When you start using ModSecurity 2.0 with the Core Rule Set, you may notice that you get (too) many events. There are two common areas in the Core Rule Set that cause a lot of events: search engine detections and missing HTTP headers.

File "modsecurity_crs_55_marketing.conf" includes rules to detect access by Google, Yahoo and MSN. These rules tend to generate a large number of events. This events are interesting from the marketing point of view, but are not very important from the security point of view. Also, admittedly, neither the audit log, nor the ModSecurity console, display those events in a manner suitable for presenting to marketing guys. So, if those events bother you, you may consider removing this file.

On the other hand, the 2nd source of events, missing HTTP headers, provides good indication of malicious requests. This is the reason that the Core Rule Set checks that a request has a "host", a "user-agent" and an "accept" headers and blocks the requests otherwise. In many systems there are valid requests that do not have those headers. These are usually generated by some automation tool used by the system. A good example are monitoring tools that periodically check that a site is alive and kicking. Such monitoring tools many times issues simple and non standard HTTP request. Therefore we would not want to remove the missing HTTP headers rules, but rather create specific exceptions for the valid request source. In many cases this would be an exception based on a source IP.

In the next blog entry I will cover techniques to create exceptions in ModSecurity.

Filed under: wireless media

FON, the experiment in shared wireless internet access that allows members to use each others' connections and nonmembers to pay for access, has announced a key software adaptation that responds to users' concerns about security.  The company just announced on its blog that its next release will include two different environments using the same router, one public and one private.  By using two separate SSIDs, or service set identifiers, FON appears to be making a technical response to widespread member concerns about sharing internet access with strangers.  I can imagine this will make the system much easier to promote to prospective new members.  Apparently non-anonymity of FON community members and assurances that hosts wouldn't be held liable for activities through their connection weren't assurance enough.  I'm not surprised.

Though funded by some heavy hitters like Google and eBay/Skype, FON seems to be acting like a good Web 2.0 company should - agile, responsive and with frequent updates to its service.  The hardware end of the social web acting just like the software sector Web 2.0 evangelists say should be the modus operandi.  Yet this development demonstrates that it's not all a happy picnic of sharing and love.  Some technical means of user control are still needed at the same time all this sharing is going on.  That's what this looks like to me.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: Yahoo

A multi-year agreement has been made between Yahoo and eBay to bundle many of the two company's services together.  Here's the Seattle PI in case you haven't seen the story yet.  Watch the discussion unfold over the day at Techmeme. 

Update: Mick Weinstein of Seeking Alpha precedes his summary of blogosphere reactions with this noe.  "Note that JP Morgan Securities had a report (.pdf) out just two days ago predicting such a eBay-Yahoo alliance as the most likely deal of its kind among the big internet players."

Thoughts:  I think this is liable to be seen as a less obtrusive partnership than some other search engine/other vendor deals.  As far as I know, nobody's computer or even browser comes with Yahoo or eBay baked-in top-level (Firefox Yahoo inclusion is substantially more low key than that of Google)  so I think this is going to be received as an extension of voluntary use. 

Second, I'm not sure how limited the possibilities are here.  Will people start using Flickr to upload their photos for eBay?  Will future auctions be promoted on Upcoming.org?  Maybe I'm being silly here, but the point is that Yahoo's recent torrent of feature-add-by-acquisition offers a lot of creative potential for a partnership with a huge player like eBay/PayPal/Skype.

Some people have said this is just a trial balloon, that these two companies are really competitors, etc.  But in the face of Google's success and Microsoft's largess I can't imagine that Yahoo and eBay wouldn't be able to work out some really powerful collaboration.  The fact that Yahoo gets more page views than any other site online, has acquired so much hippness and yet is the dark horse in this space is amazing.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: social networking

MySpace and youth social software expert danah boyd has released the full text of an email interview she and Henry Jenkins, Co-Director of Comparative Media Studies at MIT, recently did with the MIT News Office on MySpace and the proposed Deleting Online Predators Act (DOPA).  Lots of good detail and analysis here, a great example of the usefulness of email interviews.  Helpful in understanding the proposed legislation, MySpace and youth social software in general and the public work of two prominent voices on these issues.  Both boyd and Jenkins are funded by the MacArthur Foundation to do academic work on these topics currently.

