Monday, October 26, 2009

Regulations of Open Networks...say what?

I am all for open networks, applications, projects, etc.  I even strongly support FOSS software. In fact, every piece of code I personally write for public consumption is released under the GPLv2. (I'll look into v3 when it stabilizes a bit more; some of it is still too new for me to wage an accurate risk evaluation).  I have, of course, written stuff for myself (and that code holds a strong IP copyright) ... but if I were to release it, it would be OS.  Yet, even from a business standpoint, I would argue that FOSS is the way to go.  You become the free, defacto standard...and fsck people for support.  And then when you eventually fork a professional version that is more stable, has more updates, is more feature rich, and is more enterprise geared , those changes get backported to the FOSS version as time progresses and the pro version is further updated.  (Examples: Nessus, Snort, Wine, Red-Hat, etc.)

Now...with all of that said, we live (last I checked) in a capitalist economic society.  If you want to write software, platforms, firmware, etc. and charge for it, then so be it.  If you want to keep other people from manipulating it, then so be it.  More than likely, I will never personally use it or even support you -- but good luck to you anyway. With some smart marketing professionls (who then write "1x faster then the competition" on the package), you'll succeed either way.

Furthermore, I strongly disagree with patents on software.'ve come up with an idea! Have a cookie and go make it happen!  Do it right, and you win!.  Software patents protect people/companies who suck at turning an idea into a solution.  Just because you had an idea doesn't mean that I shouldn't be able to implement it in my own way, for my own purposes, on my own terms.

Specifically concerning "Net Neutrality," there are currently two ideas of thought. The first feels that companies should be allowed to do as they choose. That is, they can block sites, customers, countries, applications, protocols, etc.  The feeling is that "they" run the network, so "they" make the call.  Conversely, the other line of thinking is that it should be open and that companies shouldn't be allowed to tell a customer how he/she can and should access some form of technology.

Consequently, I have never been one to support the government telling a company how to run a business.  I believe that if the company is doing it wrong, they'll figure that out at bankruptcy court.  At the same time, I don't think the companies have the right to tell you what to do in your own home. Thus, I am torn, really.

One thing I do know, though, is this: the side that is trying to keep things open is going about it ALL wrong.  Net Neutrality doesn't just cover covers government bodies as well.  Every where I turn, someone else is pleading to the FCC to create laws to keep the Internet, networks, and technology from being infringed upon from both the government and the corporations.

HELLO? ?!? Did I miss something?  How do you enact a law prohibiting the enactment of other laws?  Do people not see that once the FCC gets involved (that is, once they get jurisdiction over this form), it will set a precedence and the very thing everyone wants them to protect WILL BE TAINTED?


Do I want my internet provider to tell me what I can and cannot do on the Internet?  No.

Do I want my government to tell me what I can and cannot do on the internet?  No.

Do I think the government should be protecting us from such infringement?  No!

Lets make it simple: If there is a telco out there blocking access, drop them and get another one.  Trust me, if they all close up, someone will step forward. OpenISP anyone?  Seriously though, we CAN vote with our wallets...and we should!  While some usage is already protected by law, there are fair use laws in place and laws protecting speech, etc.  Those should protect the majority of the issues.  The rest can be handled with our money.

Just think twice before you ask for more laws and regulations to protect us, it may be the very thing that hampers us...

Monday, October 19, 2009

twitter2rss: Turn Friends into Feeds

A New Twitter Tool:

This past weekend I worked on a new project idea I had stored in the back of my mind.  The project "twitter2rss" allows you to generate an OPML RSS feed list of all of the friends, for a particular twitter account.  In other words, you give it the username of a twitter user, and it gives you a list you can import into your feed reader.  The project is nothing elaborate, it is not supposed to be.  It is just a simple tool that allows you to create a feed list.

If you have any questions, comments, suggestions, or (hopefully not) complaints, leave them in the comments.


There are a few known use cases (based on my own uses, and that of a few friends).

