Many users are in a state of blind panic over the alleged “mutation” that’s allegedly due to occur to the widespread “Conficker” worm on 4/1/09. For the last few weeks, I’ve been hearing gloom-and-doom predictions about the imminent death of the Internet once the virus undergoes a claimed change on 4/1. Things probably haven’t been this exciting in terms of paranoia since 1/1/2000 was approaching. I wouldn’t be surprised to find out that people are laying in stocks of food against the predicted Internet Armageddon (great term, incidentally).

While it is certainly possible something Truly Bad will happen once the clock ticks over to 4/1, it’s probably not very likely. There’s a difference. Fpr instance, it’s theoretically possible a pink Triceratops is lumbering down Park Avenue in London right at this moment…but the probability is so low that it’s probably unmeasurable. People tend to focus on what they perceive as critical threats or worst case scenarios. This isn’t useful. Instead, focus on events that are really likely to happen — like your PC getting Conficker or any of 10,000 other viruses in the first place.

If you’re worried about Conficker, then do what I’ve always suggested: keep your virus definitions up to date, make sure your firewall is as solid as possible, don’t open suspicious emails, and don’t download inane things from suspicious websites. If you’re really worried, take a good backup of your critical files and store it offline (i.e. on DVD or, if you’re old school, tape).

As the article notes, “Conficker’s authors stand to make more money from renting out parts of their huge ‘botnet’ to spammers or identity thieves than by destroying parts of the Internet.” Today’s viruses are all about making big chunks of cash off hijacked machines. They’re generally not about achieving mass destruction. Trashed, unbootable PCs don’t make money for spammers.

Ergo, there’s really nothing to worry about. Probably. We’ll certainly find out in a few hours.

Today Microsoft announced it was finally killing off its encyclopedia product, the old and venerable Encarta. It’s sad to see the product vanish, but it was also inevitable. The encyclopedia is a product set that’s suffered quite a bit as a result of Internet intrusion into its traditional space, after all. It’s hard to sell something that’s so readily available at the press of a few keys or clicks of a mouse.

Witness the venerable Encyclopedia Britannica. For years, its 6+ feet of shelf space was a staple in many homes where there was a need to keep reference works available for kids and adults. I owned an edition in the early 1990s, and used it on a few occasions. I gave away the whole thing when products like Encarta showed up in the marketplace, since it just made sense to recover all that shelf space. Today, Britannica is a shadow of its former self. The company still sells books (32 volumes with DVDs for $1149 on sale) but seems to be concentrating more on its online presence. I wonder how many parents still buy paper copies?

Encarta originally appeared on CD back in, if I recall correctly, 1992 or so. I was working at a university at the time, and was astounded to see that much information packed into a single disc. The user interface was clunky, the content was by no means complete (you’re not getting a full encyclopedia onto a 600MB CD), but it was obviously the way forward. Not only did it include an early form of hyperlinking, but videos as well. Multimedia reference works…what a concept.

Sometime after the Web revolution, Microsoft took the product online and beefed it up considerably. Not only did this make it easier to add and correct content–it removed the need to produce media for shipment to customers. Britannica also offers full online subscription access, and I suppose Redmond decided the product was a dead end due to competition from other sources.

Wikipedia comes to mind. It’s not perfect, but it’s user driven and largely self correcting as more subject matter experts devote time to it. Other Wiki-based solutions that concentrate on specific subject areas are popping up all the time.

Commercial encyclopedias may have met their match in this electronic age. Will Britannica vanish as well? What will happen to all those door-to-door salesfolk?

One of the ongoing issues in IT management over the last decade or so has been the fact that we’re running out of IP (Internet Protocol) addresses. If you’re not sure what one of these is, open a DOS prompt on your PC and type the command ipconfig /all. If you’re connected to the ‘net, you’ll see at least one address of the form 123.123.123.123. This is the IPv4 address you’re probably using to read this blog; it’s how your machine is identified uniquely on the Internet.

The problem is that, as a 32-bit number, there are only 4,294,967,296 unique combinations. Sounds like a lot, but not when millions of machines are connected all over the planet. Over the last decade or so, ISPs and companies have managed the problem using “pooled” addresses as well as “private” internal networks isolated from the Internet by routers. They can use any address they want within the private address space. Any traffic that hits the external network has to go through a legitimate, assigned IPv4 address.