Here's how boyd explains her work:

"For my doctoral dissertation, I am investigating why and how youth are engaging in digital publics like MySpace, how this affects identity development and how youth socialization has changed over the last century. This work is being funded by the MacArthur Foundation to help understand the nature of informal learning. Understanding why moral panics emerge when youth socialize is central to my research."

Jenkins says about his work:
"[My work] seeks to identify the core social skills and cultural competencies young people need in order to become full participants in the cultural, political, economic, and social life of the 21st century. In doing this research, we are reviewing the current state of educational research surrounding participatory culture and examining how teachers are currently deploying these technologies through schools. We want in the long term to develop new curricular materials which help parents and teachers build a more constructive relationship with new media."

Both provide some useful thinking and talking points in regards to the much maligned sector of youth-oriented social software. 

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: citizen media, podcasting, aggregators

The international blog aggregation community Global Voices Online has released its first edition of the Global Voices Podcast, a compilation of clips from podcasts around the world.  The first episode manages to fit in satire from South Africa about the visibility of queer people, coverage of bloggers' take on an upcoming election in Mexico (in Spanish) and clips from Jamaica, Israel/Palestine, Kazakhstan, Malaysia, the Philippines and Singapore.  Set to music from Creative Commons label Magnatune, the whole thing fits in 17 fast paced minutes!  It's hosted by the very charming Georgia Popplewell, from the Carribian Free Radio podcast (an Adam Curry favorite).

The show reminds me in of a more grass-roots, web 2.0 version of the Global Shortwave Report, a fantastic, long running weekly 30 minute compilation of international shortwave news in English. 

Global Voices recently received funding from Reuters.  Its primary function is to aggregate content from bloggers all around the world.  The project has long published interesting interviews with people from around the world, but this newest foray into the news and culture serialized audio space wil be interesting to watch.  Many Global Voices participants are aspiring mass audience journalists as well, so whether new mainstream media stars emerge from this space or whether it thrives as a niche media project will help make the history of Web 2.0's impact on media.

Found via David Weinberger.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: IM, nptech, RSS

California Attorney General candidate Rocky Delgadillo doesn't just have a long list of endorsements on his side - he's got new web tools going for him as well.  Delgadillo's campaign just launched a new service offering for supporters wanting to keep up with the campaign - RSS to IM notification from immedi.at. 

The letters RSS don't appear anywhere on the site, in fact there's not a link to subscribe to news from the campaign in a feed reader - but there is a link that allows you to plug in your IM username and get instant notification of new developments that can be passed on to others.  Timely updates have an excitement that may be more likely to spread by word of mouth.

Delgadillo's "vision" page begins with the sentence: "As I look around our state today, it's not just crime and violence that threaten our families.  It's also the greed and arrogance of corporate power run amok."  Sounds interesting enough to me.  I wonder how extensively the campaign is using RSS to IM internally.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: blogging

Steve Rubel just wrote that his employer Edelman has acquired the Silicon Valley PR company A&R Partners.  Rubel says that many of the company's clients are already blogging.  Edelman leadership appears focused on bringing corporate communications into the new world of social media in some very cool ways, albeit learning from mistakes like the Walmart bloggers situation.  Here's a client list for A&R, you might notice that Mozilla is on there.  Interesting.  There are a number of people using these new social media to remake PR and save it from it's unsavory past.  Those efforts are said to be based in honesty - and that's a radical concept.

