Boing Boing Founder Warns of "Internet AIDS"

An anonymous reader writes "Cory Doctorow, founder of Boing Boing, says he doesn't have a problem in principle with the automated network defense systems that guard the Internet against malware, spamigation bots, and other network nasties. However, in his article 'The Future of Internet Immune Systems,' he bemoans the problems caused by 'Internet autoimmune disorder' — where the network defenses designed to block network attacks are automated and instantaneous, but the systems in place to reverse erroneous lockdowns are manual and unresponsive."

Internet AIDS

All that sex it has sure would give it AIDS

Re:Internet AIDS

[ackthpt]

All that sex it has sure would give it AIDS

It's your pr0n collection what done it! Shoulda got one of them keyboard covers.

Re:Internet AIDS

[ultranova]

All that sex it has sure would give it AIDS

Maybe, but what the summary describes is an autoimmune syndrome and has nothing to do with AIDS. This, of course, raises the question of why AIDS was even mentioned in the subject.

Could someone go and see the article ? I'd rather not do so myself, because of the Firefox CPU/memory consumption bug would make restarting the browser a neccessity afterwards, and I have a lot of tabs already open.

automation is only one-way

[andreyvul]

We still need humans on the other end to fix automation's bugs; algorithms cannot bypass themselves.

Re:automation is only one-way

[stonecypher]

algorithms cannot bypass themselves

Skynet would tend to disagree.

Re:automation is only one-way

[ultranova]

algorithms cannot bypass themselves

/blockquote>

Skynet would tend to disagree.

What do you mean ? Skynet functioned exactly within its design parameters: it detected America's enemies and executed them with the most efficient method at its disposal. It goes like this:

US is waging a War on Terror -> you're either with us or you're with the terrorists -> giving money or training to terrorists makes you an enemy of the US -> US gave money and training to many terrorist organizations during the Cold War -> US is an ally of the terrorists -> US is an enemy of US -> kaboom.

In other words, it's not a bug, it's a feature ;).

This already exists

[Bryansix]

When my company moved we had to get new IP addresses. This meant changing MX records and all of that fun. Anyways, the problem came with sending email out. It turns out that like a billion spam catched had caught email from the IP range and so it was not blocked. These various Spam Blocking Lists (or SBLs) are almost all automated. A few of them let you push a button and get removed. However some of them require manually emailing an explanation and still others try to extort money from you to speed up the unblocking process. We didn't even send any spam. The previous owners of the IP did.

Re:This already exists

[Bryansix]

Our email suffered because other people implemented SBL. Also, nobody is comparing it to AIDS. The summary mistakenly made that analogy but the article used a different analogy.

Re:This already exists

[pclminion]

These various Spam Blocking Lists (or SBLs) are almost all automated. A few of them let you push a button and get removed. However some of them require manually emailing an explanation and still others try to extort money from you to speed up the unblocking process. We didn't even send any spam. The previous owners of the IP did.

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

There is no such thing as an "evil IP address" any more than there is an "evil house." These systems are technically, logically, as well as ethically flawed. Anybody who buys into blacklist-based technology is a reactionary and a bigot.

Re:This already exists

[RazzleDazzle]

Well then you obviously are not on the receiving end of millions of spam emails every day that *COULD* have been rejected outright if only you'd been using an SBL. Or you have so much free time to delete all of the junk emails, in which case where do you work? I would like a job? The whole basis of your argument gives no explanation as to how block lists are flawed morally. Technically flawed, yes. Morally flawed, I'd say no. Why should I waste all of my time looking and and handling spam emails I never wanted, requested, or occasionally specifically asked to not to receive? Just so I can be morally superior to spammers?

Let's pretend I agree that SBL's are immoral, I'd gladly take the hit to my moral standing if it means the (even less moral) spammers can't get as much of their crap to my inbox.

No one sane has ever said that block lists are the ultimate solution for the fight against spam, it is a very useful and very effective supplement to other measures. If something better comes along, I'd gladly use it.

If you don't like block lists, don't use them.

Re:This already exists

[brass1]

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. It's a strong argument for changing providers more than anything else. The abuse department that found and killed the previous customer should have done a sweep of those IPs with all the usual places then get them removed. For professional abuse departments this is a matter of doing business, and is unfortunately part of what makes the Internet go 'round whether anyone likes it or not.

