562 Networks

Favorite Peeps is a “widget” — a box in a Facebook user’ that lets you choose your favorite friends and give them a nickname. See image at left. It was built especially for users of Facebook, who can then put the widgets prominently in their profiles. It had become immensely popular, ranked #14 among Facebook applications — not bad, considering it was built by a single developer, Dennis Rakhamimov, a software engineer at Palantir Technologies. That company is backed by Facebook investor, Peter Thiel, incidentally.

Facebook-focused blog, Inside Facebook, reports the purchased price was $60,000. Slide confirmed the acquisition for VentureBeat, although they did not confirm the price. Like Slide’s own Top Friends application, Favorite Peeps allows Facebook users to feature their favorite friends (or top “peeps”) on their profiles.

Favorite Peeps currently has around 1.3 million users. As Inside Facebook points out, this purchase price values each of its users at around $0.046 — or not very much at all, considering companies like Xfire have been purchased at a price of $25 for each of its users.

Top Friends, which is very similar, has nearly seven million users — the most of any Facebook application. Fortune Cookie, which provides users with fortunes about themselves, has nearly four million users.

We interviewed Slide chief executive Max Levchin Friday, and he wouldn’t comment on whether they were considering purchasing other Facebook applications. The company did tell us, however, that there has generally been a lot of “discussion” between various Platform developers.

Inside Facebook also reported last week that travel-focused startup SideStep purchased the Extended Info application, for an undisclosed amount. Sidestep also has its own application, Trips — each of these applications has around 130,000 Facebook users.

Separately, we’ve heard from other cash-strapped developers with successful Facebook apps that they are also interested in getting bought.

Revolutionizing Access Management with Shared Authorization Services: Download nowSpeaking during a keynote address at the annual security confab, Chambers said that cloud computing was inevitable, but that it would shake up the way that networks are secured. “You’ll have no idea what’s in the corporate data center,” he said. “That is exciting to me as a network player. Boy am I going to sell a lot of stuff to tie that together.”

Cloud computing is a hot topic here at the RSA security conference in San Francisco this week. Big computing companies like Cisco and IBM are eager to talk about it, but security experts see a lot of work ahead.

“I think it’s really going to be a focal point of a lot of our work in the cyber security area,” said Ronald Rivest a MIT computer science professor and noted cryptographer, speaking during a conference panel Tuesday. “Cloud computing sounds so sweet and wonderful and safe… we should just be aware of the terminology, if we go around for a week calling it swamp computing I think you might have the right mindset.”

Rivest added that he was optimistic about cloud computing’s future, but that it was going to take “a lot of hard work” to make it secure.

Show attendees haven’t exactly bought into the concept.

“I’m not seeing a huge benefit in the cloud for us,” said Bruce Jones, chief information security officer of Kodak, speaking in an interview.

One of the main problems is that Jones doesn’t want to give up control of sensitive data to a nebulous cloud-based computing architecture. For long-term computing projects, it’s probably cheaper to simply buy the hardware, he said, but he does think that cloud computing could work on a small scale at Kodak. “It’s a pilot or an R&D project where they want to do something and they need some kind of on-demand scalability, it’s good for that as long as you don’t care about the confidentiality of the data.”

As data moves onto the cloud, Cisco’s security services will become even more important, and the company’s ability to dig in and inspect data moving on and off corporate networks will become even more critical, said Tom Gillis, vice president of marketing with Cisco’s Security Technology Business Unit, in an Interview. “The move to collaboration, whether it be video or the use of Web 2.0 technologies or mobile devices is really dissolving the corporate perimeter,” he said. “This notion of security as a line that you draw in the sand… that notion is just gone.”

The blog is also reporting that company president and co-founder Tom Anderson may also be pushed aside or at least placed into a different position.

In an interview for an upcoming edition of 60 Minutes, CBS News anchor Katie Couric asked Gates about the nation’s cybersecurity after hackers stole specifications from a $300 billion fighter jet development program as well as other sensitive information.

In a series of spy attacks, hackers stole information about the Pentagon’s F-35 Joint Strike Fighter project and the Air Force’s air traffic control system, according to a Wall Street Journal report Tuesday.

The computer spies copied several terabytes of data from the Joint Strike Fighter project, the most expensive in Defense Department history, pertaining to the electronics and design systems of the aircraft, several current and former officials told the Journal.

Officials said the separate incursion into the air traffic control system could allow intruders to interfere with military aircraft.

Gates would not discuss the specifics of the attacks, but said, “I believe we still have security of the sensitive systems.”

Generally, “We think we have pretty good control of our sensitive information both with respect to intelligence and equipment systems, but we, like everybody else, is under attack. Banks are under attack. Every country is under attack,” Gates told Couric.

But, he said, “It’s sometimes very difficult to figure out a home address on these attacks so one of the things that I am doing in the budget is significantly increasing the resources for cyber experts. We’re going to more than quadruple the number of experts that we have in this area. We’re devoting a lot more money to it.”

The source of the espionage appears to be China, according to a former official, though the origin of any attacks could be masked. Chinese officials deny any involvement and say U.S. suspicion is the result of a “Cold War mentality.”

Similar attacks have become more frequent in recent months, underscoring the increasingly heated battles taking place in cyberspace. Earlier this month, the Wall Street Journal reported that Russian and Chinese spies gained access to the U.S. electrical grid, inserting software that could disrupt the system.

In the Joint Strike Fighter attack, officials said that while spies made off with some data, the most sensitive information is stored on separate, non-networked computers. But the vulnerability lies in the Pentagon’s reliance on private defense contractors, some foreign, who have less-than-secure networks. The breaches apparently took place in Turkey and another U.S. ally nation, according to the report.

While there is no U.S. agency currently dedicated solely to cybersecurity, the Obama administration is expected to propose a senior White House post to coordinate military efforts to guard against further breaches. The White House may also look to extend a $17 billion security initiative originally planned by the Bush administration.

The newspaper quoted current and former government officials familiar with the matter as saying the intruders were able to copy and siphon data related to design and electronics systems, making it potentially easier to defend against the plane.

The spies could not access the most sensitive material, which is kept on computers that are not connected to the Internet, the paper added.

Citing people briefed on the matter, it said the intruders entered through vulnerabilities in the networks of two or three of the contractors involved in building the fighter jet.

Lockheed Martin Corp is the lead contractor. Northrop Grumman Corp and BAE Systems PLC also have major roles in the project. Lockheed Martin and BAE declined comment and Northrop referred questions to Lockheed, the paper said.

The Journal said Pentagon officials declined to comment directly on the matter, but the paper said the Air Force had begun an investigation.

The identity of the attackers and the amount of damage to the project could not be established, the paper said.

The Journal quoted former U.S. officials as saying the attacks seemed to have originated in China, although it noted it was difficult to determine the origin because of the ease of hiding identities online.

The Chinese Embassy said China “opposes and forbids all forms of cyber crimes,” the Journal said.

Currently, Americans who shop over the Internet from out-of-state vendors aren’t always required to pay sales taxes at the time of purchase. Californians buying books from Amazon.com or cameras from Manhattan’s B&H Photo, for example, won’t pay sales taxes at checkout time that they would if shopping at a local mall.

“We will have the bill ready for introduction by next Monday,” said Neal Osten of the National Conference of State Legislatures. “We finalized the language and now we’re working out the remaining issues and adding some new provisions at the request of various stakeholders.”

This is hardly a new debate: pro-tax officials and state governments have been pressing Congress to enact such a law for at least seven years. They argue that reduced sales tax revenue threatens budgets for schools and police, and say that, as a matter of fairness, online retailers should be forced to collect the same taxes that brick-and-mortar retailers do.

Even though those arguments have been unsuccessful so far, the National Conference of State Legislatures and its allies believe the recession has sliced into sales tax revenue so much that Congress will have to act. A report this week from the Rockefeller Institute says that sales taxes have declined by 6.1 percent, the largest decline in half a century.

“One of the big things the states have learned in the recession is they have declining revenues,” said Scott Peterson, executive director of the Streamlined Sales Tax Project, which counts state politicians and tax collectors on its governing board. “We’re very optimistic about Congress this year. We think we are within a day or two of finalizing the legislation.”

The final legislation is expected to be introduced by Sen. Mike Enzi, a Wyoming Republican, and Rep. Bill Delahunt, a Massachusetts Democrat, who have championed similar proposals in the past. Delahunt’s office on Wednesday confirmed he was interested; Enzi’s did not respond.