IPv6 seeks to change all that. The project started in the mid 1990s, and was intended to expand the address pool to the point where it’d be almost impossible to run out of addresses. It uses a 128-bit address scheme (yes, that’s 2 to the 128th power or 2 with 128 zeroes after it). That’s a lot of addresses. It also means that, as more companies adopt the scheme, they’ll be able to move away from the private-public model. That means every machine could have a direct Internet connection and, potentially, a permanently assigned IP address.

The advantages are pretty significant, but IPv6 hasn’t been widely adopted yet. Recently Google announced they’ve migrated the whole company’s applications and infrastructure to the new protocol, and it was “pretty easy” overall.

Only a few companies have made the move — the US Federal government is one example. Hopefully more will adopt the new scheme soon. Having globally unique addresses will simplify overall network management; it’ll also make the tracking of spammers and malware vendors somewhat easier (no private networks to hide behind) and should largely eliminate the need for gateway machines that act as traffic cops between private and public networks.

As if streaming video and audio weren’t using enough network bandwidth already. Various companies are building streaming games that will consume even more capacity. It’s inevitable, and it does make a certain amount of sense from a consumer standpoint.

Think of it this way: you want to try out a game, but don’t want to buy and install a huge (multi GB) game from CD or DVD. Or you don’t feel like downloading the game’s installer via your DSL or cable connection. With a streaming game, you connect to a server and (probably) install a thin client of some type. That’s it. Now you can connect and run the game remotely. It’s the next logical step up the ladder from WoW (World of Warcraft) and other online games, since it removes the “thick” client we’re all used to installing.

Of course, this model also uses a lot of bandwidth since it uses the network for both user-action and game code transmission. In the case of the OnLive application discussed in the article, all the video would be transferred via the Internet. Given the richness of current gaming video applications, this translates to massive bandwidth usage. As the article notes, “it’s uncertain how well OnLive would work in homes — there has been no widespread customer trial. It is clear, though, that it would consume large amounts of bandwidth, far higher than that required for current online games, where most of the content is stored on the computer or console.

Given that ISPs are already starting to add surcharges to monthly bills after a certain amount of data is transmitted (think of the per-minute charges when you exceed your allotted cell plan limit) this could translate into large bills for gamers…or for their parents. Given that the developer estimates usage of “just under a gigabyte per hour of high-definition gaming” a household could exceed its monthly data limit in a few days…or hours.

This could make gaming a very pricey hobby. I suspect it won’t be widely adopted until major bandwidth improvements are made to households across the US, or developers find a way to limit the network traffic consumed by applications like OnLive.

Ever wonder what happened to all those early pages everyone wrote back in the late 1990s, when the web was just getting started? Many of them might just be out there, lurking silently on a site known as the Internet Archive, or (in a nod to the old Bullwinkle cartoon series) the “Wayback Machine.” This site has been ’scraping’ web pages for years, archiving them as images in order to preserve rendering and appearance.

The archive recently got a major upgrade. It needed it, since it basically re-indexes the whole Internet every 2 months to look for new and changed pages. It’s maintaining one of the biggest (possibly the biggest!) databases on the planet, and the new datacenter “fits in a 20-foot-long outdoor metal cargo container filled with 63 server clusters that offer 4.5 million gigabytes of data storage capacity and 1TB of memory.” It’s installed at a Sun Microsystems (which provided the hardware) facility.

The system is pretty cool overall, and is invaluable as a tool to show how the web has developed over time. One of the hazards of digital libraries — of which the web is one, when you think about it — is that in many cases there’s no preservation system behind them. The US has the Library of Congress, plus there are all those other “analog” libraries that keep copies of various books permanently. But once a web page is altered or taken down, it’s gone. Hence the Archive. It’s a means of keeping all those old pages around for future reference.

Some might ask why anyone would care about millions of really badly designed pages (several of my early efforts are out there, and I cringe when I look at them). But that’s the point, really. Someone should keep copies of such things so we can see how far we’ve come in a very short period of time. Only 10 years ago, we were worrying about making invisible images in various sizes in order to achieve layout on a web page. It was pretty horrible. Nowadays, with the increased use of CSS and improvements in the XHTML standard, life is a lot better for web developers.

Plus, who knows how many useful documents were once on the web, but have been taken down over the years. Remember: computing is all about data.

