Monday, July 28, 2008
The Quest for the Ball?
Virginia likes the park because she's got freedom to play. I like it because it gives her a very large safe zone in which she can play, and I can play too. 8)
Thursday, July 24, 2008
Wednesday, July 23, 2008
The future is Usenet, all over again
- Anonymous posting will be prohibited
- Tags will replace the hierarchy of groups
- Digital Signatures will prevent forgery
- All posts will have URIs so we can still link to them.
- We still won't be able to markup hypertext. (a pet peeve)
- Data will be streamed instead of batch mode.
There were a lot of things to like about Usenet
- Push model saved bandwidth
- Aggregation was built in
- Group hierarchies helped increase signal to noise
- It was federated from the start
- Binary attachments were supported
Tuesday, July 15, 2008
DNS -- It's worse than I thought - Technical version
As most of you know, DNS (Domain Name Service) is the system by which names such as www.apcu.org get translated into numbers that the computer can use to connect to systems on the internet.
There is a very deep and serious flaw in design of DNS which affects virtually everyone, which was recently discovered. The technical details of this flaw are still being kept secret, but it has been disclosed that part of it involves the nature of requests from DNS clients when they do a "recursive" lookup. Here's a link that explains the details: http://www.inetdaemon.com/tutorials/internet/dns/recursive.shtml
It appears that if you know what someone is asking for, you can answer their next question, even if you're not supposed to. This means that you can't trust the answers from your DNS if it happens to be one of the vulnerable ones. (The ones that haven't been patched yet)
The situation is complicated, and made worse by the NAT (Network Address Translation) that we all use to share an internet connection among more than one computer. All of those Linksys, Belkin, Dlink, etc… devices we bought make it easier to guess the next question… if your DNS is behind one of them. This means that anyone with a Windows Domain, or Linux Server who has their own DNS now has to consider moving the DNS back outside the NAT… which isn't a nice prospect.
The DNS clients built into ALL of our PCs need to be updated as well. This means doing Windows Updates for ALL of your PCs
Fortunately, there is a tool to help you test your system (not just your DNS, but the whole chain) to see how you will fare (it's not a guarantee, but a guideline) available online at:
It's on the right side of the screen… conviniently labeled "Check My DNS".
It turns out I'm ok at home because ComCast has patched the servers I use… but I've got a ton of work to do at work.
There will be full public disclosure of the vulnerablity on August 6, 2008. I strongly urge you to use this time to get ALL of your systems tested and patched appropriately before the hackers of the world learn the details.
I'll be spending a lot of time on this… and so will most of you, it's far better to do it now than to have to clean up a mess afterwards. (When you can't trust your DNS to get the patches, etc!)