Jean-Jacques Halans ‹› Afterhours

This is a fictitious story about a small Australian business owner, let’s say a Dentist. One day she decides to spend her marketing dollars on a website, instead of an advert in the Yellow Pages (who uses that nowadays anyway?), the local business guide or the local newspaper. Smart woman! Now, a website can be quite expensive. Or it can be very cheap! She gets her little nephew to setup a brochure site (a practice I don’t condone as a web professional!). Nothing fancy, people only need to find information about her practice, a contact form, maybe a feedback form for a little interaction.

All goes well. Calls for appointments come in, business is good. Once in a while, she looks up herself on Google, to see if people can find her. She tweaks the content a bit for search engine optimization, gets linked on some local business sites, decides to spend some money on Google adverts. She’s pretty happy. Once the site is on a roll, she really doesn’t need to look after it any longer, it seems. Her little nephew points her out that her website traffic is booming, it’s getting a lot of hits it seems. Cool!

Then all of a sudden appointments fall back, people aren’t calling her anymore. Is this the recession? Are people no longer getting insurance, so they can’t afford the Dentist any more? This must be the GFC! But then she looks at her website traffic, and it has fallen down to nearly nothing. She sees some European and US visitors, which obviously aren’t clients, but no more Australian users. What has just happened?

Her site got hacked! It’s not something she would be looking for, not something she knows anything about. It’s a bloody simple website. Why would anyone hack her site? What’s the point? And it wasn’t obvious either, it’s not like they defaced her homepage with pink elephants or something.

This is the point where I’ll be talking Today and Tomorrow.

Today, when your site gets hacked and points to malware/spyware, your Google entry will tell users that your site contains links to malware. But if people want they can still click through, they can still find you. Google doesn’t tell the website owner her site is hacked though, you have to find out yourself. As the website owner, you can take appropriate action, clean up your site, get some professional help protecting your site. You can then let Google know when to index your site again, as Google clearly points out the procedure. This is a private company trying to protect it’s users from downloading malware to their computers. A noble cause, though it might seem scary for the small business owner who relies on traffic coming from search results.

And this happens very, very frequently. Even to the best of us. All software, open or closed, contains holes. Some holes are easier to exploit than others. Some holes are easy to fix and get fixed quickly, some don’t. A lot of popular software contains/contained holes, like popular content management systems, forums, development platforms,… So, as it turns out, a website does need maintenance. It’s not something that you’d put out there, and let it run. You need to keep a watchful eye on it. (and start out by using a web professional, not your nephew).

But Tomorrow, things will be different. The government will protect us, the web users. Someone must think of the children. Our own anti-virus, host and router firewalls, parental filters, OpenDNS, modern browser,… just isn’t good enough.

In the case of the Dentist, it turns out the Russian mob had injected content onto her site, advertising content deemed illegal under Australian law, and then spammed millions of users pointing to the content. Her site was put on the government blacklist, according to the media, without her knowledge. The list is (used to be) secret, so it’s not something you can query to see if your site is on it. And Tomorrow, it will be taken offline. You get hacked, you get (secretly) charged, and your website gets killed off.

As said, this is a fictitious story, but it does hold some elements of truth. Web pages from those morally objectionable characters of the likes of a dentist, a dog kennel (MaroochyBoardingKennels.com.au) and canteens.com.au (that is “school cafeterias”, not whatever your and ACMA’s dirty minds make of it) ended up on the actual official government blacklist.

Any locally hosted websites hosting content deemed illegal by ACMA (Australian Communications and Media Authority) must be removed by ISP’s and content hosts. If the site is hosted overseas (tip: if you are an Australian business targeting local customers, it does make more sense to host in Australia!), the ACMA adds you to a blacklist which Today is used by client-side internet filters, but Tomorrow it will be used by the Great Australian Firewall, the network level mandatory ISP filtering scheme currently on trial. It is not clear what the procedure will be (if there is any), for complaints received at ACMA, if and how ACMA will let website owners know they got complaints, if ACMA will allow website owners to fix any issues during a grace period…

Can we even imagine where this filter is leading us too? Do we really want to go there?

As a side note, compromised home computers are being used in the hundreds of thousands around the world in illegal activities, in botnets used for spamming, temporary hosting illegal content used by fast-flux domains. Will the government be blocking all these individual IP addresses too?

In little over three months the web development highlight of the year is back in town, Web Directions South 2008, the biggest web conference in the southern hemisphere. Great workshops, fantastic speakers from Australia and around the world, and overall a fabulous social gathering of like-minded souls.

