http://comment.cio.com/soundoff/032504.html
Spyware has become a sufficiently pervasive and annoying problem that it has been mentioned several times in this blog. Because applied IT students should be using the InterNet vigorously, and exploring some of its more 'dangerous' nooks and crannies, beginners particularly are extremely vulnerable to these pests. Since too many institutions still mistakenly insist on Internet Explorer as their mandated browser, the situation is even worse. How bad it is is suggested by this article [which is accompanied by vigorous and interesting commentary] -- infection rates of 90% are posited, and credible. This is a major problem which must be faced and overcome to protect continuing health of the Net.
As this article suggests, help is on its way:
http://www.technewsworld.com/perl/story/33231.html
Of course, if we get the same 'assistance' from these folks as we got with the CAN-SPAM act....
This is not the only government initiative relating to surveillance; as this article indicates, the USA's FBI wants to make nettapping faster and easier, getting a hook into broadband:
http://www.pcmag.com/article2/0,1759,1549618,00.asp
Since this amounts to rearchitecting the Net in the interest of government agency surveillance, it definitely is a hot topic.
On the other hand, when it is not them doing the spying, lawmakers can get knotted knickers in a great hurry to regulate who spies on what. RFID issues have been discussed a good deal in this blog, and now some legislators are moving to control it:
http://www.wired.com/news/privacy/0,1848,62433,00.html
Since this would seem to put lawmakers at odds with big business lobbies, it will be interesting (and perhaps instructive) to see how all this turns out.
For many years after 1984 was published, the knock against the surveillance society depicted in the book was that it was neither feasible nor desirable. Technology is solving the feasibility issue -- how the desirability issue gets handled is going to be a major test of how democratic processes can continue to develop and flourish.
http://techupdate.zdnet.com/techupdate/stories/main/Six_barriers_to_open_source_adoption.html
A look at the hurdles which must be overcome in implementing Open Source solutions [particularly Linux], as well as some evaluation of just how high these hurdles are:
* Lack of formal support: in fact availability of ongoing support will be essential to enterprise acceptance of Open Source, and serious solution developers are already providing this.
* Rapid pace of change: represents a balance issue -- it is good to have bugs and vulnerabilities fixed quickly, as Open Source has shown it can do, but the sorts of timeline pressures inherent in Windows versions is entirely absent.
* Roadmapping problems: in fact having a roadmap does not mean that you are going to get there. The Open Source community tends to be better at long-range roadmapping.
* Functional gaps no doubt exist now, but they are in the process of being addressed, and should be closed over time.
* Licensing issues remain a problem, and new licence tools may have to be developed.
* Independent software vendor endorsements may be of limited impact.
In general, there are concerns, but no showstoppers.
http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20040327/BOOLE27/
Marking thie 150th anniversary of the publication of George Boole's The Laws of Thought, this article and accompanying sidebar describe the man and his work. Since Boolean logic underlies search engines and database queries, as well as being implemented in computer logic circuitry, an easily grasped explanation is a useful thing to have available for students, and that is the focus of this article.
http://www.miami.com/mld/miamiherald/business/national/8221460.htm
With all the hand-wringing about offshoring, certainly mentioned previously herein, this article warns that we may be missing the real problem: a continued shortage of high-end high-tech workers. The thesis now being bandied about is that the IT industry has matured, so the wretched excess of the dot.com years no longer apply.
This is perceived as painful, but is in fact a distraction. The number of jobs involved is small in comparison to the USA economy, and the types of jobs being offshored represent the low-end of the IT spectrum [though this should not obscure the problems involved in taking away the 'rungs at the bottom of the career ladder']. Overconcern with these issues and neglect of continuing needs can prove counterproductive in the long run.
http://www.idc.com/en_US/st/extras/40_Years_of_IT.pdf
Despite, as having mentioned before, the fact that historical issues are not a major concern of IT practical education, gaining some appreciation of where we were and where we are going is supplied by this white paper: "40 Years of IT: Looking Back, Looking Forward". This also gives one some perspective on how relatively recent the PC and the InterNet are [about 20 years and 25 years of age, respectively].
http://networking.ittoolbox.com/documents/document.asp?i=3773
To paraphrase Mr. Twain: "Everyone talks about event logs, but nobody ever does anything with them". This is, of course, an exaggeration, but it is true that while event logs can be of signal importance in an IT production envrionment, teaching about their effective use can be quite difficult outside that environment.
Logs are the raw material for an audit, and the indexed white paper, "Event Log Management: A Guide to a Stress-free Audit", explains how the current USA regulatory environment makes logging even more significant as an activity, and explains how to use them in preparation for an audit. Such a focus can be of great use in providing a practical pedagogical example.
http://news.com.com/2100-1032_3-5173287.html
The latest, and possibly last, act in the Eolas-Microsoft patent case, which has been discussed in this blog before, features a rarely-exercised bureaucratic review process which essentially excludes the opponents, with the potential to either void the patent (which is what common sense would require) or uphold it.
Should the patent dispute be resolved in the way that will do the least harm to the smallest number of people, there is reason to cheer. It is, however, distressing to see justice done in such a hole-in-the-corner way -- and inter alia many will be convinced, without a shred of evidence, that Microsoft has used its considerable influence to prevail over the government once again.
http://whitepapers.comdex.com/data/detail?id=1079029984_674&type=RES&src=KA_RES_20040317
The URL indexes a white paper on "Integrated Security: Defending against Evolving Threats with Self-Defending Networks", which is Cisco's initiative to produce integrated security deep within the infrastructure. Something like this does seem like the best solution to this problem, and of course, can help improved Cisco's bottom line.
Some other security white papers from Cisco are:
Cisco IP Communications Security Policy Development and Planning Guide
http://whitepapers.comdex.com/data/detail?id=1078939330_728&type=RES&src=KA_RES_20040317
Trust and Identity Management: Solutions Overview
http://whitepapers.comdex.com/data/detail?id=1079026302_550&type=RES&src=KA_RES_20040317
IP Telephony Security in Depth
http://whitepapers.comdex.com/data/detail?id=1057858103_115&type=RES&src=KA_RES_20040317
Another major white paper on identity management, "Enterprise Identity Management: It's About the Business" defines the technologies involved to produce a solutions roadmap, and can be found here:
http://whitepapers.comdex.com/data/detail?id=1079109672_743&type=RES&src=KA_RES_20040317
A white paper on "Log Management: Closing the Loop on Security Event Management" explains this crucial networking activity, and can be cound at:
http://whitepapers.comdex.com/data/detail?id=1079109677_478&type=RES&src=KA_RES_20040317
Two security papers relating to the Windows world are "Best Practices for Designing a Secure Active Directory - Multi-Org Exchange Edition", available at:
http://whitepapers.comdex.com/data/detail?id=1042225768_732&type=RES&src=KA_RES_20040317
and "Architecture and Design Review for Security", which can be found here:
http://whitepapers.comdex.com/data/detail?id=1079366506_346&type=RES&src=KA_RES_20040317
http://www.informit.com/guides/content.asp?g=security&seqNum=51
The informIT site at www.informit.com is a valuable tool for the working professional. They publish a number of topical guides, including a security guide. This discusses Web Application Security, Operating System Security, Network Security, Hardening Your System, Wireless Security, and the Legal and Ethical Issues of Security.
What has been added, and worth noting at the URL given, is a section on Data Forensics, providing an example, and material on Forensics Fundamentals, Forensics Tools, Forensics and Encryption, and PDA Forensics.
http://www.pcworld.com/news/article/0,aid,115214,tk,dnWknd,00.asp
I have waxed pessimistic about the ability of the white hats to overcome the black in terms of the escalating dangers of cyberspace, and the indexed report suggests that we are in a handbasket moving rapidly to its destination. On the other hand, given that the source is Symantic, producer of protective products, it can hardly claim to be disinterested -- yet at the same time, this does not make the report wrong.
Having a good practical guide on what steps you can take to mitigate these threats is certainly welcome, and one such can be found here:
http://www.pcworld.com/howto/article/0,aid,114727,tk,dnWknd,00.asp
http://archives.cbc.ca/IDC-1-75-710-4205/science_technology/computers/
The history of IT is sometimes swept into the corner as being boring and irrelevant -- and some of the finer details of museum-class technologies no doubt deserve relegation to the Big Bit Archive. But as Georges Santayana said: "He who does not know his history is condemned to repeat it", and this certainly can apply to the IT world. Conaider something as big and penetratingly powerful as the InterNet. It can be the source of myths [and, in fact is]. A good background history allows us to see how far we have come, and also provides insight to the unintended consequences of specific innovations. The indexed URL provides such a history. One only wonders what is ongoing currently that will have the same impact 30 years down the road.
http://entmag.com/news/article.asp?EditorialsID=6163
As indicated previously in this blog, mainframe 'big iron' still has a major role to play in many enterprises, which is why educators should keep mainframes on their pedagogical radar screen [the fact that mainframe-related jobs are somewhat less offshorable can't hurt either].
The indexed URL describes initiatives being taken by major service vendors to allow mainframes to form part of a Web solution, which certainly sounds like a recipie for long continued life.
http://www.macobserver.com/appledeathknell/
I had not realized what a spectator sport unsuccessfully predicting the demise of Apple Computers has become. This site provides links to over 30 such pronouncements over the years [or a bit more than 1/year of Apple existence], along with commentaries.
Of course, probably by blogging this site, I have ensured that Apple will go belly-up tomorrow.....
http://www.definitivesolutions.com/bhodemon.htm
Exploits against one's Web browsers are as exquisitely annoying as a hangover, and most are realized through Browser Helper Objects, explained in the indexed site, along with the provision of a tool called BHODemon which allows you to remove unwanted BHO's.
While anti-spyware/adware software is the usual court of first resort in these cases, they don't always work, so having some additional weapons in your arsenal is never a bad idea. Here is a discussion site featuring another BHO-removal tool:
http://wwwspywareinfo.com/~merijn/cwschronicles.html
A tool which prevents homepage hijacking [as, does, incidentally, a buried setting in Spybot Search & Destroy] can be downloaded here:
http://www.wilderssecurity.com/bhblaster.html
Another more general computer security site which offers a forum on BHOs is:
http://www.computercops.biz/index.php
http://www.wired.com/news/infostructure/0,1377,62651,00.html?tw=wn_tophead_4
A short article which may point to something important: hooking up the BitTorrents program [which allows fragmented mulichannel file downloading over long periods of time as a background process] to RSS. This creates the potential for publising humongous files on-line without the costs of bandwidth or a long wait, and represents another step in upgrading InterNet capabilities.
Related stories are indexed in an article sidebar.
http://www.linuxjournal.com/article.php?sid=6811
'Port knocking' -- only allowing systems to connect if they implement a sequence of closed port access attempts -- is an idea which could help VPN security and similar implementations in Linux. This article shows how do to it -- it represents a useful addition to the whole armour of security which administrators must implement these days.
http://www.securityfocus.com/infocus/1761
Creating a 'honeypot' as a means of detecting/deflecting attackers on a network has a venerable history [and the technique's vritues and limitations should be clearly recognized]. Wireless networks can deploy anologous techniques, as explained in this detailed, illustrated, and well-referenced article.
A major difference between Windows NT and Server 2003 is the concept of a 'forest'. Now that a number of NT shops are taking the plunge and converting to Server 2003 [which is entirely logical given two things: 1) That the cost of server machinery has decreased to the point that boxes which were adequate for NT can easily be replaced by 2003-capable boxes; and 2) Windows 2000's limited lease on life], resources explaining how to use this far-from intuitive concept are valuable, and the indexed articles explains how a migration can be conducted which will still allow NT domain controllers to function.
