Boing Boing Founder Warns of "Internet AIDS"

An anonymous reader writes "Cory Doctorow, founder of Boing Boing, says he doesn't have a problem in principle with the automated network defense systems that guard the Internet against malware, spamigation bots, and other network nasties. However, in his article 'The Future of Internet Immune Systems,' he bemoans the problems caused by 'Internet autoimmune disorder' — where the network defenses designed to block network attacks are automated and instantaneous, but the systems in place to reverse erroneous lockdowns are manual and unresponsive."

Not AIDS

[supahdren]

Maybe I'm just not seeing it, but this article doesn't mention any comparison to "AIDS." This is good, because AIDS isn't an autoimmune disease. The article's comparison of evolving security responses to an autoimmune reaction is apt, but a comparison to AIDS/HIV wouldn't be.

Not AIDS

[mr100percent]

It wouldn't be internet AIDS. Wouldn't that be Internet Lupus?

That's not AIDS

[Punto]

It's Lupus.

Doctorow not a founder of BoingBoing

I don't know how many times I've heard Doctorow say in interviews that he is not a founder of BoingBoing. Fraunfelder is the only founder still involved with BoingBoing (I think he is also the only current contributor who was around when BoingBoing was in print before it went electronic).

Re:Auto-immune != immuno-deficient

[ColdWetDog]

It's kind of a dumb rant - automatic systems are cheap and fast, manual (meat space) systems are slow and expensive. If he is trying to make some analogy between the Internet and the Immune System, well, you can do it but it's pretty crude. The immune system in a human, for example, is a complex and delicate balance between acceptance and destruction.

There are many, many examples of problems when that balance is disrupted. AIDS on one hand when you don't have enough of an immune response, Lupus when your immune system is too jazzed up. Furthermore, the immune system is incredibly complex and has layers and layers of feedback systems, redundancies, control loops and things we really don't understand well. I suppose AIDS would be a Windows box hooked up to a cable modem. Not long for this world.... Lupus might be what Doctorow is complaining about - too much "immune" activity.

Unlike the Internet, the immune system has had millions of years to evolve to it's present state - and it is still hardly a perfect system. Perhaps some up and coming "Internet Immunologist" might start out with this course to take advantage of those millenniums of experiments

Or perhaps we should just chuck the immune system thing and try to come up with a car analogy.

Re:This already exists

[Bryansix]

Our email suffered because other people implemented SBL. Also, nobody is comparing it to AIDS. The summary mistakenly made that analogy but the article used a different analogy.

Credit card lockdown

[pclminion]

My wife and I drove over three hours to a different state to buy furniture. On the way, we stopped at a gas station and bought gas. Apparently, our credit union doesn't believe in such things as traveling from state to state, and flagged this is a suspicious transaction. Nevermind that we go to this neighboring state regularly and their "system" has never seen this as unusual. Of course, the card was silently suspended. This has happened a few times in the past, but we'd always received a phone call within minutes of it happening. No such call, so we remained oblivious and continued on.

Proceeded to drive to our destination, spent a few MORE hours picking out furniture, went to pay, and... Whoops. Luckily I managed to dig out a credit card from the depths of my wallet that I'd forgotten about, and which still worked, luckily. But it easily could have been a completely wasted day.

Of course, calling the credit union about it didn't help. They aren't open on the weekends. They can shut your account down kid, but they won't turn it back on again.

Imagine that. People occasionally drive into a neighboring state and... buy gas on the way! If that's not suspicious, what the hell is, right?

Re:automation is only one-way

That's not what this is about. Automated processes exist to put IP ranges on blacklists. For example, if an IP address sends SPAM, it is quickly blacklisted by a range of DNSBL operators. This happens automatically. But there is no automated process to get IP ranges unblocked again. That's not a matter of bypassing the blocking algorithm. If an IP range owner corrects the problem or if an IP range changes owners, the blacklist operators don't automatically remove the block. If you want your IP off anti-spam DNSBL, you have to plead to the operators of dozens of blacklists, and they often process these pleads manually. There are also lots of local blacklists which you can't plead to be removed from, and you have no idea if you are on these lists and whether there is an automated process which removes your IP if there is no more hostile behaviour.

Cory's A Cool Guy And All But...

[FrankDrebin]

...he is not *the founder* of Boing Boing. That title goes to Mark Frauenfelder. Cory is a co-editor.

Re:Blacklists

[s7uar7]

Fine, block it for the duration of the attack, but don't keep it permanently on the list. Most spam and DoS attacks originate from hijacked PCs on dynamic IP addresses, so you're not only blocking the PC that's been hijacked, but also the guy who happens to get that IP address next, and the one after, and the one after that, etc, etc.

Blacklist timeouts

[CustomDesigned]

I keep IP blacklists and domain blacklists. IPs are blacklisted for 7 days. I experimented with various settings, measuring the diminishing returns (in saved bandwidth) from keeping them blacklisted longer and longer. 7 days is pretty optimal with about 500000 IPs blacklisted at any one time. This keeps spam bandwidth down to a continuous 100Kbps (400000 messages / day - for a one user domain!). Domains are auto-blacklisted based on reputation: total spams/total hams over the last 1024 messages. Reputation decays with time, so that a domain that finally purges their 'bot can send mail again in a week or so. Manually blacklisted domains are permanent, but are manually reviewed every year. There are some domain names that only people I don't want to hear from would buy.

The software is pymilter.

Not founder, not AIDS, otherwise, w00t!

[mouthbeef]

Hey there -- I wrote the FA, and for the record:

* I didn't found Boing Boing -- I co-edit it with Mark Frauenfelder (who *did* found it, along with Carla Sinclair), Xeni Jardin and David Pescovitz

* I didn't use the word AIDS in the article, and I don't think that this is comparable to AIDS; I used "autoimmune disorder," as in "allergy" or even "lupus" -- that is, any time when the systems that are supposed to protect you end up attacking you

Otherwise, many w00ts for this making it to the /. front door!

Re:Internet AIDS

[ultranova]

All that sex it has sure would give it AIDS

Maybe, but what the summary describes is an autoimmune syndrome and has nothing to do with AIDS. This, of course, raises the question of why AIDS was even mentioned in the subject.

Could someone go and see the article ? I'd rather not do so myself, because of the Firefox CPU/memory consumption bug would make restarting the browser a neccessity afterwards, and I have a lot of tabs already open.