http://www.pcworld.com/news/article/0,aid,114982,tk,dn022604X,00.asp
'Longhorn' and its unfurling development have been the subject of much previous comment in this blog. An equal emphasis has been given to security, and mention has been made of autonomous systems which are capable of 'healing' themselves. The importance of security in its broadest sense [i.e. not merely keeping things confidential, but also keeping the system bandwidth available for productive use] has sharply escalated in the last couple of years. Complex problems require complex solutions, which is why all three above-mentioned themes are converging in 'Longhorn' development.
Thus the discussion in this article of how Microsoft's next-generation operating system will automagically take care of many important security problems is worth some attention. If Bill Gates can delliver on this promise, he well may make Microsoft's desktop position unassailable.
http://entmag.com/news/article.asp?EditorialsID=6135
Wireless Fidelity connectivity is mushrooming in major cities across the world: this article predicts a compound annual growth nearing 57%. The fact that Wi-Fi hotspots can be found in places like cafes and bars makes a prediction that worldwide use may reach a "staggering" 25 million over the next 5 years completely credible. The fact that there is an extensive array of service suppliers and a good selection of technological alternatives makes Wi-Fi a very big busines indeed.
The article does note the dowside -- the current 802.11b/g bandwidth limitations may result in crashing congestion in the not-too-distant future, with major effects on the SMB and SOHO environments. The solution, upgrading to new 802.11a hardware, is by no means a snap sell. Rollout replacement plans might prove very valuable, and could be the source of useful student exercises in this area.
Another perspective on Wi-Fi is provided by this special report on problems with Wi-Fi growth:
http://www.businessweek.com/technology/content/feb2004/tc20040218_4891_tc140.htm
These problems are by no means trivial, in particular those relating to the issues enveloping roaming. A menu of related items discusses several other aspects of this topic as well.
A recent special report on implementing wireless connectivity in the enterprise, found here:
http://www.entmag.com/reports/print.asp?EditorialsID=59
indicates that connectivity options are improving, although phone-based e-mail may be of dubious value, even while better costing models for introducing wireless are becoming available.
When the 800-pound gorilla of the hardware market, Intel, starts becoming active in the wireless arena, this is a sure sign of a technology which has arrived:
Side/end bars provide additional links to wireless articles at this site.
In big enterprise shops, management software is an essential component of the IT administrator's toolkit. This site is rather poorly laid-out and rife with interspersed advertisements, but it still covers "hints, tips and the answers to Frequently Asked Questions (FAQs), relating to Systems Management technologies such as Microsoft Systems Management Server (SMS), Operations Manager (MOM), and Software Update Services (SUS)". Since this is sufficiently rare and valuable, the site design flaws can be overlooked, much as the issue of systems management software tends to be overlooked in applied IT curricula.
The site also has extensive links to commercial software which system managers may find useful.
http://www.pcmag.com/article2/0,4149,1523357,00.asp
With spyware [and related browser hijacking] becoming increasingly severe as a problem, the variety of tools to combat it have proliferated. This article discusses a comparative test among 14 anti-spyware programs. Treated as well are the characteristics of spyware, how to avoid it, and how to tell if you have been infected by it. This is a good one-stop-shop for determining resources and strategies for dealing with these pests.
The article should be valuable as a discussion starter for those studying basic InterNet security, as well as giving directions on how to find the best tool to actually use in a given case.
http://entmag.com/news/article.asp?EditorialsID=6129
Short but interesting article reporting the latest NetCraft survey, which shows that Server 2003 has slightly outstripped Windows NT as a Web Server supporting OS. There are, however, a couple of interesting sidelights here:
* The total of both Server 2003 and NT installations is less than half [and somewhat closer to 1/3] of the installed Windows 2000 base for Web services.
* The manority of migrations are from NT to Server 2003, not from Windows 2000 to Server 2003.
This suggests that those leaving the NT boat are doing so -- those who remain probably face relatively heavy hardware costs, so one would expect this growth source to be an wasting asset. It also suggests that those who have paid the price to make Windows 2000 work are not anxious to spend more in search of what Server 2003 has to offer. Of course, once Windows 2000 is not sold over-the-counter [a point we have just about reached], then Server 2003 should grow in adoption measures for new installs alone.
http://www.WindowSecurity.com/pages/article.asp?id=1150
This article looks at four tools used for security scanning and patch management [Shavlik HfnetchkPro, GFI LANguard N.S.S, eEye Retina, and Microsoft SUS], providing a description of their operation, extensive screen shots, and a link to their home page. Given the importance of such tools in network administration, it is useful to expose students to their use, and if licences to teach these tools cannot be arranged, on this site they can at least get some 'look and feel' experience.
http://www.windowsecurity.com/articles/Wireless_Security_Primer_101.html
http://www.windowsecurity.com/pages/article.asp?id=1151
Since the above articles represent the first and second parts of a primer on wireless security, I thought it would be most useful to display them together. This as a very good brief overview of the subject, covering what is involved and how it all works, in a manner conducive to easy learning. As mentioned elsewhere in this blog, the attractions of wireless go hand-in-hand with the security risks involved, making this an important topic.
A discussion of the range of potential wireless attacks is presented here:
http://www.windowsecurity.com/articles/Wireless_Attacks_Primer.html
A revised version of an in-depth paper on applying the Cisco SAFE methodology to Wireless LAN security is presented here:
and can also be downloaded in a 75-page .PDF version.
http://whitepapers.comdex.com/data/detail?id=1076690398_988&type=RES&src=KA_RES
In most cases when we consider policies for networks, we are thinking about controlling resource access in the most powerful and automated way. However, in any organization of any size, there will be particular requirements driven by the institution, not by the network characteristics. This white paper: "7 Tips to Enforcing Corporate Governance Policy on Your Network" gives some idea of how to go about doing such enforcement.
A paper like this can be a useful starting point for discussion in enterprise networking classes, in terms of the feasibility and desirablility of each of the tips discussed.
http://www.arstechnica.com/reviews/004/software/kde-3.2/kde-3.2-01.html
One of the things that may disorient Windows veterans on first encountering GUI Linux is that there is more than one 'desktop environment' [and in fact, understanding all the windows managers and their various options can be a major task in itself]. KDE - the K Desktop Environment - is one of the major components in the Linux GUI world, and this highly detailed and deeply linked article gives a fine idea of its past, present, and potential future.
