OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] Re: Can A Web Site Be Reliably Defended Against DoS Attack

[ Lists Home | Date Index | Thread Index ]

>From: Rick Marshall [mailto:rjm@zenucom.com]

>> It is time to start listening to the designers at 
>> Microsoft.  If the web can't pull it off, we'll 
>> have to go to companies that can.   It is time 
>> for a consortium to form whose mandate is to 
>> create a global network that is safe and reliable 
>> for mission critical applications.  This should 
>> be an effort undertaken by the companies who 
>> understand the problem and have a culture that 
>> can practice end-to-end engineering, not 80/20.
 
>that's not going to happen, it'd be like giving the phone system back to
>at&t....

That isn't unthinkable; it's improbable.  However, that a group 
can form and devise a patentable solution is not unthikable 
or improbable.  It relies on the willingness and apathy of 
the rest of the world's engineers to believe that they can 
be satisfied with their trophies for races they won by cutting 
on come'abouts and shadowing the other guy's spinnaker.

>and i don't think there's overwhelming conviction out there that
>microsoft's engineers are better than everyone elses. 

There is overwhelming proof that they have the cash and the 
record of success.  There is overwhelming proof that their 
platforms are used successfully for mounting DDoS attacks. 
There is overwhelming conviction that they should be doing 
something about this.  If they get legitimate patents in 
the doing, they deserve to own them.

>or that microsoft
>has some special knowledge that lets them create things others can't.

Or won't.

>the difference is that most of us would prefer the diversity of
>heterogeneous environments, rather than monocultures.

So do it, but that isn't the problem.  TCP/IP is.

>if microsoft had their way we'd all be living on msn, we wouldn't have
>to bother with standards and rfcs - they'd take care of that for us, and
>then we just wouldn't need xml. tv's would have been replaced by now
>etc... 

And if they solve the problem first and best, they have the means to 
make that happen.   But they'll need XML anyway.  That was something
learned along the way that is quite separate from TCP/IP.  It is 
in the layer that finally had to admit after too many years of 
holding back progress with conviction that object-oriented programming 
represented the zenith of computer science, that scaling across 
horizontal domains is done with data objects, and that vertical 
integration while done best with OOP, doesn't scale except in 
tightly coupled products and enterprises.  Precisely the MS solution.

>real engineers know that their job is to meet requirements in a hostile
>environment, not change the environment. 

Dams and canals aren't built that way.  They modify both the environment 
and the application.  One can't fix the weather but one can make sure 
the air conditioning doesn't strangle the power grid.  I don't know 
if this problem is that problem.  We will certainly continue to 
mitigate; the ten billion dollar question is can it be solved?

>knowing that there are DoS
>attacks happening we look to understand how they happen, what they do,
>what we can do to prevent/weaken them when (not if) they happen. that's
>just good practice. 

That's defensive. That is a Maginot Line.  That is also admitting one 
doesn't know how to build a better tank, and not admiting that a tank 
is only as good as one has air superiority.   If the French had poured 
the money into an air force that they poured into the ground, they 
could have stopped the blitzkreig.

It is unacceptable that given some lack of discipline on the part 
of a family with broadband access, critical pieces of infrastructure 
can be blown off the air.   If it can't be solved given physics, 
so be it.  Some applications will never use the Internet by policy. 
If it can, and someone patents the solution, they get very rich or 
a lot of respect or both.

In any event, bumblebees do fly, two bicycle mechanics did solve 
the unsolvable problems of flight control.
 
There is something to be said for the will to do the impossible.

len




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS