Alde’s Stuff

Just a brief note to say how utterly stupid Mod_Security is for a blogger.

So, for example, lets say I want to write a blog entry talking about how to edit the password file on a unix box. Mod security will stop me.

For example, if I needed to describe that for using squid and ClamAV to virus scan every file that came thru the squid proxy, you need to backup your squid configuration file first:

c p / e t c / s q u i d / s q u i d . c o n f / e t c / s q u i d / s q u i d . c o n f . o r i g

Will trigger a block:
[Wed Jun 13 21:48:51 2007] [error] [client 172.176.16.44] ModSecurity: Access denied with code 501 (phase 2). Pattern match (Stuff) at ARGS:content. [id "950005"] [msg "Remote File Access Attempt. Matched signature "] [severity "CRITICAL"] [hostname "www.alde.com"] [uri "/wp-admin/post.php"] [unique_id "7rsPQX8AAAEAAEpZLNkAAAAP"]

Will match on a slash, followed by the letters e, t, and c.

I also hit one tonight, that blocked me from linking a p d f file on a patent site, because I had a hash (#) character somwhere in the text (three lines down) after the filename.

How totally useless, something that vague will 9 times out of 10, cause someone to turn the rule off, which totally defeats the purpose of having mod_security in the first place. Because it will also math if I tell you to edit the configuration file that is usually located at slash e tee see slash squid slash squid dot conf.

And the security nazi’s (I can talk about them, I am a CISSP) wonder why people disable security features.

Read over at VoIP Watch a blurb on a company called Yoomba that wants to make your email address your phone number.

No idea if something like this might float, but you’re going to have to get it past Verizon first. They’re suing Vonage over patent infringement, and two of the patents Vonage is allegedly infringing on is patent Number 6104711: Enhanced Internet Domain Name Server, and patent Number 6282574: Method, Server and Telecommuncations System for Name Translation on a Conditional Basis and/or to a Telephone Number.

These two patents’ claims Verizon suggests that if any server anywhere ever did a lookup that used anything other than a telephone number to complete the call was covered by this patent. So, in using a person’s Email address, IM name, etc, would fall under these two patents. The main thing is not what the patents claim, but what the Judge said the patents claimed; there is a difference.

Prior to a Patent lawsuit, there is a Markman hearing in which both the plaintiffs and the defendants attempt to convince the Judge (no jury at this time - Supreme Court ruled only the Judge determines what the patent claims are) as to the scope of the claim. The plaintiff argues for the widest of all interpretations, the defendant argues for the narrowest. Normally these hearings go on for days; however, Verizon and Vonage had less than an hour total to argue their claims. And the Judge found for Verizon on each and every claim, which is quite unprecedented.

During a conference call on Thursday, Sharon O’Leary, Vonage’s chief legal officer, said that U.S. District Judge Claude Hilton had “artificially expanded the coverage” of the patents during this hearing. She claimed that both parties were very limited in the information they could supply to the judge and that the hearing, which typically takes days, was decided in little over an hour.

So this would put Yoomba on slippery footing if they ever tried to use someone’s email address to compete a call on the PSTN network, they’re going to have to license that Intellectual Property from Verizon… Unless Vonage is successful in their appeal of the patent suit and then successful in having those patents overturned.

Because, if it’s just “send an email to chat”, and PC to PC only, well, that’s Skype, or GoogleTalk, etc, and, well, passe.