[outages] News item: Blackberry services down worldwide

Can't but agree with Jamie.
The ability to centralize management for all Blackberry users and _force_
them to comply with company policy (it's an investment bank) saved us lot
of hassle when, and it happens regularly, people lose their handsets.
Otherwise, it would be all unencrypted, unmonitored and unprotected access
points to customer's private data.
Some of our representatives recently switched to iphones, but nobody from
management will ever be allowed anything than a Blackberry.

Andrea

ActiveSync on Android allows corporate to force compliance with security policy and allow remote wipe. User cannot complete the exchange account setup without permitting the controls. If the user doesn't agree their sync isn't enabled. Moreover, if corporate requirements change sync is disabled until you approve again. That seems like it covers all the bases to me.

Same on iThings, plus SSL, wipe if 10 incorrect pass codes entered, enforcement of more than a 4-digit PIN pass code, auto-lock timeout, etc., etc. Any device that doesn't do this is likely old and / or going out of biz.

I like Jared's attempt to bring this back on topic, though. So going down that path, exactly why is iMessage any different from Skype, AIM, Jabber, etc.? I mean other than likely being part of the OS / seamlessly integrated. (I haven't tried it yet, so I am just assuming Apple has done their standard UI magic on this.)

In fact, Skype, just as a for instance, is worse on hotel wifi as launching the app on a laptop makes you a middle node for some conversations. Does Skype on $HANDHELD have the same property?

There's two key differences between ActiveSync and BES.

The first is that ActiveSync implementations vary widely between different
manufacturers/implementations/versions/etc. There is a core set of features
that all manufacturers must implement, but it's a very small percentage of
the full feature set of controls that ActiveSync supports. Things like
enforcing a PIN code fit into this category, but other options like
disabling the camera and (from memory) device encryption or even remote wipe
are NOT in this category. As a result, even if you enable these features on
your Exchange/ActiveSync server, you can't be sure that they are actually
being enforced as you can't readily control which devices are being used
with ActiveSync, and (realistically) you can't stop a user from changing
devices so that even if you gave them a handset that supported all the
features you wanted, they could simply move over to a new device that
didn't.

The second key difference is inbound v's outbound. ActiveSync requires you
to allow connections into your network from outside, where BES doesn't. In
todays world that's not really an issue - especially as most people will
have their email servers accessible from the Internet in some way or other -
but in BB's heyday this alone was one of the key differientators for
Blackberry v's anything else (be that ActiveSync, POP/IMAP/etc, or any other
protocols)

With so many companies today working on the entire concept of Mobile Device
Management (MDM), Blackberry will fade into insignificance in the not too
distant future if they don't come out with something better than the
competition - but even today they still allow far better control over
handsets than ActiveSync alone does.

  Scott.

Exchange administration is not my primary job, but in my past experience on Exchange and the iPhone, if I enforced a security policy that the phone could not meet then the user would not be able to sync with the server and setup their account. I remember having to tone back the security policy to a point where the iPhone would actually sync. So effectively they are enforced. You can also simply limit what ActiveSync devices are allowed. If you don't like iPhones but Android is ok, you can do that... at least in Exchange 2010 I can.

-Vinny

I have been following this thread for a while and I will have to say I am a tad confused.

Remote wipe has been in the iPhone since iOS3.1.3 And if your phone is locked it will wipe after 10 (if I remember correctly) failed unlock attempts.

My iPhone communicates completely encrypted. It is set to VPN back to our office. And if we didn't wan't to do that we could could use TLS on our mail to keep that traffic encrypted. But encrypt all is the best approach for us.

Personally, I hate mail push. I watch folks in meetings constantly looking down or typing some response and never fully listening to the speakers and not fully engaged in the meeting. Additionally, mail push is indiscriminate and just interrupts my train of thought when I am working. If a communique is truly important whomever can iMessage,SMS,jabber/POTS me; otherwise the mail can just wait till I check my inbox. I understand others feel differently.

On an iPhone today you can get push from exchange, iCloud/iMap, Gmail/GCloud, Yahoo, OSX Server (I believe) or set your phone the check every x minutes (after all what could be so important that 15 latency minutes would cause a catastrophe? (During many catastrophe situations sms could take hours or the voice cell network could be tied up and are you that close to whatever to be able to react). If you need instant response... script it.

As for filtering, its one of my issues about my iPhone. However, iOS5 supports message flagging and a filter script back on your desktop (where Mail does accept/process message push via IDLE) can flag a message which will sync to your iPhone.

Lastly I have never liked RIM's model. It basically inculcates the idea that "man in the middle" is a good thing which it is not.

Just my 2¢

Tom

In fact, Skype, just as a for instance, is worse on hotel wifi as launching the app on a laptop makes you a middle node for some conversations.

