|
|
|||||||||||||
**** NewsBytes ****
Spammers canned
In a recent anti-spam coup, US federal authorities successfully indicted 27-year-old Robert Alan Soloway with email fraud, identity theft and money laundering. The so-called "Spam King" ignored previous injunctions and damage charges from 2003 to continue sending millions of spam emails via security-compromised 'zombie' computers. Meanwhile New Yorker Adam Vitale could face 11 years in prison for spamming 1.2 million AOL subscribers following a sting operation after which the 26-year old pleaded guilty. Check out the world's Top 10 spammers, networks and countries
Green computing wars
The last quarter has seen IT giants ramping up their green PR campaigns, hopefully matched by real environmental action. HP has produced white papers and recommendations on saving energy, while hoping customers will purchase its ever greener printers and PCs.
Dell's aim to become the greenest technology company on Earth will involve the planting of 1,000 trees to offset the carbon impact of computing. It's Plant a Tree for Me site encourages customers to procure trees either through a donation or via the purchase of a machine. Finally IBM's "Project Big Green" is targeting energy-hungry corporate data centres by employing energy efficiency architects, while also monitoring its own carbon footprint with a new $86m green data centre.
Thunderbirds are Two
By way of a carrot-and-stick reminder that Thunderbird and Firefox users should by now have upgraded to version 2, it's worth noting that security and stability updates for Firefox 1.5.0.x ended in June 2007, effectively ceasing Mozilla's support of older versions. Several vulnerabilities are addressed in the most recent version, 2.0.0.4, as are others in SeaMonkey, Mozilla's all-in-one internet application suite and the Netscape browser. Mozilla products site
UK spenders mean rather than green
A survey mobile phone and PC users in Europe puts the UK bottom of the 5 countries when it comes to shelling out more for green computing. The independent survey of more than 2000 adults by analyst Canalys asked consumers to respond to the statement: ‘I would pay up to a 10% premium for electronic products that were manufactured in a more environmentally conscious way.’ Over two-thirds in Spain agreed, compared with only 40% in the UK. Read the Canalys survey summary
A picture's worth a thousand clicks
... and presumably quite a few thousand dollars too, as Google announced the purchase Panoramio, a website based in Spain that links millions of photos with the exact geographical location where they were taken. The site also offers an API for web developers to embed Panoramio functionality. John Hanke, Director for Maps, Earth and Local, said: "We've been working with Panoramio for some time -- its photos have been a default layer in Google Earth since the beginning of the year. This layer will remain in place as our teams work together toward further integrating this amazing content, generated by many, into our mapping technologies." Google blog
Demon embraces electronic billing
... and not a moment too soon, you can hear everyone cry! The recent launch of C-Bill (shouldn't that be E-Bill?) heralds Demon's "intention to promote ecological awareness", according to the circulation letter, thus bringing an end to paper invoices and presumably saving a fair whack on postage. Although billing info is actually held on a secure server and requires a login, the alerts will be sent out via email - following the well-trod footsteps of many mobile and web hosting companies - so it is vital to watch out for them. Since defaulting on a bill may get your service closed down pretty swiftly, it's also a good idea to use a different email provider to receive such alerts to avoid Catch 22!
Demon C-Bill FAQ
Technology Leadership Group Summer Reception
Join The Prince's Trust Technology Leadership Group to hear from Ashley Highfield, BBC and Mike Lynch, Autonomy. The event is hosted in the reception space in the Barclay's Tower 2nd July, 6.30 – 9.30pm. All donations go directly to the work of The Prince's Trust Business programme, helping to change young lives through enterprise.
Event and booking details
Untapped market of women technologists
Speakers at a seminar at the UK Resource Centre for Women in Science, Engineering and Technology (UKRC) called for companies to fill skills gaps by encouraging women to join the science, engineering and technology sectors. Around 50,000 qualified women are available who are not working in those sectors according to Confederation of British Industry (CBI) estimates.