One of the biggest problems with MP3 — the format of choice for many music players today and a de facto standard for exchanging music files — is its lossy nature. If you save a live performance as an MP3, you’re losing a significant amount of the dynamic range in the music. You can’t recover that lost material, so once it’s gone, it’s gone. Lossless formats (e.g. FLAC, WAV) retain all the information, but use significantly more disk space. Save all the information, and maybe you can only store a few hundred songs on an iPod. Lose some dynamic range and you can store a thousand. How to choose?

There’s good news on the horizon, though. Turns out some folks are developing a lossless MP3 format, known as mp3HD, that retains all the information in an audio source while retaining compatibility with existing players. Files saved in the new format will play on your standard iPod or MP3 player, so no one needs to run out and buy new hardware in order to use it.

Of course, this doesn’t mean your player has the ability to reproduce the entire dynamic range contained in the original source. Most MP3 players simply aren’t up to the task of producing high range audio. But then again, many listeners probably can’t distinguish between the range available in an MP3 and a FLAC or mp3HD file.

The mp3HD format isn’t a panacea, and the files it produces are still much bigger than generic MP3. In tests, a copy of Pink Floyd’s song Money came out at 48MB in mp3HD format. That’s with an 800kbps bitrate. By comparison, “a normal 320Kbps MP3 of the same Pink Floyd song was just 14.6MB, and 320Kbps is all you’ll hear if you listen to an mp3HD track on your iPod.

What’s nice, though, is that with this format you don’t need to save a lossless FLAC copy along with a lossy MP3 — you’ll just need one file. You just won’t be able to store a music collection ten times the size of the Library of Alexandria on your thumb-sized MP3 player.

Recently I’ve noted a massive increase in the amount of spam being filtered through a domain I own. All the bounce messages show up in one of my email accounts, and it’s reached a level of 500 or more per day. Apparently there’s a new thief on the block, or my domain’s servers have been noticed by someone who was already out there.

Much of this spam is fairly obvious. It’s allegedly being generated by Men’s Health magazine, but this is of course just a ruse. None of these messages are being generated by their servers. Right now it’s easy to filter: just add a rule to junk and delete anything with a subject line including the exact match “MensHealth.com” and you’re all set. Why the spammer has chosen this magazine is unknown, but I’ll bet the company’s webmasters are feeling the heat.

The attacks are coming from a widely dispersed set of servers, probably indicating a botnet is generating them. In a quick sampling of messages, I’ve seen hosts with names like host-92-124-170-191.pppoe.omsknet.ru [Russia], lputeaux-151-41-7-30.w217-128.abo.wanadoo.fr [France], and c-24-19-154-63.hsd1.wa.comcast.net [USA] as the originating machines. The IP-address based names indicate these are probably all hijacked personal machines, sitting on broadband connections, that have been infected and turned into zombies.

The implication is clear: lots of users still haven’t caught the clue about security, and are probably unlikely to do so. This is true both from a personal and an organizational standpoint. There are still too many people on the ‘Net who will click indiscriminately on a link in an email message, or who visit suspect websites where their machines are guaranteed to be infected with malware. It’s human behavior, unfortunately. If a large percentage of the public still won’t lock doors and windows at night, they’re unlikely to keep their PCs protected adequately.

Beef up your spam filters, and keep your security software up to date. Don’t become part of the problem.

One of the more interesting aspects of security involves what are known as “penetration tests.” In real-life situations like commercial buildings and military installations, this involves actual people who try to sneak into secure areas in order to expose vulnerabilities in security practices. In the computing world, it means hacking through OS vulnerabilities, exploiting code weaknesses, and other techniques designed to allow the hacker/tester to gain privileged access to some resource.

The cool thing about doing this in computing is that you can get paid for it while strutting your technical stuff in front of other researchers. Numerous contests are staged, along with presentations at security conferences, in order to help vendors find holes in their products before the “real” hackers discover them. It’s all legal, above board, and helpful to the computing community at large.

One such contest, called “Pwn2Own,” was staged recently. Several researchers revealed they’d found ways to hack through not only Apple’s Safari browser, but also the latest version of Internet Explorer (the soon-to-be-released IE8). And these contests aren’t just about finding bugs. Prizes are awarded as well. “The Pwn2Own contest — the brainchild of CanSecWest founder Dragos Ruiu — aims to reward researchers who show off their ability to exploit popular applications and devices.” The winner of one contest got $5,000 and a new Sony Vaio. Another got $10,000 and a Mac.

