Wednesday, May 30, 2007

Free at Last, Free at Last! FiOS is Here!

This morning, I was awakened by the sound of jackhammers outside of our house. Normally, jackhammers at 7:00 would be quite an unpleasant situation. However, this morning, that sound is a welcome one. Why? Because it means that, soon, there will be a fiber optic cable buried in the ground on our street. And it is this cable that represents my freedom. Freedom from our local cable company, Comcast.

Anyone who has ever had Comcast for their cable or Internet service can most likely relate to my feelings about the company. Slow service. Outrageous prices (and frequent price increases). Terrible customer support. The list goes on, and on. Soon, however, I will be able to break free of the shackles of oppression (Comcast), and experience the freedom that is Verizon FiOS. Now, don't get me wrong. I'm well aware of the fact that FiOS will likely cost me just as much as Comcast does right now. However, the mere fact that I'm able to get away from Comcast in the first place makes it all worth it.

When I purchased my house (about 6 years ago), my bill for cable and Internet service was about $80. This included basic cable, and a 4Mbps (advertised) Internet connection. At the time, I had no complaints whatsoever. My cable rarely, if ever, went out. And my Internet connection was always speedy and reliable. Over time, however, the situation has changed dramatically. My combined bill is now over $100. And what has the addition $20 gotten me in 6 years? 2 additional TV channels (only one of which I'm remotely interested in), and an increased in the advertised Internet connection speed. Note the word advertised. The advertisement in question is quick to point out that this is a maximum connection speed. In other words, Comcast could provide me with all of 1bps, and would still be offering the service they advertise.

In reality, my Internet service has gotten consistently worse over the last 6 years. In the first 3 years that I lived there, I lost service only twice. In both instances, I was able to resolve my problem by simply disconnecting my cable modem, waiting a couple of minutes, and reconnecting it. Now, however, I am faced with connection problems on an almost weekly basis. And, sadly, most of these are issues I am unable to resolve. Periodically, I will end up with little to no connectivity. The indicator light on the modem tells me that there is a signal coming in. But, for whatever reason, I can't connect to anything. Other times, I am faced with DNS resolution issues. I can get out if I know the IP address. But, good luck relying on Comcast's DNS servers. What upsets me most, though, is that my downstream service has gotten progressively slower over the last 3 years. My bill has gone up, my connection speed has gone down.

I'm sure that many of these problems boil down to one thing: Comcast doesn't feel compelled to spend money on improving service when they've already got a monopolistic hold on a market. Why invest in infrastructure improvements if your customers don't have an alternative? Such sentiment exists whenever a company has a monopoly. However, when an attractive alternative opens up, customers who feel abused by a monopoly are often quick to migrate to that alternative. Look at Microsoft, and the monopoly it has on the software (particularly Operating System) market. Consumers, fed up with the ongoing instability and security issues found in Windows, have begun migrating to Apple's Mac OS X. While Apple's market share is still small compared to Microsoft, it is growing steadily, particularly in the notebook computer segment. When I walk through our neighborhood, I inevitably hear someone talking to one of the workers laying Verizon's fiber optic cable. The discussion always seems to start out the same way: "When can I call and have FiOS installed at our house?" Consumers are chomping at the bit to find a better alternative.

While Comcast still has a stranglehold on numerous markets (including ours, for the time being), this situation demonstrates how quickly things can change in any market. Dell at one point had a commanding lead over its competitors, based primarily on its reputation for quality and good customer service. However, recent declines in quality combined with poor customer support due to outsourcing has caused Dell's market share to slip, and its reputation to be tarnished. Ed Catmull, one of the creative geniuses behind Pixar, once said, "Quality is the best business plan." By offering its customers sub-par products at an ever-increasing price, Comcast is risking losing those customers to competitors such as Verizon or DirecTV. I, for one, will be scheduling an installation appointment just as soon as the Verizon trucks pull out of our street.

Friday, May 11, 2007

New Odyssi PKI Project Location

I have modified the Sourceforge project location for OdyssiCS. The project has moved to its new page, http://www.sourceforge.net/projects/odyssipki, and has been given a new project name, Odyssi PKI, to reflect the overall goals of the project. With the inclusion of some additional features, such as an OCSP responder and GUI-based certificate/key management tools, it became clear that I was developing more than just a Certificate Authority server. As a result, I've renamed the project Odyssi PKI to reflect the suite of tools that will eventually be released. Although the project page has changed locations, the website for the project remains the same.

Friday, May 4, 2007

OdyssiCS Update and Milestones

This morning, I logged into the SourceForge project page for OdyssiCS. I was curious to see how many downloads of the application have occurred. To my surprise, the number of downloads since release 0.1 last year has topped 800. I don't know how many of these downloads resulted in any substantial use, but it's still refreshing to know that people are at least looking at it. To all of you that have downloaded and tried OdyssiCS, thank you. And, please, give me your feedback! It will go a long way to helping me in my development.

I have been working on version 0.2 in what little spare time I have. I've been fortunate to learn a great deal about Hibernate, Spring, and general Java security since the first release. The main areas I have been focusing on for release 0.2 are:

  • Security
  • Ease of Administration
  • Inclusion of more advanced features
Release 0.1 was rather weak in terms of security. While I did perform basic group membership checks, I realized that I was not designing for security as much as I'd originally intended. As a result, I have gutted a great deal of the original code to ensure that it is designed with security in mind from the ground up. I've also been spending a bit of time working on a secure JAAS-based application framework that I hope to have included in version 0.3.

Administration in release 0.1 was also quite lacking. In an effort to get the first release out there, I didn't spend as much time on developing an administrative interface. This includes both CA server administration, as well as certificate administration for Registration Authorities. I've sketched out quite a few ideas that I would like to incorporate into the web interface for administration. Hopefully, this will make OdyssiCS easier to deploy and maintain, making it viable for some real-world work. Additionally, for version 0.3 I plan to include an embedded Tomcat server and Windows GUI installer to make installation and configuration even easier. My plans for version 0.3 are still quite sketchy, but hopefully it will represent a really high-quality, feature-rich release.

Lastly, there was quite a bit of functionality missing in version 0.1. This is being addressed in version 0.2, starting with the use of certificate extensions and templates. Part of the power of X.509 certificates is the ability to include certificate extensions. These extensions outline additional characteristics about the certificate, such as the constraints that exist pertaining to what it can be used for, CRL information, and policies that apply to the certificate. I had some code in version 0.1 for working with extensions, but just wasn't happy with how it turned out. I shelved it, deciding it would be best for the next release. Certificate templates provide a way to define the characteristics of the different types of certificates a CA can create. For example, SSL server certificates might have different properties (extensions, validity periods, key sizes, etc.) from e-mail certificates. This will add a great deal of functionality to OdyssiCS, and I look forward to having that code completed.

Some of the features I plan on implementing for version 0.2 include:
  • Certificate revocation, with full CRL support
  • OCSP (Online Certificate Status Protocol) for reporting certificate revocation information
  • Completely redesigned GUI for both end-entities and administrators
  • Enhanced security features throughout all domains of the application
  • Revised SQL schema, and SQL scripts for MySQL, PostgreSQL, and other SQL databases
  • X.509 certificate extensions and certificate templates
This is just a sample of some of the things I'm working on for the next release. I don't have a timeline for it, as my free time for development has been limited. Please feel free to leave a comment if there are additional features you would like me to investigate for this release. I've already started pondering what I want for version 0.3 (XKMS, JAAS-based security framework, JMX management, etc.) so please pass on your suggestions!