[ July 2008 ]

1. Australia, Net Neutrality

• how do you decide what should be rated and what rating you get?
• how do you control out-of-country sites ( well you can't can you )?
• who is going to do all this rating?

• educating your children is always important - parents and teachers are of paramount importance here
  
• don't try and hide the dangers of the internet - it just goes underground
• promote self-governance within families
• use content filtering software at home, and in schools and public places

2. Applications part 3: LAMP

• Linux
• Apache
• MySQL
• PHP

There are a number of reasons why this specific mix is used, some of which include cost ( none ), accessibility ( very accessible ) and customisability ( the source code is freely available ).

Linux and it's Unix cousins, are all-pervasive in the large-scale networking arena that drives the Internet due in part to it being secure and reliable. The rate of progress in development and the free-form community-based development process around Linux, result in a platform that dynamically changes in response to requirements. And quickly too.

Apache is based on the original networking code from NCSA's HTTPd server, with which Microsoft's IIS in fact shares some heritage. Apache's modularity ( it features a variety of features implemented as compiled modules, which extend core functionality ), security and customisation abilities have made it the darling of the web world. And not too mention it's cross-platform prowess.

MySQL's unique straddling of the commercial and Open Source arenas have resulted in an enterprise level product with a good rate of development and feature growth. And PHP's simple and open programming interfaces, combined with its simple integration with Apache result in an application platform that is unmatched in versatility, cost and ease of use. Lastly, the LAMP stack has also been ported to the MS Windows platform in the form of WAMP and XAMMP, pre-packaged versions of the LAMP stack. One of the drivers for this is making the stack easily accessible for programmers and web site developers.

3. DNS Security Issues

 The Internet's postal-equivalent addressing system has come under renewed attack in the last month or so, this from an inherent design flaw and not a programming bug, as is so often the case. When you send an email or surf to a web site, DNS is what converts the name-based address you've specified to a machine-based address call an IP address.

The DNS system has through bugs or design, been vulnerable to a consistent issue called DNS cache poisoning. The DNS system looks like one big upside down tree, with a number of primary level-1 root DNS servers at the top and an increasing number of levels below that are ever expanding. Each level speaks to the level above it to get information about name-to-IP conversions and stores the information locally ( cache ) for future queries of the same information. This way, lookups between lower level DNS servers and the higher levels are kept to a minimum. If you always queried the root servers, they would have to be far more powerful than they are currently ( 13 of them if I recall correctly ) and there would need to be many more of them.

If a higher level DNS server has incorrect or stale information, then a lower level server that queries it will now also contain incorrect information, and the problem gets propagated. DNS cache poisoning involves intentionally feeding incorrect information to vulnerable servers, the intent of which is to have that information propagate. If a user now does a lookup and expects to go to Google, he may end up instead at a different location.

Drive-by or phishing/pharming attacks make use of this to do a number of dangerous things:

• send a user unwittingly/unknowingly to a site which hosts malicious code
• create an equivalent looking site to the original, with the intent to fool the visitor into providing personal information including user names and passwords
• hijack corporate or business web sites and blackmail the owners thereafter

 4. Microsoft and its legal woes

The EU have targeted Microsoft's anti-competitive practices heavily in the last few years, something the US government didn't quite have the guts to do. Not content with getting Microsoft in line with regards to their Windows product, they also successfully had Microsoft open up documentation on some of their products and are now spearheading another court action that is looking into Microsoft's and ISO's poor behaviour in the farce that was the awarding of ISO status to Microsoft's OOXML specification.

Why is this important? Monopolies in world and local markets can lead to a stagnation of the specific market area, improper suppression of competing products/ideas and lack of development and improvements in that area. In addition, costs are not aligned with the possible reduction that comes as a result of competition. A free market becomes non-free.

The actions of the EU commission on competition has already resulted in a number of improvements in competing areas specifically involving Microsoft. A major triumph was the awarding of open documentation to the Samba group earlier this year. Samba develop a competing ( and superior in many ways ) file serving product to Microsoft's Windows Server and the continuous changes involved in Microsoft's file serving protocols over the years ( as well as it's poor programming practices in this regard ) have resulted in the Samba group having to continuously retrofit their product to maintain compatibility and provide fixes for Microsoft errors. In addition, without  the programming interfaces of Microsoft's protocols, they've followed a painstaking program of protocol reverse engineering that clearly detracts from spending time on more important things.

Another recent step forward in competition and compatibility is the release of Alfresco's Labs 3 enterprise CMS product ( albeit in beta form at this point ) that now features integration with Microsoft's Sharepoint Server. By exposing key interfaces in MS Office, Microsoft has finally ( grudgingly ) enabled others to providing integrated products and the resulting win for all. This is what free markets and open standards are all about. The fact is that Microsoft wins here and should start following a more rigorous program of opening up their applications to outside integration - competition grows the market, and increases development speeds and product quality.

5. This week's security

 6. Computing and Anthropology: YouTube