August 2004

The internet is killing itself slowly.

Ironically, the biggest advantage of the internet is the one that’s slowly killing it. The internet allows anyone, anywhere to do what they want in total anonymity. That’s great and very liberating. Now what about those of us stuck on the sharp end?

The internet isn’t owned or regulated by anyone one body so all we have are a curious set of governing rules as set out by different countries which are largely amended from out-of-date computer misuse acts. Most of these governing bodies aren’t actually interested in tracking down internet abuse as it’s so hard to do and even more difficult to prosecute and near impossible to convict as the data you can collect from an internet user is at best circumstantial and at worst completely fabricated.

This is a very fertile breeding ground for anyone who wants to cause trouble but doesn’t want to be caught. It’s the perfect medium to annoy others in almost total security. You don’t have to be particularly clever either. All you need is a newsgroup subscription and others will do all the hard work for you. Just as long as you know your ass from your elbow (goodbye 60% of the internet population) you can exploit known vulnerabilities, deface websites and on occasion scam your way into other peoples bank accounts. You don’t need fake ID, a ski-mask or a getaway car. Just a proxy account will do - or better yet; a dial-up account with an ever-changing IP address (thanks AOL!).

Since the internet boom and bust of the 90’s, the internet has become a viable option for start-up businesses. On face value it’s perfect as there are little to no start-up costs, no building to pay rent on or to heat and light and if you’re good with photoshop you can have a great looking “store front” for little outlay. Unfortunately you’re also pretty easy prey for just about anyone who fancies making your life difficult. Armed with a little knowledge and a penchant for writing little computer programs you can quite effectively knock a webserver out of service with a distributed denial of service attack (DDoS). Putting that into context, it’s like someone nailing shut your store door and there’s nothing you can do about it - even if you catch them. The best you can do is sit there knocking the nails back out hoping you’re doing it faster than they are going in.

DDoS is the most common type of attack and accounts for potentially millions in lost revenue a day. Unless you suffer losses more than $250,000 you can forget about getting help from the police or just about anyone else. Ironcially, DDoS is only possible due to vulnerabilties exposed by crackers which are then written up and posted for others to use thanks to the wonders of full disclosure.

This leads us to a very interesting question. Do we, as humans, have the right to do what we want? Sure - freedom is one of the main benefits of western culture. The freedom to do what you want is something we all take for granted. However, that freedom is tempered with good old cause and effect. You have the right to rob a bank but you understand that it’s against the law and as such you’ll be punished. This stops most people doing what they want. In effect we have social restrictions in place which limits our own freedom by our own choices. The internet doesn’t have these restrictions as there is no real threat of punishment. Without these restrictions you have to solely rely on people’s good will and their nature. Historically that’s a one way ticket to disaster.

What’s the answer? I don’t have any unfortunately. Whilst I don’t mind being “tagged” with some sort of global internet user ID I can see the reluctance by some people to sign up. We all have a right to privacy and I can see why people don’t want big brother watching our every step but I’d prefer that to what we have now. I have nothing to hide. My emails are largely boring and I’m not up to anymore more illegal than seeing the BitTorrent top 10 every now and again. It’s usually those with something to hide that protest the loudest.

Unfortunately, it’s highly unlikely that we’ll see any such system any time soon. If our governments can’t agree on how to save the planet they aren’t going to start saving the internet from itself anytime soon.

In the mean time we have to suffer the consequences of highly stacked odds. With a ratio of 1 computer programmer for every 10,000 people trying to compromise their program, it’s just a matter of time before another vulnerability is exposed and posted onto a so-called security website for others to read and digest so that they can find vulnerabile websites to exploit without fear of recrimination.

I’ve been working hard (cough) on Invision Power Dynamic, our upcoming new CMS, for a little while now. Development has been stopping and starting between IPB 2.0.0 updates but we’re finally getting to the stage where the back-end code is inplace and I can now flesh out the code structure.

