Posts tagged 'Internet'

Revision3 Not Immune From Bad Economy

Internet video may be in the midst of a boom, but the Tech-TV haven Revision3 canceled 3 (how ironic) shows and laid off several well-known production staff today. If you were a fan of the shows PixelPerfect, popSiren, or Internet Superstar you’ll be disappointed to hear the shows have been canned, or more appropriate for the Internet medium, 404’d. Apparently the shows don’t fit in the long-term plan for Revision3 (grow a large audience and make a gazillion dollars.)

Revision3 Cancels Shows

Part of the staffers let go today are producers/talent Jay Speiden, Sarah Lane, and Martin Sargent, and Diggnation cameraman Glenn “Hippie” McElhose who is now freelancing for Revision3. Even though Glenn makes an appearance in nearly every episode, I figured Diggnation would be excluded from cuts due to the popularity/revenue of the show and the low cost of production. After all, how hard could it be to film two guys on a couch who frequently plug sponsors for 45 minutes every week?

I’m sad to hear that Martin is getting the boot. His show Web Drifter was a personal favorite of mine. Seeing the wacky, kooky individuals behind some of the strangest sites on the net always brought a smile to my face on my morning commute. They were supposed to start the series up this fall but it appears that won’t be happening anymore. I wonder what they will do with any unreleased episodes they’re sitting on. I’m interested to see what Martin and Jay will be doing next.

Martin Seargent and Sarah Lane Bricked By Revision3

So while Internet video may be gaining large audiences, they sure aren’t getting enough advertisers to join them. Most of the ads I’ve seen on the shows I watch are for GoDaddy.com and Audible. I’m guessing the core audience for Revision3 shows is a techie crowd. If Revision3 wants to succeed they’ll need to move more into the mainstream and/or support shows that cost a lot less to make. They are starting to do this with their Revision3 Beta program which has many shows taking cue from the couch-centric Diggnation. Maybe they should adopt a donation model like NPR or the TWiT network. Leo Laporte seems to be doing ok for himself.

The .ME Rush Of ’08

Red circle with white ME in the middle.

.Com, .net, .org. These are the website suffixes most people are familiar with. Today Go Daddy, and a slew of other registars, began offering .Me names in hopes of reinvigorating the domain squatter market. And boy did Go Daddy rile up a stampede of people. At 11 am eastern when the landrush began Go Daddy’s servers took a hit. The site was sluggish and searching for an available new cyber-property became grueling.

I was just poking around looking for something slightly amusing. I think I managed to buy beam.me but as of now it hasn’t shown up in my domain queue on my Go Daddy control panel. Other people are reporting failure notices after they think they have registered a domain which I have not received. A co-worker was trying to grab lemonli.me and treadon.me so he could create dont.treadon.me. As for me (pun intended), the possibilities of my geeky beam.me include a funny Star Trek reference at beam.me/up or something else. On the train ride home I was thinking I could partner with an uber Star Trek geek who would blog on my domain while I managed and ran the technical stuff. I would even be willing to split the ad revenue 50/50.

Star Trek Phasers

But this is most likely only speculation for now. If I don’t get it, no big deal. These secondary extensions will soon be just as worthless as .info, .ws, and the dreadful .biz. But this will be nothing compared to when ICANN roles out custom top-level domains in 2009.

Steve Gibson Explains Internet Congestion

There has been a lot of commotion about net neutrality and packet shaping in the news recently. All of the stories that I have read have been from the point of view of the common Internet user whose freedom of access has been threatened by the gatekeepers of the Internet, the service providers. On the recent episode of Security Now, Steve Gibson and Leo Laporte take an objective look at how the Internet clogs up and what the ISPs have to do to manage their network. Starting off at how the HTTP protocol was designed through how ISPs swap traffic at the backbone of the Internet (known as peering) to the future of fatter broadband pipes, Steve doesn’t miss a beat.

To be frank about it, the Internet is short on bandwidth. There is simply too much demand and not enough space to squeeze all of the data around the world fast enough. Everybody wants fast, snappy web pages to spring up as soon as they click a link. But services like Bittorrent tend to max out the network’s resources causing the other web traffic to grind to a halt until the bottleneck is gone.

