My new blog at sbin.cn

Due to the publicly known reasons, this blog at wordpress.com has been not accessible at China for a long time till last Spring festival (Feb.2006). It’s very difficult for me to update and manage this blog, while most of my readers from mainland can not read it since then. So I decide move it to a new site with good performance.

• New site URL: Http://sbin.cn/blog
• New site RSS: Http://feeds.feedburner.com/sbindotcn

Hope you guys can change your bookmark and RSS feeds. I am sorry for the unconvenience for this move. Thanks for the great pleasure WP community gave me.

Security 2.0, Security 1.0 SP2 … Web 3.0 …

Feld expressed his dislike to those fashion words in his famous blog:

 I’m personally going to boycott the phrase “Web 3.0” since “Web 2.0” makes me tired enough.  There have been some great quips going around the system about this, including Gordon Weakliem’s “I haven’t even gotten around to upgrading to Web 1.0 Service Pack 2”, Michael Parekh’s “Web 2007 versions”, Peter Rip’s “Web 2.0 + 1”, and Nick Bradbury’s “Web 3.0 Does Not Validate.”  While I recognize the inevitability of the newest increment of the Web x.0 label, I don’t have to like it.

My points is that they are interesting stuff. Some guys like to use fashion words to attract eyeballs. As long as they can illustrate the essential points, just let it be.

I use Security 2.0 to describe the new trends in network security area, e.g. internal control, identity and access management, and etc. That differentiate themselves from the original anti-virus plus firewall plus IDS. No matter what you call them, they just exist there. right?

It’s Cool. Go to Yahoo Mail Beta

I have a Yahoo Mail account to receive some mailing lists. For a long time I didnot login to check those messages. Today I found it changed outlook greatly, giving me a big surprise. Yahoo Mail Beta, very cool interface. See the below screenshot.

I had very different experience with Live Mail beta from Microsoft, slow response, bad interaction, … I felt very upset with it and changed back to the previous hotmail interface. Now go to Yahoo Mail beta. It’s cool.

WP’s first step to profit

The largest free blog hosting service provider – wordpress.com rolled out a new service – CSS customization, to give the bloggers a way to customize the stylesheet, according to their own flavor. This service is not free, instead you have to pay 15 credits for it. You can buy a credit point for 1$ through PayPal. For more…
This is the first service not free by wordpress.com. It’s a common sense to regard it as the signal of first step to profit. Considering its huge subscriber base (287 thousands for now), WP is expected to be the superstar at the venture capital market.

What Hamachi brings?

Bill recommended one “new” application to me. That’s Hamachi. It gave me a very complicated feeling.

It’s a wonderful software application, which provides us a virtual LAN over Internet. It’s a typical overlay network application, which makes use of P2P technology and has the capability to tranverse the NAT/FW enterprise perimeter. Additionally, it brings us an interesting function – Web Proxy:

Built-in Web proxy
An option to use Hamachi as a simple web proxy. This way your Hamachi peers may configure their Web browsers to access the Internet via your computer and therefore protect their Web traffic while it is in transition between you and them.

This feature is typically used for securing Web surfing from untrusted locations including cybercafes, coffee houses, hotels, etc

Obviously, founders of Hamachi have learned the lesson from Skype. They has done a lot of effort to open their protocols and algorithm in the identity, authentication, and communications among system components. That will be a door-knocker to those enterprise IT managers, because there must be growing security and system management software to support Hamachi, as long as Hamachi’s installation get enough base. According to their website, Hamachi has over 3,000,000 users at June 17, while this number was merely 2,000,000 in April, growing 50% in two months.

It’s a wonderful remote collaboration tool, as well as a virtual networking platform, particularly in the current booming broadband world.

At the other hand, the overspreading of such kind of softwares (for others, see vnn.cn, softether.com) has been eroding and further eliminating the enterprises’ network perimeter, leading the compomise of security policy. It requires that firewalls and networking devices should support more and more layer-7 applications, in particular P2P overlay networking traffic. Morever, Traditional IDS and UTM won’t work in face of virtual LANs.

Let’s keep an eye on them together. See my comment in chinese.

Go Security 2.0

When I try to dig "Security 2.0" via Google, only one noticeable hit was found from CSOonline by Sarah. Sarah summarized the convergence at security area, and regarded "Security 2.0" as integration, convergence, holistic security and so on. Sarah reported a case study from Constellation Energy Group on convergence of physical security and IT security, where they assigned a new role named Chief Risk Officer, directly under CEO, who is responsible for control of what ever risks which might hurt the enterprise to an acceptable level. That's very interesting and with deep insight. However, my vision of "Security 2.0" is somewhat different.

At least in China, based on the about ten years of security practice, I would like to define the following two stages of security management and technology we are living with so far.

• Security 0.1: security came from anti-virus capability
• Security 1.0: security is PDR (Protection -> Detection -> Response), where in most cases at China, PDR was explained as firewall (protection), IDS (detection) and security emergency response services (Response)

But I begin to feel the emerging of a new pulse and inspiration at the industry, which I didn't hasitate to call it "Security 2.0", where I hope to borrow some concepts and feelings from Web2.0. The representative and definitive features of "Security 2.0" include:

• Security 2.0.1: focus changed to internal control and security protection of applications and data, rather than simple virus/intrusion detection and attacks.
• Security 2.0.2: "holistic security" synergizing the AAAA(Account, Authentication, Authorization, and Audit), from just stack/heap of firewalls, IDSs and other single point stuff.
• Security 2.0.3: emphasizing the perception and experience of those security managers and administrators, ie. the real effectiveness and efficiency. along with the implementation of technologies of data mining and correlation.

The key difference between Security 2.0 and previous stages lies at that the later focuses on the security information production and corresponding accuracy from those single point security elements, while the former turns to effective and efficient usage of those information to direct the real operations. Security 2.0 just develops itself on the shoulder of Security 1.0, instead of replacing them.

BTW, I am sorry I don't have time to translate other parts of this post from Chinese to English. If you are interested, please check the full version in Chinese.

Will Net Neutrality come again?

See comment at Register, named "Net Neutrality bid gone for good" by Andrew.  A bunch of Internet giants expressed their discontent to Net Neutrality, for its mistiness and injustice. Andrew is hoping a "more coherent and professional fashion", and even "with better branding". The key point in my brain, for its possible recoming, is the benefit balance between transmission network (typically those tradional telcos) operators and CP/SPs. The latter would not like to let the former "tame" the Internet, but "foster".  

See the story by Andrew…. Read the rest of this entry »

Instant Rails 1.3

Rails is an outstanding rapid web-application development framework. It help by far simplify the time and prerequisite to web riders. Now you even have a quick gun to accelerate the installation and usage of Rails. That's Instant Rails. The below is the release information for its latest release 1.3. Read the rest of this entry »