In the security world, there are basically two types of hackers. First are the White Hats, who work “within the system” to uncover and solve security-related issues in code, infrastructure, and so forth. They don’t hack for malicious reasons. Instead they work on “ethical hacking” and try to help people improve their security posture.

Black Hats, on the other hand, are the bad guys (as one might expect). They’re the people who break into systems, steal data, and otherwise do bad things. So it’s somewhat ironic that one of the premiere security conferences held these days is known as Black Hat. It’s a multi-day extravaganza of white papers, presentations, and extremely geeky discussions around security and technology.

This year’s conference exposed some interesting defects and weaknesses, as is usually the case. They range from problems in the Linux kernel to holes in the SSL (Secure Socket Layer, widely used to send encrypted data to & from websites) and iPhone SMS implementations.

Some people see conferences like these as nothing more than a bunch of geeks showing off to one another. This may be somewhat true. As a geek, I can tell you we love street cred as much as any rapper…we just gain it in a different way. But the public exposure of weaknesses in security architectures is much better than waiting for actual thieves to find these same holes. Which they will.

In the 1980s, a Navy SEAL commander formed a team he called Red Cell. He conducted security penetration tests at military facilities, with the objective of helping base commanders improve their security posture. He was wildly successful…in some cases. Some commanders loved what he did, since it helped them find and correct problems. Others saw it as a nuisance, an embarrassment, or a total waste of time and tried to get his team disbanded.

IT security White Hats, in my experience, get exactly the same mix of responses. Some people want to find and correct holes in their systems. Others are content to cover their eyes and ears. They’re the people most likely to have their sites hacked.

Finally, after a year or more of wrangling and corporate soul-searching, Yahoo and Microsoft have inked a deal. Given, it’s not a done deal yet since it has to pass government anti-trust scrutiny. But the final outcome, if it’s approved, will probably be a major change in the search landscape.

Search has been around since the early days of the Web. Once sites started proliferating, various people established “link lists” and published them on their own home pages. The lists grew. Other people started asking to be included, in order to increase the visibility of their own site (which, at that point, was probably little more than a personal page and maybe some research papers they’d written). Then it all mushroomed once someone wrote the first web crawler (spider). This is just software that starts at a given page, finds embedded links on that page, then follows them. It feeds its results into a database, and voila! the search engine was born.

Over the years, search companies have sometimes relied on outside vendors to manage their actual search function. This is due to the serious increase in volume and the number of sites that need indexing; it’s difficult, if not impossible, to index everything on the web by yourself. In fact Yahoo outsourced some of their work in this area to these geeky Google guys back in 2000, and to Inktomi later on. Lot of good either did them. Most people just moved off to Google and didn’t come back.

Now this latest deal will put Yahoo in Microsoft’s tender little hands in terms of search experience and management. It also puts most of Yahoo’s assets under Microsoft’s control. Redmond wants blood. Blood in the form of biting off a big hunk of Yahoo’s user base that might help it compete with Google in terms of market share. It might work. It really might. The problem is, Microsoft has never had a successful search product. Their online ventures have never really panned out all that well (witness Windows Live). They’re better in the traditional boxed software market space.

So, will the new alliance bring in more search users? Will the presence of Microsoft drive off die-hard Yahoo users (probably into Google’s arms), thus destroying the whole objective of the deal? Or will it actually work…can the new alliance offer some product that will both work properly and lure users away from Google? I doubt the latter will happen. Bing has some cool features, but Google has been doing this a long time and is probably already ahead of the Bing curve. If they’re not, give them six months. Tops.

One thing’s for sure. The game just changed, and might get exciting again for a while. Will we see Yahoo go belly-up after making a deal with the devil? Will Microsoft be driven from the market completely, in favor of any other search engine on the planet? Can their service even deliver at high volume, i.e. millions of searches per minute? Let’s wait and see.

Some time ago, an occasional customer called to ask if he should buy a laser printer, or another inkjet. His use of the word “another” caught my attention, so I asked how many pages he was printing, on average, every month. I nearly choked on my coffee when he responded with “about two thousand,” and immediately wished I’d been in the inkjet cartridge business. I probably could have retired on the profit from his orders in a matter of a few years.