Some name dropping: Douglas Crockford, Jina Bolton, Jeffrey Veen, Daniel Burka, Derek Featherstone, and many, many more.

Get in on the action early to get the early bird pricing, get in late and you might miss out!

Winter has arrived in Sydney. Well, that’s all still a bit relative though.
But it’s going to be an exiting month. We have an Adobe AIR camp (a day of AIR immersion), the Google Developer Day I’m looking forward to, and the opening of the large Apple store, plus a probable release of the iPhone 2 (ends up to be July 11). At the Apple dev conference in San Fran next week for sure, but possibly maybe also officially in Australia. Still, the question remains if we will be able to get our hands on one this month, or will we need to wait for another couple of months? And the releases of Opera 9.50 (June 11) and Firefox 3 on June 17.

I had to have one. I was just waiting for the UK introduction to see if a new model (with 3G) was being introduced. But it was the same Edge-based model.

So I went looking on Ebay, and there’s lots of them. You can get them fully unlocked ready to go. But part of the fun is going through the ‘hacking’ process, so I went for an original one. I went for a Buy Now at 650 AUD + 50 AUD shipping. At the current 399 USD price though that would have been about 450 AUD, so the seller did make a decent profit from it. Some auctions went for 580 AUD, other up to 800. There were even some on offer for 1200 AUD (unlocked and locked ones). In the end it did take more than three weeks to end up in my hands though. In the mean time the iPod touch was released, and I got me a 16Gb one while waiting for the iPhone, just to play around with the navigation and Safari.

I only bought a new phone a couple of months ago, a Windows Mobile based Dopod D810. Lately I mainly used it as a mobile modem, while we were switching between two ISP’s, during which we didn’t have internet access. I have a 500 Mb plan on Three for 20 AUD, and that went just fine. I connect it to my Macbook Pro through bluetooth and share the internet connection. And also love it’s GPS functionality.

But on to some iPhone hacking. There’s a lot to read up on about ‘jailbraking’ and unlocking the iPhone. As you know, the iPhone is locked to an AT&T sim card, and you can’t add any 3rd party apps to the iPhone either. Fist you need to activate it, without going through the AT&T process. Next you need to jailbrake it, open it up to third party apps. Because this then allows you to add an unlocking application to the iPhone. I wont repeat the steps here, I’ll point you to the right sources. I don’t take any responsibility when thing go wrong!

One thing to look out for: your firmware version. Make sure you use the right procedure for your firmware. I’ll explain. I tried to unlock my phone with a 1.0.2 procedure while it was still on a 1.0 firmware. I spend 3 hours looking for a solution. It was only the next day that a bright light shone, and I upgraded the iPhone to the 1.0.2 firmware version, and from then on it was only 20 minutes to get it fully working. Well, up to the point to make calls and text. Remember, I’m in Australia. I am originally on the Three network.

Let me tell you right away, it doesn’t work on Three. I read about it on eBay, but didn’t want to believe that. But I got a No Service. So I first bought a Vodafone prepaid sim, 2 AUD for the sim card + 20 AUD calling value (-10%, so 20 AUD in total) because I thought that would be the cheapest. The Vodafone sim allowed me to make and receive calls and texts. So I was halfway.

A week later though I bought a Telstra sim, the main national operator. I knew they were the only ones with Edge here in Australie. The Dopod on Three would roam on it whenever outside of the Three network (quite often outside of Sydney). So while in Melbourne I went to a Telstra store. Tried to explain them that I wanted a prepaid sim card with a data plan. I already had gone through their brochure so I could point out what I wanted. I told them I wanted Edge access. Hmmm, unfortunately the sales people aren’t too well informed on the more technical aspects of their network. They only knew about ’3G’. “Is it a 3G phone?” Well, it’s an iPhone. “Oh, that won’t work.” I just told him to give me a prepaid card with a 20 AUD calling value, that I would figure it out myself. But he looked to be intriged. It was his first iPhone he got in his hands, so he wanted me to try it right away. He even activated the data plan on it for me too. Unfortunatly he didn’t know what settings to change to get on Telstra’s Edge network (it was still set to Cingular/AT&T). Their phones are preset to connect to their network anyway. So, right there, in the shop, it didn’t work. In the evening, back at the hotel, using my Dopod D810 as mobile modem, I googled around a bit and I found the necessary settings for Telstra. Mind you, it is the 2G/WAP setting you need to use, the 3G settings don’t work. But in the end, yes, it all works, weather, browsing, email,… right here down under.

Keep on reading.