Jailed SF Admin Gives Up Keys to Networks
San Francisco Mayor Gavin Newsom met with jailed IT administrator Terry Childs Monday, convincing him to hand over the administrative passwords to the city's multimillion dollar wide area network.
Childs made headlines last week when he was arrested and charged with four counts of computer tampering, after he refused to give over passwords to the Cisco Systems switches and routers used on the city's FiberWAN network, which carries about 60 percent of the municipal government's network traffic. Childs, who managed the network before his arrest, has been locked up in the county jail since July 13.
On Monday afternoon, he handed the passwords over to Mayor Newsom, who was "the only person he felt he could trust," according to a declaration filed in court by his attorney, Erin Crane. Newsom is ultimately responsible for the Department of Telecommunications and Information Services (DTIS) where Childs worked for the past five years
Mayor Newsom secured the passwords without first telling DTIS about his meeting with Childs, according to DTIS chief administrative officer Ron Vinson, who added, "We're very happy the mayor embarked on his clandestine mission."
The department now has full administrative control of the network, he said in an interview Tuesday night.
It's likely that Childs had a lot to tell the mayor when the two met.
Childs' attorney has asked the judge to reduce Childs US$5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.
"None of the persons who requested the password information from Mr. Childs ... were qualified to have it," she said in a court filing.
Childs intends to disprove the charges against him but also "expose the utter mismanagement, negligence and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger," his motion reads.
Vinson dismissed the allegations. "In Terry Childs' mind, obviously he thinks the network is his, but it's not. It's the taxpayers'," he said. "The reason he's been sitting in jail is because he denied the department and others access to the system."
The court filings help explain just how this happened.
According to an affidavit from James Ramsey, an inspector with the San Francisco Police Department, he and other investigators discovered dial-up and DSL (digital subscriber line) modems that would allow an unauthorized connection to the FiberWAN. He also found that Childs had configured several of the Cisco devices with a command that would erase critical configuration data in the event that anyone tried to restore administrative access to the devices, something Ramsey saw as dangerous because no backup configuration files could be found.
This command, called a No Service Password Recovery is often used by engineers to add an extra level of security to networks, said Mike Chase, regional director of engineering with FusionStorm, an IT services provider that supports Cisco products.
But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."
Without the passwords, the network would still continue to run, but it would be impossible to reconfigure the equipment. The only way to restore these devices to a manageable state would be to knock them offline and then reconfigure them, something that would take weeks or months to complete, disrupt service and cost the city "hundreds of thousands, if not millions of dollars," Ramsey claims.
Crane argues that these monitoring devices were installed with management's permission and were critical to the smooth functioning of the network. They would page Childs when the system went down and allow him to remotely access the network from his personal computer in case of an emergency.
In interviews, current and former DTIS staffers describe Childs as a well respected co-worker who may have gone too far under the pressure of working in a department that had been demoralized and drastically cut as the city moved forward with plans to decentralize IT operations.
About 200 of the department's 350 IT positions had been cut since 2000, mostly to be relocated to other divisions within city government, said Richard Isen, IT chapter president with Childs' union, the International Federation of Professional and Technical Engineers, Local 21.
Despite his conflict with some in the department, Childs has a lot of support there, Isen said. "There is a lot of sympathy, only because there is a basic feeling that management misunderstand what we actually do and doesn't appreciate the complexity of the work."
(Paul Venezia is Senior Contributing Editor with InfoWorld)
http://www.pcworld.com/businesscenter/article/148787/san_franciscos_mayor_gets_back_keys_to_the_network.html
Japan Hits $100 Billion in Mobile Content Sales
Martyn Williams has an interesting look at the Japanese mobile content market. He notes that for the calendar year 2007, more than $100 billion was spent on mobile content. The total was actually $107.5 billion and includes items such as ring tones, Web site subscriptions and e-commerce purchases. E-commerce made up about 65% of the total amount spent and all sorts of transactions were handled including: movie and event ticket sales, travel reservations, air and rail ticket sales, stock trading and online auctions.
The biggest percentage gain came from "high-fidelity music" which increased 42% thanks to more mobile devices handling better quality sound. Mobile gaming jumped 13% as well.
Interesting stats
Written by Allen Stern
http://www.centernetworks.com/japan-mobile-ecommerce-content
GoDaddy’s Domain Registration Totally Screws .me
http://www.techcrunch.com/2008/07/17...lly-screws-me/
Earlier this year GoDaddy won the rights to distribute domains under the extension .me, which belongs to the country of Montenegro. After a number of private distribution periods for corporations, the highly desirable extension finally went on sale this morning for $20 dollars a year (with a minimum 2 year purchase - nice). And now, things are rapidly descending into chaos.