Basically, an inkjet printer is a fine thing for most home users, as well as businesses that print a few hundred pages a month. Tops. Cartridges these days go for $20-30 each, and produce a few hundred pages of output. Exactly how many is determined by the per-page ink coverage percentage. If you’re just printing double-spaced text, you’re covering maybe 5-10% of the page. Start cranking out graphs or photos, and the percentage skyrockets while cartridge life goes through the floor.

In a business context, that can add up fast. At a few thousand pages a month, he was probably spending $300 a month on cartridges. And the printers were dying rapidly, since many inkjets don’t have a high duty cycle and are relatively fragile. Add to this the fact that he was spending around $200 on a new device. This sort of application is perfect for a decent laser printer.

You can get a nice small-office laser printer for $550-750. That sounds like a lot, and the initial outlay is definitely higher. So is the cost per refill. Dell’s latest offering uses high capacity cartridges that give up to 9000 pages each. “Despite the higher refill cost, these “offer true savings: black costs $132 or 1.5 cents per page, while each color costs $241 (2.7 cents per color), resulting in a four-color page cost of less than 10 cents.”

By comparison, you can easily fork over $.30 a copy while feeding an inkjet. And with a high capacity laser, my customer would only need to change the cartridge once every 4 1/2 months rather than 2-3 times per week.

Lasers are also (generally) more robust, produce better output, and have a higher duty cycle. They do use more power, but the output also isn’t susceptible to humidity. Inkjets generally use soy-based inks that bleed at the drop of a…drop. Lasers fuse the toner permanently and don’t suffer from this problem.

Needless to say, my client ended up with a laser.

Everyone who uses Facebook should be careful which applications they allow to access their profile, as shown by this recent incident. Likewise with any of your personally identifying data (full name, address, birth date, etc.).

While Facebook is pretty good about policing its content, many application developers are probably just gathering statistics (name, age, other demographics) using the application as a cover. Think of those “win a free car” paper applications in stores–what really happens when you fill one out is that you’re added to a local dealership’s mailing list.

Example: if you click on one of the polls or IQ tests, you may see photos of your friends at the top. This is the application pulling data from their profile.

Question: if the app is able to pull photos from user profiles, what else is visible to it?

Answer: anything you’ve allowed it to access in your profile settings.

I strongly suggest navigating to the “Settings” portion of Facebook and checking through some of the options. If you have things that are set to “everyone” (meaning anyone on Facebook can see this info) you might want to back it down to “friends only.” If you’re allowing your name, marital status, full birth date, and location to be viewed by “everyone,” you’ve just given an identity thief enough data to hijack your life. This is pretty much all the info you’d need to get a bogus Social Security card issued.

Also go to Settings->Application Settings and change the view from “recently accessed” to “authorized.” This will give you a reasonably full view of everything you’ve given access to. If you’re not actively using a given app, click on the X to remove its access to your profile. Or, if you want to retain access to an application, change the privacy settings from “everyone” to “only friends.” The same concept applies to all other social networking sites.

Basically, don’t allow others access to your personal info unless you absolutely know where it’s going.

If you think you’ve run out of new things to do with your PC…well, you haven’t. You’ve “done” the Web, home automation, digital media (including home entertainment), and self-produced music. All well and good, but have you ever told your PC to actually build something?

I thought not. But no fear…the technology is closer than you think.

Some very clever people in the UK and elsewhere have been working on a system called “RepRap” that’s basically a small, self-contained parts-manufacturing engine. In industry parlance, it’s actually a “3D printer” that can take a set of data points and translate them into an exact copy of a given item. It uses a fine wire of plastic, similar to monofilament fishing line, to build the 3D image of a part its told to manufacture.

Now for the really cool part. Not only can RepRap produce exact copies of nearly any part (of reasonable size) you want, but its design goals also include the ability to self-replicate. Yes, that’s right. Once the first few machines are up and running, they’ll be able to produce exact copies of themselves. The goal is the creation of an “open source” hardware platform that can be exported anywhere at low cost.

The RepRap team state it this way: “what the RepRap team are doing is to develop and to give away the designs for a much cheaper machine with the novel capability of being able to self-copy (material costs are about €500). That way it’s accessible to small communities in the developing world as well as individuals in the developed world.”

The advantages are obvious. Put a few of these machines in outlying areas, and people can make their own replacement parts for broken items, not to mention components of their own design, for a very small amount of money. Commercial machines with this capability start at around $50,000US at present, so this is no small accomplishment.

