Weblogs and Consumer Teamspaces Are PR, Advertising Targets

There’s a new spam control feature planned for Outlook 2007 that hasn’t received much attention: the math puzzle. When Outlook 2007 tries to submit email to Exchange, Exchange will challenge Outlook with a puzzle, waiting for a correct answer before sending the message. The puzzle is designed to require a significant amount of time to solve — of the order of half a second.

The functionality will require Exchange 2007, or 2003 with a future service pack, according to Microsoft people we spoke to. (Apparently the functionality is already present in Exchange 2003, but disabled.)

The idea is twofold:

1. It will severely throttle the speed of spam-sending malware that tries to use Outlook to send its spam, thus thwarting its ability to flood the Internet with advertisements for fake watches, pirated software, and herbal enlargement products.
2. Messages that send using this puzzle can be passed through receiving spam filters, preventing them from becoming false positives.

The first point is interesting, but unlikely on its own to make a significant dent in the spam problem. The "botnet" or "zombie army" problem is most prevalent on consumer PCs, sending direct-to-MX via SMTP, not in corporate networks sending via Exchange RPCs.

The second point is intriguing, but it’s unclear how this can be made foolproof. The risk is that spammers will find a way to subvert the system, causing their spam to be delivered to users’ inboxes. For example, a spammer can solve a great many math puzzles using botnets.

This is essentially a hybrid hashcash, such as implemented by the Camram spam control project. Microsoft disclosed that it has a patent on the technology (despite its similarity to hashcash methods), and says it’s considering ways to make it more widespread.

… Richi Jennings

Police states fear gatherings of large numbers of people, because they can unpredictably turn into a mob demanding the overthrow of an unpopular government. Internet-based collaboration will quickly make it very difficult to stop large, spontaneous gatherings.

Eritrea illustrates. The government is very unpopular with its people. The government refuses to hold elections, because it knows it will be voted out, and because it fears that once it’s out, the established government will likewise refuse to relinquish power at the hustings. This is a common situation throughout the world, especially in Africa.

In Eritrea, people are very religious, and the majority are Christian. Religious groups are the main nongovernmental organizations that can pull together a big crowd. So churches are closely monitored and controlled. Only three Christian groups are allowed: Eritrean Orthodox, Roman Catholic, and the Lutheran Church. These groups must follow the government’s rules and avoid meddling in politics. All other churches are illegal. Errant pastors who start gathering large crowds are quickly put in (appalling) prisons, or are thrown out of the country.

The Internet will grow in police states; competitive international pressures make governments unable to stop it. And as its use grows, collaborative technologies such as email, instant messaging, and teamspaces will let groups of people quickly organize meetings at very short notice. The London WTO riot in 1999 and flash mobs are examples. SMS text messaging also plays a big part.

Such gatherings will make life extremely difficult for dictatorships. What will they do when half of the population spontaneously gets together to demand the downfall of the government? There will be too many people involved, and doing nasty things to a few leaders won’t stop the gatherings from occurring. Collaborative technology is bad news for police states.

… David Ferris

Exchange 2007 Enterprise Server Edition introduces new replication technology called Clustered Continuous Replication (CCR). This combines automatic management of redundancy and application-level data replication for Exchange.

CCR is important because it eliminates the requirement for a shared storage subsystem for your Exchange cluster. Using CCR you can build a geographically distributed cluster, provided you have enough bandwidth between the nodes.

CCR operates using an Exchange cluster with a minimum of three nodes. Two nodes in an active/passive configuration contain the matching mailbox servers. The third node — the votersplit brain syndrome. — is used to avoid an occurrence of network partition within the cluster, also known as

When enabled, the CCR volume is seeded automatically with an ESE Full backup and is updated continuously with new transaction log files. Once copied to the CCR volume, the log files are applied immediately to the replicated database. To help make this practical, transaction log files are now 1MB in size vs. 5MB for Exchange 2003.

CCR will be important for organizations that desire more disaster recovery flexibility for Exchange.

… Bob Spurzem

Interesting Sales Approach for Content Security

The Components of a Consumer Teamspace

When users send photos by email, they often create problems. For example:

• Slow download times of multimegabyte files over dialup
• Message store limits exceeded

CNET recently released a free service aptly named All You Can Upload. Essentially, it is a bare-bones image hosting service. The service is extremely simple to use. It’s therefore useful for sharing large images without the hassles of typical file transfer. In addition, many community sites, Web hosting services, weblogs, forums, auction sites, etc., either do not offer their own image hosting facilities or limit the number and size of images hosted.

There are many image hosting sites. However, All You Can Upload is as notable for the functions it doesn’t have as for the ones it does. The site has neither advertisements nor registration, and it does not have any premium services. Users can immediately begin uploading images from the main page. The service allows for unlimited uploading of images (GIF, JPEG, and PNG) of unlimited size. There are no bandwidth limitations. Images are uploaded via a Web form and can be resized at that time.

Upon uploading images, the user is presented with a set of URIs to the original images and to thumbnails. Users must record the URIs; otherwise they are forever lost. Since there are no accounts, All You Can Upload has no management features, photo albums, etc. Users who want these additional features are encouraged to sign up for CNET’s Webshots photo sharing community. Currently, there is no security other than the long identifier given to each image and no way to delete images. I suspect we will see external services built to use All You Can Upload as a back end and provide additional features.

The All You Can Upload service is built on Haystack, CNET’s new high-capacity and scalable storage back end. Webshots will migrate to the Haystack back end as well. Webshots has 19 million users who have uploaded more than 375 million photos.

… Ben Gross

Increasingly, organizations monitor the flow of internal email communications among functional groups, divisions, and international sites to detect noncompliant content and proprietary information breaches.

A side benefit of monitoring is finding out what the employees know about a particular subject, product, or technology. This knowledge can then be rolled into a skills database, creating a much more current and granular view of the human resources within the organization. The information gleaned can also feed contact and calendar information to help in locating the closest person with the needed skills.

One of the first content control vendors to recognize this benefit is Vericept. Vericept’s 360 Risk Management Platform combines three applications - Content 360, Email Control, and Stored Data Discovery - to monitor, detect, and analyze internal and external communications.

… Nancy Cox

Social Aspects of Security Move Center Stage

It’s tough to implement email archiving. The main challenges are:

• Getting the product or service to work properly
• Working out what policies to implement, given the applicable laws and regulations
• Implementing and enforcing those policies

The trading floors of financial services organizations represent the only type of organization to have done all of the above. Most everyone else is still stuck on the first stage, getting the product or service to work properly.

Health-care businesses are perhaps the most glaring examples of limited compliance. Most health-care businesses are small or medium-size organizations, and only have limited implementation resources and skills.

… David Ferris and Scott Bolser

Recommended: Computerworld’s Mobile & Wireless World Conference