  • RSS Feed Reader does not allow authenticated feeds (quickest way to get the "home" feed - an example Google Reader)
  • Twitter is blocked from the location, but you still wish to obtain the feed data through a web based reader
  • You are not a Twitter member, but wish to follow someone else's friends (lurkers)
I am sure there are other cases this tool may be useful, leave your own uses in the comments if you'd like.

Project Description:

twitter2rss will obtain all friends of a specified twitter account, and then create an OPML feed list. The feed list will contain all of the obtained friend's twitter RSS feeds, which can then be imported into any standard feed reader.

Project Links:

Project Page: (Just the default Source Forge Project Page)
Summary Page (This is more then likely the one you want)

Project SVN:

svn co twitter2rss - Check out:


Saturday, October 17, 2009

As The Calendar Turns: A Brief Review of the 2009 Fiscal Year on the Information Highway


Has it truly been over a year since my last blog post?  I know I am certainly not the most frequent (or even semi-frequent) blogger on the Internet, but could it really have been that long ago that I posted about twitter changes and talked about the amazing mobility I have with my Blackberry?  I guess it has indeed been a year or so since those posts were made.  Perhaps we should change all of that...start this fiscal year fresh with a post.  Of course, when you have been quiiet for a year (even though I've been active and vocal in plenty of other Internet outlets), where do you really start?  How about a blog post about what has changed in the past year?

You don't often get to read a post about the dramatic changes in the past year-mainly because people keep you current with frequent content, and partially because people are too busy to stop and count the bits.  But when you do pause for a moment and look back, it seems like just yesterday that CNN and Ashton Kutcher were fighting for the title of first user to have one-million Twitter followers and Opera was joining Twitter (with thousands of soccer moms following). What about all the great malware of this past fiscal year?  Are you still cleaning Conficker off your systems?  It feels like just yesterday we were coming out of one of the most high-tech elections of all time.  Time surely flies, so lets take a look at the highlights.


I feel like Twitter receives too much coverage; yet, it may actually be the most promising and popular communication tool.  It really wouldn't be accurate to exclude the accomplishments of Twitter in such a post.  Going "main stream" is the dream of most Internet start-ups.  Not many complete such a task and certainly most do not have major news network coverage.  However, Twitter received such success late last year-with many news-breaking events.  It seemed that every time the news networks dropped the ball with a story, Twitter was right there to catch the opportunity.  And the people noticed - as did the media.  Spotting a prime opportunityl, they shortly jumped on the bandwagon thereafter, as well.

Moreover, the number of Twitter users continued to climb rapidly.  From housewives to teenage celebrities, everyone was joining Twitter.  Luckily for us avid geeks, the twittersphere is averaging itself out.  But it is still nice to acknowledge the great success that Twitter has come into...we should all take a moment and congratulate Twitter again for such a wonderful Web 2.0 story, and a wonderful product.

Now if I never read another post, comment, tweet, or article about Twitter, I'd be content.

Legal & Cyber Command

It was not too long ago that every time I changed the channel, I'd see another Air Force cyber command commercial.  That all was laid to rest when a national Cyber Command was forged.  This command will oversee the nation's information security infrastructure.  Along with this institution 's creation came a large amount of concern - both over network neutrality and national privacy.  While very little questions have been answered, it is fair to remind everyone that the entire project is still very much in the developmental stage.  One thing is for sure, our government is taking the security situation seriously.  Let's help facilitate such actions in any way that we, as the community, can!

Don't forget about the interesting Cyber Securtiy Act of 2009, though, which interestingly gives the President the power to "shut down" the Internet.  We haven't heard much about this recently. Maybe we should review the progress?


Every once in a while, a large hype is cultivated around a security issue.  More often than not, this issue is far from the most pressing.  Many times, other larger issues will even coincide, time- wise, with this publicly-hyped threat.  Enter Conficker.  The April 1st malware of the year.  It seems that as of late, each new year brings a new malware (vapor-malware) that makes a run with a destruction date of April 1st.  Time after time, the mass media runs with such a half-cocked story.  Conficker is really no different. The malware did little harm overall.  Of course, the security community took the opportunity to further educate the general public.