Maybe in a few years we’ll see one of these (at least) on every street. And if the technology continues to develop, as it surely will, is a “Star Trek”-like “replicator” far behind?

The economy continues to dominate aspects of the tech market. Even though services-and-software companies like IBM and Google are doing fairly well, Microsoft is taking a major hit from slumping sales and diminished revenue. Today Redmond announced Q2 earnings, and missed not only analysts’ expectations but their own as well.

A 29% quarterly drop is good news for no one. And the bleeding may continue as users turn to less expensive options. Of course, “executives pointed fingers at the poor economy and at low PC sales.” But that’s not the whole story. One component of the issue is that Microsoft is banking revenue from Vista-with-Windows 7-upgrade software sales, so some of this income won’t be realized until 7 is released. They’re also selling fewer copies of expensive versions of Vista due to the booming popularity of Netbooks, many of which use XP (or Linux).

In unsurprising news, software services continue to drag at Microsoft’s bottom line. They’ve been hammering at the lucrative search-engine market for years, and have never been able to show a profit. Even much-vaunted “Bing” isn’t helping, and “with the rollout of Bing, Microsoft is losing more money than ever on its always-a-drag on profits Online Services Business.”

So overall, things are not looking good for Steve Ballmer and other Microsoft execs. They haven’t had a real “hit” in the marketplace for years. Individuals and corporations are holding off on major purchases, and my impression is that many folks will sit tight with whatever they own (Vista, XP, or even something older) because upgrades really don’t offer anything interesting that they also truly need.

Why buy a new OS just to get the latest browser when Firefox, Chrome, and Safari are available for free? Why go to a newer Windows with a “better” firewall or security when you can grab one of many commercial or free alternatives? Why buy Office 2007 if you’ve no need for its new and shiny features (not to mention its horrible UI)?

Microsoft needs a bit win. And they need it soon. If they don’t see one in the next year or two, I suspect the company will break itself into business units that will either sink or swim on their own. They may not have a choice.

I’m old enough to remember the original “Mission: Impossible” TV series and its opening scene, which always included a tape recorded secret message that self-destructed ten seconds after it was played. My brother and I always thought it was very cool, and wondered how you’d actually do that on a reel-to-reel tape (I suggested an acid capsule that shattered once the tape was played). Oh, how times have changed.

Now we transmit nearly everything via digital means, and the problem of message destruction remains. In fact, companies are in a bind because they may be retaining encrypted messages for which they have no decryption key (maybe an employee has left the company and their key is no longer available). If the company is subpoenaed and required to disclose all documents related to a given case, they can be held in contempt for failing to decrypt stored messages due to lost keys.

However, there’s another problem: what if you want messages to vanish after a specific period of time? It turns out there’s an interesting new solution from the University of Washington. Known as “Vanish,” it’s designed to digitally shred documents after a given period by “shattering” an encryption key kept not by the sender and recipient, but on a remote network.

With this unique solution, this key is “held by neither party in an e-mail exchange but is widely scattered across a peer-to-peer file sharing system.” It’s especially applicable to data held in “Cloud” computing networks, which are often not directly under the control of the data’s owners. It appears the key can be renewed periodically by the sender or recipient, but if it expires (let’s say some third party copies the file or email off the network covertly, storing it on a Flash drive…) then the file is instantly inaccessible and unrecoverable. No key, no data. This means a file stored using Vanish couldn’t come back to haunt a company or individual years after it had allegedly been deleted from a server.

As with all encryption schemes, the new technology is a bit problematic. Both sides need to use the Vanish plugin or application in order to access the encrypted mails. The legal issues are, as usual, muddy. But it’s another weapon in the digital security arsenal, which is never a bad thing.

No acid required.

Question: when is spam not really spam?

Answer: when a user has intentionally signed up to receive messages from an email list, then complains about spam to the owner’s hosting provider.

This is exactly what happened to a friend today. He’s a marketing guy who runs several email-based distribution lists. Suddenly, he received a message from GoDaddy, his hosting service, saying that he’d been accused of spamming a user and his account was in danger of being shut down.

Yes, that’s right. One user complaint was sufficient for the service to declare him a spammer and threaten to take his domain hostage. I was surprised by this, so I Googled for “GoDaddy” and “spam complaint” and found numerous cases where they’d used this exact tactic. Several domain owners said the service shut down their domains and demanded a $200 “administrative fee” to re-activate them. My friend said the mail he received said that, in order to prove his innocence, he had to provide all technical logs related to the email transaction — which, of course, he doesn’t have because GoDaddy hosts his domain.

