Thursday, August 25, 2005

The need to Standardize Internet Services through CyberLaw

As we manage daily ISP services for our customers, we are sometime affraid of something. What? Our IP addresses can be used for criminal activities. And, it just happened.

As we focus on providing the internet bandwitdh for corporate, we do not deal with retail customer. However, at the end corporate customer is sometime a customer that give access to the public. Say for example Warnet (CyberCafe). The chain is: the Internet, we (as the ISP), Warnet, and the end user (the customer of the Warnet).

Now, suppose, the end user of a Warnet conduct a criminal act (such as carding), then a big problem may arise. The victim of the carding act would trace the transaction by the IP address used in the e-commerce transaction. It is very normal for every e-commerce provider to log every transaction. So, the victim would observe the transaction log, then find the IP address used in the transaction.

There is a database in the internet regarding who own the IP address. However, this database is not so granular, in which it is sometime (and most of the time) pointing to the ISP (not the customer's of the ISP that uses it). Having information the police or the victim then can request to the ISP regarding who is the customer of that ISP that use the IP address.

Now here is the problem. The ISP is absolutely able to inform the police or the victim regarding the detailed information of the IP address in question. There are 2 possible usage of the IP in question, namely:
1. The IP address in question is given to a corporate, or
2. The IP address in question is being used by the ISP itself for shared services (such as email service).

In the case of 1, the police or the victim can chase the corporate and ask for more information. In the case of 2, the ISP can provide the information to the police rot the victim, regarding more information on the IP in question (for example: is it used for an email server?, etc).

The police or the victim may simply think that data traffic is similar to data traffic. In which all the operators (the ISP, the Warnet, or the corporate) that are providing services to the end user must be having a complete CDR (Call Data Record). This is the problem. In the data world there exist some technology limitation that make the tracking down of the perpertrator no easy. Say NAT (Network Address Translation), or PAT (Port Address Translation). Using this technology, one IP address can be used for almost unlimited number of users. Imagine one public IP address is used by 200 employees in a corporate. Then, how to track down who is the perpetrator out of this 200 people? It's hard to tell.

The bottom line is to chase the perpetrator. How to do that? The simple way is that for every service whoever uses the Internet must at minimum provide a logging system. What are the internet services? Some of which are the following:
1. DNS Service
2. Email Services
3. Web Hosting Services
4. NAT/PAT Services

Now not all of the application to provide the abovementioned services have their own logging systems. So, there is a technology limitation for this. The second problem is that, if the provider must provide logging system this may lead to two problems: (i) investment issue (cost would be significant), (ii) degradation in the technical performance (the delay in accessing the service will be noticeable). The technology limitation can be solved as the technology keep growing to a better stage.

The third problem is the ISP feels that being an ISP the only business he deals with is to provide the access. It is the responsibility of the customers to use it at their own risks. It is like a paper producing company. The company produce the paper and sell it to the customer. It is the responsibility of the customer to use it for good things or for bad things (for example, to print phornographic items onto the paper).

So, it very obvious that tracking down the perpetrator on the Internet is no trivial task.

I think one of the solutions is to compose a good CyberLaw in which it mandates for all of ISP, Warnet, and Corporate to follow and implement a "tracking" system. So in case of criminal acts happen the police can retrive the data from that tracking system. And for sure, the perpertrator must have a severe punishment.

Tuesday, August 23, 2005

IPv6: Hello...

I managed to get /20 from APJII/APNIC in 2001. We still have a few portions of them as of now. I remembered back in the end of 2000, all people were talking about IPv6. Everybody was so affraid that the IPv4 was not able to cope with the higher demand of the internet booming. In every seminar, course, event, people were so excited predicting about when the booming of IPv6 will be. Some predicted it would happen in 2003. But the fact? It didn't. In a seminar held by APJII in 2002, some local experts here predicted that the booming of IPv6 in Indonesia would be around 2005. Still now we almost at the end of year 2005. Nothing has happened.

However, I heard that there are a few development locally. Some has tried to experiment with IPv6. And it was a success. But still, I don't see a movement toward using it comercially.

The big question is WHY? Why people do not embark on IPv6 in comercial point of view. I think the answers among others are the following:
(1) There is no compelling reason to use for most of ISPs. As long as ISPs can purchase IPv4, then they will use it and forget about IPv6. The question is how long will it take for IPv4 to run out? People predicts in 2003, then in 2004, then in 2005.
(2) Many work-arround technology has emerged such as PAT and NAT. For corporate requirements, having 3 to 5 Public IP addresses are more than enough. Those IPs can be used to address the Web Server, and Email Server. The rest can be used for Proxy or NAT gateways.
(3) Many network equipments are still using IPv4. If using IPv6 is mandatory then the upgrading cost for these old equipments would be significant. Not only that. Upgrading people skill would also incurs significant cost.

Having such limitation, then when the IPv6 can fly?

Sunday, August 21, 2005

Internet, Mailing, and Books in Syria

Internet

As far as I know, there are two options for dial-up in Syria: SCS (Syrian Computer Society) and dial-up from your local phone company. I recommend SCS because you can use a POP account and IP address, so you can use chat programs. ADSL is also available, but I heard it was quite expensive. There are plenty of net cafes around as well.

Mailing

There are various places you can get a PO box. I know that AMIDEAST offers mail services to foreign students. I have heard, however, that it takes a long time for mail to arrive. I had a box in the US Embassy thanks to my grant.

More info

If you are interested in buying books, Beirut is a good bet. There are various western-type bookstores and a huge Virgin Records store that houses a large book section. I love walking around Bliss street in Beirut checking out the bookstores. AUC in Cairo is good also. Syria offers good books for those interested in Arabic literature, but not much for speakers of other languages.

Thursday, August 18, 2005

Damascus University Arabic Site

Check it out! Damascus University's site is working. Well, only in English so far. Here is the link:

Arabic Language Center at Damascus University

Enjoy,
Jeremy

Wednesday, August 17, 2005

Benefits of Being Bilingual

BEING BILINGUAL PROTECTS AGAINST SOME AGE-RELATED COGNITIVE CHANGES, SAYS NEW RESEARCH

WASHINGTON — Most will agree that two heads are better than one in solving problems. The same logic may be true for language and retaining cognitive processes as we age. Being fluent in two languages seems to prevent some of the cognitive decline seen in same-age monolingual speaking persons, according to the findings of a study appearing in this month’s journal of Psychology and Aging.

Go to full article here

If you get a "oops how did I get here from the APA site" you should simply type the words "Being Bilingual" into the search box at the top left side of the screen. The first article to come up should be this one.

Jeremy



More info:

Article: “Bilingualism, Aging, and Cognitive Control: Evidence From the Simon Task,” Ellen Bialystok, Ph.D., and Mythili Viswanathan, M.A., York University; Fergus I. M. Craik, Ph.D., Rotman Research Institute; Raymond Klein, Ph.D., Dalhousie University; Psychology and Aging, Vol. 19, No. 2.

Full text of the article is available from the APA Public Affairs Office or at http://www.apa.org/journals/releases/pag192290.pdf. For more information about Psychology and Aging visit the homepage at http://www.apa.org/journals/pag/.

Monday, August 15, 2005

Interesting stuff coming soon

Hello All,

I am about to begin my PhD program. I have interesting articles and study helps coming soon. AlSabr jamiil.

Jeremy