Microsoft are trying to strong-arm the internet community into using their technology as a standard by pushing Sender ID. From November email sent to MSN or Hotmail that does not comply with the controversial method will be marked as spam.
Will this turn Hotmail into a walled garden rejecting mail from users of other systems who refuse to comply?
When does a blog stop being a blog? There’s a lot of nonsense talked about weblogs. Literally, they are nothing more than the product of a certain type of content management system but in practice these products tend to share certain characteristics which has given rise to an assumed definition. We all think we know what weblogs are and from our mutually incompatible, private definitions arise all manner of disagreements.
Weblogs are characterised by short, frequent bursts of writing in which the author reflects on news and opinion elsewhere and shares new discoveries or creations. They are often intermingled with personal opinion, thoughts and feelings that are more typical of a diary than traditional journalism.
The unique appeal of these works originally lay in this personal factor. The way the author invited comment and reflections on his or her posts. The way a community of shared interests could coalesce around a website run by an individual. They way a writer was motivated by passion rather than a paycheck.
And there’s the rub. Success in the field has brought financial rewards.
Many of the famed “A list” of weblogs such as Boing Boing, Gizmodo, Engadget, InstaPundit and Daily Kos are closer to traditional media businesses than the blogs I have been describing above even if they didn’t start that way. They’re old media in new new skins. They’ve lost that charm.
Microsoft can smell the money. Now it too wants to come to the party.
Marcus Ranum set up and managed the US President’s email server (whitehouse.gov) during its first year of operation. No one could doubt his security credentials. In this insightful Security Focus interview he shares his worries about the state of computer security and alleges that “80% of corporate desktops are infected with spyware, 15% of them are infected with keystroke loggers”.
The interview is depressing reading. He’s damning about the current state of computer security and fatalistic about the future.
I believe we’re making zero progress in computer security, and have been making zero progress for quite some time. Consider this: it’s 2005 and people still get viruses. How much progress are we making, really? If we can’t get a handle on relatively simple problems such as controlled execution and filesystem/kernel permissions, how much progress are we going to make on the really hard problems of security, such as dealing with transitive trust?
Before Linux users start congratulating themselves on their choice of operating system, we need to get Marcus Ranum to sit down with Linspire CEO Michael Robertson.
Linux, like Mac OS X, is championed as a secure operating system in comparison to Windows XP that, unpatched, will become infected within 20 minutes of connecting to the internet. Michael Robertson is threatening that reputation. He believes that running as root for daily tasks is not dangerous. Desktop users of his company’s distribution will be doing exactly that by default.
Creating a distro targetted at the less technologically literate that allows them to run as root as standard is a disaster waiting to happen.
Robertson defends himself by pointing out that they do have the option of creating non-root users but anyone who would consider that option is unlikely to be installing Linspire in the first place. It will make for disastrous PR for Linux as a desktop operating system when one of his target audience installs some malware in the near future thinking it’s a sexy videoclip of the latest tabloid pin-up and then wonders how their credit card details got stolen. Does anyone think that people will understand that Linspire isn’t Linux? All distributions will be tarred with the same brush in the popular imagination.
It’s as if Robertson has heard the words “running as root” enough times to think he knows what it means only to reveal a fatal ignorance with his decision. I want to say Marcus Ranum is to Planck what Michael Robertson is to Planck’s chauffer but it is not true. Robertson is a very intelligent man but for some reason he is flying in the face of conventional security advice.
Unix/Linux got to grips with controlled execution and filesystem/kernel permissions a long while ago. Dragging Linux back to the insecure by default model of Windows to make it easier to use seems foolishly short-sighted.
Still it might be nice to have some native viruses for Linux at last. So far, they’ve proved difficult to run under Wine.
IO ERROR explains how you can punish a particular form of bad behaviour.
“The sophisticated link spammer technique in common use now is to use some sort of script to harvest comment forms from a group of sites, then to fill in the fields appropriately, and a few hours or days later, to use a network of open proxy servers to relay the spam comments to thousands — or hundreds of thousands — of sites which use the same type of software. Repeatedly.”
His Bad Behavior plugin is a great first line of defence against automated comment spam. I recommend it.
“After winning the Nobel prize, Max Planck went around Germany giving talks. His chauffeur heard the talk so many times that he had it by heart, and so one time, he asked Max Planck if he could give the address. Planck agreed, they changed places, and the lecture came off famously. But then came the Q&A, with the very first question being one that the chauffeur had no hope of answering. The chauffeur replied: “I’m surprised to hear such an elementary question on high energy physics here in Munich. It’s so simple, I’ll let my chauffeur answer it.”
Tim O’Reilly shares this great apocryphal story to illustrate two kinds of knowledge, rote knowledge like that of the chauffer and deep knowledge like that of Planck. Senior managers sometimes have only rote knowledge and if their peers lack deep knowledge too then there are no checks on their collective ignorance and the consequences can be disastrous.
Site back up finally - and I have hot water again for the first time in six days.
Oh-oh-oh-oh-oh-oh-oh-oh-oh yeah-eah-eah-eah-eah-eah
I’ve got the power!
This site is going down in a few minutes time and will stay down for several hours while the electrician is working. Enjoy the silence.
UPDATE: site back up but will go down again tomorrow. The electrician turned up three hours late without the parts he knew he needed then disappeared again to buy them. Two and a half hours later he called to say he couldn’t get them today.
Tune in tomorrow for another display of incompetence.
Perhaps he’ll manage to short-circuit the entire building. Again.
Subscribers may have noticed a slight difference in the RSS feed for this site. You are now redirected to a version managed by FeedBurner. The main change is that my del.icio.us bookmarks will be spliced into the feed on a regular basis along with thumbnails of any new photos I get around to posting on flickr.
I was very impressed the other day by the announcement that FeedBurner were going to make it easy for people to leave if they weren’t happy with the service. I repect any company that is confident enough in their product not to need to lock in users.
Before this announcement, it was of course always possible to use mod_rewrite to forward requests for your feed to FeedBurner, giving you the option to opt out in future by removing the redirect from htaccess. Geeks always find a way.
To make this process easy to manage, I’ve used Steve Smith’s WordPress FeedBurner plugin which makes the transition painless.
If anyone experiences any trouble with the new feed and/or has any thoughts on it, please let me know.
There’s a new update for Bad Behavior the anti-spambot plugin, bringing it up to version 1.1.2. This fixes a problem with msnbot sometimes being blocked by accident and changes the ways logs are handled: get it while it’s still hot!
I’ve finally got around to upgrading Wordpress to 1.5.1.2 - I’d already patched the security holes and fixed the rss feed generation bug but had held off doing a full update until I knew I would have time to fix things if they went badly wrong.
As it was, the upgrade went without a hitch thanks to the excellent instructions in the Codex.
One of the reasons I wanted to upgrade was so that I could install Arne Brachhold’s Google sitemap generator. Google is already pretty good at indexing my site but I figure it can’t hurt to give them a hand. The plugin is easy to install and fairly straightforward to configure (the hardest thing is working out how often it is that you update).
Google will index items with the highest priority first. By default the plugin prioritises posts with the most comments. I’ve disabled this. The majority of my traffic comes from people looking for information found in old posts without comments.
Why these visitors do not leave comments is another question. Perhaps they are not satisfied with what they find, perhaps they don’t want to comment on what seems like an old post for fear that the moment has passed. Either way, assuming that what your current regular readers respond to the most is the most important thing on your site is to limit your exposure to potential future readers.