A black list is a list of domain or IPs the provider of the black list wishes to list. The provider of the list gets to decide who is listed, why they're listed and under what circumstances under which people get removed. They don't even have to give you any way to know you're on their list. Blacklists do not block mail. They're simply a list. It's a list of people that one party doesn't think other parties should accept mail from. It really nothing more than an opinion. There are of course bad lists and good lists. The fact is, the open market is pretty good at selecting the good ones and weeding out the bad ones.

The consumers of these lists, on the other hand, do have choices. One of them is to choose to not accept your mail for whatever reason they deem fit. Those people, whom you call, "vigilantes," the rest of us call Mail Server Administrators. We use tools such as RBLs, content filters and other other technologies to stop the deluge of bullshit into your mailbox. I will say that blocking any given piece of mail just because it shows up in one black list is probably asking to block mail someone wants. The system administrators run the system, they decide what mail comes in and what goes out. They have to work the tickets if it's broken for everyone or just the handful that got a spammy piece of mail blocked this week.

Anybody who buys into blacklist-based technology is a reactionary and a bigot. No, I'm a realist who knows from years of experience that they work with a minimum of side effects and do so far more efficiently than a lot of other less effective technologies.

Trigger trippers

[ackthpt]

the systems in place to reverse erroneous lockdowns are manual and unresponsive.

Yep, almost as bad as trying to get set up with service in the first place.

I guess the way to foil these critters is to try to trip as many as possible. Then again, the intarweb mischief-makers will probably do just that.

Please stay on the line, your call is important to us.

Automatic Forgiveness in Autonomic Systems...

[nweaver]

For a lot of autonomic systems, you need the blocking, but a little automatic forgiveness goes a long way.

EG, in a scan detector, forgive 1 scan per minute/hour and eventually release the block. This saves a call to tech support, and papers over a lot of sins when building an automatic system.

Auto-immune != immuno-deficient

[ChameleonDave]

The summary title is stupid.

AIDS is not auto-immune; it is immuno-deficient. The FA doesn't mention AIDS. Try this.

Re:Auto-immune != immuno-deficient

[ColdWetDog]

It's kind of a dumb rant - automatic systems are cheap and fast, manual (meat space) systems are slow and expensive. If he is trying to make some analogy between the Internet and the Immune System, well, you can do it but it's pretty crude. The immune system in a human, for example, is a complex and delicate balance between acceptance and destruction.

There are many, many examples of problems when that balance is disrupted. AIDS on one hand when you don't have enough of an immune response, Lupus when your immune system is too jazzed up. Furthermore, the immune system is incredibly complex and has layers and layers of feedback systems, redundancies, control loops and things we really don't understand well. I suppose AIDS would be a Windows box hooked up to a cable modem. Not long for this world.... Lupus might be what Doctorow is complaining about - too much "immune" activity.

Unlike the Internet, the immune system has had millions of years to evolve to it's present state - and it is still hardly a perfect system. Perhaps some up and coming "Internet Immunologist" might start out with this course to take advantage of those millenniums of experiments

Or perhaps we should just chuck the immune system thing and try to come up with a car analogy.

Bunch of cash

[moogied]

I will wager a bunch of cash that he is selling a product that will fix whatever he says is broke.

Not AIDS

[supahdren]

Maybe I'm just not seeing it, but this article doesn't mention any comparison to "AIDS." This is good, because AIDS isn't an autoimmune disease. The article's comparison of evolving security responses to an autoimmune reaction is apt, but a comparison to AIDS/HIV wouldn't be.

Re:Not AIDS

[Hatta]

It's not lupus, it's never lupus.

Not AIDS

[mr100percent]

It wouldn't be internet AIDS. Wouldn't that be Internet Lupus?

hmm

[theMerovingian]

the systems in place to reverse erroneous lockdowns are manual and unresponsive

Anyone who is married knows how much of a dilemma this presents...

Guess we'll have to...

[oahazmatt]

Guess we'll have to line the tubes with latex.

That's not AIDS

[Punto]

It's Lupus.

I've had this experience

[kwerle]

I had a bad encounter with an RBL a few years back (late 90's, I think). I had installed some web proxy on my machine and opened it up so I could use it from outside my firewall. I never considered that it cold proxy to my machine itself. These were the bad middle days when packages could get away with shipping in not-quite-idiot-proof configuration. I later argued with the package maintainer that the proxy should disable local referrals by default. They didn't agree, and it wasn't my package.

Anyway. It turns out that spammers could blindly use my webproxy to push email to my local port 25 and send mail using it. Damn clever spammers. I figured it out after my email system croaked and I looked at the logs and mailq. (crap, 1000 spam messages in the outbox, originated on my system).

