Despite protests from some states whose governments are lamenting lost revenue, the US Congress has approved another extension to the Internet tax moratorium. Now it’s down to President Bush’s signature, and there’s no reason to believe he won’t sign it. If he doesn’t, his polling numbers are sure to drop even further.

For anyone who’s not aware of this debate, it’s a key feature of Web business as well as a sticking point for many state governments. States levy sales taxes on transactions involving any business with a “physical presence” anywhere in their state; thus you pay tax on your new PC whether you buy one in a traditional bricks-and-mortar store or online – presuming the retailer (say Best Buy) has a physical store or other facility somewhere in your state. This is an outgrowth of the mail order economy, which also charged no sales tax except in the state where the company operated physical facilities.

Online-only retailers like Amazon and Tiger Direct operate in a similar manner and have enjoyed the same tax exemption, much to the dismay of state governments who claim shrinking revenues due to the increased effect of Internet based businesses. They also would like ISP access itself to be taxable, which is simply a money-grab strategy. A variety of schemes have been proposed to mitigate the alleged loss of revenue, none of which have ever gotten past committee. One insisted sales tax should be levied for all online purchases, based on the buyer’s home address. Other states have said that anyone who buys from an online merchant should mail a check for the appropriate amount of sales tax to their home state’s department of revenue! Needless to say no one has taken any of these ideas seriously, since the first would place a massive burden on Internet-based retailers while the second is simply unenforceable.

All hyperbole aside, sales taxes were originally intended to compensate local governments for the burden involved in supporting local retailers. If someone built a shop on Main Street, the local government needed to provide police and fire protection, as well as other physical infrastructure to support that business (roads, utilities, etc.). The sales tax was seen as the state’s “cut” of a business’ profit… and thus the “physical presence” test. Internet businesses don’t have a physical presence and place no burden on government resources: therefore sales made through these online retailers shouldn’t result in a windfall for government coffers. And in any case, the additional revenues made by UPS and other delivery services as a result of Internet businesses should more than compensate states for any loss in other areas.

The tax ban is now being extended for another seven years. This also includes, even more importantly, a ban on “bit taxes” that would have subjected consumers to fees for Internet access itself. Some providers said access costs could “shoot up as much as 17% without” an extension to the moratorium. Given that this ban has been extended several times already, it’s apparent it should be made permanent so lawmakers are no longer required to waste time debating it all over again.

Today we do more with our home computers than ever before, and that trend isn’t likely to change any time soon. We use our PCs and Macs for online banking, taxes, storing photos, and dozens of other tasks. Some people even run their home from a PC, or operate a home business that makes extensive use of a high speed connection to the Internet.

Why is it, then, that so many people apparently won’t protect their equipment, not to mention their data, by buying an Uninterruptible Power Supply (UPS)?

I suspect the answer is that few users have heard of them, which is fair enough, or don’t think they use their PC for anything critical enough to warrant one. Or they think they’re only for people who run their machines 24 hours a day. This is simply wrong.

A UPS is designed to keep a machine running when the power fails or, often more importantly, when it “sags” for a brief period of time. A typical home-grade unit contains a specialized processor that monitors line voltage from the outlet, a sealed gel-cell battery, a voltage inverter that allows the battery to send normal line voltage (110-120V) through the unit’s built in sockets, some surge protection circuitry, and a charger to keep the battery fully topped off. You plug the UPS into the wall, then plug your PC into the UPS. If the voltage drops or sags while the PC is running, the UPS picks up the load within a few milliseconds and prevents the machine from powering itself off. It’s that simple.

Many units also come with a USB or serial cable that connects between the PC and UPS, and often include software that allows UPS events to be logged. This software can even shut down a UPS-protected PC if a power outage lasts more than a few minutes.

A good UPS is absolutely critical for people whose homes are subject to voltage problems – you’d be amazed at the number of locations where power sags to 85V or less on a regular basis – but everyone should own at least a basic unit, since a power glitch could cause data loss or hardware failure if it happens at the wrong time.

I’ve seen basic UPS units for as little as $40, which isn’t much more than the price of a decent surge protector. The price goes up based on the unit’s capacity in watts and the amount of time it can support a running PC or two before the battery is exhausted. A good UPS isn’t an expense; it’s an investment in hardware and data protection. Buy one, use it properly (don’t plug your office lamp and other items into it, unless it has “surge only” outlets that aren’t supported by the battery backup feature), and replace the batteries every few years. It’ll pay for itself the first time it saves your data from a power outage or lightning strike.

Last week I talked about allegations that Comcast was either discarding or otherwise restricting data that originated from certain applications, like BitTorrent and other file-sharing services. A long term study appeared to show that connections from Comcast IP addresses were biased against traffic on ports commonly used by these services. At the time, their executives had no comment.

Since then, the story has exploded. The next day, Comcast admitted “delaying” data from these applications, effectively restricting their customers’ access to certain file sharing services - whether legitimate or not - in order to streamline data access across their network. They claimed they’d put filters in place to prevent file sharing services from consuming excessive bandwidth and that they wanted to ensure other services weren’t being impacted by these applications.

I don’t buy this argument, since the foundation of Internet connectivity makes use of technology that mandates the sharing of available bandwidth among competing nodes and applications. While a given application can certainly consume a great deal of bandwidth if the wire is otherwise unoccupied, it’s forced to share that wire with other applications and systems when they become active. If a dozen users in a neighborhood, all on the same network segment, are active simultaneously they will all be given roughly equal shares of the available bandwidth. There’s no technical difference between someone using BitTorrent to send or receive a file and other users who are watching a YouTube video or retrieving music from iTunes. Comcast’s argument doesn’t hold water, and that it’s allegedly told employees they’ll be fired for discussing the subject with customers is particularly damning.

One interesting bit of fallout from this incident is that several US Congress members have demanded a probe of this practice, which pretty clearly violates the concept of Net Neutrality since it discriminates content on the basis of its source. In a letter, these members stated that “phone and cable companies have previously stated that they would never use their market power to operate as content gatekeepers.” These companies, the letter continues, claimed that efforts to put rules in place to protect consumers ‘a solution in search of a problem.’” But several incidents, all of which have been documented and discussed in other venues, seem to indicate certain providers have tested the waters to see what happens when they attempt to act in anything but a Common Carrier capacity.

There’s no question these companies could make a lot of money by providing preferential treatment to certain types of content or to specific sources. If providers could legally block user-operated file sharing services, they could help the RIAA stifle the efforts of independent artists to publish material on their own. If they were permitted to enter into contracts that pushed traffic destined for Search Engine “A” (say, Google) through a faster link than Search Engine “B” (Yahoo), this would drive their users to Google since their searches would be returned more quickly. “Biasing” content in this manner is only the tip of the iceberg; many other scenarios are possible in a non-neutral Internet. None are good for consumers. All benefit large telecom companies and content source providers. It’s not surprising this issue won’t go away, and the US Congress should simply pass laws mandating Net Neutrality.

I have seen the future, and it includes lots of IP addresses.

This isn’t just a flip comment. Internet Protocol (IP) addresses have already infiltrated everything from a few high end cars to certain large appliances, and while some current applications are slightly ridiculous it’s only a matter of time before serious uses appear. I’ve already seen a few that are “in the works,” and they’re pretty cool overall.

A while back I was invited to a showcase lab operated by a computer manufacturer that’s working on new home-based gadgets. Some look like a cross between the original Star Trek series and the Jetsons. In one scenario, a kitchen stove that also acts as a refrigerator (!) was equipped both with an IP connection and an RFID (Radio Frequency ID) reader.

Scenario: you buy a turkey, unpack it from its wrapper, and put it in the oven as if you’re about to cook it. Then you flip on the oven’s “refrigerator” option and go to work. While there, you open your oven’s IP address (it comes up in a Web browser); you can now view the bird in the oven via the unit’s built in Web camera, and can control the unit remotely. The oven reads an RFID chip embedded in the bird and suggests turkey recipes it downloads from another site (maybe the nice people at Butterball). You choose one, key in the time when you’re planning to have dinner, and hit “start.” The oven switches modes, heats up, and cooks the turkey. If you’ve remembered to insert the oven’s probe, you can cook based on internal temperature rather than time. You can also watch the cooking process using the built in camera.

This may sound extremely silly, but it’s a demonstration of things to come and the overall power of IP-enabled devices. From a more serious viewpoint, I also saw blood pressure cuffs and thermometers with embedded IP capability; these allow home-bound patients to take their own vital signs, which can then be transmitted via an encrypted connection to their doctor’s office. If a set of readings come back as unusual for the patient, they can be reported to the doctor’s staff with a higher priority. Think of it as the next step in “Life Alert” technology.

Other applications in development include “smart” rooms that can be pre-programmed with temperature, lighting, and music settings. While such systems are already available, the next generation will include IP capability that allows users to download new options, access music via services like Sirius and XM, and change settings via a remote browser application. Furnaces and air conditioners will also be equipped with IP-enabled devices, and will be able to report faults to the homeowner as well as a service company.

The list is nearly endless, and while some applications will doubtless be short-lived fads, others have the potential to transform our lives even more than the Internet itself. The future is wireless, and it’s on the way.

I’m somewhat stunned at recent news that Microsoft is actually working on a “slim” version of Windows, apparently in response to complaints that the OS is far too bloated and intrusive for many users. These complaints are absolutely appropriate, since recent versions include many features that aren’t needed or desired by a significant segment of the user base. This is a phenomenon known as “feature creep” and it’s a problem endemic to both operating systems and applications. In an effort to placate, for instance, users who have no computer experience and want everything handled automatically, software often takes on an “everything to everyone” character that renders it less useful to other groups. Experienced users don’t need Office Assistants, automatic detection of newly inserted media, and an OS that insists on handling every detail without user intervention.
I have no use for many common Windows features, like the Indexing service and auto-launch of newly inserted CDs and DVDs. I don’t want Internet Explorer integrated into the desktop, I don’t use (or trust) Outlook, and could care less about many of the multimedia oriented features available in XP and Vista. What I want is an OS that boots quickly, uses as little memory and disk space as possible, runs applications without crashing, and doesn’t lose my data. Anything above and beyond that list is unnecessary, and often annoying.

The idea of a “MinWin” release, which is the term a Microsoft representative used to describe the slimmed down version, is also appealing to corporate I.T. organizations that need to manage hundreds, if not thousands of machines. Many such groups desire a minimal feature set in order to provide a clean, uncluttered user experience for legions of often computer-naïve workers. In some cases, they’d also prefer to keep certain applications and capabilities out of reach of these same users in order to prevent problems, conflicts, and the use of applications that aren’t approved for corporate use.

Another positive aspect of such a release is that it’ll allow machines to remain useful for a longer period. One problem with most Windows upgrades is that they require increasing amounts of RAM and disk space; if the MinWin release provides Vista-like security and stability in a smaller footprint, it’ll save hardware dollars and may allow corporations (not to mention home users) to retain older systems without suffering under performance degradation or being forced to expand outdated hardware.

Linux users often gloat over their ability to make use of older systems that would bring Windows to a crawl. This may be another reason Microsoft is finally taking notice of Windows’ immense footprint, since a slimmer OS might retain more users who are planning (like your humble correspondent) to migrate to Linux rather than adopt Vista. It’s an excellent strategy, and I can’t wait to see what it looks like. If it’s done properly, Microsoft might keep me as a customer a bit longer.

Does Comcast block the use of certain applications by its users? That’s the question many people have apparently been asking, and recently the Associated Press ran a nationwide test to determine whether it’s actually true. If so, it violates the concept of “net neutrality” that many feel should be carried forward as an official policy in the future, and it may bode ill for certain types of content.

Net neutrality, which I’ve discussed in the past, declares that ISPs and other carriers shouldn’t monitor or regulate content sent and received by their users. Instead they should just “pass the bits” without regard to the application used or the content’s final destination. Thus if someone wants to use a file-sharing mechanism to distribute material (illegally or not), the ISP should not detect or interfere with this activity. This is, in many respects, a continuation of the “common carrier” status afforded telephone companies; telecom providers are not permitted to spy on their users’ conversations, nor can they attempt to block calls based on location or the nature of the call. Even if a caller is using the telephone system for illegal activities, the phone company can’t block the content or inform authorities since this violates common carrier policy. The US Mail system operates under the same rules. Wiretapping orders must come from a law enforcement agency.

If, as AP’s tests indicate, Comcast is limiting connectivity based on application, it sets the stage for further limitation based on content or location and severely damages the “common carrier” status that many ISPs have sought over the last decade. What’s to stop an ISP from examining email attachments to determine if they’re pornographic in nature, then refusing to send them? For that matter, an ISP could theoretically refuse its users access to specific Web sites, or simply route requests for these sites through slow links in order to discourage access. It’s a dangerous path since it could lead to ISPs charging fees to smaller Web sites in order to give them preferential treatment.

The current set of tests indicated simply that Comcast’s filter “appears to be an aggressive way of managing its network to keep file-sharing traffic from swallowing too much bandwidth and affecting the Internet speeds of other subscribers.” Comcast claims it doesn’t “block access” to any application, but “uploads of complete files are blocked or delayed by the company, as indicated by AP tests.” While Comcast could claim they’re doing so to limit illegal file sharing, such an action could, for instance, also block the legitimate distribution of independent movies, video, and music – clearly favoring traditional, commercial services such as iTunes and others.

