Our July meeting was another impromptu jam session. Leading the group was our big fearless leader, Dave Eden; Ralph Reid provided the equipment; yours truly sat at the keyboard; and the rest of the group alternated between being a great audience and a peanuts gallery. We had, as usual, a great time. Our topics ranged from computer privacy and security to the names that people give to their newborns.
More Privacy Issues
Dave started the evening's discussion by reading a few clippings from recent publications dealing with computer privacy. It turns out that some popular file compression and decompression utilities for Windows allegedly do a little more than merely speed up downloads from the Internet; they keep tabs on every file that you download from the net, and they report that information back to the company that provided the file compression utility!
These allegations come from Steve Gibson of Gibson Research. (Steve is the well-known creator of the SpinRite disk utility; lately he has been developing personal Internet security software). See Steve's side of the "NetZip privacy issue."
What's In a (Domain) Name?
Next we moved on to a privacy problem reported in the Security Watch column in the June 19 issue of InfoWorld. I verified this one myself during the meeting; it's for real. It has to do with the (usually invisible) service that translates Internet names (such as sacpcug.org) into the 12-digit sequence of numbers that the computers on the Internet use (the "IP address").
Think of the service like an old-fashioned telephone operator (the kind you see in the old Andy Griffith TV reruns); you pick up the phone and ask her to connect you to Barney at the Sheriff's office, and she does all the work, translating "Barney@Sheriff'sOffice" into a seven-digit phone number, and making the connection for you.
With the Internet, this is (roughly) what happens when you connect to your ISP, fire up your browser, and type in "http://www.apollosaturn.com". Your ISP's server looks up www.apollosaturn.com in a database maintained by a company called Network Solutions. The database returns the 12-digit IP address for www.apollosaturn.com. Then your ISP uses it to connect you to that Web site. You never have to directly deal with the long number.
That database is the so-called "Domain Name Service," or "DNS." It contains other material, too; every Internet address is required to provide the name, address, and phone number of a real human being in charge of the Internet address, so that you have someone to contact in case of technical problems using their Internet address. To find that person's contact information, you use a feature called "WHOIS Lookups" on the Network Solutions Web site.
The problem reported in the Security Watch column is that there is an undocumented trick that you can do with the WHOIS Lookups search engine. This trick provides you with the first 50 Internet domain names hosted by your ISP (or by any ISP)! So, if you are a hacker looking for Web sites to attack, you can use that trick to automatically get lists of Web sites. Same with spammers. And, given those lists of Web sites, you can automatically get the phone numbers and addresses of real people at those Web sites.
It's as if that old-time telephone operator was taking requests from advertising agencies and providing them with lists of phone subscribers' names and addresses, so that the agencies could send them junk mail. Of course, the operator wouldn't check too closely to make sure that information wasn't actually going to, say, burglars and scam artists requesting the names and addresses of all the people living in the richest neighborhoods in town. (Sigh...) A little more privacy just disappeared from our lives, and another plausible excuse for the government to start regulating the Internet just appeared in our lives.
(By the way, Apollo-Saturn is a very nice Web site about the rockets that took man to the moon more than thirty years ago. Check it out!)
What's in a (Baby's) Name?
While checking out these security and privacy issues during the meeting, I came across a silly Web site that purports to analyze a name and tell you all about the hidden strengths and wonderful attributes that name confers upon its bearer. It was all utter rubbish, of course, like astrology and numerology, and I won't waste time repeating the Web site's URL. But it prompted one of the audience to point out that the Social Security Administration publishes lists of the most popular names of the year (as garnered from applications for new Social Security accounts).
So we immediately jumped over to SSA and searched for "popular names." Sure enough, up popped lists that showed up to the first 1000 most popular names for both genders, for recent years and for recent decades!
It was fascinating to browse through them and see the choices that people made for their children's names. It did not, however, reveal the least popular names. Surely that information is available in the raw data, but perhaps it's best that it wasn't extracted and published.
The Big Prize
Urs Tru Lee won the big prize this month; perhaps Urs Urself will win next month? Come on down and see!
Coming Up
Our next jam session will be in the usual place (the Davis Public Library's main meeting room) at the usual time (7:00 p.m.) on the usual date (the fourth Wednesday of the month). We hope to have you there to join in!
—
Tim Feldman
