Aiding and abetting Adrian Lemo

There is something about harboring a confessed criminal in your house that can bring new excitement to your life. Within minutes of meeting the so-called “homeless hacker” Adrian Lamo, he was showing me how to reprogram my cell phone. That is the kind of guy he is — someone who has broken into numerous computer systems around the world and knows his way around the cell phone firmware, yet isn’t afraid to share his knowledge with the common reporter. The funny thing was, he could remember the codes to get it into programming mode, but had trouble finding the phone’s power switch. It was sort of cute, in a way.

You could say he is a criminal with a conscience, and I mean that in just the nicest way. When I told him to help himself to whatever he could forage in my fridge (which is always a risky proposition in even the best of times), he told me he boosted a yogurt. No, you didn’t steal it, I offered it to you, I said. Then he told me his credo: “If you are going to be a criminal, you might as well be a trustworthy one.” I completely agree. So have all the yogurts you can find, Adrian. In the meantime, I got to watch him in action and spend more time with him doing normal (i.e., non-computer-related) activities. It was a gas.

You can read more of this essay here.

Amazon opens up

These days, when you think about leaders in Web services, you tend to think about IBM, Microsoft or Sun — or some other tools vendor that is providing interfaces, code and applications servers. But my candidate for the top spot isn’t a vendor of computer software. It does sell a lot of stuff, though, in fact more than most Web sites and with a wide range of products and items. My candidate is

What does a glorified online bookstore have to do with Web services? Plenty. Amazon has been leading our industry in several fronts, almost since the first book was sold in the summer of 1995. Two recent developments once again emphasized how Amazon is taking steps beyond what many of their competitors are doing: Itís opening up a Web services interface to its back-end systems and allowing customers to use keyword searches to actually view a series of the pages of the books that are for sale.

You can read the entire essay here.

A new idea: the wireless ISP

Comdex wasn’t any thrill this year: call it the demi-Comdex, the mini-me Comdex. But one meeting made the entire trip almost worthwhile. I spoke to a couple of guys who are doing a fixed-point wireless ISP. The concept isn’t new, but their timing may be perfect.

And these guys, who are from a company called Slice Networks in Nebraska, may actually be ahead of a very big development: last week Intel, IBM and AT&T endorsed their concept with a new company called Cometa Networks that will roll out a new nationwide wireless network.

What is so new about it? You can read the entire essay here.

EMC, Microsoft’s latest enemy

Joe Tucci has been going around saying that EMC is going to become a software company, and with the acquisitions for Legato and Documentum, the CEO meant what he said. Now, with the acquisition of VMware, the storage vendor has a chance to really deliver on this software vision, and, in the process, it could give Microsoft some serious competition. Furthermore, the new acquisition puts the other two in perspective and could be the biggest news — and market opportunity — yet for EMC.

You can read the entire essay here.

Phishing for suckers

Most of us know by now not to give out our passwords, ATM PINs, or other secret information when requested by e-mail. But an increasing number of people are giving out that information, even those of us who should know better. What makes this doubly annoying is that the scam is an old one, and it has nothing to do with technology per se.

The technique is called phishing, and some very clever crooks use it.

You can read more of this essay here.

Dealing with the Blaster situation

Last month, some cretin Out There writes Yet Another Worm called Blaster that can infect whole networks at once. That is, whole networks of Windows computers who haven’t upgraded their operating system to incorporate the latest security patches from Microsoft. One of the side features of these infections was a planned Denial of Service attack that was supposed to be launched against Microsoft’s WindowsUpdate servers this past weekend.

So I start digging into the reality of this situation and find that buried in all this information is another weakness that isn’t widely publicized. One port that could be a problem is the port used by trivial file transfer, which happens to be port 69 for those of you that keeping track. This port wasn’t named by the feds as a target. The worm uses this port to move copies of itself to other machines. This is the port that you need to close off, as our own network administrators found out when someone brought their laptop in from home and infected our corporate network last week.

You can read more of this essay here.

Signatures of the Invisible, where art and physics meet

Back in New York, I took some time today to visit PS1. The place is an old school (hence the name) that has been converted into a modern art museum in Queens, NY. The place is quirky, and the art can be boorish to bland, and sometimes quite exciting. The show that really turned me on, and captured my imagination was one called Signatures of the Invisible, a collection of collaborative efforts between artists and physicists. 


I have always been interested in physics; indeed, it was my first major in college until I got more attracted to mathematics and computers. I was one of those geeky kids that memorized (most of) the periodic table of the elements and knew all the subatomic particles by their various characteristics. Well, I didn’t do sports, so I had a lot of time on my hands. Most of that knowledge is long gone from my cranium, but I still remember that Uranium has an atomic weight of 238.

Anyway, what was on display at the museum (and only for the rest of this month, so act fast if you want to see it) is a wide variety of media and approaches that combine the two fields in new and very unusual ways. One of my favorites was a piece from Paola Pivi that looks like a bunch of wires suspended between two very thick metal plates about 7 feet tall. Upon closer inspection, the wires have small pieces of metal that are attracted to the static electricity of your body. When you get closer to the piece, the metal pieces eerily pivot and point towards you, and the pointers will follow your hand (or whatever body part you can get close to the thing) as you move around it.  When I first saw the piece I went looking for the power cord, and then enjoyed the explanation that was in the video loft about it.

Speaking of videos, here are several that I found fascinating, including a couple of documentaries featuring some of the physicists that are searching for new subatomic particles at CERN (outside of Geneva) and Fermilab (outside of Chicago).  The film makers were able to capture their passion about their search — which can be very mundane and monotonous — and still make an engaging movie. Well, maybe engaging to someone who actually knows the difference between a neutrino and a quark, but many of you would also enjoy these short films.

Mel Chin had a display that looked like an indoor cultivated garden. He was showing what “hyperaccumulating” plants could do to remove toxins from the soil, and the museum promises that the metals removed from the dirt will be formed into a pencil at the end of the exhibit. There was a video that was part of the art installation that just featured a woman slinging a lantern on the end of a rope around her: it didn’t strike my fancy much until I saw an explanation in the video loft about the underlying physics. And then there are the dissembled parts of the atom-smashers (they are called particle accelerators) themselves, on display as high art. Anything with a couple of circuit boards was bound to get my juices flowing, and these pieces of scientific gear were just beautiful by themselves.

So what does this have to do with the Web? Astute readers will recall that Tim Berners-Lee got started at the CERN laboratory (he is now at MIT), where he built the first Web browser and put together the rudiments of the HTML language and HTTP protocols that are part and parcel to every Web site today. A nice way to wrap things up for me, and to show that the guys that are so concerned with understanding these ultra-small pieces of matter can work together with artists to produce such beautiful and thought-provoking pieces of art.

If you would like more information about the exhibit,’s site does a mediocre job explaining things.

Sam’s SAN Diary

I helped edit a series that ran in VAR Business called Sam’s SAN Diary. It is written by Sam Blumenstyk, the technology operations manager at Schulte Roth & Zabel, a Manhattan law firm that’s typical of midsize companies in general. Blumenstyk was in the midst of a major upgrade to his company’s storage infrastructure, and built his first storage-area network (SAN). I asked him to keep a diary of the trials and tribulations, and he has graciously agreed to share this with VAR Business readers. Each week you’ll hear from Sam about how he assembles his solution, which vendors he favors, how he decides between using VARs or direct-vendor reps at various stages of the project, and the ups and downs of implementing the storage technology.

Sam Blumenstyk

This Web-only column is a unique opportunity for VARs to learn how to break into the SAN marketplace and understand the mind of the customer, as well as to read in near real-time the forces and decisions that are faced by a typical IT manager. Sam’s diary is also a great way to understand the storage marketplace as well as some of the challenges that customers have to overcome to install their first SAN. — David Strom

Here is a link to the various episodes as Sam installs his first SAN.

Managing wireless networks for the enterprise

The great thing about wireless networks is the freedom to
roam about your campus, home, or office. The trouble is this
freedom comes at a price, and enterprise network
administrators are finding out that managing all this
mobility is messy and fraught with multiple complicating
factors, making wireless networks more of a burden than
dealing with wired connections.

The reasons have to do with a combination of poor tools and
the ad hoc nature of wireless networks themselves. The good
news is that many vendors are stepping up to the plate with
new products that can make some of this pain go away.

I got to see some of these products as one of the “Best in
Show” judges in the wireless category at the Networld+Interop
show in Las Vegas.

You can read the entire essay here.

Anatomy of a Web hack

I asked Caleb Sima from SPI Dynamics, a Web application and security assessment software firm, to give me some insights about breaking into Web sites. Caleb has a pretty cool job: he gets paid to do this, in the process demonstrating the need for tools such as his employer sells as well as the various weaknesses of people’s sites. When he came to CMP last fall, he was inside our own Web site and reading stuff that he shouldn’t have had access to within a minute or so. Fortunately, our Web folks have tightened things up, but you may not be so lucky.

I asked Caleb to give me an idea of how he manages to find these vulnerabilities so quickly, and he came up with a few suggestions. If you understand how Web servers work and how they have directory structures and input forms just like your computer on your desktop, you can get pretty far — even without much other specialized knowledge. To give you a flavor of this, I submit his prescription for locating a web application attack vulnerability called cross-site scripting.

You can read more of this essay here.