With that in mind and a possible ‘official’ announcement next week, here’s a little teaser. Obviously it’s still in heavy development, so expect a lot to change over the next few months.

My inbox was jam-packed with spam again today. Thunderbird does a good job of filtering most of it out but I like to check in the junk folder now and again to make sure that it’s not decided that all communication from fellow IPS’rs should now be junked. I would ‘whitelist’ [at]invisionpower.com but I often write to myself attaching viruses so it’s pretty pointless.

So - let’s all thank “idontlivewithmom” for his comprehensive and inspirational email. This web-wizard finally moved out of mom’s trailer at the age of 43 and he’s proud of it!*

Seriously, I long for the good old days of Nigerian bank scams and questionable adult material.

*Yes, I know this person doesn’t exist and that it was a random piece of junk designed to get the receipient to open the attachment but just humour me.

My previous blog entry was mentioned over at the Opera.com forums (my.Opera.com) and a helpful member posted a fix for my CSS quagmire.

So, thanks to ‘adcott’ this blog should now render just fine in Opera. It’s probably broken it in IE but that’s half the fun of the CSS see-saw.

Now, to add that fix to my list of things that specific browsers require to show the same page.

No - I’m not talking about loose morales, I’m just spelling out what the internet has been telling us since day 2. (Day 1 was inventing smilies).

The internet is essentially a huge unmoderated confusing mess. A section of the internet community then decided to try and standardize everything and that’s when the fun really started. Shortly after the jurassic era, the Netscape 4, IE 4 browser war started. Each decided to find ways to make grown men cry by creating their own set of HTML tags and redefining the “standards”. And why not, it’s not like the standards police were going to get them any time soon (as much as “Raving” from New Zealand tried).

Unfortunately for us, that meant having to pretty much code two sites; one for Netscape and one for IE. This lasted for a while until IE killed off Netscape and the world rejoiced (apart from the Netscape enthusiasts).

For a short while the internet was a peaceful place full of beautiful tables, font tags and inline styles that worked in Opera, IE and Mozilla. Web developers started taking Friday afternoons off and ventured into the real world to party with their new found freedom.

The standards police decided that having fun wasn’t actually defined in the HTML 4 doc type so they decided to start over and invent CSS. Unfortunately CSS wasn’t the sequel to the TV show CSI but was a way to style invisible DIVisions of HTML code. This was a great idea and the standards police celebrated by taking Sunday off.

IE and Mozilla woke up on Monday to find out that the goal posts hadn’t changed - it was the whole damned game that was different so they decided to play one last prank by making their CSS rendering engines to amazingly different things. Opera obviously not content with thier 0.8% share of the internet vented their frustration by ignoring what IE and Mozilla were up to and did their own thing just to show how annoyed they were.

Mozilla quickly realised that CSS was here to stay and decided to make many tweaks to their engine to largely adhere closely to the standards set out by the minions of the standards police. IE had 95% of the internet audience and just scoffed; “That’s the last time we’re going to update our engine for 6 years!” and disappeared into the night probably after twirling it’s cape for effect.

Web developers, slightly hung-over from the font tag party of ‘01 realized that not only did they have to code for two different browsers again but they also had to learn a new language. The standards police acted quickly by brain washing every 12 year old who stumbled across their webpage and sent them out to do their evil bidding. Soon, every internet newsgroup and forum was graced with demands; “Remove all tables at once! Font tags are evil!” they’d cry. Web developers just cried.

Mozilla did the only thing it could do to appease the situation. It forked it’s code into another browser with it’s own CSS rendering quirks. Someone somewhere also figured that it’d be hilarious if browsers could pretend to be other browsers just to see the devastation it would cause.

Web developers the world over are now asked to hand in their belts and shoe laces before they are allowed into their cubicles and get twitchy when W3C is mentioned.

Where was I? Oh yes - this design doesn’t work in Opera properly and I’m proud of it because I have standards.

The first person to run this site through the HTML validator and lists all the errors gets banned. Twice. Anyone attempting to defend any of the following: Mozilla, IE, Opera, Safari, et all will get a really nasty stare.