Covering the project structure, new developments in the February 2004 release, the internals of KDE, the development environment, licence issues, and where to get the KDE, this article is a major source of information for anyone interested in the Linux desktop GUI.
An effective GUI is essential for Linux success in the desktop arena in general, and the SOHO environment in particular, and with this latest release, it certainly seems like the KDE has provided Linux with this requirement.
http://whitepapers.comdex.com/data/detail?id=1076950008_357&type=RES&src=KA_RES
Wireless remote access is desirable, and, as noted in this blog from time to time, poses significant security risks. Criteria for mitigating such risks are outlined in this white paper: "Four Keys to Secure Wi-Fi Remote Access", as follows:
1. User authentication must be administered at the enterprise level.
2. Virtual Private Networks must be connected end-to-end.
3. Multi-service coverage should be broad.
4. Your remote access client must be wireless-enabled.
Some methods for doing these things are discussed in the white paper.
http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-125-1-1-618817-5926-1
After over a year resisting the 64-bit trend pioneered by AMD, Intel has announced that it has implemented 64-bit extensions to its 32-bit processor line. This gets them into the 64-bit market on nearly the same level as AMD, namely, offering CPUs which [unlike the ITANIUM] offer backward compatibility with 32-bit operating systems.
Intel is still insisting that 64-bit systems have no place on the desktop, and is currenly limiting this extension technology to its high-end 'Xeon' server chip. The move to 64-bit computing has been discussed at length in this blog, and I still think Intel is mistaken [but I acknowledge they make more money and have more expertise than I do].
An analysis of this development, indicating that Intel is well-positioned to take advantage of the deep factors pushing for the transition to 64-bit computing [increased security is one of them] as well as the problems to come in creating 64-bit drivers, can be found here:
http://www.eweek.com/article2/0,4149,1528428,00.asp
Another look at the 64-bit Xeon chips, and how they relate to the existing 64-bit Itanium can be found here:
http://www.esj.com/news/article.asp?EditorialsID=864
A page displaying a series of articles on 64-bit computing, discussing AMD, Intel, IBM, and the whole background of 64-bit computing can be found here:
http://www.eweek.com/category2/0,1738,1425416,00.asp
Rather ironically, an analyst has concluded that Intel's 64-bit processor extensions were reverse-engineered from AMD's:
http://www.extremetech.com/article2/0,1558,1562294,00.asp
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci949830,00.html
The major flap about the ASN.1 vulnerability issue in Microsoft Windows of course represents a serious core issue [not least the fact that the company 'sat on' the problem for 6 months after being notified]. But it is just as important to understand how fundamental this flaw is -- ASN.1 is the specification which drives the data definition for all networked elements, and is at the heart of SNMP.
Also important is understanding the nature of the flaw -- it was a buffer overflow [and where have we heard that before?], allowing the attacker to take over and run the affected machine remotely. The fact that the flaw was located in the parser library for ASN.1 just makes this worse, since this library is used in cryptographic and authentication routines like Kerberos. The irony of this, of course, is that the exploit just affects the 32-bit and 64-bit versions of the Windows OS, which are supposed to be the most secure.
Now a patch is available at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-007.asp
but this should not really help us sleep at night. Because ASN.1 is so fundamental to network operations, we have to ask ourselves: are the ASN.1 libraries used by other operating systems really safe?
Your InterNet server can never be too fast, and the more popular it gets, the slower it is likely to be. Here is an article with five different practical tweaks for Windows servers which will make the Net experience faster from the user's perspective.
This could form the basis of a useful practical test in a class devoted to network servers.
http://www.usnews.com/usnews/issue/040216/tech/16dust.htm
An update on the progress in developing miniaturized remote sensors, which shows that they can actually be used effectively in research. The methodologies underpinning such application go far to reduce problems of power consumption and transmission bandwidth. The article also notes concerns about the potential for this technology to be misused [and these are very real] and how shortcomings in existing deployments point up the need for future improvements.
But perhaps the most startling point in the article is the revelation of the chief scientist in charge of this DARPA research (which began in 1998): "We had no idea what the applications would be and never in our wildest dreams expected it would lead where it has[.]" This invites consideration at several levels. One would be the degree to which the technology's potential has exceeded expert previsioning in just a little over 5 years. The other is the availability of several conceptual models on just this very thing in SF, which might have helped with the previsioning in the first place.
Another overview of the rapid pace in sensor development can be found here:
http://www.computerworld.com/hardwaretopics/hardware/story/0,10801,90529,00.html
http://news.com.com/2009-7344-5157470.html
While much of the focus in open source software development is placed on Linux, open source development of tools and back-end applications is also ongoing, and is becoming a powerful influence in the computing arena. Confusing Linux and open source is therefore not a useful pedagogical tactic. The absorbing thing about open source, as this article reveals, is its Janus nature: IT companies are attracted to it even though it can threaten their core competencies. Yet failure to come to grips with open source may mean corporate extinction anyway, producing a severe dilemma.
http://www.ecommercetimes.com/perl/story/32874.html
Short analytic article indicating that wireless flexibility is a great boost to productivity, but security problems still persist. Implementing organizational protection for portable devices is difficult, because the environment in which such devices are used is both various and unpredictable. IT security professional vigilance is required as much, if not more, for wireless applications, which should be implemented according to a specific policy based on cost/benefit calculations.
The article also links to others on this and related topics.
http://www.eweek.com/article2/0,4149,1514323,00.asp
The research effort on grid computing is beginning to pay off, with a variety of resouces available for grid implementation. This article suggests that grids are now ready for enterprise organization deployment; the barrier is now one of professional perceptions of grid suitability. Those objecting, while having some valid concerns, may not have a good grip on the most recent developments and their potential.
