Tuesday, September 16, 2003
Balkanization of the Internet
Ten years ago, just prior to the commercialization of the Internet was a
good time indeed. No spam, no worms, no Verisign and generally no problems.
Every machine on the Internet was a full peer of every other machine on the
Internet and things pretty much worked (like
talk and FTP).
Life on the Internet was good, then.
The Internet today is a vastly different creature than the Internet of a
decade ago. Mark just informed me that yet another remote
exploit of OpenSSH is floating out there. Which means an upgrade to OpenSSH. When I asked
Mark why not just download the latest version, do a
make intall he
said it wasn't that simple on a modern Linux system since this is
“open source” with its “dependancy dance from Hell” so the best course
of action is to use the existing package program to update.
Of course the package program refuses to install the latest version of OpenSSH until you update the package program itself, which involves (again, due to the dependance dance) upgrading a slew of other packages …
I personally don't see why downloading the latest version of OpenSSH and compiling it won't work, but Mark is insistent that we go the package route. “This is a modern Linux system, Sean,” he said. “You just can't do that compile thing anymore without breaking something.”
All this on top of our recent discussion on installing a firewall on our server—to keep network data out of our server (well, specifically, to keep network data from getting to MySQL (which according to Mark, is a pile of Swiss cheese in the security department).
To top this off, Mark is also planning on removing Seminole (webserver he's been writing) from distribution. It's GPLed with an option to get a commercial license (to remove the GPL restrictions) but most of the downloads have been coming from (according to Mark) India and China, which don't necessarily honor IP rights, pissing Mark off. He was planning on just blocking all network traffic from Asia itself, but decided that wasn't good enough.
And now it seems that a
VeriSign site will come up for non-registered domains (for
.COM), and apparently also accepts email
(not fully, but enough to collect valid email addresses) to such
non-registered domains. System and network admins are upset; enough to
consider blocking the IP
address 188.8.131.52 entirely.
This, on top of the recent worms and virii like SoBig and Slammer so now you have ISPs blocking certain network traffic and slowly, ever so slowly, the full peer-to-peer nature of the Internet is Balkanizing to where we won't even have an Internet anymore.
Oh, I'm sure there will still be a vast network of connected computers, but with so much filtering going on, and the attacks against peer-to-peer networking software (the whole peer-to-peer thing was puzzling to me since when I started using the Internet, it was peer-to-peer and systems like Napster, Gnuster and Kazaa just seemed silly to me—little did I realize just how Balkanized the Internet has become for such software to become necessary) what I'm used to as being the Internet will cease to exist (if it hasn't already).
And President Bush isn't helping matters either …