Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue
Is the Internet susceptible to terrorist attack? We talk to an expert about Internet vulnerabilities and strengths. In lighter news, we're happy to announce the rebirth of DealBITS, starting with a Tom Bihn bag giveaway! Also in this issue, Macworld Expo heads back to Boston (without Apple), Bare Bones releases Mailsmith 2.0.1, Virtual PC 6.1 becomes part of Office X despite not working on the Power Mac G5, and Adam is interviewed on The User Group Report.
Copyright 2003 TidBITS Electronic Publishing. All rights reserved.
Information: <email@example.com> Comments: <firstname.lastname@example.org>
This issue of TidBITS sponsored in part by:
Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Macintosh users who actually buy stuff.
For more information and rates, email <email@example.com>.
READERS LIKE YOU! Help keep TidBITS great via our voluntary
contribution program. Special thanks this week to David Illig,
Emko Witteveen, and Michael House for their generous support!
SMALL DOG ELECTRONICS: Great Deals on PowerBooks!
PowerBook G4/1 GHz 17in w/SuperDrive Only $3049! PB G4/867 with
SuperDrive Only $1645! PB G4/867 with Combo Drive Only $1479!
Visit: <http://www.smalldog.com/tb/> 802-496-7171
SIX DEGREES puts your email back to work for you. It eliminates
the need to refile email or search for that elusive message.
Your email isn't going away, so you may as well put it to work.
MAC OS X DISASTER RELIEF: When we're trying to troubleshoot Mac
OS X, we turn to Ted Landau's 660 pages of techniques, tips,
and ways of diagnosing crashes, freezes, and wacky behavior.
30% OFF/FREE SHIPPING! <http://www.tidbits.com/tbp/osxdr.html>
Adam Interviewed on The User Group Report -- Tune in (via streamed QuickTime or downloadable MP3) to the most recent edition of The User Group Report to listen to host Chuck Joiner, who also serves as the chairman of the Apple User Group Advisory Board, interview me about the history of TidBITS, our involvement with user groups, how we encourage user group publications to reprint articles from TidBITS, and more. [ACE]
Macworld Expo 2004 Set for Boston -- Boston has certainly seen its share of conflicts (see "American Revolution, The"), but for today's Macintosh users the city remains the focus of a tug-of-war between Apple Computer and Macworld Expo organizer IDG World Expo (see "Apple, IDG World Expo Play Hardball Over Macworld Expo" in TidBITS-652). Last week, IDG World Expo announced that the East Coast 2004 event will definitely be held in Boston instead of New York City, from 12-Jul-04 through 15-Jul-04. Shortly after the announcement, Apple issued a statement to MacCentral reiterating that it will not participate in a Boston show.
As with this year's New York Macworld Expo, which saw drops in the numbers of vendors and attendees, it will be interesting to see if an East Coast expo can survive (see "Macworld Expo New York 2003: Highly Concentrated" in TidBITS-689). Of course, the Boston event is still eleven months away, so it's possible that Apple may convince IDG World Expo to head back to New York, as it did after a Boston show was announced in 1999 (see "Follow the Bouncing Expo" in TidBITS-468). It's even conceivable that IDG World Expo would dangle sufficient enticements to convince Apple to attend. In the meantime, we're looking ahead to the less-contentious Macworld Expo 2004 in San Francisco, 05-Jan-04 through 09-Jan-04. [JLC]
Mailsmith 2.0.1 Adds Secure SSL -- Bare Bones Software has released Mailsmith 2.0.1, an update to its powerful email client (see Matt Neuburg's "True Confessions of a Mailsmith Switcher" in TidBITS-690). At the top of the list of changes is support for checking and sending email using secure (SSL) connections to POP and SMTP servers. Also new in this version is the capability to perform tests against group memberships in Apple's Address Book application, more terms for use in Mailsmith's advanced filters (see our series on Mailsmith distributed filtering), and a number of tweaks and bug fixes. Mailsmith 2.0.1 also now includes a copy of Michael Tsai's SpamSieve (see "Tools We Use: SpamSieve" in TidBITS-667). Mailsmith 2.0.1 is a 13 MB download, requires Mac OS X 10.1.5 or later, and is free for owners of Mailsmith 1.5 and later. [JLC]
Virtual PC Resurfaces in New Office, with a Catch -- Microsoft last month revamped its Office X lineup, adding the recently acquired Virtual PC to a new professional configuration. Office X Standard Edition, which includes Word, Excel, PowerPoint, and Entourage, drops to $400 (or $240 for those upgrading from Office 98 or Office 2002). A comparable $150 Student and Teacher Edition allows licensed installation on up to three computers. The Office X Professional Edition adds Virtual PC 6.1 for Mac, with Windows XP Professional pre-installed, and costs $500, roughly $100 off what the products would have cost separately before. Microsoft says Virtual PC 6.1 adds no new functionality and is just a rebranding of the 6.0.2 version released by Connectix. An upgrade to Virtual PC 6.1 from earlier versions costs $100. Virtual PC is also available as a $150 stand-alone product; for $220 it includes Windows XP Home, and for $250 it comes bundled with Windows XP Pro.
