Main | September 2003 »

Six degrees of SoBig, or Worms --> Social Software

Increasingly common these days are the worms and virii that find prospective hosts by scanning
an infected host's Outlook address book for e-mail addresses. The most recent, of course, is SoBig.F,
the current worm du jour that's causing many a headache throughout the IT industry. SoBig
will not only scan an address book for its intended victims, but it goes one step further
to forge its own from: address to appear as though it's coming from someone you know.

In essence, this helps conceal the worm's angle of attack by making it appear to come from somewhere
that it has not.

While sifting through the hundreds of return e-mails I have been receiving from mail servers
across the globe, saying that I am infected and that my computer has been sending out copies of
the worm, I realized that since I'm not really infected this means that these people/servers sending me
warnings are one degree separated from me in the social network: they are in the address book of someone
who also has my address in their book. Essentially, they could be thought of as friends of friends.

My imagination took off. What if the worm was controlled, or at least monitored, by an overseeing intelligence
of some kind. If each copy reported its activities back to a central machine, for instance, that machine
could build an immense database which maps a huge portion of the social network that's layered on top of the
Internet (something that's being attempted, albeit in an above-the-board way, by Friendster).

Social Profiling

Imagine, just imagine, what could happen if such a database existed. For the sake of argument, we'll say you're
searching an online book merchant for the latest from Stephen Hawking. In the midst of your results,
the site mentions in a sidebar: "Books that your friends have been reading" along with a few suggestions. Scary stuff.

That's just one of the more benign ideas I've pondered. How about out-and-out social marketing. Prospective
customer X has received your mailer, and countless e-mail offers, and never responded. Well how about e-mailing
some of her buddies and associates: "Receive 10% off selected merchandise when _your friend_ places an order".

And of course, no discussion of social profiling could possibly be complete (though this one remains far from
complete anyway) without mentioning DARPA's Total Information Awareness, where your credit card purchases
could be linked with other consumer data to decide whether or not you're an unsavory character worthy of
surveilance. As far as I know, their plan stopped way short of its potential. With proper data, they could track
who is in your local social network, and link what THEY are buying as a group, which could be useful
in ferreting out terrorist cells who divide responsibilities instead of relying on the idea that one
individual would be the "purchasing agent" for the cell.

Are these possibilities all bad? You might be surprised to find that I'm not sure. While I advocate
and treasure my privacy, I recognize that public vs. private life is a tough distinction to make sometimes.
Maybe people are "leaking" data -- and rather than asking nicely for observers to stop observing and correlating,
we should instead be watching the watchers, and also making sure to prevent "data leakage" from the private
sphere into the public. How could I be irritated at a computer tracking where I shop for clothes, when
anybody I ever meet face-to-face can easily recognize the Express/Gap/whatever logo on my jeans? On the other hand,
there's only so much that one person could do with that bit of information, but large corporations have greater
ability to use and abuse simple facts.

Posted on August 25, 2003 | Permalink | Comments (0) | TrackBack

Protect Your Sneakernet

Worms and even anti-worm worms are proliferating today, as the Blaster worm and another worm trying to kill it are rapidly spreading and clogging networks all over the world. Smart admins patch their systems and firewall their networks in order to stave off infection, yet in the corporate world it's common to see networks compromised anyway... from the inside.

What can happen, and I've seen this happen IRL, is that a hardworking employee will take their laptop home, where they have Internet access of course, and as soon as they jack in they are exposed to the open network. Most home users do not employ firewalls or virus scanning, nor do they run system patches on time, thus the hardworking fellow winds up with the latest worm installed on their machine without a clue that they weren't protected. The next day they dutifully show up for work, and the worm awakens to begin aggressively scanning the internal corporate network for new hosts. Soon the whole network slows to a crawl, costing companies thousands if not millions in lost productivity.

This offline "jumping" of network firewalls is more and more common as laptops come down in price and grow in popularity, though its roots go way back to the early days of networking. I wasn't around in the true early days; I came upon the phenomenon known as Sneakernet only in the late 1980s when BBSs had 1200 or 2400 baud modem lines. Sneakernet is the alternative to wired electronic transmission whereby data is loaded onto a disk or tape and literally carried to its destination. We used to trade .zip and .arj files by Sneakernet as it was in many cases quicker than by modem, particularly since BBS users were often a tight-knit group that would party together in person as well as online.

Basically that's what these working Joes and Janes are doing- they don't use online mass storage for their work, or maybe they need to keep their home PC separate from their work PC, so they wind up carrying around data and applications by foot. Instead of a floppy disk they use their hard drives, and their unsecured home networks are prime breeding grounds for all kinds of nasty infestation.