Many users have reported getting confirmations (and credit card charges) for their domains, only to receive the following cancellation notice about an hour later:
Dear Jason Kincaid,
The following domain name has failed to be registered:
WATCH.ME
Error: WATCH.ME: cannot register - already registered
We will evaluate this error and retry the registration
if appropriate.
If we are unable to successfully register the domain
name, your account will be credited accordingly. Please
allow one business day for the refund to be processed.
Understandably, a lot of people are outraged. And, disappointment and shattered dreams aside, there’s the issue of who actually will wind up owning each domain. A Twitter search for “hug.me” shows that at least a half dozen people hold confirmation letters (myself included).
GoDaddy says that the problems are a result of a “SuperBowl -like response to the open registration” that exceeded everyone’s expectations and wound up crushing their servers. Apparently they didn’t realize that after months of pent up demand and publicity for an extremely desirable domain, they’d be seeing an onslaught of prospective buyers.
The company says that disgruntled users can expect a refund in the next 24-48 hours, and that the servers should be stable now. No word on when we’ll know if we actually own our newly-purchased domains.
Dot Pro Release Date Pushed Back
Due to unanticipated levels of interest inthe presale of Dot Pro domain names, Registry Pro has moved their 'go live' date from July 14 to September 8.
After meeting with a number of registrars last week at the ICANN conference in Paris, and talking to current and prospective registrars about implementation of the modified restrictions passed by the ICANN Board on April 29, it is apparent that the time frame first set is not sufficient to accommodate the interest!
The .Pro top level domain, previously restricted to registrants in the accounting, engineering, legal and medical fields, will be available to all licensed and credentialed professionals and professional entities internationally on Monday, Sept 8, 2008.
In the meantime, us techie types can get our Dot Me domains on July 17th
For more information on the dot pro requirements:
Lawmakers Question Embarq over NebuAd Use
"Surreptitiously tracking individual users' Internet activity cuts to the heart of consumer privacy. The information collected through NebuAd's technology can be highly personal and sensitive information. Embarq's apparent use of this technology without directly notifying affected customers that their activity was being tracked, collected, and analyzed raises serious privacy red flags," said Rep. Markey.
The text of the letter is below.
July 14, 2008
Mr. Tom Gerke
Chief Executive Officer
Embarq
5454 W. 110th Street
Overland Park, KS 66211
Dear Mr. Gerke:
We are writing with respect to a recent test conducted by Embarq to tailor Internet advertising to the web-browsing patterns of individual Embarq subscribers. We are interested in the nature of this test as well as the impact that this test, and the underlying technology it employed, could have on consumer privacy and other issues.
We understand that Embarq conducted a test earlier this year in a select community in conjunction with NebuAd to create consumer profiles for the purpose of serving ads to consumers based upon their search and surfing habits. As you may know, questions have been raised regarding the applicability of privacy protections contained in the Communications Act of 1934, the Cable Act of 1984, the Electronic Communications Privacy Act, and other statutes, to such practices.
In particular, we are concerned that Embarq may not have directly notified the subscribers involved in the test that their Web use was being analyzed and profiled. We therefore request that you answer the following questions in order for us to better understand the nature of the test conducted, its impact on consumers, and the broader public policy implications of this technology.
1. In what community was the test conducted and how was that community chosen?
2. How many subscribers were involved in the test?
3. How did Embarq notify subscribers in the affected community of the test? Please provide a copy of the notification. If Embarq did not specifically or directly notify affected subscribers, please explain why this was not done.
4. Did Embarq conduct a legal analysis regarding the applicability of consumer privacy laws on the service used in the test? If so, please explain what that analysis concluded.
5. Please explain why Embarq chose to conduct the test allowing consumers who objected to "opt out" rather than first asking customers to "opt in."
6. How did Embarq notify subscribers in the affected community of their opportunity to "opt-out" of the test? If Embarq did not specifically or directly notify effected subscribers of the opportunity to "opt-out," please explain why this was not done.
7. How many subscribers in the affected community opted out of participating in the test?
8. Did Embarq conduct a legal analysis regarding the adequacy of the "opt-out" notice and mechanism employed to allow consumers to effectuate this choice? If so, please explain what that analysis concluded.
9. What is the status of the consumer data collected during this test? Has it been destroyed?
Thank you in advance for your attention to this matter. We respectfully request a response by Monday, July 21, 2008.
Sincerely,
s/John D. Dingell s/Joe Barton
Chairman Ranking Member
Committee on Energy and Commerce Committee on Energy and Commerce
s/Edward J. Markey
Chairman
Subcommittee on Telecommunications and the Internet
cc: The Honorable Cliff Stearns, Ranking Member
Subcommittee on Telecommunications and the Internet