Submariane Cable Map of the Internet - 2008

Map of the under-sea cables connecting the continents to the Internet. If one should fail then the packets will be sent through an alternate route.

The Internet was designed for traffic to automatically re-route itself for the best available delivery route. But if the packets encounter holes, your connection will slow down the sending of packets in hopes that the strain on the route to the destination clears up. This is why your connection might seem to slow to a crawl around the time people are getting off of work and heading home to surf the web there.

The Internet was never designed with the scale that it is today in mind. ISP’s are simply trying to manage their networks for the sake of everybody’s experience. For the sake of the net, researchers are busy devising new protocols to make network traffic more efficient but it is a tough nut to crack with many variables to take into consideration. And then there is always the ethical and political issues. Internet congestion is one tough pill to swallow!

You can listen to the 1:21:12 mp3 for Security Now Episode #139 and follow along with the transcript.

More Internet Options For Apartment Dwellers

Monopoly

The New York Times is reporting the FCC is aiming to strike down thousands of cable contracts. Previously, apartment land lords decided who would provide cable and Internet to it’s residents resulting in residents with only one option. With this new plan from the FCC, apartment dwellers would be in control of deciding their service provider. This is good news for Verizon which has previously been locked out of many deals and bad news for the largest cable provider, Comcast.

Lack of competition results in higher prices and less innovation. I’ve seen this myself as my monthly Comcast bill is just under $150 for TV, Internet, and phone (which my roommates and I never use, but it makes the bill cheaper) service. Recently, Verizon started offering it’s fiber optic, blazingly fast Internet and TV service, Fios, to neighboring residence and when our Comcast contract is up in January we hope to switch. It’s not that the service is terrible, it’s that we got in on a special 3 for $33 deal and after January we expect those rates to go up.

Speaking of rate increases, FCC Chairman Kevin Martin noted cable rates have risen 93 percent over the past 10 years. Breaking the multi dwelling unit contracts will help spur competition in the space. Companies offering fiber service face a large cost in building out the infrastructure. Targeting areas with a greater density of customers makes more economic sense and a more lucrative opportunity.

This is good news for people like me, but it still doesn’t address the lack of choice to the big telelcos.

Survey Results About The Web Industry

The popular online web magazine, A List Apart, conducted a survey of web professionals in April 2007 via their website. This week they finally released the results in a massive, though well designed, 80+ page PDF.

Being the first major survey of the web industry, I, and many others I’m sure, was anxious to see how I stacked up. The survey focused on the core areas of classification (gender, ethnicity, location etc.), education, work and job titles, and money. There are too many findings to even begin listing here but the PDF does a great job at explaining their conclusions with many, many graphs. Speaking of data, A List Apart is giving away all of the anonymized raw data for people to dig through and reach their own conclusions.

A List Apart 2007 Web Survey

I can’t wait to see the results from the next survey to compare the changes in the industry from this year.

Adobe.com Had A Security Hole

Adobe.com Gave Anyone Server Access
Earlier this morning a friend sent me a link he found on Reddit that pointed to a very large security hole on the Adobe.com website. It has since been patched but I thought I would take some time to explain a little bit about how it worked and how it could have been exploited further. The problem was due to a lack of sanitizing a URL path passed as a query string from the Shockwave download page to a Perl script for back end processing.

A hacker could use this flaw to enter a local server path in the query string and get the server to spit back information about itself like file directories, usernames and passwords, and even important encryption keys. The following URL used to return a long string of what appears to be garbled text.

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=
../../../../../../../../../usr/local/apache/conf/ssl.key/www.adobe.com.key%00

What was happening was the path goes up to the root level of the server (the series of ../’s) and then into the local apache configuration files. Here the private encryption key used to encrypt SSL traffic would be exposed.

Whenever you conduct a secure transaction over the web, like giving a website your credit card information for a purchase, the traffic gets encrypted so it cannot be intercepted between the server and your computer. This keeps your confidential information safe and prevents a third party from sniffing your traffic to see what you are sending or receiving. You can tell you are using a secure connection by the yellow lock icon used in most browsers and the https:// instead of http:// in your address bar.