I'm certainly not a security expert, but I know enough to run my patches and keep the firewall closed except for particular ports. Regular virus scanning and spyware detection also goes a long way. But what we need is to make security at home easy for normal people. I'm talking, easier than programming a VCR (which many people cannot figure out) - systems should ship secure by default. Many do, but we still need a social movement of sorts to help educate people about how to keep their systems up to snuff.

I submit that something as simple as knowing to get your oil changed every 3000 miles, with a reminder stuck to your windshield so you do not forget, would be a great start. Computers could ship with notices to get their systems audited by a local guy every so often, who would place a sticker on the monitor with a reminder about the next time an audit is due. The audit would consist of making sure all current patches have been run (the home user can do this, but the auditor would check up on it), run a virus scanner/make sure the installed service is still working and up-to-date, and run some spyware checks. Other system maintenance can be added in as necessary, this is just a list to get things started.

Automatic software updates are obviously not enough as we can see with the Blaster worm - behavioral change will get the best results. People have no problem going to a mechanic regularly to prevent problems, so a reasonably-priced IT audit service should have similar success.

Posted on August 20, 2003 | Permalink | Comments (0) | TrackBack

Jakob Nielsen on the T-mobile Sidekick

Usability guru Jakob Nielsen's Alertbox for this week gives a quick review of the Danger Hiptop (branded by T-Mobile as the Sidekick). He's been using his for about six months, while I have only had mine since the color model came out. While I agree with his points, I have to add that there are several nice touches on the Hiptop that I haven't seen mentioned in other reviews yet.

First and foremost is the @ key. There is a dedicated key for @, meaning that the smaller keyboard, which is slower to type on than a regular-sized keyboard, is a little easier to use than if you had to use a key combo. This is extremely useful for the Hiptop, where the focus is placed on mobile e-mail, web, and IM. Oh yeah, it's a phone too.

He also glosses over the fact that when you're reading long documents, you can use the space key to page down, and the @ key to page up -- as long as the cursor isn't currently inside a textbox. This corresponds nicely with Mozilla and IE on a desktop computer, and is much easier to use than the scroll wheel. I seem to be most comfortable with using the keys for larger paging movements, and the scroll wheel for selecting individual fields or controls on a page.

I intend on giving an in-depth review of the Sidekick from the perspective of usability and professional/personal use "in the field". Most of the reviews I've seen leave out many of the cool details, although they go out of the way to mention lack of syncing. Outlook syncing would be a good thing market-wise for the Hiptop to support, though I personally would prefer iSync compatibility for my personal data. Rumors had gone around in the past about a third party developing the sync capability, but only time will tell.

As for my in-depth review, that will have to wait for now. I'm not feeling my best so I will hit the sack and maybe get that review done sometime in the future. Just wanted to make sure I got the Alertbox written up.

Posted on August 18, 2003 | Permalink | Comments (0) | TrackBack

Bruce Tognazzini on Interaction Architects

If you're interested in or employed to conduct interaction design, Tog's article "It's Time We Got Respect" is a must-read. In short, Bruce is advocating a concerted effort at professionalizing and branding this field as Interaction Architecture, in order to bring uniformity in jobs and help on the salary front. Presently, there is no single universally-accepted job title for this function, which often results in lack of respect from others with heavier-sounding titles. I will be watching this with great interest.

Posted on August 16, 2003 | Permalink | Comments (0) | TrackBack

Jnode - Yet Another Java OS?

Jnode, a Java-based OS for x86 architectures, has grabbed my attention today. Since May of this year, they have gone from bare beginnings to a bootable CD image, with a CLI and some working filesystem functionality. There is even VGA graphics support and word is that they are nigh unto supporting AWT graphics.

This rate of progress is impressive for a small project- when I have more time freed up from my own projects I will be tempted to join in. My intent in mentioning Jnode here and now, which I still have yet to play with, is to maybe help it get some attention and persuade some people to help out (it's already been discussed on OSNews so I suspect it has all the attention it needs for now). It seems that even though there is much work to be done, once the groundwork is laid and Java apps can run this project could be quite useful, as there are tons and tons of Java apps already written and ready for use. The site makes mention of development using several emulators or VMs (Bochs, VMWare) but I will try and get it running in Virtual PC and will report back later. For now: it's Friday, 5:14pm, sunny outside, and I am still sitting at a computer. Think that will last? Ha! *poof*

Posted on August 15, 2003 | Permalink | Comments (0) | TrackBack

OSX + + X11 = Sweet!

