Mara's weblog

This month I find anumber of strange referer entries in my server log. Access to one of my pages comes from an unknown IP and is usually the only one from that address. They refer to non-existing sites or ones clearly advertising something.

I made a search and it's called referer spam. There are texts about it. Such spam is here for quite a long time.

It makes no sense at first. Web server logs are only seen by site administrator. So how can it work? The obvious solution is that administrator may be curious and click the link. The number of visits gained this way is small. There should be something more. And there is. Blogs.

Quite many blogs have dynamic list of sites refering to them. Referer spam changes such lists. That's not the main reason, however. Search engines browse sites and count refernences. The more sites link to yours (from referer spam or not), you get higher rate by the engine. That's how referer spam works. It places spammers sites higher in the ranking.

Having static pages has good points.

Cofee is, if not good, at least not bad as research shows. Good news :)

BBC has a stry about methods of reading bank PINs and password without opening their cover, using heavy light r similar techniques. It looks that it's much easier than expected.

Sending PINs by mail is not a good idea (you don't know who has access to the envelope), but widely used. Fortuantely, more and more banks allow you to choose your own PIN using electronic communication (encrypted).

The fact that there are not so many female developers ine the FLOSS world is clear for everyone. Reasons? Well... complex. Apache has now a list that is intended to help them start, as ZDNet writes. It's third such initiative I know, after Debian Women and KDE Women.

I have mixed feelings about such initiatives. They, however, help those with not enough self-confidence to jump into FLOSS development on their own. I'm wondering about the effectiveness, but it's very very hard to check.

I've read a number of articles (like the one on internetnews or news.com) about licensing the Linux trademark. It's only for companies and only for trademark -- not for using Linux. A number of people panic, but the price is low. What's more, it's clear to me that someone naming their product 'Linux' should have an agreement with Linus.

Another virus made its way from newspaper first (www) pages. They write about the case (like BBC). Why? Wild guess is that because a number of media companies were affected...

The interesting thing is that the thing is not that dangerous, see SANS analysis.

I find it interesting that (all?) the articles take it as a natural disaster. It just happens and there's no way to protect yourself. Such option is of course false. I have already written about this, btw. Minimum security: update your system. Have firewall configured.

Firefox has a large number of options, not of them accesible by menus. If you type 'about:config' in the address bar, you'll get a list of them. I fill show a number of interesting ones.

HTTP-related

network.http.pipelining - when set to true allows multiple requests in one connection. Makes things faster, but there are servers incompatibile with this feature (rare).

network.http.request.max-start-delay - name tells it all.

network.http.sendRefererHeader - default is true. If you change it to false, your browser stops sending HTTP Referer header. In simple words: you won't show which site you came from.

Security

You can enable/disable Java, SSL2, SSL3, TLS (security.enable_java etc). You can also say which ciphers you accept. If you don't know much about them, leave the options alone.

The list is much longer. You can find options related to the extensions you have installed and many others. Enjoy!

Xiaoyun Wang, mathematician and cryptographer who made attacks much faster than ones known for certain crypto tools wasn't given US visa. She needed it to present here new results. I've read it at Schneier's blog. Such things happen. What I found very strange was a quote (later I found it in NYT article. It states that it's not uncommon, especially for high-tech specialists. My question is why... No answer.

Breuce Schneier writes about the fact that terrorists don't use terrorists don't use steganography in al-Jazeera broadcast. There was big hype about it in the late 2001.

It doesn't mean that steganography is not used. It gives greate possibilities (especially when combined with encryption). I don't know where it's used in pictures, but many firewall piercing tools use (network-based) stegano techniques.

There's a comparision of search results from Yahoo and Google (the first one claiming to have over 20 bilion pages indexed). It shows that Google gave more results. The quiestion is: which were more accurate? What is much harder to measure...

Internet was created by many people, not many of them known to general audience. When you browse the list of RFCs you can find a long list fo names. The most important old and important ones were written or written with help of Jon Postel. He was editor of RFCs about IP, TCP and many other things.

In his texts you can find nice citations. For example, in IP RFC (no 791) we have:

A name indicates what we seek. An address indicates where it is. A route indicates how we get there.

and

In general, an implementation must be conservative in its sending behavior, and liberal in its receiving behavior.

