Port 80

I’ve previously written at length about the evolution of counterstrike security systems on the Internet. Now, through the Internet Censorship Explorer project of the University of Toronto’s CitizenLab, there’s word of a different form of counterstrike system. (William Gibson fans will appreciate the acronym of the Internet Censorship Explorer project, which I assume was deliberately chosen.)

While my article on counterstrike systems suggested that major corporations might use their bandwidth to attack malicious internet users, Lycos has taken a different approach and constructed a “reverse botnet.” Lycos has begun distributing a screensaver across Europe which uses a home computer’s idle CPU cycles and bandwidth to attack webservers associated with spammers. Although the Lycos website for this campaign uses the tagline “Make Love, not Spam,” what Lycos is actually making is a white-hat DDoS attack.

The legal implications of this system could prove to be interesting: In my previous post, I assumed that major corporations would have the legal clout to survive court challenges to corporate-owned counterstrike systems relatively unscathed. Likewise, Lycos may be too big a target for spammers to sue. However, the individual users who download the Lycos screensaver and participate in this campaign may not be. Furthermore, the disclaimer on the download page makes it very clear that in the event of a lawsuit, users are on their own: “The use of the screensaver and its function is the responsibility of the user. Lycos or the developer shall not be responsible for any loss or damage, of any kind, direct or indirect.”

It is important to note that while most users who participate in DDoS’s are victims of worms and virii, those who downloaded this screensaver knowingly chose to participate in a DDoS. This distinction will prove critical if any user are taken to court by hosting providers, as court rulings on this system may set a new precedent for establishing the limits and extent of the legal liability of those who participate in a DDoS attack. Are individual members of a DDoS network liable for all of the expenses incurred by the target, or just their portion of it? Do members of a DDoS network have to actively choose to participate in the DDoS in order to be held liable, or is failure to exercise due diligence enough to establish culpability for the consequences of the attack? Since the targets for the DDoS are provided by Lycos, can the users be held responsible for the DDoS of a specific target at all? The possibility of getting legal answers to these questions is reason enough to watch the progress of this experiment closely.

Water shapes its course according to the nature of the ground over which it flows; the soldier works out his victory in relation to the foe whom he is facing. Therefore, just as water retains no constant shape, so in warfare there are no constant conditions. — Sun Tzu, The Art of War

The web is surely a wonderful thing. A simple Google search can bring you information on almost any topic. Such as, oh, nitrogen tire inflation.

If you choose to scroll down the list of Google results for nitrogen tire inflation far enough, you’ll find a link to a previous weblog entry I wrote about the state of science education in the United States. (Nota Bene: This may not be true since the server change in December 2004. My argument still stands.) The gist of my point went something like this: Isn’t it depressing that tire stores run commercials advertising that it’s safe to mix air with nitrogen, given that anyone old enough to drive should know that air is 78% nitrogen?

However, Google doesn’t understand subtlety or the use of examples to make a point. All it understands is that the words “nitrogen tire inflation” had appeared in that post a fair number of times, and therefore that my post should be returned as a result whenever someone searches on those terms. For some combinations of search terms, I have been informed that my post is the first result returned by Google.

(more…)

Stephen den Beste once wrote that webloggers can be divided into two catagories: Linkers and thinkers. The former tend to find articles written by others and bring them to the attention of a larger audience. The latter tend to write longer posts, which focus mostly on generating original content or analysis.

Most of the time, I work in a “thinking” mode at this weblog. (Or, if that seems too strong a term for what I do here, a “poorly-directed rambling” mode.) In rare instances, I may write a post that does little more than provide a link to another website, and which contains no more than two or three paragraphs of commentary.

Part of this is due to my weblogging system, which requires a fair bit of work to add a new post. (This is deliberate - I like being forced to think over what I’m writing.) As a result, I tend towards infrequent, longer posts - shorter posts just aren’t worth my effort. However, this occasionally miffs me when I discover a particularly interesting piece elsewhere which isn’t enough to justify a full post to the weblog, but which I wish to share nonetheless.

That’s why I’m exited about del.icio.us. del.icio.us bills itself as a “social bookmark manage” - a site that allows users to share links they run across on the web, and which allows other users find your surfing interesting to keep track of what you’re adding to your bookmarks. I’m starting to use it as a very low-end “linking” blog, and will be posting odd articles I find about the web there. If you’re inclined to do the same, leave a comment - I’m interested to see what my readers are reading. (Yes, all two of you. Hi, Mom.)

Of course, del.icio.us has all of those essential features like RSS feeds, customizable preferences, an XML API, third-party clients - the list goes on and on, but why bother? I mean, for heaven’s sake, the site has “Social” in the name. It’s social networking! The next killer app! Why, start using this, and the next thing you know, you’ll be sipping chai in Starbucks and editing Wikipedia articles on Winer numbers through your smartphone which is hooked up to your WiFi laptop via Bluetooth. Really, hardwired broadband connections are so 1999.

This essay has been a long time in coming. I’ve posted hints of it before, but it is only in the past few months that I think I’ve gotten a good handle on what’s been bugging me about the stance of the “peace movement” within the Catholic Church. And it’s only yesterday that the entire picture crystallized for me, with a seemingly unrelated report: The French transported Yasser Arafat’s body out of the Paris hospital where he died with a full military honor guard.

(more…)