Microsoft's problems could be a stumbling block for small ISVs
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
September 5, 2013
While Microsoft is preparing itself to go-live with Windows 8.1 on October 18, it's created a big gap between the present and the future
that could potentially be a big stumbling block for a whole slew of small and independant ISVs.The company should still be able to create and
ship its custom software using old-style installers, but isn't yet ready to have them move into the app-happy world of the TIFKAM Start screen.
You see, Microsoft's antiquated rules are a little odd. If a developer wants to sell software to World+Dog, there's no problem-- just
list the app on the Windows Store and hope it sells.
And large enterprises that want to control the apps loaded on Windows 8.1 can still use side-loading, Microsoft's jargon for
loading mobile apps from an internal source.
The Windows 8.1 licensing model lets any enterprise with Software Assurance side-load. Alternatively, customers might be large
enough to be forking out for the monthly Microsoft InTune subscription, which also includes side-load keys.
If the enterprise has neither Software Assurance or an InTune subscription, it has another option, which is to acquire side-load keys
This is where ISVs will find themselves temporarily stranded between the old world of desktop .exe installs and the new world
of apps. Side-load license keys only come in packs of 100, and they're not transferrable, however.
An ISV selling half a dozen licences at a time therefore can't buy a bunch of side-load licences and on-sell them, or even give
them away for free for client installations.
For a company that lives by creating custom apps that tightly reflect the needs and often the intellectual property of a specialised
customer base, the message right now is that they'll have to live in the world of old-style desktop installation and aren't welcome on
the Windows 8.1 Start screen.
The good news is that Microsoft still recognises that it could do more to suit small ISVs' needs. Microsoft's Michael Niehaus
agreed that this isn't an ideal state of affairs.
“We're getting steady feedback from these partners. That's certainly something that we need to address quickly. We've been studying
for future updates to this process, but Windows 8.1 today doesn't really address those issues,” he said.
He added that the ideal solution in the long term would be to bring smaller ISVs into to the world of modern touch-based apps
via B2B extensions to the Windows Store.
“That way, you could use The Windows Store to sell and support the mobile app, but not have to expose it to the whole world.
In other IT and tech news
HP said earlier this morning that it will soon offer SAP's in-memory database 'HANA in as-a-service mode'. HP has been planning
this since March of this year, but the exact details of just what is on the new service offering are a bit vague for now.
HP hasn't made a price list available yet either, saying only that “pricing will vary according to client needs.”
Nor has the company released any details of the specific hardware that will power the new service.
For now, all we know is that the service will first be made available in Australia and New Zealand and will be offered “either as a managed
virtual private cloud or a managed private cloud, within a regionalized enterprise-class HP data centre facility.”
That facility is almost certainly the Aurora data centre on the outskirts of Sydney. HP has also announced what it's calling “a
global Migration Factory for SAP HANA to support clients who choose to fully or partially move to SAP HANA”.
It looks like HP could have been working with SAP on its Hana-as-a-service project for some time already, and that the antipodean
launch has alreay resulted because a client in the region has signed on the dotted line.
We suggest that this is the scenario because when HP launched Aurora a while back, it said it's not in the “build it and they will come”
business. Instead, the data centre will fill in as demand increases over time.
As for when will Hana-as-a-service reach the rest of the globe is another unknown for now. We're awaiting HP's word on that as well. We
will keep you posted.
In other IT news
Several recent experiments conducted at APNIC (the Asia-Pacific Network Information Centre) could have far-reaching implications for
the DNS (domain name system) as we know it today.
Geoff Huston, chief scientist at APNIC says-- "On any given day, DNS amplification attacks are fairly easy to implement and
can be relatively difficult to defend against in some cases."
The overall ease with which an attack can be launched is practically built into DNS-- an amplification attack (a small query
returning a very large response) is very little different to DNS behaving as it should.
That's pretty much the characteristic of DNS that was exploited in the Cloudflare attack earlier this year. With too many open
resolvers in the world, and too few networks implementing source egress filtering specified in the BCP38 best practice document
authored back in 2000, DNS amplification attacks will most likely continue until there's an improvement in the core system's
The end result, writes Huston, is that the UDP protocol “allows an attacker to mount a reflection attack by co-opting a larger
set of open resolvers to send their responses to the target system, by using UDP queries whose IP source address is the IP address
of the intended victim.”
Looking at this “comprehensive security vulnerability for the Internet”, Dr Huston – currently chief scientist at APNIC – has
led an experiment that looks at an almost-forgotten aspect of the DNS specification.
As he describes it, nearly every DNS transaction in the world today uses UDP for DNS queries. However, the DNS specification, RFC 1123,
allows either UDP or TCP to be used.
TCP has fallen out of use for most DNS operations, he notes, but it has one attractive characteristic in today's Internet-- TCP is
not vulnerable to amplification attacks. That's because it's stateful, while UDP is stateless, and that makes the whole difference.
TCP's session establishment would break the reflection aspect of DNS attacks. In this simplified example, stateless UDP messages
spoofing the target address trigger huge number of DNS responses, in a Denial-of-Service attack.
“If an attacker were to attempt to open up a TCP session using an IP source address of the intended victim, the victim would
receive a short IP packet (IP and TCP header only, which is a 40 byte packet) containing only the SYN and ACK flags set. As the
victim system has no pre-existing state for this TCP connection, it will discard the packet,” he writes.
With no way to maintain a session from a spoofed address, the attack will fail. TCP, however, drops the session because the
target doesn't respond with an ACK.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.
Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.