Valleywag has a more Valley-centric take on this.
Nicholas Carr has a hilarious response to Rubel style cheerleading of honest conversation as being of central importance.  Fair enough, and don't miss the comments.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: RSS

Working on a presentation for a conference where I'm going to talk about RSS and am wondering - what are the coolest examples of nonhuman generation of RSS feeds?  I know that technically every search feed, stock report feeds and things like that are generated without the immediate involvement of humans.  But some time ago Lisa Williams told me about a buoy at sea that publishes a feed of hourly updates to all kinds of weather conditions.   That's from the Gulf of Maine Ocean Observing System (GoMOOS).   She told me she would like to be able to subscribe to a feed that would tell her when her home's heating oil was running low. 

There's got to be more examples out there - anyone care to point to ones you know of?  I know there are systems to track package delivery (like FedEx).  There have to be some RFID systems that utilize RSS.  I know there are quite a number of  innovative examples of RSS feeds generated in libraries.  Limited  traffic reports for particular cities from Yahoo and Traffic.com.  Incidentlog.com is a cool use of police reports, mashing up feeds and Google Maps.

Really far out examples of RSS feeds being generated for a useful purpose without substantial human input is what I'm looking for.  I really believe there will be a lot of this in the future, but the sooner we can find examples the sooner we can prepare ourselves and others for the idea.  Please do post examples in comments if you can think of or find any that I haven't.

To be honest I'd be curious to see peoples' favorite applications of RSS in any context.  Anything already listed by Tim Yang or Basement.org excluded.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: wireless media

EarthLink announced today that they have been approved to provide wifi service to New Orleans.  According to the company's blog:
"The network will have two tiers -- a free (and ad-free) service at up to 300kbps during the city's rebuilding efforts, and a paid service at 1mbps up/down. EarthLink will also allow other providers to offer their services over the network, allowing for open access and competition."

There was some seriously strange legal wranglings about whether the city would be allowed to contract with anyone to provide this service and apparently it was the local state of emergency that allowed it.  Given that, and the incredible reliance on the wireless network there during the rebuilding - why doesn't the federal government just subsidize the top-tier service for everyone?  That's a silly question, such a policy would obviously interfere with the market's ability to monetize human suffering.  I can't imagine that Earthlink would mind.  At least permission has now been granted for the market  to partner with local government so that some service at all is available.

I'll be watching Esme Vos's Muniwireless.com for analysis of this deal.  See also New Orleans Voices for Peace, a liberal grass roots group "providing Internet access, website hostng, media development and training for partnering organizations and communities effected by the Hurricanes Rita and Katrina."

Update:  There's an email excerpt just added to the Earthlink blog from the New Orleans CIO about he's having people hug him on the street about the fact that free wifi is on its way.  It's an interesting account, nearly a tear jerker.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.

Filed under: nptech, social networking

Being bought by the owner of the Fox empire hasn't scared MySpace away from partnering with Al Gore's high profile film about global warming, "An Inconvenient Truth."  Announced last week but receiving little play in the blogosphere to date, the partnership appears to be more low-key online than the previous X-Men promotion but set to leverage the online community for real-world public events.  The movie's main site doesn't appear to make any reference to the partnership, as it is described on MediaPost, but MySpace friend to all Tom does have a Truth badge and link to the film's MySpace profile.

According to MediaPost,  "the campaign will culminate in a 10-city MySpace theater buyout on June 16, with free tickets going to select members of the film's MySpace community.  MediaPost also reports that MySpace is contributing a significant amount of ad space to raise climate change awareness.  The MySpace music channel is reported to be planning  an artist-on-artist interview between the former vice president and a to-be-announced rock star who is also happens to be part of the MySpace community. The MySpace movies channel will spotlight an interview with the film's director, Davis Guggenheim.

The partnership between the film and the high profile online social network appears to be remarkably low-profile.  No press releases appear on PR Web, few bloggers outside of MySpace have written about it and a Google News search brings back surprisingly few results.  The MySpace community itself appears to be responding well, however, as almost 45,000 users have added the films as a friend to their profile in just less than a week.

Permalink | Email this | Linking Blogs | Comments

---

Sponsored by: Userplane Apps: Live communication applications powering the world's leading online communities.