Monday, June 09, 2003

Defeating DDOS.

It's time for IRC to go, or to be modified.  The very vast majority of DDOS attacks are coordinated through the IRC networks; bots insert themselves in and wait for commands.  The anonymity afforded by IRC is something that we really can't afford to let continue.  Yes, it's nice that IRC is out there, blah blah blah.  And I'm sure that there's a lot of work that gets done through IRC channels.  There's also a lot of harm that gets done.

Unless some way can be found to implement some form of accountability within the IRC space, I think that ISPs should simply start filtering out all IRC traffic.  DDOS IRC bots running on someone's home machine can't respond to commands that never reach it.  This will force the bots to use some other technique.

Of course, the networks that are set up by P2P systems like Kazaa are also a perfect mechanism for finding and discovering trojan peers running on other systems.

Basically you set yourself up as a trojan, then hook yourself into Kazaa's network just enough to get lists of other machines.  You then probe those machines directly, trying to find trojans running on them.  When you discover one running, the two trojans exchange lists of compromised machines.  You can even insert yourself into the Kazaa sharing directory, etc. etc.

These information-sharing trojans are the real nemesis we'll have to face in the future.  They'll be capable of hiding themselves, be polymorphic, implement their own P2P communications mechanisms, and generally be a huge pain in the ass for anyone who gets one.

Strong Anti-Virus is the only thing that will help us.

That, and ring-based security in our operating systems.  Since we're probably not going to see that in my lifetime, I should stop whining about it.


11:57:33 AM    

Naked Objects.

Stuart Halloway, and a lot of other people, think they're pretty interesting.  So do I!  My feeling is that the future will be something like Naked Objects...it's a strong step in the right direction.  I have been thinking for a long time about fluid user interfaces.  Basically you want the interface to adapt itself automatically to the data.  Swing's various data models are a step in the right direction -- you have many different kinds of controls that can attach themselves to common data models.

XUL goes further -- it says that there is a common data format (RDF), and all the controls know how to assemble themselves from that.

I am not sure that RDF is the idea model for this kind of thing.  Having done some work with tuple spaces and CLIPS-style fact systems, I'd have to say that the facts are definitely the way to go.  They're just more flexible, but the big win is clearly being able to run rules against all that stuff, in a very rigorous way.  The rule systems can analyze the kinds of information present and actually synthesize user interface code on the fly.

The thing to remember about synthesized user interfaces is that the exceptions must be handled.  You need to provide an extension mechanism that allows a developer to get in the special sauce.  The future will be made of partial automated interfaces, together with custom stuff.  This is just like the component model of today -- you use the components where you can, and then you extend as necessary to get the precise behavior you want.


10:54:28 AM    


© Copyright 2003 Ross Judson .
Last update: 7/3/2003; 3:02:04 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Java Etc." in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.