The only bad part is that some researchers actually sit on flaws they’ve already found so they have something to show off at these contests. This means some vulnerabilities are probably lurking out there, already having been discovered by these folks, but remain unpatched so they can be used to win contests. That means someone else might find them as well.

These contests are not just about standard desktop/laptop OSes, either — mobile phones are also included, since they’re also vulnerable to attack. According to the report, “the smart phones included an iPhone, a Nokia phone running Google’s Android platform, and a RIM Blackberry. Anyone who successfully attacks the devices would get a $10,000 bounty.”

Anyone up for some potentially profitable, not to mention legal, hacking?

An interesting WiFi service recently came to my attention. It’s called FON, and it’s being offered worldwide. Both the technology and the business model are interesting, since the company is effectively building their WiFi network in partnership with their customers.

The service works like this: you buy their “La Fonera” WiFi router and connect it to your existing broadband connection. This provides you with immediate local WiFi on your own private network via the FON service. It also starts broadcasting a public signal that can be accessed and used by any other FON subscriber (known as “Foneros”). This is where the business model gets interesting.

According to the FON website, the company “will pay you 50% of the net revenue that we get every time a visitor purchases a FON Access Pass through your FON Spot.” They claim this is presently about 3.02 Euros (not dollars) per month at present, with a claimed network of 300,000 active FON Spots worldwide. Other Foneros can access the public WiFi spot at any time, but you don’t make any money from them. Users are only paid when non-subscribers pay for temporary access.

Users who want to make a bit more cash can buy a “Fontenna,” or WiFi extender, that boosts the signal much further than would normally be possible with standard WiFi (I suspect this is just a commercial strength antenna, as used by many corporations).

The concept is very interesting, and obviously is growing. The current map shows FON Spots all over the planet, and you can look them up by postal code or address on FON’s mapping site which uses Google Maps under the covers. At a current price of $39.95 for the La Fonera+ (2-connection, one of which is wired) it’s apparently an easy and cheap way to get WiFi access while possibly earning some extra cash on the side.

Obviously providing public access is not going to earn any money for someone living in a rural area with few locations for day-users to connect. But for urban dwellers, it might just be a handy way to pay for your WiFi habit. Plus, as a member you get free FON WiFi access worldwide, so it may be a great option for frequent travelers as well.

Recently Microsoft announced an update to Internet Explorer, its popular web browser, in an effort to maintain its level of competitiveness with other entries like Firefox and Opera. The new release includes “features meant to speed up common Web surfing tasks and bringing the browser’s security measures in line with those of major competitors.” In other words, IE had fallen behind the curve (the last release was in 2006) and Redmond needs to play catch-up in order to remain in the game.

Other browsers have been gaining on IE over the last few years. Firefox in particular has picked up steam, and is capturing more and more of the existing user base. Tabbed browsing, better security, and other now-standard features came out first in Firefox. It also publishes frequent updates and has an open API (Application Programming Interface) that allows developers to add plugins and other add-on components with relative ease.

For its part, Microsoft is trying to be innovative as well. The new release is the long-anticipated IE8. and it’s said to include numerous new features. For instance, “IE8 aims to reduce the need to copy something from one Web page and paste it into another — mapping a restaurant address, Googling a celebrity name, looking up an unknown word in Wikipedia or sharing a story by e-mail, Twitter or Facebook.” It calls this functionality “Accelerators” and it’s an attempt to compete with already-existing capabilities found in Firefox and Chrome.

IE8 also includes some badly needed security updates, most of which are already present in competing products. This includes protection against known phishing sites, and “built in technology to protect against another kind of threat, “cross-site scripting,” in which hackers insert code into legitimate Web pages that compromise peoples’ computers without them knowing it. IE 8 disables the bad scripts but in most cases allows others needed for a Web page to run as usual.”

What’s amusing is Redmond’s claim that this is something new. Firefox has offered add-ons (a popular one is known as NoScript) for quite some time. It addresses the cross-site scripting problem. But “Microsoft argues that only the most sophisticated users know to seek it out and install it.” That’s a bit rich, since installing NoScript requires just a few clicks and a visit to the Firefox add-on page.

IE8 sounds like a great upgrade. But I suspect it’ll be outdated quickly, since other browser developers are far more agile. They add new features, Microsoft follows.