On the other side are the Direct Marketing Association, the Electronic Retailing Association, and companies including eBay, L.L. Bean, and Overstock.com. One of their biggest objections to the idea of collecting sales taxes on out-of-state shipments is the dizzying complexity of state laws.

Take candy, which would seem to be a straightforward item to tax. It isn’t. During a 2003 discussion of tax policy, a representative of Indiana, James Turner, noted that a proposed definition of candy would have taxed the Milky Way Midnight candy bar but not the original Milky Way bar.

But further investigation showed that Turner’s counter-proposal would have treated “certain flavors of Pop Tarts” and Cookies and Twix Crunchy Cookie Bars as candy–but not Cookies and Snickers Crunchy Cookie Bars. Peanut butter Girl Scout cookies would be candy, but Thin Mints or Caramel deLites would be classified as food.

Bizarre distinctions like this, coupled with the existence of more than 7,000 different tax agencies, are why the U.S. Supreme Court ruled that out-of-state retailers generally couldn’t be obligated to collect sales taxes unless Congress changes the law. The justices noted in a 1992 case called Quill v. North Dakota: “Congress is now free to decide whether, when, and to what extent the States may burden interstate mail order concerns with a duty to collect use taxes.”

One exception to that rule is a legal concept called “nexus,” which means a company can be forced to collect sales taxes if it has a sufficient business presence. If Amazon had an office in California, it already would be collecting sales tax for Golden State residents. (Another exception is the sale of cigarettes, which is covered by the Jenkins Act.)

In response to complexity concerns, the pro-tax forces have offered a proposal that they hope Congress can be persuaded to adopt. The concept is called the Streamlined Sales Tax Agreement, invented in 2002 by state tax officials hoping to straighten out some of sales tax laws’ most notorious convolutions.

Since 2003, more than 20 states have signed on, either wholly or partially, to the agreement, meaning they agree to simplify their tax codes and make them uniform. If enough states participate, proponents believe it will be easier to convince Congress to make sales collection mandatory for out-of-state retailers.

“You’ll see governors from states who are active participants pushing the Hill to move the issue forward–Kansas has been a long-standing leader. North Dakota, Iowa, Oklahoma, those are some with members on the governing board,” said David Quam, director of the office of federal regulations at the National Governors Association. “The states have done the heavy lifting of coming up with a voluntary system that makes sense. Now it’s Congress’ turn to grant states the authority to collect this.”

Representatives of the Streamlined Sales Tax Project are gathering in Washington, D.C. next month for a three-day governing board meeting, including a “lobbying day” that’s scheduled for May 13.

Under existing law, the caveat is that online purchases from sites like Amazon and eBay only seem to arrive tax-free. Legally, however, purchasers are required to pay their own state’s sales tax rate–the concept is called a “use tax”–and then voluntarily report the amount owed at tax time.

California residents, for instance, are now burdened with a sales and use tax of at least 8.25 percent. State law is strict: if Californians travel to a state with a 5 percent tax and shop there, the law requires them to cough up the 3.25 percent difference when they return. Online purchases are taxed as well.

But compliance is spotty at best. California’s Board of Equalization estimates the state lost $1.34 billion in 2003 because residents aren’t paying use taxes–and attributes $208 million of that to online purchases.

“There’s no member of NRF that does not support” the forthcoming legislation, said Maureen Riehl, vice president of government relations at the National Retail Federation. “The sooner we can get it done the better, as far as retailers are concerned.”

Online retailers tend to disagree. If the Streamlined Sales Tax Project (SSTP) were actually simple and easy for a shipper to work with, they might be more willing to compromise, but that may not be the case.

“The states are desperate for new revenue and I think they realize they’re straying far from the simplification they originally promised,” said Steve DelBianco, executive director of NetChoice, which counts as members AOL, eBay, NewsCorp, Oracle, Verisign, and Yahoo. “That creates an urgency on their part–to get the federal mandate before it becomes clear they have no intention to simplify.”

“They have no real intention of simplifying or compensating sellers for the burdens of collecting,” DelBianco said. “It’s a shell game.”

Why would you want to do this? My reply…to stay connected to friends and family…perhaps throw up a gallery so that your grandparents can see pics of your new dog/car/tinfoil hat. Sure, you could waste my time with MyWaste..er..space and be barraged daily by advertisers and solicitors…or you could roll your own web host, install a gallery or website, and provide media to your friends and family without costing yourself a dime. That’s right, NO COST (except time spent getting it running). Just remember, your website might not survive a digging or slashdotting if you run it yourself. Keep that in mind So without more chatter, let’s get to the meat and potatoes of things:

Do you cringe at the thought of buying a domain and putting up with the headache of trying to make sure your IP address is up to date with your domain? Do you hate the 40 dollars you spend on DNS service each year to resolve your IP address to your hostname? Read on and learn the the flat-broke-and-busted way of maintaining a fixed hostname for your IP…even if you have dialup.

I’ll divide this up into 2 sections. The first will deal with Linux. The second, Windows. This is only something that I’ve found easy to do and the price is just right (it’s free). The only thing that I recommend is a dedicated internet connection (cable, DSL) but even this is not necessary as dialup can be used. I recommend that you use the Linux way of doing things since it is more secure and doesn’t require a restart everytime you patch it.

*note: I’m assuming that you aren’t behind a firewall/proxy of any kind and that your ISP doesn’t block port 80 traffic. If your ISP blocks port 80, see the appendix at the end of this article.

LINUX

No matter what version of Linux you run, chances are that you’ll be able to install the apache webserver. This is good news as over half the websites of the world are run by the extremely efficient and speedy apache. I’m not going to address the specifics of how to set up your website…only how to get it a fixed address without buying a domain. So, you have your pages dropped into your webservers public directory…good. Now, how to resolve your IP…lets say it is…25.24.4.166 (for our example) and you want it to have a host.name.com to bind to. Easy to resolve. Go to http://www.no-ip.com/index.php and sign up. You can get a site from noip that is like yourname.theirdomain.com/.net/.info. They have cool names like sytes.net and servebeer.org…even workisboring.com

You’ll be able to choose your own top level name…for instance, Ithink.dnsiskinky.com could be your new domain name. Next download a client from the download tab: https://www.no-ip.com/downloads.php

The linux client is a tar.gz source and is simple to install. Follow the instructions when installing. You may have to install compilation tools (devel packages like GCC) to install the client. You now are the proud owner of yoursite.theirsite.com and your IP will ALWAYS update (as long as noip.com is up) each time you log on/sign on/beam up or whatever it is you do.

How does this help you? Well, if you’re like me, you have a dynamic IP address. If you connect to the internet via cable, dialup, or dsl…you also have a dynamic IP address. Dynamic means that it will change from time to time without warning. So by binding yoursite.theirsite.com to your IP address…you don’t ever have to worry about what IP address you have anymore. Instead, you’ll always be able to connect using yoursite.theirsite.com. You can host a webserver using Apache and a virtual host in this style as well (look for another how-to on this subject later) so that everyone can visit a shiny website at yoursite.theirsite.com.

WINDOWS

First you need a free and clear webserver since one is not included by default with windows. You can download Apache for this as well OR try the Abyss Webserver.

Interestingly enough, Abyss is also free! I ran it while my linux machine was being worked on (bad hard disk…it was a Quantum 200MB drive from 1913…had to upgrade) and it worked just great off of Windows XP. Download that puppy and install it. Make sure you read all of the documentation and familiarize yourself with how Abyss does business.

The next step…getting a hostname… is even easier than the linux method because you don’t have to manually install the noip client…they have a windows installer. Go to http://www.no-ip.com/index.php and sign up. Choose the domain name you would like (see above examples in Linux section). Next, download the noip client from the download tab: https://www.no-ip.com/downloads.php but this time choose the windows client. From there, you’ll be able to install this with a simple double click. Fill in all of your information (pretty self explanatory) and make sure that it will run with each time you sign on. You’re set! Your IP will now resolve to the yourchoice.theirhostname.com

CONCLUSION

You don’t have to spend a dime to keep a domain bound to your IP. This is perfect for the home user who just wants a gallery or homepage. It’s even good for someone who has a weblog or enthusiast site. I would not recommend this to anyone who has a business and wants to run a site. Just remember that the best things in life are free. Thanks open source!!!

PS: It’s always good form to put a link of the stuff you are using on your website to direct traffic back to your software provider. When I used noip, I included a noip link on my mainpage and also an abyss webserver icon as well. It’s just good form and some companies/software providers necessitate the use of their logo or a link on sites that use their software/code. Just be a nice person and give a linkback to them. Good luck! Have fun!

PSS: Also, please note that having hosted my own webserver for quite some time (circa 2001) I’ve found Linux and Apache as a combination to be more secure, faster, and more stable than any webserver I’ve hosted on the Windows Platform. I included information on Windows mainly to introduce you to the concept of free and open source software. If you thought getting a webserver for free was great, think about getting a whole operating system! Give it a try, you don’t even have to install it (use a Live CD).

APPENDIX

If your ISP blocks port 80 traffic, your webserver won’t work. Before deciding that your ISP is blocking however, make sure your firewall has the appropriate rules to allow incoming traffic. You can do a quick add to IPTABLES in the following manner:

[code]iptables -A INPUT -p tcp –dport 80 -j ACCEPT[/code]

[code]iptables -A INPUT -j DROP[/code]

If you’ve opened up the appropriate ports and things still don’t work, it will be safe to say that you’ve determined the ISP is blocking port 80. How you can get around this conundrum is to switch the listening port on the webserver to a different one and redirect traffic there.

The proposed legislation, introduced April 1, also would give the President the power to “order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security.”

The bill was introduced by West Virginia Democratic Sen. John Rockefeller, the chairman of the Senate Committee on Commerce, Science, and Transportation, and Sen. Olympia Snowe, a Republican from Maine.

Want to compare security products? Visit the IT Product Guides now.Rockefeller said in a statement the bill loosely parallels the recommendations presented in December to Obama by a CSIS panel. The panel recommended naming an assistant for cyberspace and a National Security Council (NSC) director to coordinate government response to cyber threats.

The 51-page Rockefeller/Snowe bill calls for the appointment of a National Cybersecurity Advisor that reports directly to the President.

“[Rockefeller/Snowe] got input form a lot of sources, including the CSIS report, so there is more there than we had laid out. It’s a strong bill,” said Jim Lewis, director and senior fellow in the technology and public policy program at CSIS.

Rockefeller says the legislation addresses the threat to private sector infrastructure such as banking, utilities, air/rail/auto traffic control, and telecommunications.

But even Rockefeller said the bill was a starting point and not a finished product.

“This legislation is the beginning of the process – the objective of this cybersecurity bill is to start the debate and chairman Rockefeller welcomes comments from all parties, he is sitting down with stakeholders already and he welcomes input from all those supportive of the legislation and those with concerns,” said Jena Longo, deputy communications director for the U.S. Senate Committee on Commerce, Science & Transportation.

CDT’s Harris said there is likely to be much concern from the private sector. In CDT’s evaluation of the bill’s language, Harris says “We read this bill to say it sets a technical standard and one way to do things.”

She says the government could establish standards on how to configure software and on security configurations that would apply to anything the President says is critical infrastructure.

“If you are a bank or a communications network and you are critical infrastructure you have to meet those standards,” says Harris. Such a mandate, she says, would undermine innovation and weaken security because all critical infrastructure would be running the same technology that once compromised would see networks fall like dominoes.

“We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected.,” said Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), , which promotes democratic values and constitutional liberties for the digital age.

The bill says the president must have a comprehensive national cybersecurity strategy in place 12 months after the bill passes.

“This is pretty sweeping legislation,” says Harris. “Seems the President could turn off the Internet completely or tell someone like Verizon to limit or block certain traffic,” she said. “There is a lot to worry about in this bill.”

In addition, an agency appointed by the President would control how and when systems are restored.

The power could conceivably extend to large service provider networks such as those run by Google, Microsoft, AOL, Yahoo and others who offer online services and applications to corporations and consumers.

“We are currently studying this legislation,” said Dan Martin, a spokesman for Google. “Security has been a priority at Google from the beginning of the company – we recognize that secure products are instrumental in maintaining the trust our users place in us.”

Proponents including officials from the Center for Strategic and International Studies (CSIS) say the legislation is comprehensive and strong and reflects the need for thorough debate around digital security that is long overdue.

But it is that kind of input, says CSIS Lewis, that the bill is designed to draw out.

Want to compare security products? Visit the IT Product Guides now.“It takes a broad brush approach,” he says. “It’s got sections on organization, strategy, education, technology standards, public private partnership and a little regulatory authority. No previous U.S. effort has been as comprehensive, and that’s one of the main reasons all our previous efforts failed. This is a big step forward,” said Lewis.