Unfortunately, these changes come with news that Virtual PC 6.1 for Mac will not work on Apple's new Power Mac G5. Unlike the PowerPC G3 and G4 chips, the PowerPC G5 processor does not support a feature known as pseudo little-endian mode, which Virtual PC uses to emulate a Pentium processor. Microsoft is reportedly working on a fix, but it requires significant engineering work, and no time frame has been given. [MHA]
by Adam C. Engst <firstname.lastname@example.org>
As I'm sure you've realized over the last year or two, the slow economy has affected almost everyone, including TidBITS, since our primary source of income is our corporate sponsorship program. We've seen MacFixIt move to a subscription model, and Ric Ford of MacInTouch recently wrote about his site's difficulties and announced that he would be taking donations along the lines of our contribution program.
Contributions from readers have proven extremely welcome in softening the financial blow for us, and a bit of a rebound for the sponsorship program might be coming in the final quarter of 2003, but in the meantime, we've decided to broaden our revenue sources. Here's what we're doing, and I hope you'll find these changes sufficiently interesting to help make them successful ways of keeping TidBITS solvent.
DealBITS Drawings -- Many years ago and for a relatively short time, we published another newsletter called DealBITS, whose goal was to attract and publish product discounts for readers, with companies paying to be included. It wasn't a huge success, in part because it came too early, and companies hadn't realized the utility of the Internet for raising awareness and increasing sales with limited-time discount offers.
Now we're reviving the DealBITS name and aspects of the concept, though not as a separate newsletter. The end goal remains the same - to attract discounts for TidBITS readers while raising some money for TidBITS, with the added bonus that the company providing the discount will also donate a prize to be awarded randomly to one of you. To be eligible to win the prize, you will need to sign up (no purchase necessary, yada yada yada) on a Web form and explicitly agree to the rules. At the end of the week, we'll pick a random name from the entries to win the prize; everyone else who entered will receive the discount code. We'll notify all entrants and publish the name of the winner in the next issue of TidBITS (that's an important requirement of the laws surrounding these sort of drawings).
We've discussed this project a bit on TidBITS Talk, and here are a few answers to the common questions:
Although we can't be responsible for any wacky local laws that may make you ineligible, international readers are welcome to enter unless we specifically note otherwise. The lawyer says you must be over 18, though.
Shipping costs shouldn't be an issue because we anticipate either the prize being a registration code to a downloadable product or the sponsor bearing the costs, even to international addresses. The winner will be responsible for any taxes, fees, or duties.
Our first DealBITS drawing appears in this issue; future drawings will occur as we find companies that are interested in participating. Any company that wants to learn more about what's involved should send me email at <email@example.com>. So take a look, and for those of you who don't always get around to reading TidBITS right away, remember that DealBITS drawings are active only for the week following the issue in which they're announced. You snooze, you lose.
