Tech Blog
By Joab Jackson
Microsoft Exchange on Linux?!?
No doubt about it, Microsoft Exchange is pervasive. It's easily the dominant e-mail server in the enterprise.
For some though, the downside of Exchange is that it only works on the Microsoft Server software, a real downer for administrators craving a more Linux-like technical (and licensing) environment.
One way to avoid this lock-in may would be to deploy OpenChange, an open source implementation of the Microsoft Exchange server protocols.
At an informal chat session at the USENIX conference, being held in Boston this week, Samba developer Gerald Carter mentioned this project, which we haven't heard of before. In much the same way Samba brought Windows sharing to non-Microsoft platforms, so too could OpenChange Microsoft Exchange's functionality for platforms other than Microsoft's, he said.
Running on Linux, OpenOffice offers Microsoft Outlook (and its open-source clone Evolution) services such as "a messaging server, shared calendars, contact databases, public folders, notes and tasks," according to the Web site. We're adding the usual caveat emptor here, given our unfamiliarity with the project, but it may be worth looking at.
Comments (0) | Post Comment | Link to this Page
By Joab Jackson
SNMP not bedeviled after all
Last week, we reported of a vulnerability in network equipment that used version 3 of the Simple Network Management Protocol. Perhaps due to our haziness in describing the vulnerability, unsuspecting readers could assume that the fault lied with SNMP itself.
Not true, according to security architect Uri Blumenthal, who sent an e-mail pointing out the possible misunderstanding. Blumenthal co-authored the Internet Society Request For Comments ("SNMPv3 User-based Security Model," RFC 3414) on ensuring message-level security of SNMP.
The vulnerability lies not in SNMP, but rather in poorly-coded implementations of SNMP, he said. To quote Blumenthal's e-mail:
The cause of this vulnerability seems to be a bug in the implementation rather than in the protocol. For the protocols involved, RFC 3414 defines authentication algorithms and procedures, for SNMPv3, and RFC 2104 defines the HMAC [keyed-hash message authentication code] algorithm itself.
RFC 3414 on page 52 clearly specifies that the length of the authenticator tag is 12 octets (96 bits). Probably the vulnerable implementations instead of verifying the length of the received MAC and/or comparing that length with that of the computed one – they just took the length of the received MAC as correct, and compared that many bytes (e.g. 1) with the computed value.
In other words, if the implementation does not compare its own generated HMAC with what is received (rather than just comparing the number of bytes in both), then the implementation could be circumnavigated.
So again, if you use version 3 of SNMP, check your vendor for updates.
Comments (0) | Post Comment | Link to this Page
By Joab Jackson
National Archives cracks Time's Top 50
Congrats to the National Archives on rocking the Web 2.0. Time has just run a list of its favorite 50 Web sites and on the list is the Archives' Digital Vaults.
Digital Vaults, which debuted last month, acts as a sort of a public gallery, displaying some of the most curious and important items in Archives' holdings. It is run by the Archives and the philanthropic group Foundation for the National Archives.
"You can get lost here for hours — dusty, old documents have never looked so good," Time gushes.
It's been a month of accolades for Web sites. Last week, the Peace Corps took home a Webby Award for its site.
Comments (0) | Post Comment | Link to this Page
By Joab Jackson
Beware the thermocline
Here's a word we learned today: Thermocline. Thermocline is the warm layer of water that sits atop a vaster depth of cooler water. This stratification in temperature, which can happen in lakes and oceans, prevents nutrients from getting to the upper layer.
In this blog posting, Bruce Webster, an IT consultant who has a bit of experience documenting why big IT systems fail, coined the phrase "thermocline of truth." The thermocline of truth is the "line drawn across the organizational chart that represents a barrier to accurate information regarding the project’s progress."
"Those below this level tend to know how well the project is actually going," Webster writes. "Those above it tend to have a more optimistic (if unrealistic) view."
Comments (0) | Post Comment | Link to this Page
By Joab Jackson
Googling does a brain bad?
Is the Internet eroding our attention spans? Nicholas Carr thinks so, and his rather lengthy essay in the latest Atlantic Monthly has been debated hither and yon across the blogging community.
See, the human brain is not hard-wired to read. But for the last few centuries, we've trained it to concentrate on extended narratives. And civilization resulted, more or less.
Now, the Internet, with its ultra-easy access to information, is rewiring our brains to be more jittery, to jump about from one topic to the next like drunken monkeys. Got a question? Google it! But check TMZ.com first for the latest on R. Kelly trial news. We're losing our patience for reflection or immersion in a single body of work, like a book.
Or even a lengthy magazine piece, evidently. Few of our friends had time to read Carr's entire essay.
Comments (1) | Post Comment | Link to this Page
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
