I’m writing this post on March 11, 2012. If you’re in the United States, set your clocks forward one hour. And if you’re reading this on the Internet, pause a moment with me to celebrate an anniversary.

It was 20 years ago today, on March 11 1992, that researcher Nathaniel Borenstein emailed the first MIME attachment. The Multipurpose Internet Mail Extensions standard has proved to be a most flexible specification, accommodating every rich data type the emailing world has thrown at it. It is also, of course, the information coding strategy for the Web. Borenstein recently told The Register that he thinks about a trillion MIME attachments are exchanged every day.

Check the header on a random email message and you’ll discover a curious fact about MIME – it’s still at version 1.0. The standard has turned out to be extensible enough to accommodate every kind of digital data. Also curious is the fact that despite its universal use, MIME isn’t an IETF standard, but still a draft standard. It may not be adopted as a full standard before it becomes obsolete.

Edit: For a couple weeks, the second paragraph of this article defined MIME as “Multipurpose Internet Male Extensions.” Is it possible no one noticed this delightful typo?

Web recommendation: The phenomenal Grady Booch has embarked upon an inspiring new project. He has gathered up a bunch of his buddies in the software and arts worlds, and set out to create “Computing: The Human Experience.” The group’s initial funding appeals on kickstarter.com were successful, so we can look forward to seeing content – including an 11-episode television series – start rolling out. In the meantime, we can get previews of what Booch has in mind on the project’s YouTube channel. J.D. says check it out.

J.D. Hildebrand has written hundreds of articles for dozens of publications and online communities dedicated to software development. He is pretty sure he’s running a fever, but due to the oddity of Celsius-standard thermometers, he can’t really say how sick he is.

It's no longer enough to create working code. We must now put serious energy and deliberate thought into securing our code, the data it works on, and the users who rely on it. I'm convinced that we are headed toward a series of crises – in fact, the crises have already begun. And as near as I can tell, there's no solution in sight.

There's more malware out there than ever before. Viruses, worms, trojans, rookits, back doors, intrusions, spyware, botnets, cross-site scripting, proxies, SMTP threats, SQL injection, header splitting, keystroke loggers, screen loggers, e-mail redirectors, IM redirectors, session hijackers, ransomware, transaction generators, dialers, denial-of-service attacks, DNS poisoning, SEO abuse, phishing, pharming, data-mining, man-in-the-middle attacks, pump-and-dump stock scams, social engineering exploits, riskware, pornware, identity theft, social-media character assassination...the list goes on and on. Most of this has been with us for years, of course, growing at a predictable (if alarming) rate. All indications are that the rate of infection has grown dramatically in recent months, and it is about to explode.

Part of the story is that hackers are becoming more sophisticated in their attack methods. There's real money to be made in hijacking user data, and the money has attracted a new breed of for-profit hackers. A quick search of the Internet will convince you that it's simple to download all the software components you need to breach most security systems. The software toolkits are powerful, effective, and widely shared. Globe-spanning hacker syndicates are at work 24 hours a day, devising and sharing techniques for breaking through defenses. It's big business.

At the same time, the number of vulnerable platforms with sufficient installation numbers to attract hackers has grown rapidly. Yes, most attacks are still targeted at Windows PCs and Web servers. But recent months have given us dramatic evidence that new platforms are vulnerable. Smart phones, SCADA installations, embedded systems, utility grids, and smart cities are all coming under attack. Portable systems fall into the wrong hands easily and frequently. Revisions to Windows, iOS, Linux, HTML, Java, Office, and Android promise to fall to new generations of malware. A recent report from Columbia University researchers demonstrates that Web-accessible laser printers can be instructed to make paper smoulder, and perhaps catch fire. Hackers can use your phone to track your location or take photographs under remote control. If your e-mail isn't being intercepted, read, and revised, it's because you haven't been targeted, not because hackers are incapable. If you've got the money, you can install a monitor to intercept data flowing through the fiber-optic cables that route Internet traffic across the ocean floor, SSL or no SSL.

Service providers are collecting terabytes of user data, often without disclosing the fact. Providers know what Web sites we visit, what we buy, where we take our mobile phones, when we read and answer e-mail, what we're reading on our tablets, which files we download to our e-readers, and all the details of our banking relationships. Even if they don't intend abuse, the data is now subject to external attack. It's not enough to secure the systems under our control – our service providers' systems must be secure too.

And it's not just hackers we have to worry about. Government and law-enforcement agencies are increasing their power to access data, shut down Web sites, shutter businesses, and track users without the benefit of trial – or even, in many cases, the minimal protection of a subpoena. Congress is debating legislation that would extend much of this power to corporations.

We haven't even talked about cloud computing. IT shops are increasingly called upon to secure data that isn't stored on-site. Data-transfer channels are vulnerable to eavesdropping. Cloud service providers are vulnerable to attack. Providers may store information on servers in a country whose laws are not strict enough to provide base-level protection. Authentication systems and backup programs may not be sufficient to keep data secure.

As if all of this weren't enough, it is clear that skirmishes have already begun in a new generation of international cyberwar. State-sponsored and state-developed malware has targeted users, corporations, industries, and utility grids across international borders. Nations, including the United States, have gathered tremendous resources to blow through conventional firewalls, encryption routines, and user authentication systems with ease. Except for the Stuxnet trojan that apparently set back Iran's nuclear program a few months or years, most of these attacks have been small-scale efforts so far – proof-of-concept demonstrations, little more. When the real cyber-shooting starts, we will all sit in the crossfire.

My research has convinced me that the security technology we are currently employing to protect ourselves is laughably impotent in the face of current threats – much less the new threats that will arrive over the next 12 to 18 months.

This year saw the death of Robert Morris, a cryptographer and computer scientist who contributed to Unix and did research at AT&T Bell Labs for 26 years before joining the National Security Agency's Computer Security Center as chief scientist – essentially, cryptographer-in-chief of the United States. Morris had three simple rules for computer security: “Do not own a computer; do not power it on; and do not use it.”

Morris's tongue-in-cheek advice seems grimly relevant today.

Web recommendation: Ah, the Internet. What did we ever do before we had such an accommodating home for rants and flame wars? I admit it: I can't resist reading the occasional over-the-top Web post and scrolling through the outraged comments that follow. My new favorite is “Why I’ve finally had it with my Linux server and I’m moving back to Windows” over at ZDNet (right around the corner from us, in Web terms). I don't want to start a flame war here, so I'll simply say that I can relate to what blogger David Gewirtz has to say. J.D. says check it out.

J.D. Hildebrand has written hundreds of articles for dozens of publications and online communities dedicated to software development. He believes the system he used for writing this column is virus-free. But hey, what are the odds?

Android 4.0 – familiarly known as Ice Cream Sandwich – was introduced on October 18 at the Hong Kong launch event for Samsung's Galaxy Nexus smartphone.

Android is Google's (mostly) open-source operating system for smartphones and tablets. Since version 1.5, major releases of the operating system have been named for sweet foods: Cupcake, Donut, Eclair, Froyo (frozen yogurt), Gingerbread, and Honeycomb. Ice Cream Sandwich is the semi-official nickname for version 4.x of the OS.

Source code for the operating system has generally been available to developers, but Google broke that tradition with version 3.x, Honeycomb. The company's explanation suggested that in their eagerness to get the OS ported from phones to tablets, Google engineers had indulged in some hacks and shortcuts that might tarnish Android's reputation or encourage developers to rely upon temporary kludges.

Given Google's unwillingness to part with Honeycomb source, developers have naturally wondered if the code for v. 4.0 would be similarly embargoed.

An unofficial answer is found in an email message written by Google engineer Dan Morrill. The email was subsequently cited in a Google+ post by self-described Android geek Jean-Baptiste Queru. At this point, Google has made no official corporate announcement.

It appears, however, that the company will release Android 4.0 source code to developers once the OS is “available on devices” (according to Morrill's email). Since Samsung's Galaxy Nexus will be out next month, Android geeks like Queru speculate that Ice Cream Sandwich source code will follow shortly.

I'll follow up with more news once a release date is confirmed.

Web recommendation: Perhaps you've noticed that the tech world has contributed more than its share to the universe's supply of offbeat characters. Among my favorite techie iconoclasts is the remarkable Richard P. Feynman, whose contributions to physics are exceeded only by his cynical, sometimes sophomoric sense of humor. I enjoyed both his autobiographical books, Surely You're Joking, Mr. Feynman! (Adventures of a Curious Character) and What Do You Care What Other People Think? (Further Adventures of a Curious Character). Today, I'm happy to point you to YouTube's collection of Feynman videos – specifically the Fun to Imagine monologues on physics. Great stuff! J.D. say check it out.

J.D. Hildebrand has written hundreds of articles for dozens of publications and online communities dedicated to software development. He recently relocated to a small town outside Belgrade – stop by if your travels take you through Serbia.

Have you heard of the Freedom Box? It's the brainchild of professor Eben Moglen of the Columbia University School of Law in New York.

In February 2010, Moglen addressed a regular meeting of the Internet Society in New York. In his talk – video of which is available widely over the net, including here – Moglen discussed the security dangers of the current model of the Internet. Centralized servers maintain information about us plus logs that compile histories of our activities, Moglen points out. These servers are typically under corporate control and the user information on them is routinely used – misused – by their owners.

This is a dangerous computing model, Moglen says. And it's a bad deal for users. Free Web-hosting (as offered by Facebook and other social-networking sites) and e-mail (as offered by Google and other hosts) isn't really free: It's offered in exchange for full-time spying. Users have ceded control of vast amounts of their personal information without intending to, nor understanding the consequences.

Targeted advertising is just the beginning. Moglen cites a research project that found it was possible to identify closeted gay users on Facebook. The task was relatively easy, Moglen explains. And he warns that this kind of data-mining is just the tip of the iceberg.

The solution, Moglen says, is the Freedom Box – a small, inexpensive Web server that you plug into the wall and forget about. The Freedom Box handles your mail and file transfer and commercial transactions and social networking without exposing you to external servers whose sponsors may not have your best interests at heart. Such a server could be the size of a cell-phone charger, Moglen speculates, and sell for $30 or so once the devices are made in production quantities.

The software component of the Freedom Box is free, of course. A project to create and assemble the required software is under way at the FreedomBox Foundation. The software is based on Debian GNU/Linux plus readily accessible free-software components. The foundation's tech lead is Bdale Garbee, former project leader of Debian.

You don't need me to tell you that the current state of Internet security is a catastrophe waiting to happen. Check out the Freedom Box. Get involved by contributing money or code or ideas. It's good stuff.

Web recommendation: Why do software-development superstars have such primitive Web sites? I recommended Charles Petzold's site in a recent blog post despite its lackluster layout and 1990s-style design. Now I find that I need to point you to the personal site of free-software legend Richard Stallman, whose accomplishments as an Internet pioneer and political activist are too numerous to list here. Stallman is a little strident and a little paranoid for my tastes, but he is that rare individual, a certified idealist. And he has literally changed the world. His Web page is a cornucopia of thoughtful writing despite its bare-bones plain-text appearance. You'll find it here: http://stallman.org/. J.D. says check it out.

J.D. Hildebrand has written hundreds of articles for dozens of publications and online communities dedicated to software development. He recently relocated to a small town outside Belgrade – stop by if your travels take you through Serbia.

With the release of several new tablets based on Android, and the update of the Barnes and Noble Nook Color, is Apple's iPad still the most important tablet? Better yet, is it the only one you develop applications for?

Today, Sony announced that it will be releasing two Android-based tablets come fall 2011 in yet another attempt to compete with the iPad. Will this attempt be successful? it seems consumers are still mystified by Jobs' magical device; and yet retailers continue to announce new tablets, each one hoping to be more successful than the last.

But what about you, developers? How do you feel about developing for iOS and the Honeycomb version of the Android software? Do you think it is time to consider Android-based tablets true players in the space? Are applications developed with a different audience in mind for Android? Who is your target market when developing for the iPad? For Android? Or even for the PlayBook?

The PlayBook, launched by BlackBerry in April, is yet another interesting device in my opinion – is it even considered? Does the fact that the PlayBook does not fully support Flash or standard tablet functions (like email) deter you from creating apps in WebWorks or the BlackBerry OS for tablets platform?

We’re working on a story on this topic and would greatly appreciate your feedback. Have something to say? Comment below, email me or Tweet at me (@giornalista515) with the hashtag #sdtablets. And don’t forget to follow @SDTimes for all the news, questions and stories we post on our site. And like us on Facebook for even more news.

I've hated e-mail with a passion ever since I had to run a server for it back in the dot-com boom. Anyone else who's played with SendMail or Exchange can probably sympathize: e-mail is ancient, poorly designed and prone to all manners of issues. Perhaps the worst part about this antiquated system is that it's also the most commonly used digital business tool in this day and age, and yet the systems designed to work with it are still confusing and oftentimes tough to deal with.

Clearly, this is the thinking behind the much ballyhooed Google Wave. I'm definitely a Kool-Aid drinker there, but I fully realize that Wave is a long ways off and won't likely kill e-mail outright.

But the reason I bring all of this up is to highlight an interesting project from Zed Shaw: Project Lamson. Zed had the same experiences we've all had with e-mail: He was sick of writing code to fix broken old software, just to make sure the nightly mailing lists were working. As we all know, troubleshooting the e-mail server can be the most high-profile way to anger a company's staff.

So, Zed decided to write an e-mail server in Python. Along the way, he's discovered a few areas of remaining confusion, and he is attempting to solve them. The big one that caught my eye was his idea to change all e-mails touching his server into UTF-8.

I still get messages from my client asking if I am sure I want to send out a UTF-8 e-mail before I send it. Is this really necessary? Are there mail servers out there that don't understand this? Shaw is gambling that there aren't. If you want to help him, take a gander at his UTF-8 conversion code and offer some suggestions for optimization and stability.

Unfortunately, e-mail will probably still exist 100 years from now. It's a terrible system, sadly, and the added confusion of everyone's individual e-mail policies will make sure that it remains completely broken for years to come. With all the wonderful e-mail retention policies mandated by the government and the SEC, not to mention the propensity for most institutions to give their users around 100 megabytes of e-mail space on the server, is just one of the wonderfully convoluted points of contradiction in this system.

But thankfully, I'm not the only one completely fed up with e-mail. Thanks to Google and Shaw, and many other intrepid developers, e-mail isn't being ignored to rot on the vine.