UK Resource Centre for Women in SET
**** end of NewsBytes ****
| ^ Back to contents ^ | ||
|
1. Digital mapping delivers the goods
| ||
| More help at hand. All the back issues just a click away |
Putting the cartography before the horsepowerMapping information is becoming a more and more pervasive technology element in our daily lives. Google's recent purchase of photo site Panoramio clearly demonstrates the interest being shown at enterprise level. There's another good example reviewed below (see Putting hotels on the map), one that finds hotels and which employs the ubiquitous Google mapping interface. But let's start with a more intriguing hands-on example, in fact one you can trial and use every day for yourself. GPS to the rescue - Ashley's story 
( **! insert expletives at will).
GPS asap
This UK-wide courier service claims to deliver not just parcels in vans and on bikes, but happiness too. The web site let's you watch a virtual version of your parcel travelling live online (assuming you're either bored or desperate) by marrying the capabilities of current database and web design with fleets of vehicles equipped with Global Positioning Systems (GPS). 
This is the new friendly face of Web 2.0 whose interactive features permeate the site: a live chat box to real people, a "get a quote" page and three different ways to contact them. 
To top things off nicely there's an excellent real time demo where you can watch a little white van (even in 3D!) chugging off to the pick-up point and thence up to Example company in NW1, all the time with the ETA digits counting down the minutes. The animation simulates what you get when you sign up with eCourier. Obviously the real time action is only visible in your own account otherwise criminals would be logging in to see which courier they could mug next. 
The corollary to eCourier's business is fascinating however, because the ground-breaking web site has spawned a whole lot more development. The venture has billowed out into a separate open source project called openstreetmap.org (OSM) - essentially a DIY mapping project. OSM began partly because the people behind eCourier's delivery business found they had a bunch of readily available geographic tracks in the form of GPS data so they widened into a mapping project, and secondly because existing geographical data sets (from the likes of Ordnance Survey, for instance) are wildly expensive (see panel). GPS Visualizer: GPS Visualizer's free conversion utility can create GPX files, or plain text from GPS data or street addresses. GPSies: Free GPS tracks and routes for everyone using Google Maps It's a sort of Wiki version of map building, where subscribers can upload routes or traces straight from their GPS units. Thus, while going on a walk, bike ride or drive, one can be collecting data effortlessly for the project at the same time. But why would you want to build your own maps when we already have so many available? Short answer: it's not our data in the first place. Or rather it is. Confused? Things at home are not like in the USA where, due to copyright restrictions on the government, they have to give away their geographic data sets free. IB asked geographic information systems consultant Susan Shaw to explain how we arrived at the situation on the ground in the UK and why the launch of new report may help unshackle that data. IB: Why has the Power of Information Report been produced?SS: The Power of Information Report, by Ed Mayo (National Consumer Council) and Tom Steinbeck (mySociety), calls upon the Government to engage with Web 2.0 and support online communities in order to deliver better services to citizens. IB: What has this got to do with digital mapping?SS: One of the most effective methods for delivering government information is via a map. A picture may speak a thousand words, but a map speaks in a language even my Mum can understand. When Friends of the Earth produced one of the first online environmental mash-ups in 1995, they transformed the dry statistics of chemical releases recorded by the Environment Agency into dynamic information - for example, allowing my Mum to identify the factories pumping out cancer-causing chemicals in her backyard. The launch of the Power of Information Report ties in neatly with the 20th anniversary of the Chorley Report – government's formal recognition of the economic importance of geographic information in 1987. IB: Sounds good ... so where can we get our hands on some mapping data then?SS: From Ordnance Survey (OS), our national mapping agency. Established in 1791, the raison d'être of the original "Board of Ordnance" (the defence ministry of the day) was to survey the country and create maps to defend us from the French and now today claims to be at the forefront of the e-business revolution. The trouble for ordinary people is that OS data is expensive and encased in complex licensing terms. IB: Why is the data so expensive?SS: During the 1980s and 90s when the geographic information (GI) revolution began, OS did not appear to see its role as promoting widespread use of GI, but rather in producing 'Rolls Royce-standard' data for the more discerning and wealthy customer such as the privatised utilities. In 1999 