Tue, 02 Mar 2004
It appears that the police have noticed what everyone has been telling them for years. There are no new crimes for the Internet. They are just updated versions of old crimes like fraud and theft.
I'm not convinced about the comparison between DoS attacks and protection rackets. Though they can be used like that, at least some DoS attacks are more like spraying "Wanker" or "Bob waz Here" across the windows of a shop.
Now, considering that the head of the national Hi-tech crimes unit has said that there are no new Crimes for the Internet you start to wonder why they need to pass so many laws aimed directly at the Internet (though some of them have effects that leak into other means of communication).
This question has at least been addressed by the bottom of the article where it wonders whether or not DoS attacks are actually illegal, and mentions that they sometimes have to bend the law to squeeze a percieved offence on the behalf of an officer into something that will be prosecutable by the law. One wonders why they don't catch the perpetrator under the old law, if they are just comitting an old crime with new technology. The answer to this seems to be that the new laws relating to the Internet appear to have significantly more stiff sentances than you can get for the old crimes that they replace. Some even move the offence from the civil into the criminal, like the new regulations on copyright that will move copying a tape for your mate into the same box as kidnapping people to work in a sweatshop producing copied CDs.
Last updated: 23:36, 02 Mar 2004 Link..
This is one of a series of articles on on-line fraud. They seem to tell stories of supposedly clever businessmen, falling for one of the many scams that happen over the Internet. Now, when these were rare, and came by fax, I can see that some people might be caught. However I receive up to 25 of these scams a day. I cannot believe that there is really that many bundles of 12.5 million DOLLARS needing to get out of Africa that there that many people interested in my help getting it out.
This guy seems not to understand quite the way that he has been conned. He has lost $200,000 to the conman, and yet still comments on how the conman was "always polite and considerate." It is amazing how polite someone will be to get that sort of money.
Last updated: 12:00, 02 Mar 2004 Link..
It appears that hackers are reverse-engineering the patches that come out of Microsoft in order to produce attacks against them. I can believe that, it is hard work to find a hole, particularly if you don't have a copy of the source (though people do manage it, as people report holes to Microsoft in the first place).
That said, it does not appear to be the solution to either not release the source, or to not release the patch. Sure, there will be fewer large virus outbreaks, but there will still be people who are able to take advantage of the holes that were there in the first place, they just wont make it well-known, and their method of entry will nto be discovered.
This stinks of the articles that we got last month when Microsoft mislaid some of the Windows source-code. There was a fit of people saying how terrible it would be for the source-code to fall into the hands of hackers who would be able to use it to exploit the code. Well, maybe if the code was better written and security audited in the first-place, there would be less chance of them being able to exploit it. Wouldn't it be terrible if the source to the software that runs most of the Internet infrastructure and servers got into the open. There would be a massive spate of attacks, the Internet would collapse? Well, no, Apache is Open Source, Bind is Open Source, Linux is, FreeBSD is, We can go on for a while. OK, so none of this software is exploit-proof, but there are no more exploits in this code where the source is in the open, than in the Microsoft Code that is kept safely away from the eyes of nasty hackers. Oh, and the software is updated much faster than the Microsoft holes (though they are getting better these days), and you can fix holes in old software without having to upgrade your infrastructure to the bleeding edge version that has support, potentially breaking your custom apps. I have seen people not upgrade an insecure system because their vendor wouldn't support their database, for example, on the new platform.
Last updated: 12:00, 02 Mar 2004 Link..
Fri, 28 Nov 2003
On Tuesday, BBC Technology Pundit Bill Thompson arrived home from work to find that his Internet had broken.
According to Bill Thompson - "the entire NTL network had gone down.". Hmm. Well, I have NTL and I was using it on Tuesday night. Ok, DNS was a little broken, which also meant that their webcaches were broken, oh, and you cant just not use the webcaches as they intercept outgoing traffic automatically. However it wasn't the case that their whole network was down.
Oh, and the Bill Thompson article (at least at the current time), says that the cable broke at 16:00 on Monday.