One of the Internet’s great advantages is the level playing field it provides. Anyone can transmit or receive data. Small publishers, music businesses, and others can make their works available without resorting to highly commercialized methods involving large corporations. It would be truly sad if ISPs were permitted to destroy this advantage.

Most people tend to think of PCs in terms of the Internet, business tasks, and games. A smaller subset of users (including your humble correspondent) use them for software development and other, even geekier purposes. Still others are graphic designers or photographers who employ high end monitors and printers that most of us will never see due to their high price.

This said, what fun things can you do with your home PC?

If you’re an astronomy buff, you can buy interface cables and software from companies like Celestron and Meade that allow you to use your PC as an image capture device for a telescope. Higher end software can actually control motor-driven telescopes, so all you have to do is tell it what area or feature you’re interested in. The software then drives the scope’s motors and aligns itself to the requested area of sky.

Amateur radio operators have long used computers to drive Morse code generators, which allow the amateur radio buff to generate and transmit the appropriate code by typing normally on a keyboard. You can also find antenna controller software, and applications that allow amateurs to track satellites for the purpose of using them for long distance communications. Amateurs also use packet radio applications to link two or more computers over long distances. Who needs the Internet when you can build your own network using the airwaves?

Robotics aficionados and hobbyists often build robots that can be controlled remotely from a PC. In the past this was usually done with RS-232 cables, but today a new generation of robots can be controlled via USB and even wireless communications, thus eliminating those annoying cables altogether. Not only can newer robots be controlled from a PC, but the robot itself can be fitted with sensors that transmit data back to the PC. Some people have even modified their Roomba vacuum cleaners to accept PC control. Several have fitted their Roombas with video cameras so they can watch the robot vacuuming their floors. I wish I had this much free time!

Yet another use, somewhat more practical than modding your Roomba, is home security and automation. Several pre-built security systems are available, while more technically savvy users often build their own. For instance, the “X-10″ remote control system (which first hit the market in the 1980s) has been updated with a PC interface to allow a home computer to act as a central controller for security and automation systems. Not only can you control your furnace and lights, but you can install cameras that you can access over the Internet anytime you’re away and want to check in. It’ll even control your audio system, and I know people who’ve set up such interfaces. I have no idea why, but they seem to enjoy it.
What will you do next with your PC? Be creative!

There are lots of ways to steal data from PCs and other systems. A hacker can plant a keystroke logger on a machine, thereby capturing every character that’s entered on the keyboard. They can break into a machine using an unsecured account or OS vulnerability, thereby gaining access to local disks. Or they can simply steal the whole PC and break into it at their leisure, which has happened more times than most people would like to admit.

There’s another way to steal data that requires no physical or virtual access to the PC itself; it’s called “network sniffing” and it’s a well known technique for watching packets of data as they traverse an Ethernet or other network. Most networks aren’t secure. The data that’s transmitted is sent “in the clear,” in an unencrypted format readable by anyone with access to the physical hardware that makes up the network itself. Standard Ethernet networks use a protocol that allows each connected machine to see every packet of data; only the destination system actually processes the packet, while all others discard it.

However it’s pretty trivial to put a PC’s network controller into what’s known as “promiscuous mode,” thus causing it to accept and process all packets on the local network. This means the system, which is now acting as a “packet sniffer,” can be used to store and read everyone else’s data. There are legitimate uses for this technology (network analyzers and so forth), but it can also be used to read private user data such as unencrypted email and Web site traffic. Network managers are aware of the problem and most take steps to prevent this type of activity from occurring. They also segment their networks, both to localize traffic and to prevent hackers from compromising data on an organizational level.
Malware-based packet sniffers could be installed using any number of delivery methods, then used to transmit data back to a centralized collection point. This type of attack is an ideal method of gathering data from home users or corporate environments, since the infected PCs may exhibit no symptoms at all. If network managers are monitoring traffic levels, they may notice a surge in data delivered to some non-local IP address, alerting them that a problem exists. Even so, “some attackers will use a packet sniffer in conjunction with a backdoor program so that those ports are always closed until the packet sniffer sees a particular sequence of traffic, and then it will launch the backdoor program to accept the attacker’s connection.” This can allow an infected machine to remain invisible to most scans.

Remember that any network can be compromised, and your email probably isn’t encrypted. If you use your PC for online banking, shopping, or other financial activities, always make sure the Web site uses SSL (remember, “https” means it’s an encrypted connection). Never send financial or personal data via email unless you use encryption, which most people do not. Your data is only as safe as the network, and most can be broken into with relative ease.