He was first member of Internet Society, author or co-author of 200 of RFCs.

Jon Postel died at the age of 55 on October 16, 1998. Before most of the people who are online had their first contact with the Internet.

I wrote in June about possible KDE 3.5 release and about Qt 4. Now KDE porting doesn't seem to be very fast (no release plan for 4.0). Version 3.5 is now official. Release plan places final version at the end of October. My guess is mid-November. Feature plan brings some interesting things like new apps (KGeography and, especially, SuperKaramba in kdeutils) and features (more support for SVN). The number of features on the TODO list is still longer than on the finished one.

RFCs (Request for Comments) are sometimes not very interesting (well..not for all) standards. Sometimes and not many, in fact. There are also very special ones, causing big laught. I have just found another one, so will share (current) list of my favourites.

No 1 is definitely RFC 1149: IP over Avian Carriers (often refered as ''IP by pigeon''). The document itself is short, what makes it great is implementation (esp. pictures).

My new number 2 is 1149 follow-up, RFC 2548: IP over Avian Carriers with Quality of Service. This time I don't know about implemantation. Text alone is still great.

Number 3 is about security. RFC 3514: The Security Flag in the IPv4 Header. The title is serious and looks boring. What's inside... I'll tell that this RFC has codename 'evil bit'.

After all those ports about wireless networks solving all the problems possible there's a nice read about need for new frequency ranges to be used. Wireless transmission is limited by available frequencies. Worth to know for those mentioned in the first sentence of this post.

After a found a petition against proposition of a directive about keeping log of phone and Internet traffic, I considered it a joke. After searching more it looks that the thing is real. The Register writes shortly about it.

It looks that there are people who don't know that high-end encryption is accesible to everyone and such logging doesn't hurt criminals -- only innocent people who want to have privacy. Of course, not including side-effects for ISPs and telecoms. Logging requires storage to keep it all, right? Such equipement is not given for free.

Last week and eartly this week one case was very widely discussed in the security world. Schneier's blog has a good post about the orginal presentation and a followup.

When you read all the docs, the case is rather simple. He found a bug in Cisco software. Cisco was notified, patch released. After a number of months his company decided that he should make a presentation about it. Very close to the presentation term things became worse. Presentation was nearly cancelled, author left his company and was sued by Cisco.

Why? I have no idea. Bug patched. It's true that not everyone patches their equipment because of trouble it causes. Is it a good reason to stop a publication of bug details? I think it's not.

If you think you understand it all, let me know.

Materials: presentation text and photos, Wired interview. Read, watch and decide yourself.

After rumors started that Apple's using DRM-like technology in their Intel-bsed developers' machines (the thing I wrote about recently), there's a message saying that it was just a rumor.

Removing all comments, leaving just plain citations (from anonymous source) it doesn't say there's no such chip. All I can find is: ''not DRM or TCPA protected''. It means that if the technology is called differently, it may still be here.

One more interesting thing. It suggests that the chip is to make sure the non-disclosure agreement works. Nice way...

Now, no official statement. There are many possible reasons. One of the interesting one I can think of is that the whole thing is to see customer reaction to decide if such chip will be included in the final version.

Slashdot writes about DRM used in Developer Kit with Apple Mac OS X for Intel. The fact is heavily commented including a (strong) suggestion about moving to Linux.

I don't know what the chip will be doing, in fact. No details. Let's assume worst case -- locking everything so you can open/edit it only on authorized machine. What it means? For me it means the whole thing reverse engineered as soon as someone with enough knowledge and time is annoyed with it (what means: rather month than two).

The fact many people try to ignore is that no protection scheme works when user has physical access to the hardware. Especially when can filter and change all input and output going out of it. Reverse engineering is just a matter of time. The thing that can make it slower (not stop) is law that prevents reverse engineering for compatibility reasons. But even if you have such law in your country, it's still legal in many others. The process of reverse engineering will just be done somewhere else. Just as with DVD encoding, cryptographic algoritms in the time of US restrictive export law and so on.

It's not that I don't think DRM is dangerous. It is. It just doesn't work. Many companies have tried and failed. It looks that learning on someone's mistakes is not the preferred way.