Liudvikas Bukys

Via Dave Farber: [IP] 25,000 ton spam relay, with photos of it!]:

Steve Gillmor: BitTorrent and RSS Create Disruptive Revolution.

My first reaction: a good idea.

On second thought, it’s all a question of balance and tradeoffs.

• Most RSS publishers are low volume and the cost of supporting a small number of RSS pollers is insignificant.
• Since BitTorrent’s intended application is content distribution of large files, for small sites the cost of supporting BitTorrent downloads of tiny RSS files may exceed the cost of HTTP polling.
• At some point in the subscription curve, the multitude-of-pollers model becomes too costly and the publisher wishes they had figured out a content distribution mechanism instead.
• Sites transitioning from low-traffic to high-traffic HTTP slam their foreheads in just the same way. So it’s not a new issue.
• The solution for HTTP has been to wait until you need it, then build or buy high-end content distribution. Replicate. Akamize. This works, except when it doesn’t. (Most web servers are small and are subject to the SlashDot effect.)
• There is currently no trivial smooth transition from small to large.
• A low-overhead automatic ad-hoc content distribution network would be great for both RSS and HTML distribution. Maybe BitTorrent fits that bill, maybe something else. Further research is called for.

All chapters available for free download, courtesy of CRC Press: Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone: Handbook of Applied Cryptography

[via Dana Epp’s Weblog]

Intel Software Accelerates Development Of Computers That ‘Anticipate’ The Needs Of Users: Intel adds open-source
Probabilistic Networks Library to its already-released Computer Vision and Audio-Visual Speech Recognition libraries.

Robert Moskowitz (ICSA Labs) on WiFi SSID hiding (PDF):

Contrary to a common belief that the SSID is a WLAN security feature and its exposure a security risk, the SSID is nothing more than a wireless-space group label. It cannot be successfully hidden. Attempts to hide it will not only fail, but will negatively impact WLAN performance, and may result in additional exposure of the SSID to passive scanning. The performance impact of this misguided effort will be felt in multiple WLAN scenarios, including simple operations like joining a WLAN, and in significantly longer roaming times.

Trying to hide the SSID does not strengthen security in WLANs. The scarce resources of today s WLAN administrator are better spent tuning WLAN performance and operations with full SSID usage, and enhancing WLAN security by deploying modern security technology, such as link-layer encryption, and IEEE 802.1X authentication.

ABC News Online (Australia): Electric currents to control game players’ posture:

Japanese telecom giant NTT has succeeded in controlling human posture by applying weak electric currents and is aiming to use the technology to develop realistic simulation games, an official said on Monday.

Researchers have found they can control how human beings position themselves by sticking tiny electrode patches behind the ears, said Minako Sawaki, a planning division official for Nippon Telegraph and Telephone Corp’s Science and Core Technology Laboratory Group.

The electrodes are connected to a remote control device enabling a weak electric current to be administered to affect the part of the inner ear that controls the sense of balance.

Researchers found they could change the posture of people by manipulating the electric current, which is at an extremely low level, Minako Sawaki said.

NTT hopes to use the technology to develop more realistic games for driving and flight simulation, making players’ bodies lean as they corner or pull gravity inducing turns at the controls.

The Rise of the Spammers:

The person who has coded both the client and the master server (I think that is the same person) is an intelligent person, with strong knowledge of technology, just because there are too many things involved: thread and network programming, mail server modification adding new commands, mask feature, reports, binary auto-removal, UPX compression, …, she also reads the security vulnerabilities mailing lists (bugtraq, full-disclosure, …), and somehow finds out another ones (I haven’t been able to find my vulnerability described in the Internet).

CDT Report: “Ghosts in Our Machines: Background and Policy Proposals on the ‘Spyware’ Problem”, and

their invitation to join their campaign against “Spyware”.

Figby.com: Michael Moncur’s Weblog:

The Quotations Page offers RSS feeds to syndicate daily quotes. My logs show 74,257 requests for these files on a single day last week. Most downloaded the entire file despite the fact that it changes only once every 24 hours. Based on this, the RSS feeds use 157 MB of bandwidth per day. This is negligible to me (the rest of this busy site uses almost 5 GB per day) but I’ve had to do quite a bit of tweaking over the years to keep the sheer number of RSS requests from overwhelming the server.

In my case, a large part of the problem is Ximian Evolution, an information manager for the GNOME linux desktop. My feeds are included by default in every installation, which resulted in an effective distributed DOS attack against my site until I took measures against it. Thousands of sites using this software poll my site every 5 minutes.

Nearly 65% of my RSS requests are from Evolution. I have configured Apache to return a 403 error  code to these requests. I hate to make the feed useless for these clients, but I had no other choice since my bug reports to the Evolution coders have been consistently ignored, and it will cut my RSS bandwidth in half.