Update: 2nd March 2007: The bank confirmed they want to use Flash to defeat key loggers.

1. Key loggers are a “feature” of MS Windows, mostly. Well conceived operating systems do not allow the installation of such malware. The choice of the operating system is up to the user. He is free to upgrade to a more secure one. If he does not, that is his problem not the bank’s.
2. On the Windows platform, key loggers should be intercepted by the anti-virus program. If it does not, that is the user’s problem not the bank’s.
3. While the Flash applet may help defeat the key loggers on the Windows platform for the specific use of the online banking service, it does not solve the general issue of the key logging malware on the Windows platform in general. In fact, this would give the false impression to the clueless user that he is protected against key loggers, while in fact he is only protected for a specific application and not when using his credit card on Amazon or elsewhere.

The only conclusion one can draw from the whole thing is that the bank wants to be legally covered in case a customer complains. Security has nothing to do with it. The bank could easily disclaim liability in case the user does not implement the right security tools on his computer. It could, for example, disclaim liability in case the browser allows the installation of malware, which is typical of Internet Explorer.

The original post is after the break

Read more…

The American Chamber of Commerce of Luxembourg is organizing an event tonight at the RTL TV studios called “IT, Society, and Culture”.

I will be presenting some reflections on how we went from a top-down approach of the Internet to a bottom-up proces and what the challenges are. My presentation is here in PDF format.

The main idea behind the presentation is that we have not yet reached the bottom-up phase, despite all the talk about blogs, YouTube, etc. The fact remains that the hoster of the blog or video sharing platform is still in a position to take down you web site. There is still someone, somewhere who can silence you. It is only when your platform will be under your total control that we will be able to the the user is the Internet, as Time Magazine puts it.

However, before we can reach that stage there are still some technical challenges we need to solve. If you wish to host your blog on your home computer, you need an easy to understand operating system and web server. It’s coming. You also need bandwidth. Asymetrical DSL won’t cut it. What you need is fiber to the home, with 100 Mbits both ways. You also need a fixed IP address. With current IPv4 addresses becoming scarce, IPv6 seems like the answer.

There are societal challenges, too. With IP everywhere and always on, we risk an Orwellian society where every one of your moves can be monitored. Will the average Internet user use the increased bandwidth to contribute something useful for the society, or post gore videos of men being hanged ?

The French newspaper Le Monde reports that the incumbent operator France Télécom will start deploying 100 Mbit/s Internet connections to the home in the Paris area, starting next March. Its competitor, Free, has similar projects.

At the same time, the Luxembourg incumbent is saying it will not deploy a FTTH network if competitors are allowed to use it.
In the meantime, “high speed” in Luxembourg still means 3 Mbit/s. Look out P&T Luxembourg: as you can see you from your French neighbour, one can be the incumbent and nevertheless be innovative.

My newspaper this morning reported that Luxembourg is opposing a proposal from the European Commission regarding new regulation on the pricing of mobile phone calls.

For those not aware of what is at stake, here is a brief explanation. Currently, when roaming with your mobile phone all over Europe, you pay substantial roaming charges when abroad, even if you wish to make a local call. What the Commission says is that a local call is a local call, irrespective of what is your home network operator. If you are a customer of LuxGSM and happen to be in Paris, you should be able to call a number in Paris at the same price a customer of Orange or Bouygues would pay.

Looks fine. The trouble is that Luxembourg mobile operators (LuxGSM/P&T, Tango/Tele 2 and VoxMobile) consider that they would lose too much money and, as a consequence, would have to substantially raise the prices of local calls for everyone, including their own customers.

This demonstrates a real issue with competition in small markets like Luxembourg. What is costly to operators is the infrastructure. There are 2 GSM and 2 3G networks for 3 operators. Does it make sense for a country of 400 thousand people ?
The same applies to the Internet infrastructure. There are 2 competing DSL networks. 2 major operators have fiber networks throughout the country, with a third operator coming.

In such conditions, no operator can make any significant economies of scale, leading to high retail prices.
ISOC Luxembourg has been suggesting for a long time that all the infrastructure should be owned by a neutral not-for-profit operator, which would then resell capacity to telecom operators and ISPs. This would not only allow to rationalize the network infrastructure, it would also make billing the operators more transparent.

The Internet gurus tend to be convinced that only the private sector is able to run the Internet. You hear it on every occasion. ICANN should be transferred to the private sector. Internet connectivity in less developed countries will become cheap once the state-owned monopolies will disappear. We could go on for hours.The facts are not that simple. Here’s a real life example.

For years, Luxembourg has tried to attract foreign e-commerce companies. The government has done a lot in terms of lower taxes, highly skilled and multilingual work force, good salaries and living conditions, etc. The only thing that is missing is Internet bandwidth. There is enough for everyday use, but hosting Amazon, Google or You Tube would put the country’s international connectivity to its knees. For years, tier-1 operators said there is no market for large pipes over here. For years, there have been lost business opportunities.

Given the failure of the allmighty private sector to match the demand, the government has decided to pour 30 million Euros in a government agency called Luxconnect, whose task will be to dig and/or rent fiber connections between Luxembourg and the main European Internet exchanges. The two first targets are AMS-IX and DE-CIX. In addition, the agency will build a local fiber ring servicing the main zones hosting IT companies.

It is not yet clear if the agency will provide layer 1 (raw fiber), layer 2 (Ethernet) or Layer 3 (IP) connectivity to the local ISPs. I guess there will be several offers.

In any case, those who think it is fashionable to display any public sector involvement in the Internet as unnecessary interference should ask themselves if the private sector is always able to match the demand.