Spotlight on Peachpit Books -- With the trend toward fewer and slimmer manuals that I identified more than five years ago in "The Death of Documentation" in TidBITS-428 continuing unabated, technical books have become ever more important sources of tested, organized, and well-presented information. There are times I've struggled in vain to search the Web for the solution to some problem, only to find it quickly in a book on my shelf.
So we're starting a partnership with our friends at Peachpit Press to spotlight one book a week in the sponsorship area at the top of each issue. These are recent books we find the most interesting or useful, and the ones we think you'll want to know about. They'll all be 30 percent off the cover price, and InformIT (the fulfillment arm of Peachpit's parent company) offers free UPS Ground shipping within the U.S., making the overall price cheaper than most online sources. The only downside is that their international shipping is usuriously expensive, so we recommend international readers investigate other methods.
It remains to be seen how helpful this program will be to our bottom line, since our experience is that affiliate programs seldom generate significant income. My hope this time is that by recommending a different book each week, it will prove sufficiently popular with TidBITS readers to be financially worthwhile.
Google AdSense -- One of the major problems that anyone who attempts to fund a business via advertising quickly discovers is that attracting advertisers is extremely difficult. Ad sales is a specialized field that few people do well. So, what if there was a service that would go out and find appropriate ads for you?
As you've no doubt realized by now, the search engine company Google earns money by selling keyword-based ads that appear when you perform searches - the AdWords program. Since the ads are (at least theoretically) targeted to match your search, they're more relevant and thus more successful than standard banner ads. Google has done a good job of making it easy for businesses to promote themselves by buying these ads via a process of bidding to pay a certain amount for each click-through. The higher an advertiser bids, the higher in the listing their ad appears.
We've redesigned our home page to make room for the Google ads, and we're testing to see if our traffic and click-through rates will make it worthwhile to add the Google ads elsewhere on our site. Anecdotal reports from friends indicate that sites with a lot of traffic can generate tidy sums of money. I'm not positive that our site meets the ideal profile, but it's an easy test, and remember, every time you click one of those ads, TidBITS earns some money, somewhere between 3 and 65 cents to judge from what we've seen in testing.
Try 'Em Out! All of these efforts are quite new for us, so be sure to let us know what you think in TidBITS Talk. Here's hoping they work out, both in terms of providing useful services for you and helping keep TidBITS in the black.
by Adam C. Engst <firstname.lastname@example.org>
Want your PowerBook or iBook to have a well-padded home to protect it from the cruel outside world? It's worth checking out the laptop bags, backpacks, and briefcases from Tom Bihn, a maker of high-quality bags in the Pacific Northwest. (If you're in downtown Seattle, be sure to check out the first Tom Bihn retail store, located at 609 Second Avenue near Pioneer Square.) Tom Bihn himself has been designing bags for over 30 years, and manufacturing and selling them for over 20 years.
We'll announce the winner in next week's issue of TidBITS, and we'll also notify everyone who enters individually.
by Adam C. Engst <email@example.com>
With terror alert color codes coming and going, and the constant presence in the news of both terrorist activities and anti-terrorist efforts, it's hard not to wonder what the vulnerability of the Internet might be to terrorists. To answer that question, I turned to Chuck Goolsbee, Vice President of Technical Operations at the large Web hosting and server colocation firm digital.forest (where the servers that maintain much of our Internet presence have lived for years). Founded in 1994, digital.forest has all the large-scale data center amenities - redundant fiber, multiple backbone connections, redundant power, secure facility, and so on - but with the advantages of a small-scale ISP - friendly, knowledgeable tech support who understand multiple platforms, personal service, reasonable pricing, and more. digital.forest also is the oldest and largest Mac-savvy hosting and colocation facility, housing many well-known Macintosh Internet sites. And as vice president of technical operations, Chuck pays a lot of attention to anything that could cause interruptions in digital.forest's service.
Adam: Chuck, is there any way terrorists could physically attack the Internet?
Chuck: In terms of physical locations go, there are so many places that "are" the Internet that attacking one, or even several at once, would have negligible overall affect to the entire network. My point here is that unlike 20 years ago, the Internet is no longer a bunch of interconnected wires. It is in many ways, everywhere.