So I'd been a tool, and used, and it was my damn fault. I fixed it (uninstalled the proxy) and started to repair the damage.

One of the items of fallout was that the RBL lists had nailed my IP address as a spammer. Fair enough. But getting them to turn it off was a royal pain in the ass and took days - even though their notes described exactly how the spam was delivered through my system and it was easily verifiable that it was no longer an issue.

It left me pretty peeved, and I've never used an RBL since.

The pool is closed!

Due to AIDS!

Doctorow not a founder of BoingBoing

I don't know how many times I've heard Doctorow say in interviews that he is not a founder of BoingBoing. Fraunfelder is the only founder still involved with BoingBoing (I think he is also the only current contributor who was around when BoingBoing was in print before it went electronic).

Credit card lockdown

[pclminion]

My wife and I drove over three hours to a different state to buy furniture. On the way, we stopped at a gas station and bought gas. Apparently, our credit union doesn't believe in such things as traveling from state to state, and flagged this is a suspicious transaction. Nevermind that we go to this neighboring state regularly and their "system" has never seen this as unusual. Of course, the card was silently suspended. This has happened a few times in the past, but we'd always received a phone call within minutes of it happening. No such call, so we remained oblivious and continued on.

Proceeded to drive to our destination, spent a few MORE hours picking out furniture, went to pay, and... Whoops. Luckily I managed to dig out a credit card from the depths of my wallet that I'd forgotten about, and which still worked, luckily. But it easily could have been a completely wasted day.

Of course, calling the credit union about it didn't help. They aren't open on the weekends. They can shut your account down kid, but they won't turn it back on again.

Imagine that. People occasionally drive into a neighboring state and... buy gas on the way! If that's not suspicious, what the hell is, right?

Re:Credit card lockdown

[SuperBanana]

Of course, calling the credit union about it didn't help. They aren't open on the weekends. They can shut your account down kid, but they won't turn it back on again.

You don't call your credit union. You call the credit card company.

I belong to a credit union too, and I have a CC issued by my credit union. I bought an expensive piece of electronics, first major purchase on the card. On a Sunday afternoon, no less. That went through...but 30 minutes later, another transaction was declined. The credit card company acted on the unusual behavior and stopped the card and called me. I missed the call, but saw it when I went to call the 800 number on the back of my card with my cell phone.

Your credit union doesn't do jack shit except issue the card, accept payments if you wish, and show you balance/activity. Everything is outsourced to the holding bank or the credit card company itself. The holding bank's hotline is open 24x7x365...you just have to know the right place to call. After I confirmed I had made the purchase, the rep said "you're all set", and I said "how long until it's active?" "Immediately." I motioned to the cashier, and sure enough, it went through.

If it truly is the case that your card doesn't have a 24x7 800 number, complain to your credit union and see if they do anything. If not- get a CC that does have a 24x7 number. Vote with your wallet, chief.

More like metapHorrible

[The+Amazing+Fish+Boy]

AIDS already exists, too. A frightening real disease which ought not be compared to issues of whatever internet posse comitatus happens to rain the occasional parade for those networks who voluntarily implement SBL, et al.

Oh, don't be such a comparison Nazi!

Cory's A Cool Guy And All But...

[FrankDrebin]

...he is not *the founder* of Boing Boing. That title goes to Mark Frauenfelder. Cory is a co-editor.

The Internet is closed...

[jblake]

...due to AIDS.

The internet is no longer a series of tubes.

[Trespass]

It's now a pool- and it's closed.

Re:Blacklists

[s7uar7]

Fine, block it for the duration of the attack, but don't keep it permanently on the list. Most spam and DoS attacks originate from hijacked PCs on dynamic IP addresses, so you're not only blocking the PC that's been hijacked, but also the guy who happens to get that IP address next, and the one after, and the one after that, etc, etc.

Re:Blacklists

[pclminion]

If you're getting hammered with DoS attacks, spam, interweb herpaids or whatever TFA is about, you block the source. Blocking an IP address has nothing to do with some irrational fear of 32-bit numbers - it blocks the person using that number from destroying your network.

Key point being the word "your" in "your network." Do whatever the hell you want on your own network. That's not what I'm talking about. I'm talking about ISPs who take it upon themselves to filter the email to their own users based on criteria the users have no say over and probably zero knowledge of. Yes, it's a free market, blah blah blah. Let's see how you like changing providers every couple of months because they start using RBL. I take it you've never been on the losing end of an RBL -- I have. I couldn't email several important people because their ISPs started using various RBLs. So I'm in the same net block with a thousand other people, one of whom is maybe a spammer, therefore *I* have to change providers? Fuck you very much.

