PCWorld’s 25 Worst Tech Products of All Time

Also found while visiting Gizmodo:  The 25 Worst Tech Products of All Time.

AOL makes the top of the list.  I can't say I disagree.  Enjoy the read.

Phone bills to get slightly smaller

I was visiting Gizmodo today and found a post with an update to a story I found out about a few months ago.  In 1898, the federal government enacted a tax on telephone calls to help pay for the Spanish-American War.  The war was only four months long but we're still paying the tax, 107+ years later.  Get more information at MyWireless.org.

<rant> This is why I'm always wary about taxes on the ballot  (or any piece of legislation up for a vote) that claim to be only temporary.  They convince you to vote for a tax by claiming you'll only be paying it for a few years.  Then, when the tax is set to expire, they put it up for renewal.  They encourage you to vote for it by saying "Voting yes for the tax will not increase the taxes you currently pay."  The renewal is either made permanent or it's continually put up for renewal each time it epires. 

The Patriot Act is similar.  It was enacted in 2001 and was to expire at the end of 2005.  In March of 2006, a four-year extension was voted through.  Who knows when this "temporary" Act will go away.  </rant>

Anyway…  Yay! for lower phone bills.

Windows Vista feature: ReadyBoost

I was reading Chris Pirillo’s blog today and found a post about a feature in Windows Vista: ReadyBoost. I went to Microsoft’s web site and found a page listing the feature within the performance features of Vista:

Windows Vista introduces a new concept in adding memory to a system. Windows ReadyBoost lets users use a removable flash memory device, such as a USB thumb drive, to improve system performance without opening the box. Windows ReadyBoost can improve system performance because it can retrieve data kept on the flash memory more quickly than it can retrieve data kept on the hard disk, decreasing the time you need to wait for your PC to respond.

Now, I don’t claim to be up on the technical details of flash memory. However, I was always under the understanding there was a limited number of times flash memory could be overwritten. I was reading in a computer magazine around 10 years ago about how you could only flash your BIOS 10,000 times because it was a flash memory limitation (OK…I know, “only” isn’t a word you tend to asssociate with the number 10,000). About 3 years ago, Microsoft sent me 4 32MB flash drives for attending one of their Windows Server 2003 Partner Readiness events. The packaging said it could be re-written approximately 100,000 times.

Every once in a while, I read articles talking about replacing hard drives in laptops with flash drives. I’m sitting here wondering about the practicality of this. Think about how often the swap file must be written to. I’ve been on support calls where they’ve had me use regtrace. It’s amazing, the number of times the registry is written to during normal computer operation. Now, Microsoft has ReadyBoost. Again, I must wonder at the practicality. The flash drive will basically be an extension or RAM — just like the page file.

Last week, during my musings on flash drives replacing hard drives in laptops, I decided to search for limitations on the number of times flash drives can have their memory rewritten. My searching lead me to an article at AskLeo! that addressed my concern:

The “problem” is that memory can be flashed only so many times. I’m finding numbers between 10,000 and 100,000 times – though as with anything, I’m sure that is increasing over time as well. Regardless, there is a limit. When that limit is approached, some portion of the memory may not properly remember what was written to it, resulting in corruption. It may only take a single bit of information to be wrong, or to “wear out”, for the entire contents of a flash memory chip to be lost.

Hmm. However, that’s followed up by this:

Some flash memory chips, perhaps even most, now also include circuitry to avoid “bad bits”. Meaning that if portion of the flash memory finally wears out and goes bad, the chip itself can compensate and look like everything is fine. But that only lasts so long … it doesn’t prevent failure, it only postpones it.

So there you go. Sure, 100,000 is a lot of times. For regular file archiving or transport, you’re extremely unlikely to re-write any of the flash cells on a flash drive 100,000 times before you’d be looking into upgrading to a higher capacity. However, the number of times RAM and a swap file get written to can add up very quickly. I’m interested to see how this ends up playing out.

Black Frog

Goodbye Blue Frog.  Hello Black Frog.

Out of the ashes comes Black Frog, part of a project that is apparently willing to become a flag bearer in the fight against spam. The project, dubbed Okopipi, is developing the Black Frog antispam software and service as an open-source project, according to the group's wiki.

News.com Link.

Okopipi Wiki.