The article also includes a number of sidebar links to other discussions of grid computing and related topics.
http://www.nostarch.com/litw.htm
No Starch Press has released its user guide: Linux in the Workplace online under the GNU FDL, which means you can follow the link given on this site and access HTML and .PDF versions of the book at no cost. The guide itself is meant for desktop Linux users, and skips over the administrative bafflegab which afflicts most users with a severe case of eyeball-glazing. The K Desktop Environment is emphasized, and the level is set to the complete beginner
This therefore is an excellent resource to learn about practicing with a major Linux GUI [and make no mistake, Linux has to offer a GUI if it is to succeed on the desktop, either in the organization or at home]. The book's intended audience makes this eminently suitable as reference for classes covering introductory computer applications, since both operating system and common productivity programs are covered.
http://www20.tomshardware.com/storage/20040129/index.html
While tom's hardware guide is known for its coverage of, well, hardware, it also looks at operating system software. In the case of this article, it is Microsoft's 'Longhorn' WinFS file management system which is under examination. As the article makes clear, 'Longhorn' and WinFS are not inextricably intertwined, although many of the advances promised by the new OS do depend on using WinFS. Conversely, WinFS can be implemented on existing 32-bit Windows versions [in practice this means Server 2003/XP].
The article discusses Cross-Format File Administration XML metadata and the Clipboard, the details of WinFS, how WinFS and data tags for XML Schemas relate to each other, the WinFS Services, and Virtual Folders.
Such a detailed explanation would be sufficient reason to bookmark this article, but another aspect of this is slightly haunting: with WinFS, it would appear to me, the computer OS has the capability of interfacing with the 'semantic Web' discussed elsewhere in this blog. The significance of this, if correct, needs no underlining.
http://www.frozentech.com/content/livecd.php
This is simply an annotated list of live links to the dozens and dozens of CD-ROM-based Linux distributions out there. Sortable columns comprise ISO image size, name, and primary function of the distribution. This is an ideal first stop if you are seeking a particular type of Linux distribution [e.g. one with a small installed footprint] and don't have any names in your head.
Those teaching Linux could use this as a source for comparative projects relating to distributions.
This is a simple, straightforward searchable site dealing with Windows networking. It includes articles and tutorials, for both general topocs and specifc OS versions, a directory of networking software for Windows, plus newsletters and links. This is well worth a bookmark.
http://www.eweek.com/category2/0,4148,1523738,00.asp
Page that indexes articles from a conference on the future of the InterNet. By far the most prominent direction of recent research is in the areas of creating more structured communities through collaboration -- the concept of the 'social net'. The Net is already a tool with great integrative abilities [as well as disintegrative ones], so the political, as well as social implications of these trends is well worth observing and discussing.
http://www.eweek.com/article2/0,4149,1525080,00.asp
Sometimes the biter gets bit, and this article covers a particularly delicious example. Microsoft, famous for suing everyone on the planet for abusing its trademark on the word "the", took on a company called 'Lindows', which offered a Linux GUI. Despite what would seem to just about any unbiassed observer that there would be no confusion between 'Windows' and 'Lindows' [even in China and Japan], Microsoft persisted.
Now a judge has ruled, in a US court, that in deciding this case, the jury should consider the use of 'window' as a term before Microsoft trademarked the name. There is a very real potential that the name will be recognized to be generic, and therefore not capable of being trademarked. This article, with numeous embedded links, explains the ins and outs of this case.
Another heartwarmer, for sure.
Postscript: As Mr. Berra says: "it ain't over 'till it's over", and so it proved in this case -- enough other judges, in enough other venues, either found for Microsoft or allowed the case to continue, that the Lindows name is no more:
http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-171-1-1-618817-7894-1
So now, instead of being heartwarmed, I find myself unLinspired.
http://ct.com.com/click?q=ea-fjLyQhV9N0j5j379g_F_TXW~t_PR
Clustering is a key strategy for managing server farms in large-scale production environments. The Windows way of doing this is relatively straightforward, but Linux can do this as well, and this white paper "GPFS Primer for Linux Clusters" provides details of the General Parallel File System Version 1, Release 3 which helps underpin this ability.
http://www.crime-research.org/
This is an excellent site to get news and information about computer crime. The searchable site offers news, information about crime/security events, articles, books, keeps tabs on legislation, provides a wealth of links, and has an archive. Many of the articles have a Russian slant; they are supplemented by analytics and interviews from an international perspective.
There is also a weekly newsletter from the organization, to which you can subscribe.
http://writingtheweb.com/archives/000020.asp
Like any relatively new technology, Really Simple Syndication is evolving norms of conduct and 'best practices'. It is worth remembering that one of the pearls of automation is how it confers the ability to make a fool of yourself faster to a wider public, and you can do this with RSS also. This article, with copious examples and links, gives six suggestions for better RSS.
The site also has a number of useful links to producing better Web content.
A massive set of annotated, tested, and linked sites for RSS and Weblog submissions can be found here:
http://www.masternewmedia.org/2004/02/05/rsstop55_best_blog_directory.htm
http://www.netaction.org/futures/networks-all.html
The theme of InterNet control and issues relating to this has been discussed at length in this blog. Here is an extensive, footnoted, and heavily-linked discussion of the alternative before us, presenting a contrasting scenario pair. On the one hand, we have the Microsoft-controlled network viewpoint; on the other, the vision of an open network.
The major issues involved are enumerated in terms of:
* Manageability
Microsoft has been notorious for offering a poor computing experience which, because the code is proprietary, is difficult for users to enhance. The open character of the InterNet, by contrast, has repeatedly shown it can take a licking and keep on bitting.
* Information coherence
To what degree can users protect information about themselves? In a proprietary network, the software provider decides; in an open source network, the user can decide [though the details of this decision can be difficult].
* Extensibility
Microsoft has been famous for "embrace, extend, exterminate", with ultimately limited extensibility as a result of closed-source limitations. By contrast, a major focus of open source software is easy extensibility, with no inherent barriers to doing this.
* Fault Tolerance
How can and will Microsoft ensure against failure? The open net is a vast skein of different components using a multiplicity of interconnections, meaning that if one part fails, there usually is some alternative capacity which can be used.
* Security
Despite "trustworthy computing", Microsoft's track record in this area has been less than reassuring. Giving people choice in security at least makes it clear where the locus of effort should lie.
* Resistance to political/legal intervention
Just how controllable is Microsoft, once its initiatives are implemented? We have seen, when mobilized, how the network can be controlled; we also see how it can resist such control when the issue involved is being approached inappropriately.
* Scalability
If .NET depends on a centralized Microsoft server farm, what happens when [as would appear nearly inevitable] the server is down or access to it is disrupted? An open network, namely the InterNet itself, has already demonstrated scalability at a global level.