This week, while working on a project during my off hours, I was confronted with the oh-so-common situation of being sent a Word document in order to make some changes and comments. Grrr... I only use Windows at work where I am forced to do so; at home I am a firm believer in using OSX for my main operating system. I'm not going to get into all of the reasons I went the Apple route, but for now it will suffice to mention that I haven't used anything UNIX since college (spent my time learning the ins and outs of NT administration for my job), so I am excited to have a BSD subsystem with which to play in addition to the pretty and insanely functional Aqua interface (it's a GUI and it's a conversation piece!).

Getting back to my predicament, I haven't purchased MS Office v.X, which cost around $500 last time I checked, so I was stuck. This document needed to be edited sooner than I could go purchase Office, or AppleWorks with the Word filters, or whatever. A glance through VersionTracker was under way, but before I browsed all the entries I remembered so there I went. (Maybe OpenOffice is listed on VT, but I have yet to go back and find out one way
or the other)

I salivated at the chance to pop the hood of my shiny BSD-based Mac, install some X11, and then tinker with the system until I could get OpenOffice to work. Unfortunately, I was to be denied the satisfaction. The X11 installer took only one or two clicks, and was done in a matter of minutes, while the OO installer was pretty much the same. Hats off to for outdoing many other open source projects' installation processes, and hats off to Apple for the ease of installation of their X11 on Jaguar.

Running OpenOffice was equally simple. The OO group bundles a small script that will launch X11 for you if you don't already have it running, and then it will launch OO- all in a double-click. And once it was running, I could edit the Word document with ease. I'm not much of a word processing user, so I can't say I ran it through its paces, but what little I did use was intuitive and quick. Couple this ease of installation and use, with Apple's rumored forthcoming office apps, and a future version of OO that has a native Aqua look and feel, and we have the beginnings of an office suite revolution. Long live competition!

Posted on August 14, 2003 | Permalink | Comments (0) | TrackBack

LindowsOS Gets Mainstream News Coverage

Could it be? A Linux-based OS actually makes an appearance on Fox News? Amazing stuff.
Consumer Reports does the occasional VNR in conjunction with Fox News, doing their usual comparison
and rating of various products and services. My local Fox affiliate airs these during the 10 o'clock
news, which I usually have on in the background while I'm hard at work clearing out my spam folder.
Last night, I was torn away from my computer screen, to look at the Lindows desktop being discussed
on Consumer Reports' review of low-cost PCs.

Of course, what do you expect from the mainstream media? Exactly what we got:

  1. Lindows isn't Windows, so you're not running Windows if you buy it.

  2. Lindows doesn't ship with tons of bundled apps like a Windows PC does

  3. Adding a printer is difficult

  4. The digital camera they tested didn't work immediately

Of the four main complaints, I would say the first two are primarily marketing hurdles that the Linux
movement must eventually overcome (and I believe it can happen). Once I suppress my urge to dismiss the
second two complaints as the reviewer not trying hard enough :-) I have to admit they are also valid.
I have yet to try Lindows, but apparently the printer adding is, as you would expect, Linux-ish. There
is nothing that just says "Add a Printer", though I suspect there will be something like that soon. Gotta
love competition and feedback huh?

The bit about the digital camera- they didn't elaborate on it enough for me to even guess if they could
get it to work or not with a little more effort, but again, the reviewer is probably an average PC
user, trying to comprehend what in his mind is a pale imitation of the Real Windows. His mindset
was no doubt geared to finding the ways Lindows is similar or dissimilar to "normal" operating systems
like Windows.

Now the marketer in me steps in, reminding myself that any coverage is good coverage. Linux isn't fighting a competitive
battle over quality. At this stage, it's purely about mindshare and awareness. While Linux is widely known
among advanced computer users and savvy businesspeople, believe me, the number of average people (what corporate types call "consumers") that have heard about it is probably less than half of what you think it is, maybe less.

Most people I talk to don't even consider the possibility that computers can operate in ways different than Windows provides... what's an operating system? "Oh, you mean Windows." Sigh...

Posted on August 14, 2003 | Permalink | Comments (0) | TrackBack

Web standards education - a great site!

I currently find myself in the position where I need to convey the benefits of standards compliance to my team at work. This is an interesting situation, as I'm accustomed to being the lone wolf in terms of how things are implemented, but my role is being redefined as one that's more team-oriented (we'll talk about the ins and outs of this later) so in order to begin moving towards a leadership position, I need tools to help explain some esoteric concepts to people who are primarily visually-oriented.

After some searching, I found I didn't have to reinvent the wheel. The site adopts a postcard theme in explaining some of the benefits of standards-compliance. Check out the "Links" postcard.

The site is perfect for web standards advocacy because it employs the techniques it describes (the techniques I intend to use) and results in a site that is more than acceptable visually- it's beautiful! Click around to the other postcards- they are a quick read and do a great job explaining the benefits.

Posted on August 12, 2003 | Permalink | Comments (1) | TrackBack