A few references:
Official press release(French)
Press article from Paperjam (English)
Draft law (French)
No web site yet at www.luxconnect.lu

Two weeks ago, I bought a AVM Fritz!Box WLAN 7050 DSL router to replace my ageing Zyxel one. The Zyxel was not a real choice at the time (4 years ago). It was the only one that the incumbent operator was willing to support. Believe it or not, P&T Luxembourg was still selling the thing last year, despite the fact that it did not support WPA encryption.

The Fritz!Box is the leading DSL router on the German market and AVM has a killer product. It is slowly spreading outside Germany. As I understand, the manufacturer is struggling to meet the demand outside Germany and does not have the production capacities of competitors like Linksys or D-Link. Too bad, because AVM beats them all.

Not only does it do what you expect, ie route your home computer to the Internet. It also does VoIP and can manage multiple SIP providers. It has 3 phone connectors and an ISDN one. Hence, you can use your usual desktop phones to make calls through the Internet and assign dialing rules so outgoing calls can go either through you usual fixed line or through the Internet, depending on what number you dial.

Overall, I am pretty satisfied. The web interface makes the the box very easy to manage. I am amazed at what AVM managed to put in such a small unit. Some minus points, though. You cannot configure your default DNS and NTP servers, nor can you assign a static address through DHCP.

The latter is problematic with my home printer (HP Officejet 7140), which has a statically assigned IP address. The Fritz first tries to configure the printer by DHCP and assigns the WPA key. However, since the printer has a static address, the key becomes somehow invalid. If I enter the WPA key again on the printer, it will work for some time. Now, entering 12 letter passwords on a printer control panel is a real nightmare you do not want to face every few hours.

The box runs an embedded version of Linux on a Texas Instruments AR7 processor. That makes it easy to hack, although of course the manufacturer will void its warranty in such a case. Some people managed to do unbelievable things, like converting a PSTN model to ISDN or change an German model to an international one. I limited myself to installing a ssh daemon and opened some more ports on the firewall, which are not configurable through the web interface.
VoIP is still unreliable, in my case. I do not know if I have to blame the Fritz!Box or my SIP provider, VoIPBuster.com. Some calls get through fine. For others, it rings but there is no sound. It will need another week end to test and debug. Missing codecs, I guess.

From discussions we had with members of the Luxembourg ISOC chapter, it appears that ISPs over here do a terrible job at offering a good Usenet service. Some people complained that they had to buy the service elsewhere. Others just gave up because their ISP was not carrying the groups they wished and offered a very limited choice.

Strange, because offering good Usenet service is neither difficult  nor expensive. In less than 2 weeks, we have been able to offer to our members a good service, with multiple peers, all of which do it for free. How come a volunteer not-for-profit can do what a commercial ISP cannot ?
This is quite typical of the mostly general attitude of ISPs over here, which is along the lines of “Pay your subscription and don’t complain”.

According to the official communiqué, the Luxembourg authorities are planning to fund the development of the country’s connectivity to the Internet, as well as build new data centers for Internet hosting.

This is surprising in that it is a well-known fact, in Luxembourg at least, that we have plenty of unused fiber connecting the country to the major internet exchanges. On the other hand, it may be the authorities are looking at diversifying the connectivity to avoid risks of disruptions and force more competition between operators.

What would also benefit the country are more extensive and diversified peering agreements between the ISPs. Trying traceroutes on various ISPs connections yeld surprising results. It is not unusual to see your connection transiting through Amsterdam, Paris or London for an intra-country connection. A good example: the following traceroute is from a host on the academic network to the Europa web site. Physically, the two machines are less than a kilometer apart, but your packets will travel 1000 kilometers.

You’ll notice the packets are transiting through 3 networks, through Frankfurt, Amsterdam and Brussels.

At a more global scale, Internet connections to Asia and Oceania often transit through the US East and West coasts. The authorities could really help by renting bandwidth on fibers between Europe and the Far-East.

http://www.internetnz.net.nz/media/2006-05-29-research-report

InternetNZ vient de rendre public un rapport comparatif sur l’Internet rapide dans les pays de l’OCDE. Le Luxembourg s’y voit gratifié d’une 23e place (sur 26). Cela est dû principalement à la lenteur des connexions ADSL et l’absence de débit supérieur à 3 Mbit/s.

Concernant les tarifs, le Luxembourg se situe dans la moyenne. Les tarifs ont été pondérés en appliquant l’indice “Big Mac”, le prix du Big Mac variant d’un pays à l’autre en fonction du revenu moyen par habitant. Vous trouverez ci-dessous le résumé en anglais.

Le moins que l’on puisse dire, c’est que l’ISOC a encore du travail au Luxembourg.
Extrait:

Luxembourg fared poorly in this study, ranking 23rd in terms of overall value, and one place behind New Zealand. Ranking in 15th place in terms of broadband uptake, it was not included in the e-readiness study. Luxembourg broadband is primarily DSL, with around 18% cable and a subset of satellite services. It ranks below New Zealand in terms of download speed, averaging 2.4Mbps and it has very few plans of 5Mbps or over. Luxembourg is one of only two countries, along with Portugal, where the average upload speed is less than 200Kbps. The lowest plans on offer had a 64Kbps upload and the most widely available upload speed was 192Kbps (55% of products surveyed). No synchronous products were recorded. Luxembourg ranks slightly better on Comparison of OECD Broadband Markets cost – 15th overall, 9th for business products and 13th for residential. It also has the eighth cheapest connection fees.

http://www.paperjam.lu/c/n/l/articles/13723.html

Luxembourg Communications Minister, Mr. Jean-Louis Schiltz, announced on January 17th that Amazon, the world’s largest online retailer, has confirmed that it will finally settle its European Headquarters in Luxembourg after a year of waiting.