Each one of these is a major issue worth investigation and discussion, and highly suitable for classroom or essay work. The answers to these questions will determine what sort of connected experience we will ultimately have.
http://aumha.org/win4/a/shutdown.htm
Inability to shut down cleanly has always been one of the annoyances when dealing with Windows 9x, and while this operating system is on its way out, lots of people still have it, and some of the same problems afflict Windows XP. This site has pages of information on the problems, suggests solutions, provides articles, FAQ's, and downloadable files, indexes Knowledge Base article, and offers fora for discussion, and is therefore worth a look.
http://whitepapers.comdex.com/data/detail?id=1074104559_384&type=RES&src=KA_RES
The volume of commentary on spam indicates how severe and continuing a problem it is -- if Bill Gates can deliver on his promise of a spam-free world by 2006, he will become a hero of the computer age to rival Linus Torwalds. In organizations, of course, spam has a cost, and measures to counter spam also have costs, and the metrics for all this are abstract and slowly emerging. This white paper: "Measuring Up: Evaluating the Return on Investment (ROI) of Spam Filtering" can provide some useful advice and statistics.
Of course, the spammers try to subvert filtering, and current trends involve the use of complex code concealed in HTML, as explained in this white paper on "Spam: A Many Rendered Thing; An in-Depth Look at Current Trends in Spamming Techniques" which is also worth considering:
http://whitepapers.comdex.com/data/detail?id=1074104558_819&type=RES&src=KA_RES
Another article, with links and references, which expresses skepticism of the methods Microsoft has proposed to control spam [and which also explains the intiative in outline] can be found here:
http://www.nwfusion.com/news/2004/0301microsoftspam.html?nl
http://whitepapers.comdex.com/data/detail?id=1075911006_265&type=RES&src=KA_RES
Much emphasis in practical network education is put on enterprise networking and the large-scale deployment, not surprisingly, since this is the most challenging and in-depth development of all networking technologies. Nor should enterprise networking be scanted in curriculum development.
The fact remains, however, that there are many more small business networks than large ones, whose proprietors will not have the technological knowledge [or perhaps the time and inclination] to DIY. This means, for newly graduated applied IT networking professionals, that they are far more likely to cut their teeth on the implementation of a small network than a large one. This white paper: "Simple Steps to Build Your Small Business Network" can give the reader some flavour of how and why a small business would roll out a network.
In addition to its direct relevance to applied IT teaching, this white paper could also form the basis of a laboratory project allowing students to demonstrate hands-on competencies.
http://whitepapers.comdex.com/data/detail?id=1076090569_333&type=RES&src=KA_RES
Though anyone who works in IT directly may find it somewhat amazing that line administrators are often insouciant about security threats, this nevetheless remains a brute fact about life in the corporate world. From the executive's point of view, secuirty is simply an expense without reward [though of course insurance, in the ideal situation, is something analogous], and the risks may seem quite diffuse and hypothetical. A primer on how to educate management is therefore useful, and this white paper: "Network Security: 11 Reality Checks to Help the CEO 'CYA'" would appear to be worth a look.
In addition to educating student on the sorts of vulnerabilities which are present in today's networking environment, a paper like this can help them understand that they have to be issue champions as well. It also could serve as a useful starting point for discussions or exercises.
Another angle on this situation is presented in this white paper: "The Top Five Challenges to Achieving Outstanding Enterprise Security and How to Overcome Them", which can be found here:
http://whitepapers.comdex.com/data/detail?id=1076950016_881&type=RES&src=KA_RES
http://www.wired.com/wired/archive/12.02/start.html?pg=2
Short article which compares current efforts by would-be intellectural property monopolists in the USA to restrict competition with the efforts made over three decades ago to save the USA cargo shipping industry. It didn't work then, and it is not going to work now -- the only result will be a loss of USA competitiveness accompanied by a rise of less-effective [but adequate and much cheaper] services and products elsewhere.
The major point of the article deserves to be hoisted inboard: the objection to excessive IP restriction is not that it is wrong and harmful [though in fact it is], but that over the long run it just plain does not work. The hows and whys of this are breifly sketched here -- they are nevertheless convincing.
If there ever was an argument against special interests that should be heeded throughout national policy-making, this is it. With the way governments protect people's rights today, of course, this is simply a laughable delusion, but we have to know what to want before we can ask for it.
http://www.sciam.com/article.cfm?articleID=00048144-10D2-1C70-84A9809EC588EF21
The classes of objects the Web can handle is highly restricted [yet even this restricted feature set brings an information deluge with the click of a button], and many researchers consider it capable of useful extension. The result, as explained in this article, is the "semantic Web", which can react helpfully to the meaning of selected words and phrases [as opposed to reacting to the structure of a URL]. The result is a Web which is more precise and responsive to human intention.
Such a development in and of itself is a prospect worth pursuit, but consider this: the more the Web becomes semantic, the more it becomes a form of embedded prosthetic. It is a bromide that tools work on the user even as the user uses the tools to effect some task -- making the Web semantic could carry that reciprocal shaping deep into our secret selves. Like many other maind-stunning prospects, I don't think we can really grip all of the implications of this before deciding whether to do it or not -- we will shoot down Alice's rabbit hole while praying we find an umbrella handly in case of strain.
The components of the semantic Web are discussed in this article:
http://logicerror.com/semanticWeb-long
An introduction to the concepts behind the semantic Web, and the the state of play as of a couple of years ago, with links to further reading, is found here:
http://infomesh.net/2001/swintro/
A primer on the semantic Web [which once again emphasizes that this strirring in the reeds has been ongoing for nearly 3 years, which is a century in InterNet time] is available here:
http://www.xml.com/pub/a/2000/11/01/semanticweb/
A more recent account, which discusses the XML programming side of the semantic Web is here; it includes a whole page-load of additional references:
http://www.disobey.com/detergent/2002/sw123/
Anything which involves ontology as part of its description should cause one's skeptical antennae to quiver mightily, but here is the site which not only flaunts the concept, but also provides you with the current news about this whole development:
To paraphrase Mr. Fudd: "This is wery, wery important!"
http://www.pcmag.com/article2/0,4149,1464011,00.asp
E-mail, one of the most popular and widely used InterNet services, certainly has been taking a battering, as previous entries in this blog have testified. This extensive article suggests that 2003 represented a tipping point: spam now accounts for more than 50% of e-mail messages, and e-mail is increasingly used as a hacker attack method.
This extensive discussion, with embedded links, discusses the rising tide of problems, what must be done to improve matters [and the effort that this involves], the role of clients in a variety of venues, and how spam blockers can and should work.