I finally got around to making this place a little more homely by introducing a little IPS-ness into the design.

I’m working on Invision Power Dynamic (or IPDynamic for short(er)) <digression>why do programmers get the urge to correctly close all nested parenthesis? </digression>.

I’m really excited about this project as I have been able to start from scratch and plan it out using my past experience. Invision Power Board was a re-invention of Ikonboard which was a re-invention of other products so it’s nice to start with a clean slate. I’ve got some fairly unique ideas for features and I want to make it a very simple product to use from the get-go. It’s also nice to have a small library of routines I can use from Invision Power Board which lets me hit the ground running. I might post a few screen shots ahead of a public announcement here soon.

Anyway, this was supposed to be a micropost and I’m not going to blog about writing code.

Well, maybe a little now and again can’t hurt.

I’ve decided that blogging is silly.

I’ve spent the better part of my ‘down time’ (that’s the microsecond it takes to save a BBEdit file) deciding what to “blog” today.

I don’t want to become one of those nerdy bloggers who spend all day coding and then all night writing about that days coding. I don’t really want to tell the world that my new routine for stripping non-ASCII characters has the ability to take over the world because quite frankly that’s dull. And boring.

I don’t want to post tech news and then add my own witty comments because there are enough blogs out there that cater for that niche market and again, I find tracking the latest version of PHP rather boring and no one wants to hear my repertoire of Java jokes. “Knock knock.”, “Who’s there?”, “Compile Error”.

See. Told you so.

I also don’t want to post about my daily life. That works for some people and it’s great to hear about their taste in music (Radiohead, Coldplay, Keane, etc) and their wonderfully amusing pets (Dog called Barney) and how awesome their life is - because that’s pretty dull too.

So what shall I write about? Actually - complaining about having nothing to write about is pretty fun. Maybe there is a niche market for slightly grumpy web developers who like to blog about having nothing to blog about.

Monday is SPAM day.

All over the world people are firing up their email clients for the first time since Friday lunchtime to download their first spam of the week. Monday is extra special because all that wonderful spam has built up over the weekend patiently waiting for that innocent looking “get mail” button to be hit.

I try and do all the right things to avoid SPAM but no matter what I do, Monday always starts with a few thousands advertisements for herbal remedies which Thunderbird helpfully throws into my junk folder. I disable HTML rendering when viewing emails which makes for some interesting looking Apple iTunes emails. I try not to post my email address publicly and I avoid dodgy looking mailing lists.

My problem is exacerbated by having a fairly high-profile email address. I’ve lost count of the emails I’ve apparently sent to myself asking me to download the attached .exe file to ‘update’ my software. I’ve also sent emails to myself cancelling an email service I never had. Fortunately, that email came with an attachment to allow me to continue using it.

This leads me nicely to the cure for SPAM. We don’t need complex spam filters and other methods of post-processing the inevitable. We just need to get rid of stupid people.

Newsflash. If people actually stopped buying penis enlargement pills, vi*gr/\ (it’s been so long since I last saw that spelt correctly) and other herbel remedies then maybe these bulk mailers would move along and find something else to infest. Last year, the spam industry was worth billions. It’s the ‘get rich quick’ scheme of the 00’s (you know, it’s going to be 16 years before we can use that idiom again properly).

Now we’ve got rid of the advertisment based emails, lets remove all of those who download every attachment they receive and run them thus spreading the virus that ultimately sends me an email. That way the virus would simply die out on its own.

How would we acheive this nirvana?

The very first step of the Windows / Linux / OS X internet connection wizard could be a simple IQ test. That should cut down the ‘net community to about 10% of it’s current size.

Of course, if that were the case, I wouldn’t be able to connect to write this blog entry.

I’ve finally been convinced that this blogging lark is the new rock and roll.

As soon as I discover what happened to the old rock and roll, I’ll let you know.

In the mean time, don’t expect much ‘blogging’ activity until after the weekend.