Internet and e-mail policy and practice
including Notes on Internet E-mail

May Jun
Jul Aug
Sep Oct
Nov Dec

Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Add to My Yahoo!

Subscribe with Bloglines

[Valid RSS]

Home :: Internet

13 Apr 2014

Open Source software is the worst kind except for all of the others Internet

Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd.

A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. The problem is that writing and testing cryptographic software is really, really hard.

See more ...

posted at: 00:39 :: permanent link to this entry :: 3 comments
Trackback link is

15 Mar 2014

The Name Collision Conference Internet
Earlier this week Verisign sponsored a two day conference on name collisions in the DNS. Despite the very short time frame in which it was organized, only a month from announcement to meeting, there were some very good presentations. I'll just hit some highlights here; all of the papers and slides are on their web site at

See more ...

posted at: 13:06 :: permanent link to this entry :: 0 comments
Trackback link is

15 Oct 2013

About those anonymous bitcoins Internet
Recent press reports say that Silk Road, an online marketplace for illegal goods, was shut down by the FBI, who seized the servers and
about 26,000 bitcoins in multiple wallets. They also apparently have all of the site's records of transactions among about 4,000 sellers and 150,000 buyers. If you're one of these buyers or sellers, now what?

See more ...

posted at: 10:29 :: permanent link to this entry :: 0 comments
Trackback link is

12 Sep 2013

Plumbing Neutrality Internet

I've been having arguments about Network Neutrality with a lawyer. My position is that you can't adequately regulate ISPs to be neutral, because there's no agreement what "neutral" means in practice. He points out that the courts aren't interested in technical details like what packets are dropped, it's that all traffic has to be treated the same, and ISPs should just figure out how to do that.

So I contemplated a city with Plumbing Neutrality with the simple rule that all people must be treated the same

See more ...

posted at: 12:58 :: permanent link to this entry :: 3 comments
Trackback link is

18 Jul 2013

Cargo cult account security Internet

Arthur in L.A. asks:

Why do online accounts like the one at my alarm company keep adding extra security questions? The choices always require either a subjective answer ("What's your favorite movie?") or, in a two-person household, more than one answer ("In what city did your parents meet?")
We all know that passwords are a terrible security mechanism. People forget them, and bad guys are ever better at guessing them. So there are basically three ways to authenticate a person: something you know, such as a password, something you have, such as a driver's license, and something you are, a biometric. Two-factor authentication schemes are much more secure than single factor.

See more ...

posted at: 00:25 :: permanent link to this entry :: 0 comments
Trackback link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

The Crap They Sell Online
36 days ago

A keen grasp of the obvious
At least they're warm blooded
121 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2013 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.