For this connection to work the server needs to have two keys; a public key and a private key. The public key is sent to your computer which it uses to encrypt a random number to send back to the server. A private key is kept on the server which is the only key that can decrypt the random numbers sent from your computer. From this transaction, both parties can generate key material used in encrypting and decrypting data. When an attacker looks at traffic over an SSL connection it looks like completely random and garbled text with no discernable pattern to it. The server and client can easily decrypt the garbled text putting it back to the original plain text.

Releasing the private encryption key of a web server into the wild compromises security allowing a 3rd party to easily decrypt SSL traffic or impersonate the server to perform a phishing attack. Adobe’s security hole wouldn’t directly break anything right away but a malicious user could use the flaw to probe for other weak spots and conduct an attack on those. Such attacks could expose personal data or intercepting sensitive traffic.

When coding a web application it is a good idea to build in a sanitize function that will strip out any non-alphanumeric characters like backslashes and periods. This can be done easily with a regular expression like replace(/\W/ig,””) that is common to most any programming language. This regular expression would change this ../../../../../../../../../usr/local/apache/conf/ssl.key/www.adobe.com.key%00 to this usrlocalapacheconfsslkeywwwadobecomkey00 . For more help with regular expressions check out this great tool I found.

For more information about SSL and Public Key Cryptogaphy check out Security Now Episode #34 Public Key Cryptography and Episode #85 Intro to Web Code Injection.

UPDATE: The Register has a complete write up about the security leak.

New Shirts In The Mozilla Store

The guys who brought you Mozilla have added some new shcwag to their store. I really like this spanking-new t-shirt.

Firefox Open Standards Shirt

And every order over $10 comes with free stickers. Woopee!

Twitter Launches Blocks… And I Am Confused

Twitter has been pumping out new features these past couple of weeks. Their latest, which just launched this evening, is Blocks.

Twitter Blocks

This is what it looks like and so far all I can figure out is blue squares are you, orange are your friends, and gray are um.. gray. You can click on squares to see the tweets of others. What is the point? Beats me.

Twitter Blocks was created by Stamen Design, the same folks who brought us those neat Digg visualizations.

Twitter also launched something a little more useful. Have you ever wanted to see a list of all the third party twitter apps in existence all in one spot? Then check out the Twitter Fan Wiki which categorizes apps into distinct categories for your exploration. I guess that is why they launched everything mentioned in this post at http://explore.twitter.com

Problems In Comcast Internet Land

For the past couple of weeks my Internet connection at home has been flakey and irratic. Sites would take multiple refreshes to fully load and there is a good amount of packet loss. Unfortunately this has been on and off making it very hard to troubleshoot exactly what is going on.

I called technical support and the lady on the phone said everything seemed fine on her end. Then she tried to ping my IP address and noticed an 80% packet loss proving there was something going on between my cable modem and Comcast. She put in an order for a tech to come out and replace my rented cable modem.

The tech came and said “Nothin’ is wrong with the modem. It’s something outside which should be fixed in 48-72 hours.” Low and behold 72 hours later nothing has really changed. The connection seems a little better but it is still unusable if I want to get anything done. Apparently I’m not the only person noticing this.

Over at DSLReports.com someone posted a topic titled “[Connectivity]Constant Downtim | East Coast | Maryland Area” and included a graph of his packet loss using a line monitoring tool.

Comcast Line Monitoring Results
Blue = Bad!

Looks like until this gets resolved, I won’t be updating my blog as much.

Have A Blog? Take Action!

Blog Action Day - October 15th

October 15th is Blog Action Day where bloggers across the globe will focus on one specific topic – the environment. Every blogger will post about the environment in their own way and relating to their own topic. This is all in hopes that the focused mass commotion will start the ball rolling towards a better environment for the future.

How do you participate? Simple. Just register your blog at BlogActionDay.org and write up an entry about the environment on October 15th. If you want to do more you can donate your blog’s earnings for that day or promote the event with their banners. Check out everyone that is participating and I hope that you add your blog to the list.