Meanwhile, lawmakers are saving ourselves from ourselves, while not really doing much to improve the problem -- in fact, as this article indicates, they may be making it worse:
http://www.governing.com/articles/1spam.htm
http://www.eetimes.com/story/OEG20040205S0013
Article reporting on research at the Sandia Laboratories based on neural networking, which will provide real-time advice to soldiers and government workers in the form of a digital mentor. Now this is a genuine advance in man-machine interfaces, with beneficial potentials at which we can currently only barely guess.
And of course it is being developed for soldiers and government workers [in the latter case, "some pigs are more equal than others" applies in full force]. This raises a plethora of questions, including disadvangtaging of governed against governors if the former do not have access to a digital buddy [one would think the commercial value of deploying such software widely through organizations would ensure its rapid dispersal, reducing such concerns].
Another, much more serious question is the degree to which cognitive filters are imposed on us without us realizing it, or being able to make any effective critique of the assumptions on which such filters are based. Nor does this exhaust the range of potential questions.
Again, this is something which has been previewed in science fiction, which could be a good 'conceptual playground' allowing us to think about the implications of this research in more scale and detail.
http://itmanagement.earthweb.com/career/article.php/3309591
A growing body of observations suggests that the IT industry may be picking up some of the growth that was lost in the past three years. The indexed article indicates that technology salaries are up 2%, which is an improvement over the recent past, representing a sign engendering hope. The article also adduces evidence to show that improvements in the IT job market have not been entirely hollowed out by offshoring.
The top management titles are IT management and project management; systems developer and software engineer are the top non-management titles. Skills most in demand include include SAP, Peoplesoft, Unix, and C/C++. This may give some hints to continuing curriculum development in IT.
http://www.nothingbutsoftware.com/prms/kt/2289.asp?ai=1467
I have staged the sackcloth-and-ashes routine in relation to the InterNet's troubles at great length in previous blog posts. I am concerned about this personally, because I value the Net highly as an intellectual companion, but it is also the case that we cannot contemplate a resource of the reach, power, mutability, and potential of the Net being simply trashed by the electronic equivalent of Alaric and his Hunnish horde.
A number of the 'solutions' offered beg the question of the relative pain of cure and disease, because they strike at the open connectivity which is the heart of the Net. The indexed article suggests a different approach, somewhat tongue-in-cheek, using the resources and attributes that the Net possesses in abundance.
Selecting the most serious of these, and evaluating their potential and how they might be applied, could form the basis of an interesting student exercise.
Love it, hate it, be indifferent, or evaluate it realistically, Microsoft is the 800-pound gorilla of the software world. It therefore bears watching, and this site is an excellent source of late-breaking news, information, and guides. The news links are annotated, so you have some idea of what to expect when you click, and the whole site seems honed to providing effective information fast.
Particularly useful are links to 1-page summaries of major Microsoft mojo, which below the explanation contain a plethora of categorized links on the summary subject, including Web sites, FAQ's, and articles.
http://whitepapers.comdex.com/data/detail?id=1063304538_685&type=RES&src=KA_RES
No question that Virtual Private Networks are and will continue to be important. Although the standard methodology for VPNs is concerned with implementation in routers and switches, there is another way of doing it. This white paper: "A Primer on SSL-based VPNs" shows how VPNs can be implemented in Layer 4 of the OSI stack, extending applications through the use of SSL and a browser.
This is a useful alternative which may have several design and problem-solving implications.
http://www.debugmode.com/wink/
"Wink is a Tutorial and Presentation creation software" with a primary focus on creating tutorials on software use. It is a free download, and there is an on-site tutorial to show you how to do it. The application can capture screenshots and export images, executables, or pictures. The output produced is compressed, making typical presentations small.
This is definitely worth trying if you are in the online teaching biz -- it looks like the ideal way to create demo instructions on how to use an application, and might be adapted to teach basic computing skills as well.
http://www.howdev.com/news/articles/20040210-ReadyforRSS.asp
Most of the discussions of Really Simple Syndication revolve around the technical issues involved. Here is an article about the business issues involved in implementing RSS, with a simple explanation of what the technology is all about, and describing "a practical and easy way" to use it.
In addition, links to other articles about RSS are provided at the bottom of the page.
http://www.eweek.com/article2/0,4149,1518479,00.asp
You can provoke vigorous arguments about the merits of various operating systems, and some people take a near-religious stance in their choice of software, but if you want to ask a question that will really start the chips flying, just ask: "Should I turn my computer off when I am not using it, or leave it on?" and stand back.
Religious fundamentalism isn't in it -- as a dedicated hard core "On-ist", I know whereof I speak, and how the other side is awash in depravity. This article introduces the consideration that you should turn off a machine with an InterNet connection to reduce vulnerability to external attack, and correctly dismisses this as a red NIC -- what you really need to do is eliminate the vulnerability, which after all still exists whenever you are actually on.
Fortunately this article agrees with my eminently sensible evaluation of the issue, while also providing some additional links to related stories.
Even those of us who love computers and networking experience the occasional attack of fear and loathing, when instead of a mouse, we wish we had a 9-pound hammer. Here is a site devoted to logging whines, gripes, complaints, and other manifestations of discontent. You can search the gripes and view them by popularity, alphabetically, or by latest updated.
Apart from being a souce of direct information on a problem or a bug, this could also be an inspiration for a wide variety of critical research.
http://www.worldofends.com/#FN1
From those percipient folk who brought us "The Cluetrain Manifesto", some remarks on what the InterNet is, and how it can and should be used. Many of the latecomers to the Net commerce party have been busily constructing buggy whips to be used in flogging airplanes to fly faster. Because the Net is new, and also relatively transparent, its operations are sometimes counterintuitive.
This is a message of significant hope -- that the walking moneybags who would tie up the value of the world cannot, in the end, succeed. It were best they then get educated in what to do, before they harm everyone in trying to control the uncontrollable.
