• United States
by Readers

Letters to the editor: “Concerns raised over Perl security flaw”

Jan 09, 20065 mins
Data CenterSecurityVoIP

Also, on-demand, IP access , more

Problematic programming

Regarding “Concerns raised over Perl security flaw”: This problem is with the printf function, which is not unique to Perl, but which appears in several other languages (such as C). The security issue results from bad programming practice, in particular, failing to check input from the Web before passing it to the printf function. As a result, a malicious user could instruct the printf routine to (for example) print a number with a billion digits, which would hog resources or perhaps crash the server.

Neither Perl nor any other language protects against sloppy programming.

Baruch Ben-David


On-demand model lives

The article, “What’s behind on-demand software’s rise” was terrific. I would note that there is also a tremendous need in the project management community for an on-demand solution.

Projity will address this with the release of Project-ON-Demand in January. This is a complete replacement of Microsoft Project and will add a critical component to the on-demand ecosystem.

Who remembers the term “productivity” software? The Microsoft stack is like a bad joke: “It is software and is here to help you.” The on-demand model is built on client success, not upfront expenditures. The on-demand model is built on immediate productivity, not installation, integration and upgrade cycles. Those are good for the customer and ultimately will bring productivity back to the industry vernacular. Microsoft recently announced “Office Live.” However minimal the details around this announcement, it’s worth noting they still expect you to have Office installed: “Microsoft executives emphasized that the new services are not replacements to the company’s existing Windows and Office products, but rather additions. Office Live assumes customers have Office applications installed on their PCs.”

The Microsoft stack is already too complex and costly. Projity and the other on-demand vendors eliminate the unwieldy complexity and associated costs of enterprise software. In our case, Project-ON-Demand is an equivalent solution but delivered on-demand. Our slogan is: “Manage Projects Not Software.” In a nutshell, the value proposition for on-demand software extends from fundamentally better solutions delivered with affordable monthly subscriptions over large up-front enterprise licenses. Once again, the on-demand ecosystem is maturing and as mentioned in the article there are valuable solutions in many segments. Projity will be extending the ecosystem in January. Long live the on-demand model!

Marc O’Brien



San Mateo, Calif.

IP access for everyone

Regarding Scott Bradner’s column, “A telecom-regulation pipe dream”: There is a physical challenge to providing Internet access, as Bradner points out, that is difficult to resolve for consumers and for-profit businesses. Since phone service is considered to be a universal offering of importance to citizens and requires the government granting last-mile access to homes, it is regulated to keep monopoly pricing down. Last-mile owners of phone (and now cable) almost can charge what they want.

Eventually, the phone, cable and wireless companies will offer IP-everywhere endpoints (broadband and point to point). The challenge is providing consumer access to any Internet server from which all content (voice/data/video) will reside. The last-mile providers easily could try to bundle services as they do today and make a claim to keep others out. They did the capital investment, why can’t they recover that in bundled pricing? If you think about wireless cell phone companies, they are exclusively bundling services with their end points, no one forces them to provide connections to someone else’s wireless voice services.

Ultimately, citizens of the world benefit from instant access to IP-based services, and government regulation will have to be used to balance the last-mile issue that cable and telephone companies have a monopoly on today. I think something akin to providing a basic IP-access service will be enforced, enabling all Internet-services companies to sell their wares on the Internet, will exist — much like basic phone service today. Not ideal, but is a first-cut practical approach. The last-mile owners can make a good argument that they should be able to provide bundled services at a lower price and not be forced to share same common cost for basic IP service. I don’t agree with this, but this is why there is a challenge in leveraging the rights of for-profit companies to recover their investments vs. giving consumers access to what will be a “universal right” in our civilization. I definitely don’t want a government-owned “last-mile” business!

Jeff Pierce

Hamilton, N.J.

Don’t forget session controllers

Your article on Cisco’s Interactive Connectivity Establishment (ICE) technology is good, but it fails to mention session border controller technology, how it competes with ICE, who supports session border controller and opposes ICE, and so on. Session border controller technology is supported by the 3rd Generation Partnership Project and is the de facto standard for network address translation transversal today. In addition, session controllers scale better and are more secure.

O.J. Nguyen


Security scare

Regarding Winn Schwartau’s column, “With VoIP, it’s deja vu all over again”: I share his grief that people don’t see the importance of VoIP security, and those that have some clue think that it can be solved with a $99 piece of software. I recently presented a seminar on VoIP security around the major cities in Australia and managed to scare a few would-be VoIP managers, but the rest just assumed that it would not affect them.

Andrew Bycroft

Solutions architect


Sydney, Australia