Monday, July 28, 2008

The Quest for the Ball?

Virginia at the park

Virginia likes the park because she's got freedom to play. I like it because it gives her a very large safe zone in which she can play, and I can play too. 8)

Wednesday, July 23, 2008

The future is Usenet, all over again

With the rise of Twitter, and the subsequent introduction of Laconica to federate things, I think I'm beginning to see the rhyme of history. Eventually we'll want to replicate everything in Usenet, but just a bit different
  • Anonymous posting will be prohibited
  • Tags will replace the hierarchy of groups
  • Digital Signatures will prevent forgery
  • All posts will have URIs so we can still link to them.
  • We still won't be able to markup hypertext. (a pet peeve)
  • Data will be streamed instead of batch mode.

There were a lot of things to like about Usenet
  • Push model saved bandwidth
  • Aggregation was built in
  • Group hierarchies helped increase signal to noise
  • It was federated from the start
  • Binary attachments were supported
So, we'll get some new hybrid which will help us adapt to the contemporary demands of the internet. I believe that a new push infrastructure is on its way. If done right, we could even get rid of Email and the spam problem, but that's story.

Tuesday, July 15, 2008

DNS -- It's worse than I thought - Technical version

As most of you know, DNS (Domain Name Service) is the system by which names such as www.apcu.org get translated into numbers that the computer can use to connect to systems on the internet.

There is a very deep and serious flaw in design of DNS which affects virtually everyone, which was recently discovered. The technical details of this flaw are still being kept secret, but it has been disclosed that part of it involves the nature of requests from DNS clients when they do a "recursive" lookup. Here's a link that explains the details: http://www.inetdaemon.com/tutorials/internet/dns/recursive.shtml

It appears that if you know what someone is asking for, you can answer their next question, even if you're not supposed to. This means that you can't trust the answers from your DNS if it happens to be one of the vulnerable ones. (The ones that haven't been patched yet)

The situation is complicated, and made worse by the NAT (Network Address Translation) that we all use to share an internet connection among more than one computer. All of those Linksys, Belkin, Dlink, etc… devices we bought make it easier to guess the next question… if your DNS is behind one of them. This means that anyone with a Windows Domain, or Linux Server who has their own DNS now has to consider moving the DNS back outside the NAT… which isn't a nice prospect.

The DNS clients built into ALL of our PCs need to be updated as well. This means doing Windows Updates for ALL of your PCs

Fortunately, there is a tool to help you test your system (not just your DNS, but the whole chain) to see how you will fare (it's not a guarantee, but a guideline) available online at:

http://www.doxpara.com/

It's on the right side of the screen… conviniently labeled "Check My DNS".

It turns out I'm ok at home because ComCast has patched the servers I use… but I've got a ton of work to do at work.

There will be full public disclosure of the vulnerablity on August 6, 2008. I strongly urge you to use this time to get ALL of your systems tested and patched appropriately before the hackers of the world learn the details.

I'll be spending a lot of time on this… and so will most of you, it's far better to do it now than to have to clean up a mess afterwards. (When you can't trust your DNS to get the patches, etc!)