United Business Media's CMP division has launched a set of tightly focussed searchable Web pages called 'pipelines', which index news, trends, how-to-do-its, products, white papers, webcasts, sponsored links with downloadable software, and a glossary. Those of specific interest to most applied IT teachers are:
http://www.securitypipeline.com/ covering desktop, network, and infrastructure security plus policy & privacy.
http://www.linuxpipeline.com/ covering core Lunux, applications, enterprise open source, and business.
http://www.networkingpipeline.com/ covering security, infrastructure, wireless, and voice/data integration.
http://www.serverpipeline.com/ covering entry-level, mid-range, and high-end servers, plus their supporting technlogies (including operating systems).
http://www.itutilitypipeline.com/ covering utility computing and services, grid computing, and enterprise systems.
http://www.desktoppipeline.com/ covering desktop operating systems, application software, and hardware as these relate to all current desktop OS.
Additional pipelines address small business, mobile computing, and storage issues. These look like excellent information sources to benchmark and revisit, for students and teachers alike.
http://entmag.com/reports/article.asp?EditorialsID=58
Microsoft's 'trustworthy computing' initiative has been ongoing for two years now; this article attempts to provide a scorecard. Clearly, much has been done; equally clearly, much more remains to be done. The latest worm exploits would seem to indicate the vulnerability of a monoculture, which itself raises an interesting question: suppose the Microsoft monoculture is at fault, what would a cure look like?
Imagine for a moment, a world in which Linux/UNIX, Mac OS X [to the extent that, functioning as a server or a desktop machine, it is different from UNIX], and Windows all had about 1/3 the share of desktops and backdoor infrastructure. This would still provide scope for attacks, but in three areas rather than just one. Co-ordinating such attacks to provide a single exploit as damaging as the current MyDoom could be somewhat more difficult than it is at present. Would the game be worth the candle?
But as this article indicates, Microsoft itself is capable of more radical and effective responses. Will we like these any better when we experience their full impact? Is there a baby in all that bathwater?
http://hbswk.hbs.edu/pubitem.jhtml?id=3885&sid=-1&t=special_reports_cyber2004
In-depth coverage of a conference topic on the offshoring phenomenon, showing the range of alternatives against the factual basis of the phenomenon. It has become a multi-billion-dollar operation, with its own momentum. In fact, offshoring is just developing, and even as it becomes more extensive, so do the lessons which must be learned about it. Not only does offshoring bring quality at a reduced price, but it also enables the 24/7 operation on a worldwide basis.
The advantages of offshoring may simply be irrestable in both the short and long runs.
http://www.cioinsight.com/article2/0,3959,1460177,00.asp
Here is a downloadable survey of more than 750 respondents on the future of IT for the next 5 years. Of less importance are the specific facts revealed; what is more important is your reaction to what is predicted. If you agree, why? If you disagree, why?
Since we are educating students not for today, but for tomorrow, discussing such research as this in the classroom context should highlight the relevance of what we are teaching. If it does not, this is an urgent call for curriculum reform.
http://www.eweek.com/article2/0,4149,1490486,00.asp
A review of Sun's STAR OFFICE v.7 suite which competes with Microsoft's version for a considerably lower price [at least 20% of the cost of OFFICE on an individual licence basis, and nearly 1/3 of that in buys of 10,000 ore more] with considerably more latitude on which machines each copy can be installed, which comes up with a strongly favourable verdict.
The key here is that while usability, capability, performace, manageability, scalability, and security are all rated "good", interoperability is rated "excellent". The only caveat is for those organizations with a lot of VBA [and I would expect, .NET as well] applications integration, who will not be able to make the switch away from Microsoft without considerable pain.
There are two things worth noting about this:
1) There may be a high and hidden cost to using Microsoft development tools, particularly to implement application integration and automation, because you are locking yourself into a monopoly which is clearly out to extract the top dollar possible; and
2) Many of the organizations which will be least affected by such considerations fall in the small/medium/home office category -- this is a large aggregate market which should have every reason to switch rather than fighting, and this is a market which Microsoft has treated and contintues to treat with less than tender loving care. There is a marketing opportunity there [of course, IBM, no mean marketers themselves, got shot down in flames over OS/2, so that is in itself no guarantee] -- one wonders who will take advantage, or if advantage will be taken.
http://hbswk.hbs.edu/item.jhtml?id=3877&t=marketing&nl=y
As a company, Apple Computers has much more impact than its miniscule market share (< 5%) would seem to justify. This inerview article with a Harvard business school professor explains why [Apple is excellent at industrial design, which is hard to do, and devotes significantly greater percentages of its budget to R&D]. It aslo explains why Apple has failed to grow as a company -- even when 'successful' after the return of Steve Jobs, it has declined in market share.
The Steve Jobs model is BMW pricing in a market which may not support it. How viable this is depends on how valuable what BMW delivers is [as a BMW driver, I can state without fail that no other car in its price range or below it delivers the driving experience a BMW does, and I value this sufficiently to pay the premium on a BMW as opposed to some other brand]. It is less clear that Apple has this sort of advantage, although ease of use, lack of problems, and relative immunity from viruses are all elements in Apple's favour. But ultimately, both BMW and non-BMW drivers have the same roads available, whereas even with OS X, the Apple user's software choice is limited.
The article discusses several alternatives Apple can follow, and is interesting as a teaching business case as well as a technology discussion.
http://www.linuxdevices.com/articles/AT3855888078.html
Considering the importance of kernel versions to the Linux world, and the fact that there is an extensive installed base of the 2.4 kernel, some advice from an expert on the issues in migrating to the 2.6 kernel is not out of place. That is exactly what this, the first in a series on 2.6 kernel migration, is all about.
It provides a useful source of detail to supplement instruction on kernel versions in Linux and why these are useful and necessary.
Migrate on!
http://www.wolframscience.com/nksonline/
OK. I'll 'fess up -- not only do I not understand what is written in this book, I can't even understand the pictures. The link indexes an online version of A New Kind Of Science by Stephen Wolfram, the underlying premise of which [to the extent I grasp it at all] is that computation is giving us the capacity to do science in new and valuable ways outside the realm of material experimentation.
If he's right, this is A Big Deal indeed, and having this book online is the equivalent of having Newton's Principia Mathematica delivered to your doorstep in the 17th century.
http://news.com.com/2100-1032_3-5153485.html
As Daffy Duck would say: "D-E-E-SPPTH-ICABLE!!" The problem of 'spyware' -- programs which download/install themselves on your computer and report back on your surfing habits quite predictably led to the development of spyware killers. Now, just as predictably, reports are filtering in that a number of spyware killers in fact function as spyware themselves.