Information about advanced features of Windows 2003 domains and forests can be found here:
and an overview of the NT-to-Windows 2003 migration can be found here:
http://www.pcmag.com/article2/0,1759,1546441,00.asp
I swear that this blog is not becoming an all-RSS discusion, but as I have already mentioned, I do believe RSS is a major technology with great implications for education and research methods. The indexed URL describes one person's slow conversion into RSS acceptance, and features a wealth of internal links and external references.
http://www.networkmagazineindia.com/200402/vendorvoice01.shtml
One of the prime concerns of the network administrator is availability, but analysing, measuring, and predicting this take some doing. This quick guide to maximizing availability provides a straightforward, sensible process to mapping out how to approach and implement network availability.
http://www.businessweek.com/technology/content/mar2004/tc20040311_3157_tc024.htm
The gloomy clouds over Sun's prospects have already been mentioned in this blog, but the company keeps on trying to shine. The indexed article mentions such balloon-poppers as S & P reducing Sun's debt rating to junk status, and dowgrades and stock slides on Wall Street.
While Sun's CEO still beams forth with optimism, the article suggests that sales and profits are needed to allow Sun to rise again. Since Sun is the licence-holder for JAVA, its demise would be of no small consequence to the IT world in general and Web development in particular.
http://channelzone.ziffdavis.com/article2/0,,1542604,00.asp
The case for open source software has been made in many places, and rebutted in many others, as for example here, and here, and here. The indexed headline article suggests that the Microsoft way is better, and provides important publicity advantages to go along with this superiority.
Like the skeptical Scotsman, "I ha'e mee doubts!", but this nevertheless represents a position which must be addressed in the open source debate.
http://www.masternewmedia.org/2004/03/02/the_rss_newsmaster.htm
The concept of using RSS to create newsmasters [who themselves could become vital gears in the information ecology of any organization] has been discussed in this blog before. The indexed URL provides an excellent summary of the factors underlying this change, the benefits it can bring, and some of the functions of the newsmaster. References and examples underpin this argument, which remains as powerful in potential as ever, in my opinion.
http://www.pcworld.com/howto/article/0,aid,114030,tk,dnWknd,00.asp
PCs need maintenance, and it is always useful to have a handy guide to which you can direct students, which this is.
Supporting such a maintenance guide are utilities which help keep your PC in tip-top condition, as reviewed here:
http://www.pcworld.com/reviews/article/0,aid,113743,pg,1,tk,dnWknd,00.asp
One of the first indications that your PC is suffering from some sort of ailment is a gradual slowdown of processes -- here are some tips for reversing that situation:
http://www.pcworld.com/howto/article/0,aid,114164,tk,dnWknd,00.asp
Here is another article on PC self-help, along with links to free and commercial sources of information, hardware, and software used in managing and maintaining PCs:
http://www.pcmag.com/article2/0,1759,1544176,00.asp
http://www.pcworld.com/news/article/0,aid,114418,tk,dn012304X,00.asp
Weaning oneself off Windows and migrating to another operating system [Linux, in the case of the indexed URL] is not something to be contemplated by the technologically faint of heart. Face it, people don't want to have to learn something different, even if in the end, it is also better. The problems and rewards are discussed here, and could serve as a source for internal position papers for organizations who would rather switch than fight.
For a more in-depth look at migrations, check out this article:
http://www.tomshardware.com/howto/20040329/index.html
which promises to be the first in a multipart series, and which provides checklists for use during actual migrations.
IBM has already provided a 9-part roadmap to moving from Windows to Linux:
http://www-106.ibm.com/developerworks/linux/library/l-roadmap.html
A similar take on OS X [made more similar, of course, by the BSD-UNIX roots of the latter operating system] can be found here:
http://www.pcworld.com/news/article/0,aid,114464,tk,wb020204x,00.asp
http://searchsecurity.techtarget.com/featuredTopic/0,290042,sid14_gci930122,00.html?track=NL-103
Intrusion detection systems are a cornerstone of effective network security, and an open-source tool, 'Snort', can be a valuable item in teaching how to use IDS. The indexed URL provides a range of resources explaining Snort and how to use it most effectively.
Intrusion detection or any other measure of security analysis is meaningless without effective incident response planning, and this is often neglected in organizations. Here are some resources to help with this:
http://searchsecurity.techtarget.com/featuredTopic/0,290042,sid14_gci944780,00.html?track=NL-363
http://www.irchelp.org/irchelp/security/
Internet Relay Chat is another of those temptations to network disaster that I resist on the grounds they Promote Rust, although there are times I have to use it. This starkly plain but fully-functional resource explains how to use IRC in the safest manner, and includes exploit news, Trojan attacks, DoS, downloading issues, a firewall FAC, general security, parental guides to IRC, IRC backdoors, IRC for administrators, how to find and report IRC abuse, and IRC's connection with hackers.
Since in the educational environment in particular, IRC may be an important method of participant communication, this represents another security site well worth bookmarking.
http://news.com.com/2100-1035_3-5173226.html
Even as we cope with the introduction of Gigabit Ethernet, a combination of falling equipment prices and new standards development is making 10 Gbit Ethernet look increasingly attractive. Not least of the attractors is its ability to run on copper cables [albeit 4-pair cables over a very short disgtance] -- it also promises to deliver a general application environment which can suit all existing and expected network demands.
Of course what we really need is a 10GBase-T standard, which is still a couple of years away -- but the fact that it is even envisaged certainly promises well for future network developments.
http://itmanagement.earthweb.com/career/article.php/3326031
This blog has previously detected grounds for some optimism that the worst of the withering employment blight in IT has receded. The current indexed article adduces more evidence to suggest that even with offshoring, we are looking at an improved IT employment picture. This can have obvious knock-on effects for education.
http://www.businessweek.com/technology/content/mar2004/tc20040316_6114_tc166.htm
The USA has enjoyed high-technology leadership for so long that it has come to be taken as a given. Now with increased outshoring and the flight of IT jobs to India and points west and north, fears mount that this leadership position is unsustainable. Clearly, in specific areas, ranging from cell-phones to passenger aircraft, the USA's lead has been eroded or eliminated.
