Monday, 03 October 2005

I subscribe to a VoIP telephone service, and I used to be a law enforcement officer, so this recent news was especially interesting to me when it was made official a little while back. The United States Federal Communications Commission (FCC) recently released a decision in which the commission rules that commercial VoIP providers are subject to the same wiretap laws under CALEA as other phone providers. In other words, is a VoIP system interconnects to the switched telephone network, law enforcement can request a wiretap order from a judge with probable cause.

But in reading the order, it looks like it only applies - at least for now - to those companies that provide a mechanism to connect their VoIP services to the public switched networks. We'll see how long that lasts - the commission has promised to issue further decisions on the order in the near future. The pertinent section states:

38. As a result, certain VoIP service providers are not subject to CALEA obligations imposed in today’s Order. Specifically, today’s Order does not apply to those entities not fully interconnected with the PSTN. Because interconnecting with the PSTN can impose substantial costs, we anticipate that many of the entities that elect not to interconnect with the PSTN, and which therefore are not subject to the rules adopted in today’s Order, are small entities. Small entities that provide VoIP services therefore also have some control over whether they will be have to be CALEA compliant. Small businesses may still offer VoIP service without being subject to the rules adopted in today’s Order by electing not to provide an interconnected VoIP service.

You can read the full ruling here: FCC 05-153 (PDF file)

Ya gotta love the acronyms these days...

  • CALEA = Communications Assistance for Law Enforcement Act
  • VoIP = Voice over Internet Protocol
  • FCC = Federal Communications Commission

Add/Read: Comments [0]
Monday, 03 October 2005 19:40:30 (Pacific Standard Time, UTC-08:00)
#  Trackback

AjaxbookOkay, so granted, it's not the first DHTML/Javascript book, but "Foundations of Ajax" is the first (that I can find, anyhow) book extolling the virtues and details of building Ajax web applications. It's still listed as pre-order on Amazon, but on Apress you can purchase and download the eBook right now for only $20 (regular book price is $40). the PDF version is about 38 megabytes in size and 260 pages in length. The whole Ajax thing is cool in my mind, and I have been doing a lot of reading about it lately. Ever since Outlook Web Access on Exchange 2003 and then Google Maps came out, I've been pretty amazed at what you can do with this technology. Now there's lots of interesting apps that run in a web browser, a little more than thin client, but not really a fat client either.

So, go get this book and start to put that XMLHttpRequest object to work for you. Go build something usable and cool. Probably the one big thing that impressed me about this book was the fact that it pushes a test-driven/test-first approach to development (using JSUnit) and the fact that it has so many detailed, in-depth code samples and discussions. It doesn't just present code samples though. It takes you through the how's and the why's, which is cool.

What's this Ajax stuff, anyhow, you ask? From the book description:

"Google Maps, Google Suggest, Gmail, Tada List—these are all examples of highly dynamic web applications. In the past, we had an awkward choice: a thick client or a thin client. With a thick client, we got rich user experiences but had to deal with an error-prone and time-consuming deployment process. With a thin client we got ease of deployment but had to sacrifice the user experience.

"Today we have a third choice: highly dynamic web applications that are nearly as feature-rich as their thick client brethren. Using Ajax techniques, we can provide our customers the rich user experience they have come to expect while still enjoying the ease of deployment that we’ve come to expect.

"An Ajax application is very similar to the web applications we’re already familiar with. The difference is that it incorporates an “Ajax engine” that negates the start-stop nature of traditional web interaction and drives the whole process along. A quick look at an Ajax application like Google Maps will demonstrate the improvement to user experience very clearly. Gone are the constant page-refreshes and instead, you’re presented with a smooth, responsive interface that seamlessly reacts to your requests.

"Leading technology companies are adopting these techniques, and pressure is increasing for other companies to do the same in order to compete. The bar has been raised in the web application world, and what was once considered impossible is now being realized. With the help of these revolutionary Ajax techniques and this groundbreaking book as your companion, you can lead the way and get ahead of the game."

The eBook version is available to buy online now for $20.00, right here (at least at the time of this post).