Now all this is infuriating enough, and a number of people are as mad as hell and not going to take it any more, but there is an additional consideration: lots of spyware doesn't just fink on you, it also slows down your computer and makes it more likely to crash.
The article discusses the development of spyware problems, the attempt to reduce/eliminate such parasitic software, and what actions are being taken by those victimized what is clearly unfair and deceptive practices.
Because many in the educational environment depend on computers but have little comprehension of their internal workings, effective education about spyware is a basic requirement, to which the indexed article (with links to related information) can provide substantial assistance.
http://news.com.com/2100-1032_3-5153627.html
Guy Gilpatrick characterized the effect of the extraordinary on one's imagination by saying "it not only staggered, but also reeled, tripped, and fell face-down into the gutter". That's somewhat the appropriate reaction to IBM's WebFountain initiative, a supercomputing project which intends to push current Web searching into data-mining services delivering meaning and content.
A number of competitors are also pursuing the same goal, which in some sense is the inverse of the 'semantic Web' concepts discussed previously in this blog. This article describes the roots of this project, along with the hardware, software, and personnel resources required to support it, and gives a glimpse of potential applications.
I have tin-drummed the concept that those companies which can make effective use of the plethora (if not surfiet) of information on the InterNet can get an immense leg-up on their competitors. IBM seeks to make this a service operation which could, prehaps, actually level this playing field even as it was being sodded and marked.
A number of related stories are covered in links within the indexed article, and another balanced evaluation of this system and its implications can be found here:
http://www.spectrum.ieee.org/WEBONLY/publicfeature/jan04/0104comp1.html
Absorbing article about the evolution of 'hidden tech' -- the fact that internetworking has improved to the point that the (sometimes vacuous) dream of de-urbanization for knowledge workers can be realized. While the result is a more humane way of life [with the not inconsiderable side effect of spreading the economic benefits of IT more widely], it has even more significance: because this development may be key to sustained economic recovery in the USA, and also because it is small, unincorporated, and therefore under the radar of standard business statistics.
There is a model worth considering in this regard: how the Falun Gong movement in China seemed, from the government's point of view, to emerge from nothing overnight. Something of the same impact, though far more benign, may be happening here. If so, the phenomenon is well worth keeping in mind.
http://www.cioinsight.com/article2/0,3959,1458955,00.asp
If music is liquid architecture, is the implementation of a network the equivalent of hard rock? The term 'architecture', as this article notes, is dangerously misused if it is applied only to the devices and connections comprising the network. All the blinking lights have to serve some use and purpose. This means that the IT infrastructure must support organizational goals while scaling to meet expected demands.
Doing this effectively for an organization occupying part of a floor in a single building may indeed be sufficiently served by an ad-hoc approach. This article suggests that for anything larger, disciplined application of architectural principles are essential to success, and provides downloadable fact sheets and a nine-step whiteboard process to support this contention.
Just as effective scaling is required for a successful IT implementation, so is it necessary for the initial architectural effort, making this article a useful resource for a wide audience.
http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=17200256&classroom=
Domain Name Service is a vital cog in any InterNet service machine, and like every other part of the TCP/IP suite [DNS is considered an Application Layer protocol], it was not designed with security in mind. The range of risks will only increase as wireless technologies achieve widespread adoption in organizations.
This detailed article, with extensive embedded supporting links, explains what the problems are, and what you can do to guard against them. Such articles underscore the fact that security is a multifaceted activity, not simply a slapping a firewall in front of your LAN and using passwords. In addition to being a valuable reference for a course dealing with Net security, for the more creative amongst us it could serve as a source of ideas for attack testing under laboratory conditions.
The article includes references to DNS concepts and operations, and detailed methods of implementing DNS security.
http://www.wired.com/news/privacy/0,1848,62158,00.html
I have inveighed against the tendency to clip the USA's Defence Advanced Projects Agency in previous comments to this blog, and here we have another example. A DARPA project known as LifeLog, which intended to build a database tracking someone's entire existence, has been cancelled [for no apparent reason, although civil libertarians were up in arms about it].
The concept of a prosthetic memory in the face of the data glut which inundates us today would seem very worth investigating, and even if it did have the negative implications its opponents averred, ignorance is not the solution to this problem. The loss of nerve this seems to betoken in an organization which can only succeed by implementing daring decision is itself dauntingly disquieting.
When one considers that this research is of great interest to the private sector, and may well proceed under the cover of commercial secrecy, one is tempted to award the Phyrrus Palm with Crassus Cluster to the architects of this particular 'victory'.
The indexed page also includes some links to related stories.
http://www.businessweek.com/technology/content/feb2004/tc2004024_4516_tc044.htm
The IT landscape seems to be losing its gloom as a slowly rising employment sun, obscured by fitful offshoring clouds, illuminates what appears to be a modest recovery. This does not mean that the frenzied boom of the late 1990s is back, and expansion hiring is still spotty. Whether offshoring will be offset by more higher- and differently-skilled positions is a moot point, given the difficulty of retraining, but the balance of the news is positive.
The fact that Cisco reports a modest improvement in earnings is taken as another indicator that infrastructure development is picking up speed again:
http://www.nytimes.com/2004/02/04/technology/04cisco.html
As network equipment ages, there is a natural cycle of replacement which should swing into action, and if capacity improvements are made along the way, so much the better.
http://whitepapers.comdex.com/data/detail?id=1075747187_769&type=RES&src=KA_RES
The tussle between the black and white hats continues unabated -- the one secure claim we can make is that this problem will continue to escalate in complexity and impact. How threat management is responding to such challenges is outlines in this white paper: "The Next Generation of Threat Management".
It rather sounds like we need this bad.
http://whitepapers.comdex.com/data/detail?id=1019745194_234&type=RES&src=KA_RES
If you teach networking from even slightly older texts [particularly those oriented towards Cisco certifications], the Ethernet emphasis will be on 10Mb/s. Times have changed somewhat, and increased speeds are the order of the day, as this white paper: "Evolution of Gigabit Technology: From the Backbone to the Desktop" describes. This can nicely supplant those somewhat tired texts.
http://www.cioinsight.com/article2/0,3959,1458661,00.asp
That women tend to be underrepresented in IT activities generally is a truism -- it certainly can be confirmed by the gender makeup of the student body I have encountered over the years. This is reflected in the male/female distribution of IT management, but this article makes the point that the replacement cadre currently in place [i.e. the upcoming age cohort] is even more heavily skewed to the testerone set. The existence of a thick class ceiling, and the attraction of running your own business instead of being in the corporate millrace are other factors.