While the infection didn't cause the end of the Internet as some would have hoped (or as others would have had you believe), it is quite interesting to note that even as recently as two weeks ago, there are still over 250 million active infections.  It begs the question: are hyped threats spread further through haphazard searches? Furthermore, are they funded increasingly by the adversaries due to their popularity?  Or are they simply more visible?  These are some questions that the community really needs to ponder - as there will be plenty more to come on April 1st...or so we all hope.


Certainly every time you check your RSS feed, you read about another vulnerability. With the popularity of products, Microsoft is on the top of the offenders list. (We could discuss the reasons indefinitely and ad nauseaum, so lets just skip them for now).  However, not nearly as many are as profitable as the previous RPC/SMB related vulnerabilities.  They are a gem amongst the rough - depending upon your perspective.  This year brought us another such novelty: the SMB2 vulnerability.

One of the most fascinating components of this vulnerability lies not in the vulnerability itself, but instead, the timeline.  The vulnerability was originally released simply as a denial of service.  Some people in the industry proported that the vulnerability was further exploitable to control execution; others strongly opposed.  Microsoft released a statement indicating it was ONLY a denial of service.  The interesting story was really going on in the background, within the "underground" communities, where exploit code could be found that controlled execution - prompting this vulnerability to the remotely exploitable code execution category.  To add more fear to the atmosphere, it took over nine days before a private security company released information that they had developed a proof of concept that allowed remote code execution.  Only after these facts surfaced did Microsoft confirm the true risk of this vulnerability.  For the pentesters out there, this is one more trick we can keep up our sleeves,. For those system administrators, don't forget to patch your new installs.


It is almost unfair for me to mention this when attempting to review the past.  But bare in mind, we first heard of this new Google initiative in the previous year.  It seems that the party is really just starting with this one, and it may be too early to really review the progress.  However, there are some eerie similarities to past Google projects.  Take Gmail as an example. The project was also released as a closed-invitation beta.  Hype grew...and you had people literally buying invitations.  I am unsure how far the hype will spread with Google Wave, but certainly the potential is there.

People are outright begging for invitations.  It seems everyone is talking about the new collaboration tool, but almost no one has an account.  The number of original invitations was proportedly to number somewhere around 100,000.  I doubt that people will openly sell or buy invitations (it is certainly against the terms of service), but that is certainly not stopping the malware authors, spammers, and other Internet delinquents from jumping on the bandwagon.  I am making a prediction: I expect us to see more in this arena in the near future.  This will most certainly translate into a future blog just depends upon how far the rabbit hole deepens.

Phones, Gadgets, and Toys

Apple, RIM, and Google have really taken the world by storm (no RIM pun intended) with the mobile phone market.  More electronic gadgets have been produced than we can even afford.  It seems that the average consumer is becoming more and more technically savvy, and more and more technology centric.  I would be remiss if I didn't include some of the outstanding leaps and bounds that the electronic markets have achieved.  The mobile world continues to become more integrated into the cyber world.  Only time will tell how far this path will lead.  Yet no matter which devices or companies you cherish, just remember: with collaboration comes great outcomes.  Enter some great electronic collaborations.  More and more manufacturers and technology companies are teaming together to bring us even more power and resources in a mobile world.


This brings me to my last point: collaboration.  Each year it seems that the technology communities unify more and more-helping to facilitate more opportunities.  Out of all of the great events and achievements of this past fiscal year, this, in my opinion, is the most profound.  More open standards are created and more collaboration is bred.  Hopefully, we can see this methodology continue to grow.

Open Ending

No fears...I purposely kept this post brief and open-ended.  I wanted to lightly highlight some of the key events in (fiscal year) 2009.  I certainly didn't cover every event...not even the major ones. But hopefully, this will remind you of some of the prominent issues and events we endured.  While the fiscal year is over, the calendar year is still ticking.  I hope to review some of these events and components again in the future and see some of the end results.  Please allow this post to remind you to take a pause every now and again, to look back and reflect on the stepping stones that have brought us to this point.  It is something that many of us take for granted.  Comments are always welcome. I hope we can spark some interesting conversation about the past events and project some lessons learned into the future.

Justin M. Wray