Add/Read: Comments [1]
Monday, 03 October 2005 19:04:18 (Pacific Standard Time, UTC-08:00)
#  Trackback

The beginnings of putting some more bite behind the anti-phishing bark are in play. The Governor of California (you all know who he is) today signed a bill into law that makes phishing - the practice of using fake e-commerce web sites to try to trick people into submitting their personal information - punishable with civil penalties.

"Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater. Phishing often involves the use of names of legitimate banks, retailers and financial institutions to convince recipients of bogus e-mail offers to respond."

This is a good thing, in theory. Federal anti-fraud investigations are driven - like it or not - by the dollar amount associated with the loss. If it's not $100,000 you can't expect a lot of federal action, which makes sense when you consider that there are limited resources ad you have to focus on the biggest crimes.

Only thing I want to know is this: How are we going to recover judgments from bad guys in Romania and other foreign countries? Fact of the matter is that most all phishers are not in the United States. That's something to think about.

Add/Read: Comments [0]
IT Security | Tech
Monday, 03 October 2005 06:25:30 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 02 October 2005

Brian Jones posted an item about the announcement this weekend of the fact that Office 12 applications will all support PDF as an output format natively. This might not seem like much to some, but in reality it's a big deal:

"The PDF support will be built into Word, Excel, PowerPoint, Access, Publisher, OneNote, Visio, and InfoPath! I love how well this new functionality will work in combination with the new Open XML formats in Word, Excel, and PowerPoint. We've really heard the feedback that sharing documents across multiple platforms and long term archiving are really important. People now have a couple options here, with the existing support for HTML and RTF, and now the new support for Open XML formats and PDF!"

More here.

Add/Read: Comments [0]
Office 2003 | OneNote | Random Stuff
Sunday, 02 October 2005 02:30:58 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 30 September 2005

Earlier today, Alex Scoble wrote about an IM conversation he and I had regarding VPNs and solving the nagging issue of firewall and other network roadblocks that tend to wreak havoc for people who need to connect to a remote private network. If your VPN client forces you to use some random or uncommon port, you're bound to get frustrated when you try to connect from many business networks, not to mention when you try from the hotel on the road. Now, maybe you shouldn't be plugged into that business network, but blocked by the hotel? Come on, give me a break.

There's no one perfect solution to this problem. There are lots of ideas, though. Many companies (most or all of the big players in the space) are coming out with VPN over SSL options, which is great. But what if you have a need to run a VPN software client, and it doesn't (yet) support SSL tunnels?

Here's one way to skin that cat, a la Cisco: Use TCP 443 in the Cisco VPN client to connect via an IP Sec tunnel to your VPN endpoint. Note that you'll need to specify this in the connection settings. Typically the Cisco client uses the UDP protocol to do it's thing (click to enlarge):


But as you can see, you can also set it up to use the TCP protocol and whatever port(s) your VPN concentrator is configured allow. For example, you could choose to use TCP over port 80, or port 443, since both of those are commonly open from any network. Note that port 80 might be proxied in some cases, but that's probably not a problem with 443, so it's a good one to try (click to enlarge):


If you set up a couple or few profiles in your VPN client software sufficient to cover the bases (like, say one using UDP and one or two using common TCP ports), you'll pretty much always be able to connect from the road. Again, there's no guarantees and there's no 100% perfect solution, but this gets you better than 95% of the way there, I am confident. Just make sure your VPN host/endpoint is configured to support the ports and protocols you specify. In the past year or two, I have yet to come across a network while traveling (except for a couple of highly-secure ones at business locations, but hey...) that I could not successfully connect through with at least one of the settings I have available to me.

And while we're on the subject, there are some interesting and promising SSL options out there, with more undoubtedly coming. As far as other brands of VPN software clients, well - I've used most of them and let me tell ya, you're better off going with Cisco and looking at the PIX firewalls and the 3000-series VPN concentrators. Trust me, I've dealt with most of them, and there's a reason Cisco's such a prolific Internet company.

But tell me - what do you use and how have you solved this type of problem?

Add/Read: Comments [1]
IT Security | Tech
Friday, 30 September 2005 20:46:51 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 29 September 2005

I'm gonna have to go buy me up some of these bad boys:


Yep, that's right - the Muppets have their own stamps now. Sweeeeeet...

Add/Read: Comments [0]
Random Stuff
Thursday, 29 September 2005 19:15:30 (Pacific Standard Time, UTC-08:00)
#  Trackback