The solution advocated here is neither new nor particularly disputable -- encouraging girls in school to consider technology as a career. That tune has been hummed heavily in science and technology for several decades now, without appreciable beneficial result. However desirable a sea change in this situation might be [and I agree it is desirable], it does not seem like this proposed alternative will really generate much traction.
The whole issue of relatively low female participation in science and technology [when in other fields traditionally blocked to female participation like law and medicine, there have been no such problems in women being proportionately represented] is something which I feel has much deeper and complex roots than generally acknowledged. In fact, this may not represent a 'problem' to be 'solved' as much as a condition of existence.
http://www.businessweek.com/magazine/content/04_06/b3869066.htm
Japanese high technology industries have been uncompetitive for so long that it comes as something of a surprise to read that they are bouncing back in consumer and information technology. Combining innovations with a very un-Japanese headcount reduction and corporate restructuring, the major Japanese technology firms, which are still big players with deep pockets, are bidding to resume their dominant position.
To read that TV manufacturing is one of the areas from which Japan is withdrawing because it is not technologically rewarding enough is to get one inkling of what is involved here. There is no question that these firms still face major and serious obstacles, but I would be inclined to bet in their favour right now.
http://www.eweek.com/article2/0,4149,1484760,00.asp
I have, for more than several years, been pessimistic about network administrators to prevail in the contest against malware. The attacker not only has surprise on his side, he also has the advantage of human inertia and complacency in the face of a threat which is probabalistic and diffuse. This article suggests that antivirus researchers are coming to the same conclusion.
If there is any dawn to this dark night, it is still a long way away.
http://www.entmag.com/reports/article.asp?EditorialsID=57
Instant Messaging is increasing in enterprise inevitability, like a bad toothache. When this is combined with wireless networking, IT managers current security concerns will seem like mere vapourings. But people want to reach out and touch/crush people, information wants to be free, and IM is touching down in the North 40. This URL indexes a special report with the following articles:
* 2004 is the Year for Instant Messaging, No Really
* IM PRO: The Business Case for Instant Messaging
* IM CON: The Business Case Against Instant Messaging
* Managing the Instant Messaging Paradox.
Implementing effective enterprise IM is a huge and daunting task, exceeded only by the risk of not undertaking such an effort, and these articles at least provide a planning starting point.
Another article discusses IM in the context of enterprise adoption, which summarizes case studies to provide tips and tricks:
http://itw.itworld.com/GoNow/a14724a94937a89073442a1
With the advent of multimedia files and the whole brouhaha over peer-to-peer file sharing, administrators need to know how to develop policies for controlling shared disk volumes. This is particularly important in educational environments, since students are a vigorous source of file-swapping. This white paper, "Windows Quota Management and File Blocking 'Best Practices'" is intended to allow you to control storage size and access rights with reasonable ease, and thus is relevant to this question.
http://www.certmag.com/articles/templates/cmag_feature.asp?articleid=580&zoneid=1
The URL indexes a short, simply-written article on the basics of network security, looking at the architecture, its vulnerabilities, security practices in response to these, the technologies of their implementation, and the certifications currently available for security.
http://www.rogerdarlington.co.uk/FFF.html
Although there are a number of quibbles I can make in regards to this site [e.g. 'bps' and 'baud' are not identical concepts], this site still presents a large number of arresting and amusing facts which show the history and development of information technology in many aspects of life. Apart from its intrinsic interest, it also could be a good source of 'prove it!' type exercises.
http://catless.ncl.ac.uk/Risks/
Just when you thought it was safe to turn on your computer, here is The Risks Digest, a moderated Forum On Risks To The Public In Computers And Related Systems from the ACM Committee on Computers and Public Policy. This site explains a multitude of access options -- the fact that there are hundreds of issues going back to 1985 is an indication of the degree to which computers can be a problem rather than a solution.
This is a good educational corrective to blind computer worship, and would be an excellent component for any beginning programming class as well.
http://www.wired.com/news/digiwood/0,1412,62083,00.html
A sales concept for disposable DVDs, which only could be veiwed for 48 hours after they were opened has foundered against massive consumer indifference. Given that the disks were priced at $7.00, a good $2.00 more than the most expensive video store rental [or a very conservative montly rental from Netflix, for that matter], one can only wonder what were these people thinking?
Not only do the disposable DVDs add insufficient convenience for their added proce, but they also were objectionable on environmental grounds. This is such a dumb idea one wonders how it ever got out of the concept stage.
Incidentally, one presumes that if these things were produced in quantity, the materials cost would not justify any price beyond a normal rental in terms of the profit to be made, and if they were priced competitively, they might have had a chance, though I cannot be sad they did not succeed.
http://www.wired.com/wired/archive/12.02/india.html
A long article, linked with several others, looking at the phenomenon of IT outsourcing to India. In addition to enjoying the competitive advantage of a salary mean about 12% of that prevelant in the USA, India also has the hidden weapon of a large, well-educated, work-oriented middle class which speaks and can work in English.
The bottom line -- get used to it. India and its capabilities are not going away, and efforts at protectionism should prove as counterproductive here as they have in other economic sector. While the USA has moved from the agricultural economy to the industrial economy to the information economy, the hard question is: "what comes after knowledge?".
The answer is creativity, and looked at in this light, besides the rather humble venue of on-site maintenance, it may well be this is the next step the USA must take to make itself competitive. But this will work hardship on a social group which is both used to taking political action and wealthy enough to make its veiws felt, so the transition will not be painless [and, one would argue, probably should not so be].
A shorter article on offshoring generally, presenting the Ricardian argument for competitive advantage is presented here:
http://www.usatoday.com/usatonline/20040204/5895934s.htm
While, as the article notes, the theory has worked well for over 100 years, the question of what comes next could be the disconfirming instance.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci945775,00.html
A survey of information security professionals indicated that the whopping majority (97%) feared employee negligence/abuse of data resources as their most worrisome concern. Right next to this was lack of resources, cited by 90%. In comparison, only 70% worried about a catastrophic external threat.
Despite the small size of the survey [n=34], this sounds about right, in terms of the conventional wisdom that the majority of all security issues originate from inside an organization, rather than coming from outside.