That said, there are a handful of places where too much stuff is concentrated in one physical location. An inhabitant of the network operations lists I subscribe to, Sean Gorman, has written his dissertation documenting the Internet and other infrastructure items in the U.S. It represents the first ever complete "physical map" of much of the Internet, and now has been deemed a "security risk" by some government people who fear exactly what your question asks about. They see Sean's dissertation as a guide for attacking the Internet.
The irony here is that everything Sean used to make his map is public information. Some of these places are even geek tourist spots! I'll admit that I have visited a few locations where transoceanic cables make landfall, and yes, my wife thought I was nuts when we drove out to Land's End in the UK to see what she properly interpreted as a "nondescript concrete box."
But to reiterate, any such physical attacks, even on important Internet connection points, would be devastating to the companies directly involved, but the Internet would, as the cliche says, route around the damage. Even if your packets had to travel three times the physical distance, they'd still find an interconnect point that would get them to their final destination.
Adam: So in the short term, traffic to specific Web sites might be cut off or at least slowed down by less efficient, but still functioning, routes?
Chuck: Yes. The Internet is not a single network, it is many networks, all interconnected, usually at multiple points. The obvious attack targets are major exchange points where many of these networks meet. Our local one here in Seattle is a building downtown called the Westin Building (if I recall correctly, it is the former headquarters of the Westin hotel chain).
Virtually every major Internet provider has some or all of their Pacific Northwest presence there. It makes economic sense to "meet" in a single location, but if you are thinking in defensive terms, it is a weakness. Through some luck and a little planning, only half of digital.forest's upstream bandwidth comes directly through that building (via a Gigabit Ethernet connection); the other half comes in via an OC-12/SONET ring from Verizon. The latter originates in Everett, WA, mostly due to our location northeast of Seattle. So even if the Westin Building were damaged, we would have connectivity from alternate sources. In larger terms the whole Internet works like this, with multiple paths to most destinations. The routing protocols that manage the Internet's traffic constantly update and change the pathways for data, so that when a route disappears, alternatives are ready and traffic still flows. But honestly, I fear a large scale natural disaster, such as the earthquake that struck Kobe, Japan, more than I do a terrorist attack.
Adam: And how long would it take for more-or-less normal operations to start up again?
Chuck: That would of course depend on the nature and scale of the incident. Some operations could be up in just hours, and some could take weeks. A major earthquake could cause widespread damage that would make rebuilding that much harder. But since we're talking about terrorist acts, the September 11th events serve as a good example. The attack in New York caused significant damage to major telecommunications facilities in lower Manhattan. Some services were disrupted for a few hours, most were out for a period of several days, and a few required weeks to replace or repair fully. The services on which people depend for critical communications, such as standard dial tone and 911 emergency services were the first to be restored. Email and Web traffic were (justifiably) further down the list. In this case, the impact was highly localized, being confined to an area immediately surrounding the World Trade Center.
Adam: It doesn't sound like a physical attack would do much to the Internet. What about terrorists releasing worms? What effect might that have?
Chuck: Take two examples, MSBlaster and SoBig.F, which were targeted at specific weaknesses in Microsoft Windows's RPC and Outlook, respectively. The damage they caused as they spread was basically a denial of service (DoS). MSBlaster was easily defeated by Microsoft as they removed the target of the planned DoS attack. SoBig.F's ultimate purpose is not yet known. What the press thought was the attack was really just the spread... the massive amount of traffic caused as these worms propagated through the Windows machines connected to the Internet. No specific damage happened other than to networks that were completely unprepared. However, if core functionality such as DNS was disrupted in a serious manner, the damage would be global in scale. Without DNS the Internet loses its human-readable nature. I may know that 126.96.36.199 is www.forest.net but very few other people do; DNS does the necessary lookups behind the scenes.
Also, those sorts of worms and viruses usually don't have a political agenda behind them, beyond pointing out the flaws in running code. I can't see them meeting the goals of a terrorist organization - even if the worm displayed some sort of political message, it would exist only for a relatively short time until the anti-virus software and firewalls were updated.
