC platforms and solutions, while many of enterprises are starting to plan and build their own SOC. To be mentioned, most of these SOC projects don’t reach their initial expectation.

While SOC was becoming popular at enterprise security management area, a few pioneer security companies in China began to make their fortune at MSS market with SOC. 263.com, Unihub, Beijing Capital Information Co. and etc. tasted this market at early to around 2002, but they found it difficult to make profit.

A major security vendor – Topsec rolled out their SOC to provide MSS servcies at 2004, built on SOC product from ArcSight, while MSS is one of meaning that another major security vendor Venustech interprets their M2S vision.

To be optimistic, SOC has been entering a new stage where SOC serves for enterprise internal security operations and MSS providers.

Technorati Tags: SOC, Security, MSS,Audit,