When developing countries will fund new ventures in a wey that government in the USA cannot, this introduces potentials for additional competitive mismatch. Over-concentration on defence hardware development is one contributing factor, a reluctance to invest in long-term R&D is another, and a reduced higher education graduating cadre in science and technology is a third. Of course a nation which rewards its lawyers far more than its technologists is bound to develop an educational output which corresponds to this reward system. The fact that other countries have started recognizing the 'brain drain' only exacerbates this.
The fact that the USA still has a climate most congenial to intellectual innovation is one of the few cards it has left to play in this game. With such an obvious way to maximize public benefits, one could almost expect governments to start chipping away at the university system. This race is by no means over, and the outcome is by no means a sure thing.
Related articles on technology competitiveness are indexed in article sidebars.
http://www.csoonline.com/read/020104/perimeter.html
Something as complicated as network security, especially when the InterNet is factored in, relies on metaphors for general understanding, but the models of perimeter security based on individual bastions is increasingly meaningless in an environment where 'inside' and 'outside' the firewall is a term with less and less precision. Mobile computing and wireless are two major contributors to this.
Am effective defensive model for this new security environment requires a combination of the concrete and the abstract. Defense in depth cannot be founded on a static security model, but the fact that there is no fixed starting point makes finishing the journey difficult. Alternatives are discussed in this article, and sidebars index a number of related articles as well.
http://www.businessweek.com/magazine/content/04_11/b3874102.htm
This blog tends to concentrate on the here and now, only occasionally lifting its head from the quotidian trought to look into the future for inspiration and things upon which to ruminate. Quantum computing is one of those things, which has been mentioned in this blog before. Here is another review of the prospects and progress being made in this technology, which certainly has the potential to remake the computing and security landscape.
http://www.eweek.com/article2/0,1759,1545612,00.asp
The indexed article examines the 2.6 major revision of the Linux kernel and finds it has made significant improvements for enterprise support. Of course in the production environment, you want an integrated distribution, not merely a kernel, and one example, 'Fedora', is reviewed here:
http://www.eweek.com/article2/0,1759,1542890,00.asp
The equivalent offering from SuSE is discussed and reviewed in these two articles:
http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-145-1-1-618817-6964-1
http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-145-1-1-618817-6967-1
On a related note, in the educational environment, the ability to run a Linux distribution from CD can be a valuable attribute in teaching as well as for laboratory work, and a two-part article on this can be found here:
http://www.extremetech.com/article2/0,1558,1457025,00.asp
http://www.extremetech.com/article2/0,1558,1544559,00.asp
with the drawbacks and advantages of this approach clearly detailed.
http://seattletimes.nwsource.com/html/businesstechnology/2001873909_btchipbackfire08.html
I have always thought that the RamBus litigation saga showed a company operating at its very worst [at least until SCO came along!], and was pleased when RamBus got whacked in court -- the good guys win one for a change, I thought! Alas, I discounted the ability of the USA legal system to fold on itself like liquid orgami, and now RamBus is out of the woods and looking for new vic--ah, targets, to sue.
This article gives a gloss on the complicated history, and also suggests that common sense may hold RamBus back from further excesses. Since a lack of this widely available commodity seems to be shared by the information technology and legal industries, I am not holding my breath here.
Some indication that this was a prudent decision on my part is suggested by the fact that RamBus has gone back to court once more:
http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-200-1-1-618817-8735-1
http://www.spywareguide.com/articles/
Not only is spyware a security problem [because some variants leave your system at risk to outsiders] and a performance problem [it is indicted as the cause of many system crashes], but it is also something which impacts most users personally. This leads to a high degree of dudgeon, so sources and resources to provide information and product reviews are well worth collecting.
The main site here allows you to find out about spyware, presenting lists of categories, online tools, product reviews, a mailing list, and education on this class of malware. The indexed URL lists some two dozen papers on aspects of spyware which can support a research project or spark classroom discussion.
The nastiness of spyware [not least in the lack of trust it inculcates between InterNet software suppliers and the using public] requires responses, and this on-line guide contains sections on Lookup Spyware, List of Spyware, List of Categories, and List of Companies; Terms & Definitions and FAQs; online detection and removal tools; plus introductory information, how-tos, and an extensive set of classified product reviews.
http://www.theregister.co.uk/content/30/33967.html
If you do multiple-choice quizzes in your classroom, and you have been doing it for a few years, you may find your test banks, your imagination, and your patience all running out at the same time. Here is a tongue-in-cheek MCQ series which will certainly demonstrate IT competence in the real world, so you might consider slipping one of these in from time to time....
http://www.WindowSecurity.com/pages/article.asp?id=1313
For an individual machine, a software firewall can often be sufficient [although of course it should not be regarded as a security panacea], but for a server or other high-end resource, a hardware firewall [and often more than one of them] is definitely indicated.
How to tell which one is best? This white paper, "Comparing Firewall Features", presents an evaluative structure which will let you decide.
http://www.ists.dartmouth.edu/
If you want to access the resources of a major research institute on cybersecurity and cyberterrorism, you merely have to follow the above link. The institute provides an extensive description of its activities, which are certainly interesting in their own right. It also provides a heaping helping of security resources.
While the searchable site is cleanly laid-out in an elegant presentation, you must realize that its structure contains considerable depths, and you will get the best feel for what this site can do for you by poking around and reading carefully -- expect to take more than 5 minutes doing this.
The result may be a permanent reward for anyone teacing any aspect of IT security studies.
http://www.freep.com/money/tech/mwend4_20040304.htm
Article discussing a study by Michigan State University of a state demonstration project that gave laptops to 7,000 grade-school children. The results of the study suggest that such distribution is a win for all concerned, parents, teachers, and students in terms of the study being done. The study also noted problems, but indicated the benefits far outweighed the costs.
