In my opinion, while it is expected for businesses to find new ways to generate more revenues, I however question the way we went about it.
From experience since I was an intern in networking and until my current position as head of IT, I have always found that the amount of time and money spent on the functional requirements of the project is about 1/3 on a good day of the total resources required for a project.
Example:
How many lines of code are needed to validate and authorize a credit card. (not that many)
But the lines of code needed for memory management, garbage collection, exception handling, authentication, authorization, transaction management is way more.
Furthermore, our system as a whole must fulfills the CIA test (confidentiality, integrity, availability). And to accomplish that, we deploy all kinds of Firewalls, IDS/IPS, load balancers, application firewalls (to protect the bad programmers), Fraud Systems, Monitoring systems, etc.
But when I stepped back and asked my self why all this, I couldn’t help but question our choice as business people of the protocol HTTP to carry out our revenue generating aspirations.
HTTP was created for the sake of information exchange in academia. Its stateless nature allows students and researcher to bring knowledge closer to one another with relative ease. But we the business community had other plans; we needed to make money over HTTP. It is conceptually the right thing thinking process; bunch of people come to this one place called the internet, why not sell them something. But there was a problem: The “statefull-ness” of business transactions over a stateless protocol is similar to a square peg in a round hole and we all know that the outcome is not a perfect one. Not only that, the user on the other side of the transaction is unknown, anonymous.
The unknown and the imperfection of http is what we are trying to correct by attaching non-functional requirements to every project. Unfortunately they come at a very high price in terms of employees, time, and complexity. Think about it, in its simplest form http allows spammers to disrupt your business at will. They can disrupt your business from anywhere on the planet at a stroke of a button. I can list many more examples: Denial of service attacks, Viruses, identity theft, phising, SQL injection, etc
In short, I truly believe that IP, DNS, HTTP, FTP, Telnet are not good enough for legitimate business. And that’s my honest opinion. Perhaps the business community can adopt a new internet where the participants are known.
Ahmed Tantan