Adam: Let's focus on DNS then. How hard would it be to bring down DNS?
Chuck: Very difficult, because DNS is a resilient system that was designed from the start to be massively distributed. Also, one of the frustrations of dealing with DNS is propagation time, the time it takes for changes made to DNS to become usable across the whole Internet. That built-in delay makes attacking the DNS system as a whole extremely difficult.
Adam: But as much as DNS is distributed, aren't there root servers that are more important than any ISP's DNS servers?
Chuck: Yes, DNS does have a weakness in that all DNS servers defer to a system of root servers that ultimately control which lower-level DNS servers have authority over which domain names. Last I checked there are 13 root servers distributed around the world in obvious high traffic Internet exchange locations. The organization that oversees their operation has made efforts to secure them by making their operating systems and DNS software be more diverse, and therefore less susceptible to attack. They have also built mirrors and clones of root servers in physically diverse locations. There have been distributed denial of service attacks made on the root servers, but to my knowledge these attacks have usually been stopped before they can do any real damage. A successful attack on the root servers would be very difficult to achieve, but significant in its effects.
Adam: Interesting - running multiple operating systems increases the overall resiliency of the system, since most attacks are specific to an operating system or will affect different operating systems differently.
Chuck: Precisely. The DNS system and others like it are resilient, but I think that's mostly due to the nature of the people who operate them. These are, for the most part, smart and resourceful folks. Systems, when they are virtual in nature, can usually be reconstructed swiftly when interrupted - there are always multiple backups. Think about it, even a worst-case scenario: if every DNS root server were destroyed, they would likely be replaced and operational within a reasonable amount of time. It might be days, or even a week or two at most, but that's it.
Adam: What about denial of service attacks - could terrorists use them successfully? I remember some a few years ago that caused significant problems for Yahoo and a few other major Internet companies for a while. And distributed denial of service attacks wouldn't require nearly the same level of knowledge as attacking root servers.
Chuck: Remember that DoS attacks are basically noise - high volumes of traffic directed at a target to overwhelm it, or its network connection, thus rendering it unusable or unavailable. It is relatively easy, trivial even, to bring down even a major site temporarily with a DoS attack. However they are also difficult to sustain for long periods of time because network operators (those smart and resourceful people I mentioned) have built and continue to maintain loose, but well connected communication networks. These human networks cooperate to identify and stop DoS attacks. DoS attacks are ugly and frustrating, and just about all of us who run networks have experienced them first-hand, so we do our best to stop them when we can. One of the current worries in the operational community is that SoBig.F is really designed to turn infected Windows machines into zombies for carrying out distributed denial of service attacks (which originate from many machines all at once and are more difficult to combat that normal denial of service attacks). But to answer your question: Sure a terrorist could DoS somebody, but a DoS attack is probably not the sort of highly visual, news-making media event that terrorists use. It is devastating to the victim, but invisible to everyone else.
Adam: Let's go back to this concept of resilient systems. Is a highly resilient system thus 100 percent reliable?
Chuck: No, not at all. Internet users have to understand that the Internet's resiliency stems from its distributed and complex interconnected nature. These sort of systems are never 100 percent reliable. They are not designed to be. They are designed to continue to function while parts are not working. One of my favorite quotes comes from a network operator named Sean Donelan, who said, "Murphy's revenge: The more reliable you make a system, the longer it will take you to figure out what's wrong when it breaks." It's funny because it's true, resilient systems can still function even when "broken."
Even the September 11th attacks, which caused the complete disruption of air travel for a few days, couldn't really stop air travel completely. The system adapted and continued. Security screening is more stringent, some airlines and aerospace related businesses are still feeling the effects, but we consumers can still fly.
So even if there were some attack that successfully targeted some core system of the Internet, it could not stop it for very long. Some companies doing business on the Internet would suffer, and users would probably be confused and irritated for a while, but overall the incident would just be that, an incident.
Adam: But many people have become accustomed to the Internet just working all the time.