This is customer service?

Even more strangely, my buddy contacted someone at the corporate office where the complaining user’s account was hosted, and found the user was no longer even an employee there. They left the company nearly a year ago, which begs the question how and why this person is even receiving mail at the account. Did the company fail to disable the user’s login privileges (a clear security issue), or is someone who’s still working there accessing it (also a problem)?

To their credit, GoDaddy finally agreed not to press the issue and said one spam accusation was “below the threshold” that would cause them to suspend a domain. I suspect the accusatory email message my friend received was generated automatically when the complaint was received, which to some degree explains why it was so over the top.

It’s a ridiculous way to respond to complaints, though. If GoDaddy did this to me, I’d take my business elsewhere.

Following up on IBM and Google’s better-than-expected Q2 results last week, Apple and Yahoo also have declared unexpected quarterly profits that sent shares soaring on Tuesday. Apple’s revenue jumped 15% on sales of both iPhones and laptops, while Yahoo beat the street by 9%. This is an interesting trend. Is it the result of the vaunted economic stimulus package, or merely normal boom-and-bust cyclical business trends in action?

I don’t know, but I like it.

There are several interesting aspects to Apple’s results. First, sales of laptops are up. The company “sold 4 percent more Mac computers than a year ago, with a 13 percent rise in laptop unit sales more than making up for a 10 percent drop in desktops.” This indicates that (a) the Mac is making at least some headway against PC dominance of the market, and (b) the swing away from desktop machines in favor of laptops is continuing.

Second, the Mac is seen as an “elite” or “luxury” machine in comparison with the PC. But sales are up even during an economic decline. Sure, some of this trend was fueled by price drops. But it indicates people are still spending money, and not just on low-priced “it just needs to get me through the downturn” systems. That’s a good sign that the economy might be perking up, as some analysts have expected.

Despite the lower prices, profits were still good. The act of “lowering prices didn’t eat into Apple’s gross margin, which improved from a year ago and beat his expectations.” This was largely due to cheaper components, indicating everyone is cutting costs to the bone in order to keep products flowing. It’s better to ship more items at a lower per-item margin than to hold out and lose business to the next guy.

So the tech industry is showing signs of a rebound. The markets have been steadily up for the last week or so. IBM is now back to $117 a share — close to its mid $120s high of just over a year ago. Is this just a blip on the radar, or is the downturn (okay, the recession) finally ending? The last two quarters of 2009 may tell the story.

In one of the more stunning announcements in some time, Microsoft has announced that it’s actually going to contribute code (a paltry 20,000 lines, but it’s a start) to Linux via a GPL (GNU Public License) scheme. I’m still reeling from this, and I suspect many others in the industry are as well.

This is Microsoft…the same company that once called the GPL “un-American” and conducted massive efforts to label Linux as an unstable, unready OS suitable only for hackers. It’s also the company that paid SCO a large “indemnification” sum during the heyday of SCO’s lawsuit against IBM over allegations of code theft. The latter was widely seen as an attempt to bolster SCO’s claims while providing the cash-poor company with sorely needed funding.

I, for one, remember well how Microsoft attacked Linux early on. There were the “1998 Halloween memos attacking Linux, CEO Steve Ballmer calling the open source operating system a cancer in 2001 and Microsoft’s claim Linux and open source violates 235 of its patents.”

Now, Redmond is supporting Linux. My, how times have changed. Many Linux proponents were stunned by the news, but are also very happy because it provides more traction for Linux to move into current Windows-only environments. “Obviously we are tickled about it,” said Jim Zemlin, executive director of the Linux Foundation. “Hell has frozen over, the seas have parted,” he said with a chuckle.

The code being released is kernel-level material that provides support for virtualization under Microsoft’s “Linux Device Driver for Virtualization.” According to the article, “the drivers, once added to the Linux kernel, will provide the hooks for any distribution of Linux to run on Windows Server 2008 and its Hyper-V hypervisor technology.” Virtualization proponents and developers are probably overjoyed.

Are we seeing a newer, more open Microsoft? Possibly. But there’s certainly no egalitarian spirit involved. This is all about business, and Redmond wants to hold onto its piece of the pie.