How were the years 2008 and 2009 spent?
Those two years saw the development and near-completion of two major new GRC online facilities, and one significant piece of freeware. I say “near completion” because the second and third of those projects interrupted the completion of the one before them, resulting in three major “loose ends” that — even as I’m writing this in May 2010 — are still awaiting final completion and documentation before they see the light of day.
• 3rd-Party Cookie Alerts
The first project is a system to alert GRC’s visitors to their browsers being configured for the acceptance of 3rd-party cookies — i.e. Web browser cookies being planted by sites other than the ones you’re visiting. As our projects often do, it hugely outgrew our original plans and acquired a life of its own. It developing into a sophisticated “Web Browser Cookie Forensics” system providing GRC’s visitors with an online facility to examine, test, characterize and understand their web browser’s precise cookie management. (During the development of that system we discovered significant bugs in the cookie handling of every web browser!)
• DNS Spoofability Testing
The second project, which, due to its importance, interrupted and preempted the completion and publication of the 3rd-party cookie notification project, is a new online facility to check the “spoofability” of an visitor’s current DNS resolvers — i.e. the DNS their system depends upon for returning the correct IP address for any domain name they look up. It, too, developed into a much larger and more capable system than we originally intended or expected.
• DNS Benchmark
This third project delayed the completion and publication of the DNS Spoofability project because the two were closely related and I realized that I needed to have the third one finished as part of the second. This was GRC’s newest (and extremely cool) freeware: the GRC DNS Benchmark.
The DNS Benchmark grew from a related piece of code known to GRC insiders as DNSRU: the DNS Research Utility. I originally wrote DNSRU, another piece of unpublished work, in 2002 while exploring the idea of using DNS for rapid Internet-wide messaging. Among other things, it incorporated some unique DNS benchmarking capabilities, so GRC insiders who had a copy of the never-officially-released code kept using it during the seven intervening years and asking when it would be “finished.”
Since DNSRU was about DNS, it made sense to finish it by evolving it into a polished and finished piece of freeware so that it could be released as part of the forthcoming DNS Spoofability system. The code was finalized at the end of September 2009.
Also during these two years, in addition to tackling and completing many smaller background projects, we began moving toward defining and preparing for the development of GRC’s next major commercial product, CryptoLink. Trademarks and domain names were acquired, and work began on patents, with the first CryptoLink patent — a new single-packet authentication technology for stealthing open TCP ports — submitted to the United States Patent and Trademark Office (USPTO) by early 2009, and now in “patent pending” status.
But, mostly, 2008 and 2009 saw a great deal of development on facilities and code that ended up being close to release and — finally — only needed to have their documentation completed.
2010 will see all of this work finalized, documented, and released. And once that is all finished, we’ll be very much closer to finally getting to work on the design and development of CryptoLink, our next commercial product.
Please see the May 2010 posting for a status report as of May 2010.