This is by no means an uncontroversial area of study, but should these findings be sustained by additional research, the relatively low cost of student-capable laptops may mean this technology really has a place in the grade-school classroom.
http://www.nexusmagazine.com/articles/InformationControl.html
"Que custodiet custodiens?" was the Roman expression of worry over control -- we might look at it as "who is informing the informers". The referenced article comes from an admittedly fringe magazine, but the issues it addresses are so salient [and just because of that, so likely to be ignored in the mass media] that it is certainly worth taking the time to wade through it.
My private take on this is than in North America, much of Europe, and the Pacific Rim nations, people have such a well-developed sense of skepticism that the extent to which media can be used for social control is much more limited than this article suggests. But then, perhaps I am myself brainwashed....
How all this relates to IT? Because IT in general and the InterNet in particular represent forms of media of unparalled speed, power, and flexibility.
http://tools.rosinstrument.com/proxy/howto.htm
There are times you don't want to leave traces on the InterNet, and there may be nothing particularly sinister about this. While pressures for authentication may reduce the impact of anonymous Net use, right now it still is a powerful technique, but it is by no means self-evident. This online guide goes into considerable detail on how to do this, along with discussing proxies, and providing a list of links to proxy concepts. This information can also serve as a starter to what may prove quite vigorous discussions.
A downloadable, for-pay privacy tool which may be worth evaluating is available here:
http://www.iprivacytools.com/index.php
http://www.theregister.co.uk/content/6/35498.html
Article on and interview with Jim Griffin, who suggests that the advent of high-speed wireless spells the doom of DRM and the lock-down model. Historically, such models have failed in the past, and he suggests an alternative flat-fee licencing scheme which would reward producers without penalizing producers.
It all sounds very seductive, but knowing the effort Microsoft has put into DRM, I am not sure another model will prevail, even if people desire it. The author uses the anology of the satellite broadcast providers being able to carry major channels, as being forced by public opinion. The power of public opinion has declined markedly since then, and Microsoft is a lot more resistant than the satellite broadcasters were.
http://www.securityfocus.com/infocus/1763
http://securityfocus.com/infocus/1766
A two-part well-referenced article [the link to the first part appears at the end of the second, but the first part has no link to the second -- hence both links] by a noted expert on spam, the battle against it, and the security issues involved [identity theft, malware propagation, and combined exploits].
Filters are seen as limited, at best. Reverse lookup will help control header forgeries, but will leave those whose domains do not host a mail server out in the cold, while also causing problems for mobile computing. Challenge systems and cryptographic systems also have their limitations.
The conclusion to this article is rather depressing: "...a good solution today is unlikely to be a good solution tomorrow".
A related white paper, discussing "E-mail spam: Is it a Security Issue?", is available here:
http://www.WindowSecurity.com/pages/article.asp?id=1311
Another article, indicating that the spammers are 'winning' this war [of course, their 'victory' will prove disgustingly barren], with indications that 80% of USA e-mail traffic is spam, can be read here:
http://www.baltimoresun.com/technology/bal-te.spam14mar14,0,3015793.story
The technology of turning intermediate machines into spam zombies exacerbates the problem -- and increases the desirability for condign punishment for the perpetrators.
http://www.extremetech.com/article2/0,1558,1540478,00.asp
Find that beige tower to really be less rather than more? This Web page will show you that you have computer case alternatives of which you never dreamed, and each case specification leads to a review of the case in question. The idea of spending several hundred dollars on a distinctive components enclosure appeals to me, if I could just figure out what to do with one of the two identical beige boxes I already possess....
http://www.eweek.com/article2/0,1759,1540556,00.asp
The Apple Filing Protocol used in the 'Panther' version of OS X was revealed to have a security weakness allowing a malefactor to steal passwords or data. I have remarked before about Mac enthusiasts chortling about their relative immunity to vulnerabilities. Once again, we see that no operating system is perfect [even though a variety of circumstances may make OS X less vulnerable, the difference is one of degree and not of kind.] The indexed article discusses the problem at some length.
http://news.com.com/2100-1026_3-5166887.html
A long 5 years after the imposition of a ban on publishing the DeCSS DVD cracking tool on the InterNet, the California Court of Appeals overturned the injunction on the basis that it burdened free speech unnecessarily. This rare victory for common sense and the meaning of constitutional law is described in a link-filled article summarizing the state of play in the DVD copy world.
Why a common-sense approach like that taken to VCRs has not been adopted by the industries involved in this case continues to escape my understanding, except perhaps as an indication of the degree to which corporate community obligation has withered in the 30 years since the VCR landmark rulings.
http://www.cioupdate.com/trends/article.php/3320021
Given that displays are the major means whereby we interact with computers, a consideration of what is likely to happen in the future is certainly worthwhile. This short article suggests five technologies are rolling out, changing things as they do so:
1) Organic Light-Emitting Diodes [OLEDs] eliminate the need for a backlight, producing a brighter, faster flat-screen image;
2) 3D without the need for imaging glasses is now available as a desktop technology;
3) Digital Light Processing for high-quality large-screen images;
4) Bistable displays for relatively permanent information, which can continue to display the image without constant power; and
5) Field Emission Displays [FEDs] allow the creation of CRT displays which are just as compact as flat screens, with considerably better resolution abilities.
These technologies will literally change the way we look at computers.
http://www.wired.com/news/technology/0,1282,62562,00.html
Concern about the environmental effects of discarded IT equipment has been expressed for many years, with impressive statistical documentation. This article summarizes a UN report on the environmental impact of computer manufacture, which raises another aspect of the issue. It turns out the impact of manufacturing a computer are on par with most other major industrial products, in terms of resource use [most particularly, large amounts of water used in cooling during the production process]. The key to minimizing the environmental impact of computing is to keep existing machines running as long as possible.
