When performing a mathematical calculation by hand, what symbol do you use to signify division? Do you use a slash (/), a horizontal line with the numerator and divisor above and below, or the divide (÷) symbol? Personally, I use one of the first two, depending on the context. And, I can’t remember the last time I used ÷. However, a good estimate would be back in grade school.
Standards are not about vendor lock in (or in the case of Apple, vendor lock out), they are about interoperability. Apple’s recent HTML5 showcase, more appropriately named Safari Showcase, reveals Apple does not understand standards. Locking out browsers, as Apple does in their showcase, is not a best practice or in any W3C specification. Apple’s quest against Adobe and flash is not noble—don’t get me wrong, I hate flash. They are not embracing standards, they are embracing something they can control.
How much is security worth to you? What about freedom? Currently, the Internet is akin to the Western United States in the 1800s. It is mostly a lawless land, unorganized, untaxed, and full of roaming bad guys. The commercial sector is exploiting it more and more. And in turn, is being harassed by the bad guys (crackers). Some foolish individuals, and organizations, wish to expel all of the bad guys from the Internet, and fund it with a tax on all Internet connections. Not only is this an ineffective waste of everyone’s money, it will make things worse.
Microsoft’s Scott Charney wishes to frame the issue of computer viruses in the same manner as their biological counterparts. He boasts, “I actually think that the health care model, particularly related to the World Health Organization and the Center for Disease Control …might be an interesting way to think about the problem.” While the idea itself is not new, the implications tend to draw heated debate. And, after the H1N1 and Avian Flu scares that did not materialize during the last decade, following too closely in the footsteps of the WHO and CDC would be foolish. However, having a procedure for containing and cleaning up virus outbreak is beneficial.
Charney continues, “Why don’t we think about access providers who are doing inspection and quarantine, and cleaning machines prior to access to the Internet?” With the bandwidth shaping technologies out today, a third party real time traffic scanner for malicious activity is possible. However, the first hurdle to this is the issue of privacy. With the real time scanner, the carrier could look at data that was once forbidden. Looking at packet destination won’t work as botnets become more sophisticated and operate in a more peer to peer fashion. Thus, content analysis will become necessary. This will drive both the botnets and legitimate users to encrypt all network traffic. Which is the second issue, real time scanners will become ineffective in the arms race against the bad guys.
Creating a WHO of computer viruses will cost money. Charney suggests a compulsory internet tax for all connected individuals. He even goes as far as suggesting that “…it’s a public safety issue…” Since when has the Internet been vital for public safety? If we, as a global community, are so dependent on the Internet for day to day life, maybe the roll of the Internet needs to be rethought. Twenty years ago, most people had never heard of the Internet. Today, most use the Internet just for logging into Facebook and playing Farmville or some other worthless time sink. Contrary to what Hollywood would have you believe, infrastructure–such as nuclear power plants–does not have vital components exposed to the Internet (e.g. the plot in Live Free or Die Hard could not happen). Why should one, who is responsible and maintains good security practices, pay to clean up the computer of some idiot who still believes that a Nigerian prince is going to give him (or her) a large sum of money. Recent viruses have not been self propagating, and the idea that the actions of one idiot will cause everyone else to get infected is invalid. The last major auto infecting worm was Blaster, and that was back in 2003 (Sasser does not count as a patch was available before it went public).
If a WHO of computer viruses is necessary, maybe it should be funded the same way that the quit smoking organizations are, charging the software venders. Microsoft, in particular should pay. It is their insecure OS (Windows XP), and their ignorant user base that has caused the problem. They need to educate their users as to why UAC is good, and should not be disabled or ignored. Mr Charney, that is your organization, do not push your burden onto us.
Read Stott Charney’s RSA 2010 Keynote.
-John Havlik
[end of transmission, stay tuned]
code_hell: echo 'Yes, PHP 5.3 has the goto operator';
In one’s opinion, the only people that should be allowed to use the goto operator are expert assembly language programmers (and you are not one). Besides, most things written in PHP are not “low level” enough to warrant the use of goto. However, if you must use the goto operator, please do so responsibly. Use it as if it costs $10,000 per use, and properly document what’s going on.
-John Havlik
[end of transmission, stay tuned]
With the almost complete allocation of previously available IP4 addresses, ICANN released IP address block from previously reserved ranges to private ISPs. Unfortunately for these ISPs and their customers (one in particular), in the past these IP blocks were heavily used by malicious individuals who spoofed their IP addresses. This resulted in many servers that simply refuse connections to the entire block. What block is this? It’s the 173.x.x.x block.
For a year now, Mediacom has assigned IPs under the 173.18.x.x block. Thanks to that, one’s IP address is in this range. There are sites one literally can not visit due to having a legitimate IP address in the 173.x.x.x range, instead one gets a nice “network timeout error”. In the past it was the Weblogs.us forums (now down for everyone as phpBB committed suicide), now it’s other sites. Sure one can use a webproxy, and have, but that is more trouble than it’s worth. It would be nice if these servers would at least keep current with their IP block blacklists. Even better, new blacklists not containing known to be good IP blocks because of their prior illegitimate use would be a welcomed change.
-John Havlik
[end of transmission, stay tuned]
WordCamp NYC