There's been a lot of debate about whether the Blue Security was a misguided attempt at vigilanteism.  I'm kind of up in the air on the issue.  I lean towards the Blue Security camp, though.  I feel like somebody should be fighting against the low-life spammers.  Responding to an e-mail with your own response (a single response to a single e-mail) seems like a fairly reasonable strategy.  What happens is the web servers the spammers have have far less capacity than the thousands of zombies they send their unwanted crap from.  The spammers are affected.  Unfortunately, they do have their thousands of zombies and can use them for damaging attacks on the Internet itself. 

Oh, well.  Time for bed.

Symantec AV E-mail Tools are Poison to Windows Servers

So… I was at a client until 4:30 AM earlier this week, dealing with an e-mail problem.  This ended up not being the issue, but I found it quite interesting when Symantec brought it to my attention:

The Symantec AntiVirus client installation is supported on a Windows Server only when the Internet Email Tools or email plug-ins are not installed. If you install Symantec AntiVirus client with Internet Email Tools or email plug-ins on a Windows server, high memory usage or other unpredictable behavior may occur.

You can read the article here.  The document ID is 2005072509135548. 

Interestingly enough, the installer allows you to install the e-mail tools on a Windows server without so much as a prompt.  I can understand the potential need for the e-mail tools on a Windows server:  if you're running a terminal server and allow users to run Outlook from it.  However, there should at least be some kind of notice of the potential problems.

Additionally, the support person I was talking to said uninstallation of the e-mail tools was not a guarantee of fixing the problem.  Nice.

Biggest. Web Defacement Attack. Evar!

Stolen from Sunblet:

Yesterday the Turkish cracker going by the handle "Iskorpitx", succesfully hacked 21,549 websites in one shot (plus 17,000 as our last update) and defaced (on a secondary page) all of them with a message showing the Turkish flag (with AtaTurk face on it) and reporting:

"HACKED BY iSKORPiTX

(TURKISH HACKER)

FUCKED ARMANIAN-FUCKED FRANCE-FUCKED GREECE-FUCKED PKK TERROR

iscorpitx, marque du monde, présente ses salutations à tout le monde. "

Link.

Wow. Just…wow. I wonder how long it took to accumulate that many compromised sites? I also wonder how many of the sites were on the same server? I haven't fully looked into this to see what the deal is. I'll try to later: back to work.

On OS X security

Mac enthusiasts always like to tout the security of OS X. Leo Laporte even says how he doesn't even run antivirus on his Macs. I think he, and many other Mac users, are flirting with disaster. I actually ran my PC's for several years without antivirus. But I was probably very lucky.

The problem is software is written by humans (who make mistakes). Even the various "security" software products used to lockdown PCs and networks have flaws and need to be updated periodically to patch flaws and vulnerabilities (even Apple issues security updates for OS X from time to time). When you're talking operating systems, you're dealing with millions of lines of code, within thousands of modules, written by hundreds — if not, thousands — of people. These modules have any number of interactions with other modules that were written by others. Humans are fallible and unable to make accurate and reliable correlations with that much information. Computers don't have the intelligence to validate complex code interactions for its security.

There truth is there have been far fewer people intensely looking for vulnerabilities in OS X than in Windows. Given the lack of market share of the Mac, there just hasn't been that much interest. In the past, the interest was in having the most widespread effect as possible in your exploits — mostly for attention and chest thumping. Now, it's all about the the volume of systems you have under your control to rent out to spyware purveyors and other ne'er-do-wells. Mac enthusiasts making claims to the superior security of OS X is an invitation to crackers to uncover vulnerabilities in their system out of sheer spite.

On the other hand, there's still the small market share issue and OS X might be considered not worth the effort. /shrug

Symantec is feeling the heat from Microsoft

Symantec's CEO, John Thompson, delivers a volley of marketing hype at Microsoft.

"Our strategy is to out-innovate Microsoft. We know more about security than they ever will," Thompson said.

Just because you might know more about security now doesn't mean you will in the future.

Last month, Thompson branded the software giant a "Johnny-come-lately" into the security market.

Microsoft was "Johnny-come-lately" to the Internet, as well.  Look what happened there.  I'm not saying IE is the best browser:  I'm just pointing out their market share and what they did to Netscape.

My employer participates in the partner progrmas at both Microsoft and Symantec.  I have no great love of Microsoft over Symantec.  I currently use Symantec products for my personal desktop protection.  I don't know what I'll go with when Microsoft brings their products to market but I'm certainly not going to jump right in and be an early adopter.  I'll stick with Symantec until Microsoft's products both prove themselves to be  sufficiently capable and win my desire to use them.