With a standard lifespan of two years, computer systems could, in theory be upgraded to minimize the impact of replacing the case, keyboard, etc. In practice, new machines are so cheap that upgrading, prima facie makes no economic sense. Perhaps a deeper investigation and accounting is needed to make the sums balance in this case.
http://www.internetnews.com/xSP/article.php/3319021
Client/server networks have ruled the roost in terms of the ace and duce of network pipering, with peer-to-peer networks relegated to the humble workgroup. Now, technological developments have raised peering to higher importance, both within and outside the organization, as this article discusses. The original thrust for improved peering resulted from music file-sharing initiatives, but the technology scales well to the needs for internal information exchange within and among organizations, and a major lineup of heavy hitters including Intel and Microsoft are engaged in peer-to-peer research and implementation.
http://www.osnews.com/search.php?search=blachford
The indexed URL displays a page of articles, including a 7-part series on the future of computing [oddly enough, none of the individual parts link to one another, which is why I had to index this search page instead]. It reflects the ruminations of an interested observer rather than an academic expert, and could be useful in the classroom as a scorecard, as well as stimulating discussion or research papers.
Since the search displays all the author's articles, a number of other interesting computer-related articles are also displayed here.
http://www.crime-research.org/news/29.02.2004/95
Brief description of the InterNet scam called 'phishing', where a fake site location is sent to the victim through e-mail, in order to gather information that the victim would expect to enter at the valid site. This is a growing problem, and some experiences of involved institutions are discussed here.
As if this was not enough, the risk of cyberterrorism has been raised in this article:
http://www.crime-research.org/news/28.02.2004/92
This article details some analysis showing that January, 2004 established new records for Net-borne malware:
http://www.crime-research.org/news/26.02.2004/83
The costs of Net fraud are in the same ballpark as global e-commerce incomes, according to this article:
http://www.crime-research.org/news/24.02.2004/internet_fraud_1
Problems of dysfunctional behaviour on the Net have been addressed previously in this blog.
http://www.linuxinsider.com/perl/story/33089.html
Seasoned computer professionals can recognize the difference between Linux and Windows seven times out of nine, but that is not quite the issue being raised in this article, which is differentiation -- the change in value an organization realizes from implementing one solution rather than the other. Unsurprisingly given its venue, the article comes to the conclusion that the market-driven nature of Windows results in bass-ackward engineering, striving for features first, and layering compatibility afterwards.
One thought strikes immediately: it may well be less Microsoft's being driven by the market which is the problem, if any exists, and more Microsoft's misperception of what the market it. This is particularly the case, I would argue, in the case of operating systems, where I think most IT professionals would choose stability over features any old day.
http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci944954,00.html?Offer=sb03012
Active Directory is an important foundation for Microsoft Windows security, and as it represents a working database, it must be secured itself. While the tip indexed by this URL provides only a brief overview of best practices for AD, it also admits that this subject is sufficiently deep that it will have to be revisited, and promises to do so.
One thing worth considering in managing security for an AD installation of any size is that third-party tools will probably be necessary for success.
http://www.nwfusion.com/best/2004/0223os.html?fsrc=rss-microsoft
Benchmarking and comparative testing are one of the most hotly disputed topics in IT -- it have been ever thus. The authors of the indexed article effectively admit that in their introduction, which pittedWindows Server 2003 against Novell NetWare, Red Hat Linux, Apple's OS X, and SUsE Linux. The result found that Server 2003 was the best performer.
Naturally, this result will be disputed by all the losing parties, often quite vigorously. It is, however, an interesting case study to assign to students, since they should read the report, look for any evidence of bias, and be able to give some estimate of how reliable the reported outcome really is.
http://searchwin2000.techtarget.com/infoCenter/tip/0,294276,sid1_gci951925.html?Offer=sb03013
With boot floppies going the way of the passenger pidgeon, Windows XP is supposed to be installed from CD. There will be rare cases, however, where a boot floppy is the only solution; although XP shipped without a boot disk creation utility, public demand assured its belated release. The download address for the tool itself is given as a hot link on this site, and it sounds like a useful item to have in an instructor's software toolkit.
http://news.com.com/2100-7344_3-5166155.html?tag=nefd_top
Article analysing server sales, showing that Linux servers enjoyed high-end growth towards the last quarter in 2003. That revenue built 63% to $960 million [still rather small compared to Microsoft figures of $3.9 billion]is testimony enough to the rapid adoption rate of Lunux, but that unit shipments only grew 53% suugests that more powerful versions of the Linux product are being served. This in turn suggests a growing role for Linux servers in high-perfomrance computing.
Inescapably, Microsoft views Linux as a top threat, particularly with the latter's higher growth rate. A rebound in IT spending is clearly on the way as part of these developments.
Related articles are linked to the one cited.
http://www.kernelthread.com/mac/oshistory/
The history of an operating system can be an interesting subject of itself, and the histories of Linux and Windows are fairly well publicized. Apple, being Apple, is a little different, so here is an excellent and thorough discussion of Apple OS development, up to and including OS X.
http://www.trendmicro.com/en/security/white-papers/overview.htm
The URL indexes the Secuirty Information white papers section of the Trend Micro site, with nearly a dozen papers directly relevant to malware and secuity problems. These papers are downloadable in .PDF format.
In addition to their products, the site offers a Weekly Virus Report, a Virus Map and a Virus Encyclopedia, downloadable test files, general virus tnformation, Webmaster Tools, and a description of onging research/development at TrendLabs.
http://www3.ca.com/solutions/collateral.asp?CID=33504&ID=1128&CCT=
Policies represent the grey underside of networking -- in the educational context, partly because it is very difficult to create meaningful practical examples, most students summon less enthusiasm for them than they do for wet blotting paper. Yet policies are a major management tool, and effective antivirus protection is impossible without them.
The indexed URL links to the Computer Associates Virus Information Center, and discusses antivirus policies in terms of policy effectiveness, policy principles, and policy constants. Given that the site sponsor sells antivirus software, there may be a note of 'special pleading' here, but this is nevertheless a useful stimulant to the development and discussion of policy in the classroom environment.
http://www.tcpipguide.com/?pctext
The best things in life are free, and so are the vast majority of items in this blog -- so when I make an exception, it represents something I consider important. This Web site is free to access, but it is in fact selling something: a 1,500-page reference resource to TCP/IP in all its gory detail. It is an electronic text, downloadable for U$39.99, or available on CD-ROM for $10.00 more. The site explains what the Guide is and does, with ordering information, news, testimonials, features, contents overview, a large array of samples, version history, and errata.
