The W3C came up with a technology at the height of this issue called PICS, short for the Platform for Internet Content Selection. In some ways, that technology saved the Internet. If you read Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web
by Tim Berners-Lee, you will read how there was legislation in progress to restrict the Web. PICS revolved around content providers being able to rate their own content, rating criteria from third parties, and rating decisions by end users. It was a system based on trust that didn’t impose anything on anybody.

As the technologies used to communicate metadata evolved, so did rating bureaus communicating their labels. Originally the Recreational Software Advisory Council for Internet used a system based on PICS. As RSACi morphed into the Internet Content Rating Association, the labeling became more detailed and granular. As ICRA has now morphed into the Family Online Safety Institute, they have moved their labeling to leverage RDF. I learned this when a 404 report for my site was for labels.rdf. I have now created that latest version of the labels for my site and link to it from my WordPress site.

My site is rated as having no nudity, mild language, and user generated content amongs other things. Check for yourself with the label checking tool.

Beta software is software generally regarded by its author as not well tested or not reliable. Sometimes beta can also be used as a marketing gimmick. Companies like Google have done this with Gmail and Google Wave where only a small amount of people were initially using those products and others could only be invited through invitations. This brings an exclusiveness to those products just like a club that only allows entry to those with invitations.

Anyhow, I run beta software mostly. The main reason is that the occasional problem I encounter with the software is educational to solve as well as fun. That doesn’t mean things always go well though. When the Office System 2007 was still beta, I used it for homework. There was a case where Word corrupted my document so that the file I sent to the professor could not be openned, and the version saved could not be openned. The professor was understanding though, and Microsoft was able to give me a way to recover the document, which was surprising. That is probably the most data loss I have had in using beta software.

Back when I was more involved with Mozilla Firefox, I would run the nightly builds. They were generally pretty stable for me. Mozilla inherited one of the best software engineering infrastructures I’ve seen from Netscape. They have a system integrating source control, issue tracking, and continuous integration. They have systems set up for each of their target platforms constantly building Firefox with the latest changes. If it does not build or the basic tests fail, the build is broken, and the build sherrif is notified. The build sherrif either gets the pertinent person to correct the problem or reverses the change to quickly get the system back into a relatively stable state. I’ve held an admiration for this setup.

Technologies like OpenID are going some way toward being able to log in to multiple sites without constantly needing to make new accounts. This is good for several reasons. It is most definitely more convenient. It is also more secure because you can use an OpenID provider that support multiple factors of authentication instead of relying on every website to do so. You are also more likely to protect those authentication credentials and change them on occasion where applicable.

Another piece of the puzzle that I do not yet see being solved satisfactorily is profile duplication and synchronization. I have a Fakebook profile. I have a MySpace profile. Shouldn’t they contain the same information? I have way more than these too. Just look at my DandyId list, and that’s not even all. I want to see a solution to that problem.

The way PageHeap works is that when a program asks for memory, Windows will give it a whole page of memory marking the rest of the page as restricted. This makes it far more likely for buffer overflows and other issues corrupting the heap to get caught when they happen instead of causing trouble down the line.

Certificate Errors due to Facebook Connect

 The first symptom of an issue was the certificate errors message in Internet Explorer. So I investigated and looked at the source of the page and found this line:

<script type="text/javascript" src="https://www.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php"></script>

Since that comes from a non-Geni site, I figured that was the cause. Sure enough, when I visited that address in my browser, I was presented with the more blatant error page:

Security Certificate Problem page in Internet Explorer

 Continuing onward, I was able to see why Internet Explorer was complaining:

Mismatched Address Warning in Internet Explorer

 Sure, enough, when you look at the certificate, you see that it is for www.facebook.com and not www.connect.facebook.com. I proceeded to notify Geni with a workaround and notify Facebook of the problem.

www.facebook.com Certificate

Hopefully, Facebook will fix the issue and Geni will be able to workaround it in the meantime.

Microsoft Security Essentials is still a quality product in my view. It has never caused me trouble. It has never given me a false positive. It has caught malware trying to infect my computer through advertisements on certain websites.

Trusteer Rapport is a suspicious product. In my experience, it causes crashes in the browser on occasion. It installs a file system filter driver that silently blocks some writes causing installation of some software to fail. Blocking the writes can be a good thing, but to do so silently is not appropriate behavior. The software claims to prevent screenshots of a protected browser session from being taken. However, the Problem Steps Recorder in Windows 7 was able to take screenshots of the browser. The general approach that Trusteer makes is flawed. The assume a machine is already infected. However, it the machine is infected, the malware is already in control including having the capability to make Rapport look like it is working when it does not. I do think Rapport has promise if the software is fixed to not prevent installation of legitimate software as a defense in depth measure. However, I currently don’t think the occasional stability issues I experience with it or the installation reliability issues I experience are worth the defenses it puts in place.

A new tool I am using is the LastPass password manager. LastPass allows me to generate random passwords for all the sites that I use. It encrypts these passwords locally using my master password. This gives me the security of multiple passwords with the convenience of one password. I have also purchased a YubiKey that will add a second factor to my master password. LastPass has really thought things out with encryption being done locally and passwords being cached locally. This means that the LastPass server does not know my passwords. It also means that if LastPass goes out of business, I can still access the cached passwords stored locally and export them. They also have some additional functionality in the works to bring the LastPass experience out of the browser and into the entire software environment. I’ll presumably be able to log in to Windows and transparently be authenticated to my LastPass password cache and have access to my passwords in any application. It will make for a nice single sign on experience that is both secure and convenient.

A digital signature ensures that what the recipient receives is what I sent. It also means that I cannot claim that I did not send the message ensuring non-repudiation.

Encryption ensures that only I and the recipient can see the message.

Without e-mail certificate and the encryption and digital signature capabilities they bring, e-mail is about as good as a postcard. Postcards are easy to forge and certainly are not very private. An e-mail certificate is similar to the seal used by a medieval king. He holds the only seal so a letter sealed with it can be reasonable assured to have actually come from the king.

Right now, I am looking mostly at Comodo and Verisign.

The issue with my broken link handler and WordPress is that when using pretty URLs with WordPress, a URL like http://gurganus.name/brant/foo is rewritten by Apache to be http://gurganus.name/brant/index.php/foo. Apache finds index.php, and it deals with loading the appropriate content. That’s the issue though: Apache found index.php. Consequently, my broken link handler was never invoked when it was under controlled by WordPress. I installed the 404 Notifer plugin though, and it seems to satisfy my desire to know about broken links so that whenever possible I can address them.