Ok, further down the article he made some better points, like that companies that rely on their email servers should check that not only will they still work in the even of a power cut, but also that all of the infrastructure required to reach them will also work in the even of a power failure. UPSs on switches and ADSL modems and things like that are essential if you expect to be able to contact your running servers in the event of a power cut. Maybe more companies need to think about this, or maybe they are thinking about it, but only at low levels, and the budgets are not there until after the disaster. Hmm, maybe IT departments need to stage power cuts regularly.
Last updated: 13:59, 28 Nov 2003 Link..
Sun, 26 Oct 2003
This is another Bill Thompson article, and actually not too bad. This is a problem that it is worth publicising, and thankfully he does not propose some sort of really drastic method of "solving" it.
I can think of two ways make it harder for spammers to spam your comments pages of your blog (except for my current solution of not allowing people to comment on it directly, by rather through email). I don't think that it will be impossible to allow people to post automatically without allowing spam in.
- Use non-standard blog software - the spammers are likely to write software to automatically post to the standard software, but if yours is different it will be more effort for them. For example you want to name the fields things other than "Name", and "Comment".
- Ask humans to enter the text displayed in an image. At the moment it is probably sufficient for this to be in a clear font, so that you don't filter the old and partially sighted too, or even those not used to reading the same character set as you. When the spammers catch up with this in the inevitable arms race, then you might have to protect it from OCR applications.
Another possible suggestion would be to make it easier to mark posts as spam, so that they can be remvoed quickly. For example unchecked messages could have a "this is spam" button (such as on the articles in gmane), that removes them from view and puts them into a holding area where they can be checked by someone trusted. Once a message has been marked as non-spam, another trivial thing to do, but something that should be restricted to someone trusted (for example the Blog owner, and possibly regular posters). This just requires a bit of effort to be put into the infrastructure, and thinking about it in order to make it easy enough to use.
Last updated: 12:08, 26 Oct 2003 Link..
According to this article, experts are planning to create something called IPv6 that will enable us to have billions more IP addresses. They give the impression that this is a completely new thing that boffins are working on as we speak.
In fact there has been an RFC about IPv6 since at least 1995, 8 years ago. The only problem has been one of adoption. There have been many reasons why it has not caught on. One has been the slow rate of porting applications to the new APIs for resolving these longer addresses. The other has been simply lack of depend, given that everyone now uses RFC1918 addresses, and simplify their firewalling in this way.
Maybe the BBC writing this article will tell more people about IPv6 and speed its adoption. It would be a lot easier if everyone used IPv6, and we could all address the individual computers behind a single ISP-supplied network connection. It would make thinking about firewalling more important for a lot of home users, so I am not overly convinced that it will be a good thing in the short term. Currently a lot of home PCs running older versions of Windows are protected by being NATed by ADSL routers and similar. This leaves them without an Internet accessible IP address, and so shields them from direct attack.
Overall this article is probably a good thing, even if it does come about 5 years too late.
Last updated: 12:05, 26 Oct 2003 Link..
Mon, 20 Oct 2003
Apparently a cluster of 1100 Apple G5 computers requires "the same amount of electricity as 3,000 average sized homes." Now, it doesn't say exactly what an average-sized home uses, but this seems a little high.
I was under the impression that the CPUs used in the Macs were low-energy, efficient things. This is requiring the energy from almost 3 average-sized homes for each computer. Don't most houses these days have a computer in them? Or are we averaging this out across all the homes, including mud huts in Africa? Maybe a computer will use half the energy of a home. I will assume this below.
Ok, cooling is probably a large percentage of the energy usage. 1100 computers must generate some heat, and they go on about it in the article, however I don't believe that it should need 5 watts of energy to move 1watt of energy from a machine room into the atmosphere. If it does, that might explain why so much energy is currently used for air-conditioning.
If the G5 is efficient, and it does need 3 homes per computer, I would hate to have built something like this with Intel CPUs, they must use even more unbelievable amounts of energy. Do supercomputers need this sort of power to get the same performance? 3000 homes must be a small substation, you would not get much time out of your average UPS for this sort of load.
Maybe we should be looking into harnessing the waste heat from PCs, and using it in some sort of combined heat and power system. If we even got enough energy out of it to drive the air-con it would probably be a good thing. How could we do this? Thermocouples?
Last updated: 14:25, 20 Oct 2003 Link..