AIDS?

[Pendersempai]

Only if we get to call a tiered internet "Internet racism."

Spam is email that forces itself upon me -- that can be "Internet rape."

What Comcast is doing to bittorrent traffic: "Internet genocide."

And the projected brownouts as described by that other article on the front page right now: "Internet Alzheimer's."

These attention-grabbing headlines are so accurate and informative!

Re:AC Post is from Family Guy!

[ThePengwin]

"yeah about quarter past 5"

Glad someone spotted this

[mutube]

AIDS = ACQUIRED Immune Deficiency Syndrome. That is the immune system gets knackered by the virus and packs in.

Auto-immune means that the body's immune system starts to attack itself, a condition which is largely incompatible with the one mentioned. AIDS deals with the destruction of the immune system by outside causes (whatever they may be). Autoimmune diseases cover the body's own immune system going haywire and destroying the body.

Analogy: AIDS is a demolition crew, Auto-immune is "Extreme Makover: Home Improvement" where the jacuzzi ends up cooking the family.

Re:Blacklists

[statemachine]

I have. I couldn't email several important people because their ISPs started using various RBLs.

I've been in your shoes with large e-mail service providers. One in particular (let's call it Company Y) treated my e-mail in each of the following ways over the course of a year: spam box (slightly tolerable), blackhole (never got delivered), and just plain rejected at the MTA level. I made an effort to contact them about whitelisting my domain (as I was not on any known blacklist), but it seemed to fall on deaf ears. However, just recently, I mistakenly used a person's address at Company Y, and it actually landed in the non-spam inbox.

Maybe a few things (in aggregate with other people) caused the problem to be solved:
1) I contacted Company Y and tried not to be an ass.
2) I started directing my friends and family to use the competitor (let's call it Company G), as I wasn't having any problems there. My friends and family listened to me (or at least considered it) because I gave a reasoned explanation, and I tried not to be an ass.
3) I mentioned my problem to an employee (friend of a friend) at Company Y (although this employee did not work with e-mail), gave a reasoned explanation, and I tried not to be an ass. Who knows if any water cooler talk got to the right person.. but it couldn't hurt to try.

Over the years, I've had my domains hosted on various ISPs, but in each case, I've made sure that I was allowed to have a server. In the few cases I wasn't, I had the server hosted elsewhere. I'm not saying you're running a mail server where you're not supposed to (I have no idea), but e-mail coming from a dynamic IP address that is allocated to a provider that prohibits servers is just asking to be flat-out rejected. I see too many attempts from dial-up and home cable providers with obviously bogus sender envelope information to know that this general categorization holds true. If you have a provider that allows e-mail servers, and you're still having problems with certain ISPs/e-mail service providers, and you're sure you're not on any blacklist (try http://www.dnsstuff.com/ ), then try contacting the ISP like I mentioned above. If the ISP is not willing to help you, there are other e-mail provider services you could recommend to your friends and relatives.

I could go on and on, but it boils down to trying everything you think is possible before you give up. What are the particulars of your domain?

Blacklist timeouts

[CustomDesigned]

I keep IP blacklists and domain blacklists. IPs are blacklisted for 7 days. I experimented with various settings, measuring the diminishing returns (in saved bandwidth) from keeping them blacklisted longer and longer. 7 days is pretty optimal with about 500000 IPs blacklisted at any one time. This keeps spam bandwidth down to a continuous 100Kbps (400000 messages / day - for a one user domain!). Domains are auto-blacklisted based on reputation: total spams/total hams over the last 1024 messages. Reputation decays with time, so that a domain that finally purges their 'bot can send mail again in a week or so. Manually blacklisted domains are permanent, but are manually reviewed every year. There are some domain names that only people I don't want to hear from would buy.

The software is pymilter.

Not founder, not AIDS, otherwise, w00t!

[mouthbeef]

Hey there -- I wrote the FA, and for the record:

* I didn't found Boing Boing -- I co-edit it with Mark Frauenfelder (who *did* found it, along with Carla Sinclair), Xeni Jardin and David Pescovitz

* I didn't use the word AIDS in the article, and I don't think that this is comparable to AIDS; I used "autoimmune disorder," as in "allergy" or even "lupus" -- that is, any time when the systems that are supposed to protect you end up attacking you

Otherwise, many w00ts for this making it to the /. front door!