Treasury sealed the fate of OS by turning it into a Trading Fund. This means it has to generate a profit from selling maps and licensing its data. Trading Fund status is claimed to confer the freedom to innovate and develop, other major examples being the Met Office, the UK Hydrographic Office, HM Land Registry and Companies House. Critics in the GI arena however see this as a natural monopoly, with Treasury policies endorsing inflated prices which are protected by the lack of competition in the sector. IB: Isn't OS data covered by Crown Copyright?SS: Crown Copyright is used to protect material produced by civil servants, and is used by OS to protect their Intellectual Property Rights. However, Treasury policies take precedence and have resulted in increasingly complex licensing terms being issued. This means that when the Women's Environmental Network (WEN) produced its work on breast cancer in 1997, women had to draw their own maps to avoid breaching OS licensing terms. If WEN were to produce the same work today, they could use Google Maps, but the OS licensing terms have become more stringent, and OS data would be no more available today as it was a decade ago despite all the incredible GI technology advancements. This is exactly one of the reasons why OpenStreetMap are going out and mapping their own data. IB: So how does the Power of Information Report help ?SS: The Power of Information Report calls on Ordnance Survey to launch its Open Space Project. Developed by Ed Parsons and his colleagues, Open Space could offer citizens and not-for-profit organisations the potential to harness the power of UK mapping data, an untapped market since the launch of the Chorley Report. The Report's most significant recommendation is its call for an economic review of the trading fund charging model for the re-use of public sector information, including OS data. The report argues that wider access to public sector information could generate economic and social benefits which far out weigh the financial return of trading funds Without a driver from Government for OS to expand the use of GI the 40th anniversary of Chorley will become Groundhog Day, will become Groundhog Day. To be fair, arguments in favour of the status quo are that Trading Funds maintain a high level of data quality and integrity and also raise revenues that might not otherwise remain within the UK. Whether an OS subsidy of roughly £60 million a year is worth the incontrovertibly high standard is a matter for public debate. In the meantime, DIY map-making projects like OpenStreetMap continue to flourish, filling the gap for everyday digital cartography - a poor man's rift valley flowing between the elite GI mountain peaks. Contacts
Other map-based projects to explore: -IB- Acknowledgements: Susan Shaw |
Good read? |
| I | B | |
| ^ Back to contents ^ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2. Online password generators review
Thinking up secure passwords and storing them safely can be hard graft, so why not get some software to do all the work for you? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| More help at hand. All the back issues just a click away |
Many aeons ago as an IT manager I was occasionally forced to do the rounds and persuade the odd staff member that they really should have a password instead of using nothing at all. One such 'odd' staff member, when pressed, opted for cat. That's too short, I said. Aside from this, he was well known for being fond of cats. "Well, catcat then?", he proffered. In those far-off naive days I conceded, realising that a poor 6-letter password was as close to the world of PC security as this grudging individual was going to be dragged. These days the stakes are much higher, with password cracking software easily available as a download, rendering simple words useless as a security barrier. For some time Windows policies have been able to enforce the use of both lower case, upper case and numbers in arriving at an acceptable form of authentication. But anyone who has ever watched an innocent user trying numerous attempts to get The Horrid Machine to accept some phrase that they too can remember will have felt the rising and almost tangible frustration at the scene, perhaps with some sympathy. How we rated the features Far better nowadays to 'fight' machine with machine. In other words get another computer to choose a password for us. And the result doesn't have to be as inscrutably forgettable as we might expect ... Online password generatorsAlmost certainly the fastest method of generating pseudo-random passwords is to go online and simply click the required button. Sometimes we may want a feature like being able to conjure up number-only passwords, a typical 4-digit PIN for example. Phonetic generation is also desirable if you want to avoid misinterpretation where passwords are hastily scrawled on Post-It notes or end up garbled hurriedly down the phone. Becoming more fashionable now is the ability to produce passwords that can be pronounced, even though they remain meaningless non-dictionary words, eg MeTuKipa - a common practice among web space hosting companies. We looked at four examples below - all free-to-use online instant generators.
Resisting brute forceHaving concocted your newly generated password, how sure can you be that it will stand up against a brute force attack program? Find out with this Online Password Calculator at http://lastbit.com/pswcalc.asp which returns the number of computing minutes. Alarming to find then, that a 5-character password containing both lowercase and uppercase letters will be discovered in around 12 minutes, assuming a brute force cracking speed of 500,000 passwords per second. Contacts-IB- Paul Craig |
Good read? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| I | B | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ^ Back to contents ^ | ||||||||||||||||||||||||||||||
|
3. RAID-6: What happens when your disc array goes down?
Architectures employing redundant arrays of discs continue to develop and the popular RAID system now goes all the way up to 11. Well, er, 6 actually - but it might do one day. | ||||||||||||||||||||||||||||||
| More help at hand. All the back issues just a click away |
Following the installation of any storage system that provides some form of backup or redundancy, it's easy to sit back smugly and muse "Well that's taken care of then", without pondering the details of what happens when it starts to break down. 
To take a simple example: Most amps go up to tenThe original data on the PC's drive in this example may indeed be recoverable, but until the situation is assessed, there's no backup for the backup. RAID systems - commonly known as a Redundant Array of Independent (or Inexpensive) Discs - are no different, if slightly more sophisticated. Many organisations employ RAID technology these days to enhance the data availability and uptime of servers and Internet storage applications on their network. Let's look at RAID-5, probably today's most popular implementation of disc mirroring, simply because it offers a good trade-off between fault tolerance (a single drive failure doesn't cause data loss to network users) and expense (RAID-5 can be achieved with just 3 hard drives). How RAID-5 works The technique employs an algorithm to digitally sum (actually an exclusive-OR operation) all data across the discs as a parity table. This table is not held on a single physical disc, but is itself striped across all drives, such that the loss of single disc means that that the missing data can be deduced by calculation from the parity table.
In the example above, A1, A2, etc represent data blocks; A-P represents the parity for that data. Assuming Disc 3 fails, the data blocks for B2 and C2 can be recalculated by looking at the parity tables B-P and C-P. Share and share alikeIncreasingly though, organisations have installed ever larger arrays of drives, each containing higher-capacity disk drives, under pressure on both sides from user demand for increased shared storage as well as the lure of plummeting disc costs. However this combination means that the possibility of bad disc blocks or potentially failing discs is also massively higher, say in a typical array of a dozen or more. True, most RAID controllers attempt to mitigate bad blocks with regular 'background scrubbing' - an automated process completely invisible to users that moves data from potentially failing disc sectors to sound ones - but it's no guarantee; scrubs just lower the chances of hitting a bad block. What happens though during such processes, or when a disc fails completely (say because of a head crashing into a platter) and is physically inoperable? In this so-called degraded mode, RAID-5's vulnerability is exposed, hobbling along like a 4-wheeled car on a blow-out, just waiting for a spare tyre. When a new disc is eventually plugged in to replace the failure, the data and parity block from the working drives can be combined to reconstruct the missing data, but in its degraded state it really can't withstand a second failure. Minding your Ps and Qs: How RAID-6 works RAID-6 employs an algorithm to digitally sum the data across the discs as dual parity table sets (P and Q). These tables are striped across all drives, such that the loss of single disc means fault tolerance is retained, effectively reverting to RAID-5 during the degraded state.
RAID-6 (One louder)RAID-6 takes the RAID-5 architecture and basically creates a backup parity table. The penalty is that an extra disc is needed (4 discs minimum), but in contrast to the pricing regimes of 5 years ago, this is no penalty at all; 500GB (0.5TB) discs are now available at under £90. With discs approaching 1 Terabyte in size, the possibility of bad blocks is much higher, but the loss of single disc in a RAID-6 array means a parity table set is still present and its degraded state is effectively no worse than RAID-5. A total of three discs must fail before the entire drive array goes down the pan. It's like creating a car that still limp to the garage on 2 flat tyres. If this sounds like double-backup icing on the cake, it is worth reappraising just how far we have come in terms of IT storage provision. For large companies like media enterprises wanting 24-hour operation (or nearly so), RAID-6 has clearly become the most obvious fault-tolerant route to follow. But with smaller organisations too increasingly permitting server access from across global time zones, VPN dial-in connections and remote mail access like OWA, the pressure on server uptime is one that must be addressed. Intel predicts that data loss periods shift from typically 6 months under RAID-5 to 100 years with RAID-6. Of course, if you're Nigel Tufnel, you just want it to go to the max anyway. Contacts
-IB-
|
Good read? | ||||||||||||||||||||||||||||
| I | B | |||||||||||||||||||||||||||||
| ^ Back to contents ^ | ||
|
4. Putting hotels on the map
Location, location, location. How to book accommodation online without seeing stars. | ||
| More help at hand. All the back issues just a click away |
With personal carbon footprints climbing steadily up the list of considerations for directors faced with trips abroad to their far-flung office branches, anything that eases the pain of arranging the trip and finding somewhere to stay has to be worth a bookmark. From 1-star design ...The world of hotel web sites is awash with unhelpful and poorly-designed gadgets that simultaneously makes you regret ever starting a search for "hotel" and keeps high street travel agents in business:
Tripadvisor.com and Expedia.co.uk are of course well-worn favourites, with both of these containing some mapping components, but barely qualifying for a Geographical Information Systems (GIS) label. However, new kid on the block Mapmyhotel.com puts mapping firmly centre-stage on its interactive site. ... to 5-star efficiency
GISsa comment IB asked GIS projects expert Susan Shaw (formerly of Friends of the Earth and Ordnance Survey) for an opinion ... Pros
Cons
Realising that 'where' is the key starting ingredient of anyone's trip, mapmyhotel starts out logically by bolting itself to Google's friendly map interface, flagging up hotels with the big G's familiar keyhole-shaped markers, and thus avoiding any reinvention of grids, scales, drag, zoom/pan, and probably the odd wheel or two. So for instance, zeroing in on London with a single click pops up 347 abodes to lay our weary head, with a colour legend that identifies hotels in 4 price categories before we've even moved the mouse again. 
Our next click gives us the address, the room rates of any chosen residence and a side tab to check out photos of its facade and inspect the inside of rooms for cockroaches and dubious marks on the walls (probably not highlighted in brochure shots). With a third click we can go for room availability or user reviews. In maybe less than 2 minutes we have information on location, price (in real money, not arbitrary bands), vacancies and appearance. This really beats finding a room or suite by any other method, assuming you're pressed for time. The last two complaints in our mini review are almost certainly a side effect of syndication, the thorn in the side of practically every high-turnover, mass market business: allow the potential customer a direct link to the source and bang goes your agency fee. mapmyhotel is no different in that its primary data supplier for hotels is Galileo, but any hotel owner can be add get themselves added (and advertised) given that they have the geo-codes for their property and a booking interface system. The mapmyhotel revenue only appears to be taken as a commission from the final transaction so hoteliers are paying up front. We wish them well - though given the paucity of posts in the discussion group, they need a bit more marketing effort. The one thing they have perhaps forgotten is to put themselves on the map. Contacts-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
5. Email acceptable use: illegal, indecent, untruthful
Charity chiefs should be aware of rogues and SOPO when people send out emails in an organisation's name. | ||
| More help at hand. All the back issues just a click away |
Directors could be held responsible for sexually inappropriate emails sent from inside their organisation, following an amendment earlier this year to the Sexual Offences Act of 2003. This provides for punishment by a sexual offences prevention order (SOPO) even where offences which are not primarily sexual in nature, like the sending of an email. Clearly there is a risk from rogue employees, volunteers, contractors or visitors, but the situation was compounded by a precedent whereby the victim could sue the organisation and/or its management that supplied the means to send the email. A timely reminder then to create an Internet and email acceptable use policy if you don't have one, or update it with suitable disclaimers if you do. Use the template in the Documents & policy section of our web site to get started. Typical aims of an Internet and email usage policy might be:
Contacts-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
6. Q&A: Browser security: are you really logged out?
Question 
Hi Mark, I was just ordering some office paper online, but when I closed the browser and then went back to it again, I was still logged in! Are our account details safe with this web site? | ||
| More help at hand. All the back issues just a click away |
This matter of web account security really just requires a little understanding, but it's an important one to learn. In essence it begs the question: were all your browser windows really closed? This security question is not a simple one to grasp for ordinary everyday users because the notion of the web browser as simple web site viewer has long since vanished. We have reached beyond the use of simple text cookies and tagged files; nowadays browsers permit numerous dedicated plug-ins, aside from the customary Shockwave Flash, platform layers like Java and JavaScript, and accept a raft of developing technologies like AJAX, so it's no wonder that we're left confounded with regard to the workings of our simple viewing portal of halcyon days. If you walk away and leave your computer available for use or you share a computer with anyone or you grab a session at an Internet cafe, it's easy to lay your online credentials exposed and end up with other people logged in to your private Amazon account or whatever, who can then change the password, the email address, go shopping ... who knows what other mischief. So when does logging out of a browser really log you out of web site? Assuming you have just one web browser window open and you click the site's logout/sign out function and close that browser window, everything is as tidy and secure as you could generally expect it should be: subsequent computer users won't be able open the browser, hit the back button or trawl your history and find themselves online but with your identity. However, nowadays we all use tabs (since Internet Explorer version 7, a privilege no longer reserved for users of Mozilla's Firefox browser), and many web pages will spawn additional instances of the browser window for external links. The problem then is that cookies (small text files containing information specific to you) which are generated for the duration of your login session, are still present and live. Even when you close a tab or additional window, the web browser (whether Firefox or IE) 'thinks' that the web site login session is still current, as long as one browser instance remains open. This has other ramifications, apart from potentially allowing nearby colleagues or cafe lurkers into your shopping account or web banking portal; clicking the back button after making a purchase could cause the purchase to be confirmed a second time – ouch! You'll normally see warnings on the final purchase page if that's a possibility. The browser behaviours described above aren't necessarily universal since they depend hugely on transactions from the site and its design, but the Golden Rule is force a logout/sign-out, if such a button is provided and close all your browser windows. The overall picture is complicated by sites like Amazon and eBay that employ cookies to 'recognise ' you on returning. Messages on the web site such as “Welcome back Jo” or “Click here if you are not Jo” - even though not logged in yet – indicate the use of text cookies stored in the browser cache on the local drive in an attempt to engender a familiar, personalised environment, though no confidential information is actually exposed at this point (if the web site's designers are worth their salt). Fortunately some applications such as Lotus iNotes web access have begun to address the issue and provide a “kiosk logout” which forces the cache to cleared. It's always been possible to do this manually in any browser but slightly more difficult to find, so here's a reminder: In Firefox the menu is: Tools | Options | Privacy | Cache tab | Clear Cache Now In Internet Explorer the menu (to delete all files including pages and images) is: Tools | Internet Options | General tab | Temporary Internet Files | Delete filesor to just delete cookies: Tools | Internet Options | General tab | Temporary Internet Files | Delete CookiesThe above operations will delete stored browser files meaning that commonly-loaded images and pages will have to be downloaded again next time you visit each site, making loading time marginally slower, but it's a small price to pay for online security in an environment of shared use. -IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | |||
|
Clicks of the Trade - zooming in on the scroll wheel
--- Quick tips for happier clicks! --- | |||
| More help at hand. All the back issues just a click away |
-IB-
|
Good read? | |
| I | B | ||
^ Back to contents ^Overview of InfoBulletin Opinions expressed within InfoBulletin do not necessarily represent the views of Co-Operative Systems.
E&OEViewing IB Implementation Privacy |
Subscriptions ^ Back to contents ^Contact details
|
|
|
Read recent and past issues of InfoBulletins on the Web at http://www.coopsys.net/ibindex.htm or search our archives and subject index.
We hope you found InfoBulletin useful! If you would like to comment on any of the articles or request particular subjects to be covered, mail us here.
| ||