Per the Skype IT administrator guide, a Skype node will not become a supernode unless it has a public IP address and meets the memory, bandwidth, and uptime requirements. It will not become a relay node unless it has a public IP address and is directly reachable from the Internet.

It is very unlikely that launching the Skype app on a laptop on hotel wi-fi would meet these requirements.

Does Skype on $HANDHELD have the same property?

Not as far as I know, for the obvious reason that handheld devices have network connections that are suboptimal for this.

Matthew Kaufman

If we talking about iMessage as replace of BBM, that's probably fine, but it's really niche market.
I was really expecting them to release that stuff and allow desktop users to chat with idevice and making iMessage s2s(XMPP) compatible, so anyone could chat with idevice, even not supporting all fancy features, but at least dumb texting.

My iThings camp on WiFi all the time anyway as they are waiting for push updates, checking mail etc.

Of course, all these little things add up and add to the total network traffic (and port counts for NAT)so they all take a toll on networks.

I agree though, I would have liked to have seen iMessage cross platform. One of the great things about Skype is that I can talk from PeeCee to MAC to iThing to whatever..

Jared,

Rebuilding this trust can take some time. I do expect that with the iMessage stuff that was released yesterday (SMS/MMSoIP to email/phone#) many more companies will shift to using that instead as the value of BBM is decreased.

With iMessage, Apple is following the lead of multi-platform apps such
as Viber (integrated voice over ip) and whatsapp (integrated "rich"
texting over ip). Integrated meaning the unique name/key registered in
the system's name lookup service is your phone number, so you
automagically discover who of all your address book entries have the
application. Turning on whatsapp on my 360 contact address book
yielded me 10% of my contact list *online* using it.

Not being multi-vendor/platform, I wonder if iMessage on iPhone is
going to reach similar uptake. Being installed from start certainly
helps though, but not piggy backing on the phone numbers is a clear
strategic error in my opinion (apple IDs are obviously a long long way
from being as universal as phone numbers).

I tried out whatsapp yesterday on an old Symbian S60 Nokia (N97) and
it works great. Only thing I regret is not trying it out sooner.

Now, if mobile devices only had ... globally unique and *reachable* IP
addresses, you could even envision sending messages/pictures/video
directly from your own device to a peer, with no need for bouncing
through overloaded centralized bottlenecks, such as is the case with
whatsapp (and certainly iMessage as well).

There's certainly a business case in there for a legacy-free,
bandwidth-optimized, IP only, LTE-network... (read: no [stupid]
tunnels)

I also wonder what the impact of iMessage and others will be on places like hotel networks as the devices camp out longer/more often on the wifi, etc. We observed the impact to a hotel of the NANOG crowd this week (i wonder if there will be lessons learned on the part of lodgenet, etc?)

I know personally I've observed the attwifi ssid expanding to more places (including hilton branded properties) in the past 6 months to offload cellular data.

Offloading is wise, indeed.

Cheers,
Martin

What I'm not digging about the entire iMessage I turned off my iMessage
option and someone else here in the office was trying to send me a txt.

From the looks of it the iPhone does not let you pick between wanting to

send an iMessage or txt I could be wrong, but his phone was forcing
iMessage and of course I was not getting the messages. Little bit of an
issue not getting those messages.

Carlos Alcantar
Race Communications / Race Team Member
101 Haskins Way, So. San Francisco, CA. 94080
Phone: +1 415 376 3314 Fax: +1 650 246 8901 / carlos *at* race.com /
http://www.race.com

In fact, Skype, just as a for instance, is worse on hotel wifi as launching the app on a laptop makes you a middle node for some conversations.

Per the Skype IT administrator guide, a Skype node will not become a supernode unless it has a public IP address and meets the memory, bandwidth, and uptime requirements. It will not become a relay node unless it has a public IP address and is directly reachable from the Internet.

It is very unlikely that launching the Skype app on a laptop on hotel wi-fi would meet these requirements.

In the last 5 seconds, without touching Skype or having any active voice or chat sessions open, my computer has had communication with 14 IP addresses. Here is a sample of some:

  TiggerAir-i7-2:~ patrick$ host 94.193.99.152
  152.99.193.94.in-addr.arpa domain name pointer 94-193-99-152.zone7.bethere.co.uk.
  TiggerAir-i7-2:~ patrick$ host 78.90.137.244
  Host 244.137.90.78.in-addr.arpa. not found: 3(NXDOMAIN)
  TiggerAir-i7-2:~ patrick$ host 175.129.63.150
  150.63.129.175.in-addr.arpa domain name pointer KD175129063150.ppp-bb.dion.ne.jp.
  TiggerAir-i7-2:~ patrick$ host 218.190.29.244
  Host 244.29.190.218.in-addr.arpa. not found: 3(NXDOMAIN)
  TiggerAir-i7-2:~ patrick$ host 128.2.238.215
  215.238.2.128.in-addr.arpa domain name pointer ETC-NALZAYER.ETC.CMU.EDU.
  TiggerAir-i7-2:~ patrick$ host 212.187.172.66
  Host 66.172.187.212.in-addr.arpa. not found: 3(NXDOMAIN)

Those do not look like Skype servers. I guess it is possible everyone in my contact list is somehow pinging me, but that seems a little bit silly.

My IP address is 172.30.19.19, hopefully I do not have to explain that this is not a "public IP address". I have been online a few minutes, so unless their uptime requirements are about the same as a regular phone call, it is too short. I will admit, I have plenty of bandwidth available, though.

In short, while they can claim my laptop is not being used as a supernode or relay, Skype is still randomly talking to a slew of IP addresses. Anyone know what Skype is doing?

Does Skype on $HANDHELD have the same property?

Not as far as I know, for the obvious reason that handheld devices have network connections that are suboptimal for this.

The above happens to my laptop when I am on 3G / EDGE, even when I have a 10-net address. In fact, one of the first things I do on 3G is kill Skype because it noticeably increases my network performance.

I haven't checked on my iPhone 'cause I don't have things like tcpdump & little snitch.

In fact, Skype, just as a for instance, is worse on hotel wifi as launching the app on a laptop makes you a middle node for some conversations.

Per the Skype IT administrator guide, a Skype node will not become a supernode unless it has a public IP address and meets the memory, bandwidth, and uptime requirements. It will not become a relay node unless it has a public IP address and is directly reachable from the Internet.

It is very unlikely that launching the Skype app on a laptop on hotel wi-fi would meet these requirements.

In the last 5 seconds, without touching Skype or having any active voice or chat sessions open, my computer has had communication with 14 IP addresses. Here is a sample of some:

   TiggerAir\-i7\-2:\~ patrick$ host 94\.193\.99\.152
   152\.99\.193\.94\.in\-addr\.arpa domain name pointer 94\-193\-99\-152\.zone7\.bethere\.co\.uk\.
   TiggerAir\-i7\-2:\~ patrick$ host 78\.90\.137\.244
   Host 244\.137\.90\.78\.in\-addr\.arpa\. not found: 3\(NXDOMAIN\)
   TiggerAir\-i7\-2:\~ patrick$ host 175\.129\.63\.150
   150\.63\.129\.175\.in\-addr\.arpa domain name pointer KD175129063150\.ppp\-bb\.dion\.ne\.jp\.
   TiggerAir\-i7\-2:\~ patrick$ host 218\.190\.29\.244
   Host 244\.29\.190\.218\.in\-addr\.arpa\. not found: 3\(NXDOMAIN\)
   TiggerAir\-i7\-2:\~ patrick$ host 128\.2\.238\.215
   215\.238\.2\.128\.in\-addr\.arpa domain name pointer ETC\-NALZAYER\.ETC\.CMU\.EDU\.
   TiggerAir\-i7\-2:\~ patrick$ host 212\.187\.172\.66
   Host 66\.172\.187\.212\.in\-addr\.arpa\. not found: 3\(NXDOMAIN\)

Those do not look like Skype servers. I guess it is possible everyone in my contact list is somehow pinging me, but that seems a little bit silly.

My IP address is 172.30.19.19, hopefully I do not have to explain that this is not a "public IP address". I have been online a few minutes, so unless their uptime requirements are about the same as a regular phone call, it is too short. I will admit, I have plenty of bandwidth available, though.

And, then there is the increasing prevalence of squat space which may
muddy common heuristics.

How do you think peer-to-peer presence (online/away/do-not-disturb/offline) systems work?

Matthew Kaufman

Howdy,

>> In fact, Skype, just as a for instance, is worse on hotel wifi as launching the app on a laptop makes you a middle node for some conversations.
>
> Per the Skype IT administrator guide, a Skype node will not become a supernode unless it has a public IP address and meets the memory, bandwidth, and uptime requirements. It will not become a relay node unless it has a public IP address and is directly reachable from the Internet.
>
> It is very unlikely that launching the Skype app on a laptop on hotel wi-fi would meet these requirements.

In the last 5 seconds, without touching Skype or having any active voice or chat sessions open, my computer has had communication with 14 IP addresses. Here is a sample of some:

For "IT administrators" (which probably qualifies most people on this
list) there is a detailed 26 page guide to how Skype communicates on a
network, when you may become a supernode, and how to configure the
program (including to never become a supernode) using GPO (registry
switches) or XML files at
http://download.skype.com/share/business/guides/skype-it-administrators-guide.pdf.

There is a summary of the Supernodes section (concentrating on how to
stop supernodes happening if you have no control of the client) at
http://www.skype.com/intl/en-us/security/universities/.

Anybody who might end up with Skyoe clients on their network might
want to give it a gander, as it has some useful info on things like
network impact (along with a lot of stuff that nobody cares about and
you can skip).

HTH,

Alex