Chuck: Indeed. I work in the uptime business. I know that our clients fully expect 24/7 uptime so their Web sites and email servers are always online. We had an outage in March of 2003 that lasted 55 minutes. It was the most agonizing 55 minutes of my life, and many of our clients were furious about it. It was the first serious unplanned outage we had experienced in over four years, but it still cost us much in terms of money and credibility with our clients. In the aftermath we have made many changes, technical, staffing, and procedural, based on lessons learned. I have spoken with many clients and appreciate why they require that uptime.
The hardest part of my job is explaining to clients the definition of uptime. Frequently the issue is something that we have no control over, like a fiber cut in Utah that forces packets through Dallas instead of Chicago. People assume that "It is the Internet, it is always on, right?" The reality is that parts of it are always off at any given moment of every day, and that while the Internet will route around damage, the result is that it may take a while, or things may not work as they did even a few moments ago.
Adam: Okay, but let's take the other point of view. How important is uninterrupted Internet accessibility? I'm talking about life and death stuff here, not just someone being unable to check headlines on CNN or have customers come to a Web site.
Chuck: Much as it may not seem like it sometimes, uninterrupted Internet accessibility is not really a matter of life and death. Like other accoutrements of modern life - televisions, telephones, and so on - the Internet is not something that is required to sustain life, no matter what some geeks may think. Yes, it has economic and social value, but it is not, as far as I know, required to maintain life. So while damage that occurs from an attack on the Internet can have real financial and even emotional effects, it's important to maintain a sense of perspective.
Adam: From what you're saying, it doesn't seem as though the Internet makes a particularly attractive terrorist target.
Chuck: I guess that depends on the nature of the Internet as a target. The September 11th attacks were aimed at targets with high visibility and symbolic representations of U.S. economic and government power. I have a hard time thinking of the Internet in those terms. The Internet is really more of an infrastructure item than a symbolic one, and terror's goal is visibility. Infrastructure becomes a target when nation-states are at war with one another; terror does not usually fall within that definition. Bruce Schneier made this point well in an editorial a few months ago.
Adam: What about defacement of Web sites? Would it be a problem if the White House Web site, or other high profile sites like Yahoo, Amazon, and eBay, were attacked and used to disseminate political propaganda?
Chuck: Web site defacement is basically digital graffiti. It can be an embarrassment, but it doesn't have any operational impact on how packets move around the network. I also believe the Internet is a secondary news source, meaning I doubt that most people use it as their only source of news, especially news of their government. Defacing, or changing the content of all media; newspaper, TV, radio, Web sites, etc., borders on the impossible. Web site defacement is more of a prank than a terrorist threat.
Adam: So in the end, from the perspective of Internet users, the worst the Internet is likely to suffer at the hands of terrorists would be a major inconvenience attack. That's overly glib, of course, since a physical attack could result in casualties, and even these inconvenience attacks cost money to stop. Nonetheless, Chuck, thanks for enlightening us about this situation.
PayBITS: If Chuck's interview helped put your mind at ease,
contribute to TidBITS so we can bring you great interviews.
Read more about PayBITS: <http://www.tidbits.com/paybits/>
by TidBITS Staff <firstname.lastname@example.org>
Antenna coverage patterns -- Most discussion of the coverage area of antennas (such as WiFi-extending varieties) concerns horizontal area, but what about vertical coverage such as between floors in a house or office? (2 messages)
Salling Clicker and other stupid phone tricks -- Joe Kissell's article on Salling Clicker prompted this discussion of Bluetooth proximity and how the wireless protocol affects battery life in Bluetooth-enabled phones when used with Salling Clicker. (5 messages)
Aliasing complex Unix commands -- For those worried about making mistakes with powerful Unix commands such as those Kirk McElhearn explained in his article on command line file manipulation, Unix-minded readers explain how to use a ".cshrc" file to create safer versions of dangerous commands. (12 messages)
Serious data archiving -- Data archiving doesn't revolve entirely around backing up your computers. Readers talk about making digital archives of paper data. (21 messages)
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue