# From the Newsstand

Alison Skratt

Pages: pp. 11-13

## Internet and Society

PC Magazine

22 May 2007

"Wikipedia's Opponent," by Alison Lapp

With public criticism of Wikipedia's veracity growing, an alternative online encyclopedia — Citizendium — has been created that institutes more rigid rules on contributions. Citizendium creator, Larry Sanger — who was involved with Wikipedia at its inception in 2001 — says, "The world needs a better, more authoritative, more reliable free encyclopedia."

Citizendium requires contributors to use their real names and sign an "ethics pledge." Its postings are monitored by constables, who are charged with punishing inaccurate contributors and must be at least 25 years old with a bachelor's degree.

The project drew approximately 900 authors and 200 editors during its pilot phase and so far has roughly 1,200 live articles. Norman Garrett, a Citizendium editor and professor of computer information systems at Eastern Illinois University, believes Citizendium can work if it can assemble a "fairly large army of experts."

Technology Review

May/June 2007

"Web Browsing without a Mouse"

Stanford University PhD student Manu Kumar has created an alternative to the computer mouse. Kumar's eye-tracking technology lets users point, click, and perform other common mouse actions by simply looking at the screen and touching a key on the keyboard.

Until now, eye-tracking technology has been too difficult to use, but Kumar's approach uses infrared light sources embedded in the computer monitor's border and a camera to capture users' pupil movement, as well as the reflection of the lights off their corneas. Users can look at a Web link, hold down a "hot key" on their keyboards, and magnify the area they're looking at. Users then narrow their focus within the magnified region and release the "hot key," effectively clicking through the links.

Studies reveal an error rate of close to 20 percent in certain scenarios, but Kumar has developed algorithms to compensate for many of these errors, which seem to occur when users think they're focusing on a target but are actually focusing on something in their peripheral vision.

## Internet Media

Network Computing

16 April 2007

"Are Network Engineers Really Ready for VoIP?" by Mike Fratto

As voice over IP (VoIP) continues to gain popularity, how it will perform on enterprise networks remains to be seen, according to a new survey.

Network Instruments, a network testing vendor, surveyed 273 US network engineers about VoIP and found that almost 50 percent were "concerned with their ability to monitor the quality of VoIP service" and 36 percent were worried about the reliability of their VoIP applications during peak use.

As Fratto points out, any survey by a testing vendor that concludes that IT staffs need more testing products should be viewed with skepticism. However, he says, the survey does raise important questions about deploying VoIP in an enterprise. Addressing engineers' lack of familiarity with VoIP can be easily accomplished with training, but ensuring VoIP network reliability is more challenging: he says it will require probes in multiple locations to monitor software, and quality-of-service applications across the network.

## Mobile and Wireless Computing

PC Magazine

5 June 2007

"A New Day for WiMAX?" by Monty Phan

In April, wireless provider Korea Telecom reintroduced its high-speed wireless service in Seoul, South Korea, expanding it to include the whole city and new devices. WiBro, a mobile broadband comparable to WiMax, can connect users wirelessly even in vehicles moving up to 75 miles per hour.

Reaction to the first rollout of WiBro wasn't overwhelming — fewer than 1,000 people signed up — primarily because its first introduction included too small an area and lacked device support.

"WiBro can be a good solution for developing countries, in which [the providers] can simultaneously complete broadband access and voice service over a mobile network," says Andy Bae, a senior analyst at ABI Research. Analysts, however, remain skeptical that a successful WiBro might spur the stagnant WiMax market in the US, where most believe its best use is as a last-mile solution for broadband Internet access in rural areas.

## Peer-to-Peer

Network Computing

2 April 2007

"Speermint: Standardizing SIP Peering," by Matt Vlasach

Session Initiation Protocol (SIP) peering is a strategy that connects an enterprise's communications backbone entirely in one IP space without using the public switched telephone network.

However, the technology has some of voice over IP's (VoIP's) drawbacks, including susceptibility to service interruptions. It also requires compatible security technology among peers, or else calls will fail or be insecure. That's why the IETF has formed a SIP peering group called Speermint, which is trying to create a standard to solve these challenges.

Speermint, which has completed five Internet drafts explaining SIP peering's basic principles, wants to extend the SIP protocol by developing architectures that are built to provide identification signaling, route realtime communication, and resist attacks and abuse.

## Programming and Development

Dr. Dobb's Journal

May 2007

"Second Life: A Programmer's Perspective," by Dana Moore and Raymond Budd

Online communities are nothing new, but add real-time interaction and a 3D environment and you get Second Life (SL; www.secondlife.com), a popular rich, immersive environment that has some developers wondering if it might legitimately be called part of Web 3.0. As Philip Rosedale, CEO of SL, said in a 2006 interview, "At Second Life, everything you experience is inherently experienced with others."

So far, SL has more than 6 million "residents" around the world, with roughly 30,000 or 40,000 online at any given time. These residents, or avatars, are digital alter egos created by members, who can also create and build things in SL using the C-like Linden Scripting Language.

Several companies, including IBM and Sun Microsystems, have set up virtual offices in SL to take advantage of the commerce that's built into it. SL residents have reportedly spent more than US$200 million in their virtual world since 2006. Moore and Budd explain how to build objects in the SL environment and add object behaviors. June 2007 "Semantically Enabled SOA," by Arunava Chatterjee Chatterjee says the primary motivation behind the service-oriented architecture (SOA) is to improve business agility. To be truly agile, he argues, technology must be able to make decisions, which is the impetus behind the concept of semantic SOAs (SSOAs). In an SSOA, "an agent aware of the semantic model can combine services dynamically to satisfy business goals," Chatterjee says, pointing to IBM's decision to include semantic processing in its Websphere Business Fabric software and Software AG's decision to include it in its Information Integrator. Introducing semantic processing is complicated because it involves a machine using mathematics and artificial intelligence to analyze and interpret concepts. Although the Semantic Web and efforts within industry have laid out the foundations for this analysis and interpretation, introducing reasoning engines for real-time processing is still very new. Network Computing 30 April 2007 "SOA Market Shapes Up," by Andy Dornan Recent activity in the service-oriented architecture (SOA) market seems to indicate the arena is gaining traction. The Organization for the Advancement of Structured Information Standards has launched a SOA standards initiative called Open Composite Services Architecture to let developers access SOA service descriptions and data-object specifications without paying royalties. The organization also recently ratified a new form of the Web Services Business Process Execution Language. 14 May 2007 "Scouring Ajax," by Jordan Wiens Rich Internet applications (RIAs), which split intelligence between the servers and clients, offer a host of new Web possibilities but also present some serious security concerns. RIAs let Web browsers directly query servers — an inherent security threat given the current state of browser security. But Ajax — Asynchronous JavaScript and XML — is a particularly vulnerable RIA given its recent momentum and characteristics, including the fact that most Ajax applications are written in at least two languages and "as always, complexity is inversely proportional to security." Wiens says locking down an Ajax RIA isn't as simple as purchasing a Web application scanner and putting it to work on a network. Enterprises also have to choose from among various options, including devoting a staff security specialist to Web application scanning, either manually or with a commercial Web application scanner; buying a scanner and having developers or quality assurance testers rather than security staff run it; or using external vendors or custom consulting. ## Security Network Computing 14 May 2007 "IETF Strives for NEA Standard," by Steven J. Schuchart Jr. Although some enterprise users are interested in network endpoint assessment (NEA) architectures to improve endpoint security, today's choices lock them into proprietary technologies. Consequently, the IETF has started to create a specification that will allow all endpoint software to communicate with all authentication-enforcement architectures, including two leading players, Microsoft's Network Access Protection and Cisco System's Network Admission Control. At this point, the IETF NEA working group's initiative focuses on standardizing various control protocols for communications, including the Posture Broker Protocol, the Posture Attribute Protocol, and the Posture Transport Protocol. The group is aiming for a completed Internet draft by December 2007. ## Elsewhere in the IEEE Computer Society Computer May 2007 "New Attack Tricks Antivirus Software," by Karen Heyman The proliferation of Web sites that encourage users to add content, interact, and collaborate has spawned a new kind of virus that's proving difficult to prevent. Using a technique called dynamic code obfuscation (DCO), hackers can cloak their JavaScript and get around antivirus products, which traditionally search for code strings that match strings in their virus databases. DCO uses algorithms to conceal JavaScript without affecting the malware's potency and then uses polymorphism to mutate malicious files, making string matching impossible. It can take many forms, including renaming variables, breaking up code, or sprinkling random numbers, letters, or symbols. DCO attacks usually take place as part of phishing scams. A DCO polymorphic engine on a hacker's Web site can create a unique obfuscation every time a victim downloads the JavaScript code. Antivirus vendors are doing their best to respond. Symantec, for example, is looking into a technique called vivo blocking that would identify browser vulnerabilities before vendors release patches, and then intercept and block code that tries to exploit them. "Hitachi Researchers Develop Powder-Sized RFID Chips," by Linda Dailey Paulson Hitachi Central Research Laboratory has produced the smallest and thinnest radio-frequency identification (RFID) chips to date, measuring the size of an individual piece of powder or about as thick as a piece of paper. Hitachi hopes the Mu RFID chip's size — 0.05 millimeters by 0.05 millimeters by 5 micrometers — will address the cost and weight issues holding back more widespread RFID uses. The Mu chip stores 128 bits of data and transmits it in roughly 20 milliseconds at the 2.45-GHz frequency. Typical RFID systems include small radio chips that store data about a product or person — such as an item's price or a person's employee code — and are frequently used in place of barcodes or in settings in which security is important. However, the Mu's size means it's too small for an onboard antenna, the feature that gives most RFID tags their size. IEEE Security & Privacy March/April 2007 "Studying Bluetooth Malware Propagation," by Luca Carettoni, Claudio Merloni, and Stefano Zanero So far, Bluetooth malware has posed little danger, with recent cell phone viruses causing limited damage. However, Carettoni, Merloni, and Zanero argue that the lack of malware doesn't mean hackers can't exploit Bluetooth and cause damage. To prove their point, the authors built BlueBag, a mobile, covert attack device in a rolling suitcase and tested it out in several public areas around Milan, Italy, where a suitcase wouldn't seem out of place. Bluebag runs on the GNU Linux operating system and costs roughly US$750 to build. The authors monitored and controlled BlueBag's software from a smart phone via a Web interface running on top of a TCP/IP-over-Bluetooth connection.

Initial experiments focused on finding out how many Bluetooth devices in a public area were set to "discoverable" mode, in which the device sends signals to other Bluetooth devices indicating it's available to share information. With 23 hours of scanning over seven days at eight locations, they located 1,405 devices in discoverable mode. The length of time these devices remained in BlueBag's range varied, from 10.1 seconds to 23.1 seconds.