Since TCP/IP is one of those 'plate of spaghetti' topics with no obvious starting point, having a hyperlinked reference text may prove an invaluable learning tool to a networking topic many students find hard going.
http://www.cs.dartmouth.edu/~carlo/research/tr2004-489.pdf
A white paper covering an aspect of networking security which, because of its complexity, can get glossed over: "Keyjacking: The Surprising Insecurity of Client-side SSL". The client-side vulnerabilities are discussed in detail -- this is a good antidote to a lot of the security 'happy talk' which tends to predominate in certification resources discussing this subject.
http://www.windowsdevcenter.com/
I tend to view IT education through the rather narrow keyhole of network administration, since that is my specialization, so I don't often include sites which are directed towards programming or database development. While this site certainly is devoted to Windows application development, there are a lot of interesting articles about security and server operations as well, making it well worth bookmarking for network training purposes.
http://networking.ittoolbox.com/news/dispnews.asp?i=110273&p=1
'Extranet' was once a concept with which to conjure, bringing the power of the InterNet into an organization for its private use. Like many other visions of a bold IT future, extranets have lost a bit of their bloom. The indexed article discusses why this has been the case, what has been learned, and argues that the extranet is still an idea with great organizational potential, providing a number of rules are followed [the one which will have most resonance with network administrators is the need for constant maintenance].
Students are often puzzled by extranets [or, as they are sometimes called, 'intranets'], and this article can dispel some of this. Another point worth hoisting inboard is the cost in initial and continuing terms of an extranet -- to adapt a phrase, nothing is quite so expensive as a mediocre extranet. It also re-emphasizes an issue which IT education must always keep front and centre -- the importance of the human element in systems application.
http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=17602029&classroom=
Grid computing is a hot topic, and one mentioned a number of times in this blog. It certainly promises to be a technology with major impacts on computing in general and networking in particular. The indexed article discusses grid computing's promises and perils in some detail, and provides some practical examples of existing grid computing initiatives.
In summary, grid computing represents an emerging technology which appears feasible, and which is having undeniable impact. It also represents such a clutch of risks that most corporate grid computing remains locked behind firewalls.
http://www.eweek.com/article2/0,4149,1525830,00.asp
Firewalls are a staple of the network security environment, and while they are not a panacea, they remain an important component of networking security, particularly for organizations connecting to the InterNet. The indexed article discusses the additional security available from perimeter firewalls implementing deep packet filtering technology. The power such firewalls bring to fighting malware certainly will offset their purchase costs and operational overhead in small and medium-sized networks, whereas tradeoffs need more careful evaluation in larger systems.
A number of related articles are linked in a sidebar.
http://seattlepi.nwsource.com/virgin/162079_virgin26.html
One of the most famous 'bad predictions' was the idea that the computerized office would be paperless [or very nearly so]. This pontifcation seemed reasonable at the time, and was argued most forceably and lucidly by F.W. Lancaster, who himself was an expert of no mean intellect. Except, of course, as this article observes, that the projection of a paperless future was entirely wrong.
Yet if our present is not paperless, pace the discussion here, it does seem to me that it is not as heavily papered as it otherwise might be. While it is true that our desks and filing cabinets are rife with paper, this is still just a patch on the volume of data stored electronically.
I certainly find myself using less paper in the past 5 years; whatever the ultimate results, this is an instructive case study to put before students, since it shows how technical potentials get subverted by humble human needs. It also can serve as an example of the need for disciplined scepticism in evaluating future trends [note that electronic information neither replaced paper nor was without impact -- the two media forms in fact co-existed] more effectively.
http://www.businessweek.com/technology/content/feb2004/tc20040225_7351_tc056.htm
No matter how successful it has been on the desktop [and the available evidence suggests that the success is really a matter of addressing niche markets effectively], Apple Computers has never been able to make major inroads into the server space. This in spite of the fact that there has been a strong corporate intitiative to raise Apple's presence in the server room, that the latest Apple servers are quite cost-competitive, and that in OS/X Apple has produced an extremely robust and attractive OS.
This article reviews Apple's history in its attempt to penetrate the server market discussing what has worked and what has not, and what Apple has to do in the future to have a chance of success. Without penetration into the server workspace, Apple educational programs can never gain much traction in the applied IT area.
http://whitepapers.comdex.com/data/detail?id=1076690398_357&type=RES&src=KA_RES
In most introductory networking classes, Wide Area Networks get pretty short shrift, because from the viewpoint of the LAN manager, they amount to a supplied service. This white paper: "Using the Internet to Increase Wide-Area Network Availability" discusses the issues relating to WAN connection management, providing students an inital view into this important aspect of LAN/WAN operational interaction.
http://www.extremetech.com/article2/0,3973,1228694,00.asp
While this blog is not devoted solely to RSS, I do feel it is worth mentioning because it has two dimensions:
1) It represents a communications technology which has the potential to be fully on par with e-mail or Web surfing; and
2) There are all sorts of creative ways to use RSS in the pursuit of information technology education goals.
In order to do this, software tools are needed, and the above URL reviews and discusses a number of such tools in detail.
A quick reference primer to what RSS is can be found here:
http://www.webreference.com/authoring/languages/xml/rss/intro/
One example of available feeds can be found here:
http://www.eweek.com/article2/0,4149,821413,00.asp
which also indexes feeds from related IT sources.
The perspective of an individual user on the power of RSS can be found here:
http://www.eweek.com/article2/0,4149,1536902,00.asp
http://www.extremetech.com/article2/0,3973,1537712,00.asp
Detailed article which looks at the recent decision of a USA District Judge ruling that a DVD backup software product [DVD-X-Copy] violates the DMCA. As a result the product was pulled from the market. The indexed discussion clarifies how this decision violates individual fair use rights in protecting corporate profits, while suggesting strategies to fight back.
Apart from its intrinsic interest, this is a useful subject for a case study of how technology affects and is affected by individual rights and the exercise of corporate power.
http://www.masternewmedia.org/2004/02/19/the_birth_of_the_newsmaster.htm
One of the few information technology constants is a swing between excess resources and excess capability, and nowhere is this more evident than in the management of news. The InterNet provides us an opportunity to be flooded with information -- the old 'drinking from a firehose' phenomenon. This article looks into the implications of RSS and similar tools to help manage this flow [continuing a previous thread of thought in this blog].
This comprehensive discussion, with loads of internal links, looks at the opportunity to use RSS as a means of filtering and niche creation, in order to manage the plethora of net content. The key point is that these tools enable social self-organization of Net information communities, a process with major implications which is just getting started.
The author offers more than theory -- he sells very reasonably priced toolkit on his site, to allow one to get up and running with this form of content development.
This is one of those technologies which, while of singular importance to site developers, is no less important to people who have relatively limited Web publishing experience -- in a manner analogous to blogs.
http://www.americanscientist.org/template/AssetDetail/assetid/29644
Computers have the gloss of modernity, and the emphasis is always on what's new, what's improved, what the next 'killer thing' will be. This article shows that the roots of current and upcoming computer technology are both old and deep [the Intel processor base and UNIX being two cases in point]. In part, potential future developments are overconstrained by the hand of the past, but in part, developments simply unfold in a 'natural' manner based on what has already been established. In this, computing really is no different from most technologies, which at any one time are an amalgam of the old and the new.
http://news.com.com/2008-1032-5164246.html
Spam is a significant and continuing problem for network managers, particularly those involved in backbone networking; it is a constant topic in this blog. The URL indexes an interview with a major spam-fighter which makes an interesting comparison: spam is like cancer -- it is not a single object, but a whole cluster of objects. This means that there will not be any 'single cure', and we also have to create cures which will not wind up killing the 'patient'. The article makes a particular point of the ineffectiveness of the current legal restrictions against spam compared to the effectiveness of the law outlawing junk faxes, suggesting some avenues for emulation.
A relevant related article here:
http://www.ecommercetimes.com/perl/story/32931.html
agrees with the thrust of the first article -- multiple approaches are needed to stop spam, including filtering [connection, SMTP, content, HTML tag, and Bayesian], URL domain blacklisting, delivery/processing rules, end-user education, and false positive prevention. The article has a sidebar listing related articles of interest.
http://www.csoonline.com/read/020104/shop.html
Just as the computing 'Grand Challenges' mentioned earlier in this blog stimulate the imagination and can act as a focus for research/study activity, so this article emulates such activity in the security field, presenting four grand challenges for security:
1. Eliminate epidemic-style attacks (viruses, worms, spam) within a decade.
2. Develop tools and principles allowing socially important large systems to be highly trustworthy despite being attractive targets.
3. Develop quantitative information-systems risk management to be robust as its financial equivalent within 10 years.
4. Give end users security controls they can understand and privacy they can control and which will be adequate for future needs.
The focus of this initiative is to emphasize strategic directions over tactical elements, in a security context where there is no time to be lost in effecting a cure.
http://www.informationweek.com/story/showArticle.jhtml?articleID=17700027
While the implications and revelations involving Radio Frequency ID chips have been touched upon in other entries in this blog, this thorough article (which also has sidebar links to a number of interesting related stories) clarifies the magnitude of what we are facing. We are going to create billions of remote sensors within a decade, producing a cascading torrent of data which brings to mind the grain silo scene in Witness.
How we handle this data, and what we do with it are questions addressed by this article. One of the problems is the tendency of data to exponentiate -- as RFID chips become more sophisticated they can report on more items of interest -- and each additional data item can imply billions of additional records. Policy management is as important here as any technical element.
Wal-Mart has been an early adaptor of this technology -- if every item it merchandises has a RFID chip, and all of the data they send are collected, we are talking about nearly 8 additional TB/day. This represents data collection which warms the hearts of storage manufacturers. The big mistake is to look at only the present of RFID -- those who consider its future can position themselves for a massive competitive advantage.
Another measured overview of the promises and perils of RFID can be found here:
http://www.discover.com/issues/mar-04/departments/emerging-technology/
http://www.mit-kmi.com/articles.cfm?DocID=384
Article indicating the degree to which the USA's National Security Agency is leading the way on a number of security issues:
* Secure interoperability between wireless and wired systems
* Iridium satellite security
* Creation of a database of wireless vulnerabilities
* Advanced encryption with emphasis on wireless systems
* Satellite connectivity
The technical details in the article give a good idea of the complexity and importance of this undertaking, which certainly seems necessary in today's networking security environment.
http://www.securecomputing.com/pdf/remoteinsecurity.pdf
Sometimes less really is more. The URL indexes a 4-page white paper titled "Remote Insecurity: How business travelers risk exposing their companies when remotely accessing company networks". This gives a number of common scenarios where travellers put their data and systems at risk; these can be a most stimulating source of discussion and can serve as the initial foundation for some interesting practical projects.
http://www.syllabus.com/campussecurity/index.asp
If security often seems like a bad dream, the unique situation of college campi make this venue seem like a nightmare of the bleakest hue. This site offers a variety of useful resources and links relating to the practice of security in higher education, in a well-laid out and easily used format. One thing worth considering is the greater educational value of being able to provide students in IT security with examples and studies which are relevant to their immediate surroundings. A sharper point is given to these considerations by massive and recent attacks at university and research facilities hosting high-performance computer projects: http://utilitycomputing.itworld.com/4829/040414gridattack/page_1.html with the potential [not apparently realized] to compromise scientific data. Since many of these systems were Solaris and Linux boxes, Microsoft cannot be blamed for this one. This could certainly serve as a case study of how hackers exploit vulnerabilities