I just like shooting down hype and statements that are incongruous with reality.

Expensive cars the easiest to steal?

Check out this story over at c|net.  According to the story, high-end cars with keyless ignition fobs are getting stolen left and right in Europe.  It makes you think this RFID stuff (the technology used in keyless entry and keyless ignition fobs) is still half-baked.  Or maybe the makers of keyless ignition systems are completely baked.  How does it make sense to still be on 40-bit encryption?

How a keyless car gets stolen isn't exactly a state secret–much of the required knowledge is Basic Encryption 101. The authors of the Johns Hopkins/RSA study needed only to capture two challenge-and-response pairs from their intended target before cracking the encryption.

Brilliant.  Apparently, they're not planning on going to more powerful encryption any time soon.  My favorite part of the story: 

The authors also suggest that car owners wrap their keyless ignition fobs in tin foil when not in use to prevent active scanning attacks, and that automobile manufacturers place a protective cylinder around the ignition slot.

I love it:  tin-foil hats for your key fobs.  Classic.

Attention: E-mail administrators

Unfortunately, many companies don't have their DNS records completly configured.  Many smaller ISP's also have neglected  their DNS.

When many people set up their domains for e-mail they generally stop at the A and MX records.  The PTR, or reverse look-up record, generally gets overlooked.  The A record helps you find a system's IP address from a name.  For instance, if you wanted to visit Intel's web site, your computer will consult DNS for the A record for www.intel.com.   Querying DNS tells us the address is 198.175.96.33.  Your computer will go to that address when you browse to www.intel.com.

The MX record tells us which addresses handle e-mail for a particular domain.  When you want to send an e-mail to someone at Intel, your e-mail server queries DNS for the Intel's MX records.  Intel's MX records are mga01.intel.com, mga02.intel.com, and mga03.intel.com.  This means all three of those servers are capable of validly accepting mail for the intel.com domain.  Your e-mail server looke up the A records associated with these MX records and then has addresses it can send your e-mail to.

The PTR record operates opposite of the A record.  Where, with the A record you have the fully-qualified domain name of a computer and want the IP address, with the PTR record you have the IP address and want to know the fully-qualified domain name.

Reverse DNS allows you to use this PTR record to confirm whether an e-mail server is what it claims to be.  Say a spammer sends you an e-mail that claims to be from someone at Intel.  Your e-mail server could theoretically look at the IP address of the computer it receives the e-mail message from and through the PTR record, determine that the sender of the spam isn't really one of Intel's mail servers.  The FQDN the spammers PTR record would point to (if it was even configures) would tell your server the sender's IP address didn't even belong to a server in Intel's domain. 

One of the problems here is sometimes e-mail servers handle e-mail for several domains.  I have a client that manufactures a number of different products.  They have domain names for several of these products and receive mail on each of these domains.  Having a server for each of these domains would be rather expensive — especially given traffic for each of these domains is relatively low.  So, e-mail from most of their domains would come from an e-mail server whose A and PTR records would indicate a different domain name. 

The way AOL seems to implement reverse DNS lookups gets around this problem.  Their implementation isn't all that strict: all that's required is a fully-qualified domain name.  However, because AOL does this, a number of companies have spotty reliability when sending e-mail to AOL.  Their PTR records just aren't configured properly.  AOL is big enought to get away with it.  At this point, because the lack of PTR configuration is so common, none of my clients would be able to do this.  As soon as a client started having their e-mails blocked because their e-mail administrator never configured a PTR record I would have to stop using reverse DNS checks.  When AT&T Worldnet tried to implement it in 2003 they got quite a rude awakening and had to disable it within a day.

Reverse DNS can be a fairly strong tool in combatting spam.  We just need to get the e-mail adminstrators of the world on board and get their DNS records configured correctly. 

What I'm presenting here is really watered down and simplistic but I hope you get the picture.  I also sometimes have a tendency to leave stuff out because I'm usually writing for other technical people and they usually fill in the blanks themselves.  I realize some of my audience might not be that technical so let me know if I'm leaving glaring gaps.

Note: You won't necessarily create your PTR records with your DNS host.  Your ISP, who manages the IP addresses you're assigned will take care of your PTR records.  If your ISP and DNS host are one and the same, then Bob's your uncle.

Two great tools for DNS:
www.dnsstuff.com
www.dnsreport.com