Hollywood is becoming increasingly aware of the online environment and the opportunity it represents in terms of viewer participation. The trend began in the 1990s, when science fiction series like Babylon 5 and Star Trek: Voyager established chat rooms in association with dedicated fans; some actors even began monitoring and participating in online discussion groups in order to gauge fan reactions to recent episodes.

Over time studios began taking the Internet even more seriously, as more high speed connections became available and fans established sophisticated Web sites dedicated to popular movies and TV series. The spread of DSL and cable connections provided a better venue to distribute video clips, trailers, and other materials, since few users would be willing to download even a 2MB clip over a 56k modem. Fan sites like TheOneRing.net, which was dedicated to Peter Jackson’s Lord of the Rings movies, were used extensively by the studio to distribute official information and video diaries of the production. Jackson then followed up on this success by chronicling the creation of his King Kong movie online; this unprecedented access generated a large amount of fan interest and participation. Even more recently, series like Lost have used their Internet presence to drive portions of the story line, taking feedback from fans and integrating it into the overall story arc. The Food Network provided an online voting site for viewers who wanted to support candidates competing in its “next Food Network Star” series.

Now it appears the next step is about to be taken, as CSI: New York prepares to broadcast an episode that will be integrated into an virtual experience involving the Second Life online world. This special episode will take “the plot of an upcoming CSI episode into the virtual environment of Second Life.” The production company has established a private sim (or “island”) in Second Life, and characters from the series will actively pursue the perpetrator of a “first life” crime through the virtual world. Additionally, the virtual presence will allow viewers to participate in the drama by visiting the lab, the scene of the crime, and other locations from the series. The producers have apparently crafted fully rendered views of exact scenes seen in the TV series, and the action will move more or less seamlessly from one world to the next. Naturally, a cliffhanger is involved.

This “integrated programming” is the next step in entertainment, and its popularity will only grow as network bandwidth improves over time. We can expect to see more and more participatory television (and movies as well) since the process increases viewer enthusiasm and acceptance. Traditional networks are slowly losing market share due to a perceived lack of new ideas and creativity, while big screen movie theatres are losing out to DVD sales and the increasing prevalence of home theatre systems. Integrating traditional entertainment with the online world is an excellent vehicle for boosting sales and market share, so expect to see even more creative projects over the next few years.

Your PC is now your gateway to the media world; use it well.

If your excuse for not running a commercial virus scanning tool on your PC is that the software is too expensive, think again. The IT Security Web site just ran an article detailing all the free scanning tools available over the Internet, so you’ll have to think up a new reason to avoid running regular scans on your PC’s hard drives. Many of these products are free versions of standard, well known commercial packages like Bit Defender and F-Secure. Most, if not all, make use of Java or Active X Plugins depending on your Web browser of choice.

Of course scanning for viruses is only the first step in a comprehensive security solution, and it’s pretty certain most of these sites will suggest that you buy, download, and install a fully featured antivirus/anti-malware/anti-phishing suite once you’ve registered for the free product. But recent Windows developments may make antivirus software obsolete, or at least less of a necessity. In fact, in a previous blog I mentioned that Vista’s built-in security suite is allegedly so impervious to attack that “Microsoft co-president Jim Allchin stated that Windows Vista’s new security features are so strong that anti-virus software is no longer required.” However, according to another IT Security article it appears that “Microsoft is backing away from any claim that add-on anti-virus software isn’t necessary for full system protection. In fact, the company offers its own anti-virus service in the form of Windows Live OneCare.” This may be a case of profit trumping reliability; rather than attempting to attract people to Vista using Allchin’s claims, Redmond may have chosen to capitalize on virus worries in order to sell its OneCare package.

Antivirus software could become less necessary for another reason as well. “Traditional” virus transmission methods, i.e. those involving executable files sent via email messages, may soon become passé as a result of the rise in phishing and other scams involving infected Web sites. Think of the ways in which spammers have adapted to anti-spam software, such as the use of image-only spam emails that can slip by many anti-spam measures. Similarly, distributors of malware (key loggers, botnet clients, and so forth) are adapting to improvements in antivirus software. Soon we may all need software that pre-scans the content at URLs embedded in email messages to determine whether the site’s content represents a threat. Think of it as evolution in action: bacteria adapt to antibiotics, and new formulations are produced to counter these adaptations. In the security arena, threats produce countermeasures, which themselves result in new threats.

You heard it here first. In fact, I suspect someone is already working on the URL-scanner idea. If not, they should be since tainted Web sites are accounting for increasing numbers of infected PCs and botnets are growing at an alarming rate.