If you're new here, you may want to subscribe to our RSS newsfeed so you don't miss out on all the information, news, tips and tricks.
Thanks for visiting!

John A Thomson, MD of Roundtrip Solutions, has just finished investigating a reported issue with the website of the Forth Estuary Transport Authority (FETA), otherwise known as the Forth Road Bridge website. This blog post will make for interesting reading, highlighting the changing nature of the web and how legitimate websites can be compromised to serve nasties to visitors.

Photo by Martin Third

One of our customers phoned to ask about an adult themed pop-up that appeared when visiting the Forth Road Bridge website. Unfortunately, we were unable to confirm they had actually visited the website and hadn’t mistakenly went to some porn website in the first place, but what we could confirm was an alarming situation with the FETA website at that time.

Upon visiting the website our security systems immediately alarmed off with reports of the website serving a MDAC-RDS exploit using the Neosploit Hacking Toolkit - see the image below for more details.

LinkScanner Pro, a product from Exploit Labs (recently bought by AVG), also reported a problem when it was used to evaluate Google search result for FETA - see below.

The exact wording used by LinkScanner Pro in its Exploit log was:

NeoSploit

This is an MDAC-RDS exploit, wrapped in an attempted polymorphic script generator.

Yikes! Sounds pretty nasty, doesn’t it? There is more detail here.

The Google cached page seemed to be unaffected initially, but then Google’s bots came roaming past and now it is also showing an exploited website.The conclusion from all this: the hack took place sometime late January, early February.

Next check was to ensure the domain was indeed owned by FETA by doing a domain lookup. Although the actual result was inconclusive, enough information could be surmised to say with a reasonable level of certainty that it was indeed the legitimate website. They obviously had Concillium UK as the supplier involved with the delivery of the website way back in 2003. We do wonder why the registrant details aren’t an address somewhere close to the bridge!

Whois Record

Domain:
        feta.gov.uk
Registered For:
        Forth Estuary Transport Authority
Domain Owner:
        Forth Estuary Transport Authority
Registered By:
        Lumison Ltd
Servers:
        ns0.lumison.net        
        ns.as12703.net        
Registrant Contact:
        Richard Abrams
Registrant Address:
        Consilium UK Ltd
        Mirren Court One
        119 Renfrew Road
        PA3 4ED
        United Kingdom
        +44 1418471545 (Phone)
        +44 8703305882 (FAX)
Entry updated:
        Friday 11th May 2007
Entry created:
        Wednesday 17th September 2003

It was worth checking the IP address was assigned to FETA in case the problem was down to some kind of DNS issue.

% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Information related to ‘87.246.98.144 - 87.246.98.151′

inetnum:        87.246.98.144 - 87.246.98.151
netname:        LU4682
descr:          Internal infrastructure
country:        GB
admin-c:        LUMH-RIPE
tech-c:         LUMN-RIPE
status:         ASSIGNED PA
remarks:        INFRA-AW
mnt-by:         EDNET-RIPE-MNT
changed:        dns@ednet.co.uk 20051111
source:         RIPE

role:           Lumison Hostmaster
address:        Lumison Ltd
address:        12 Dock Place
address:        Edinburgh
address:        EH6 6LU
address:        UNITED KINGDOM
remarks:        trouble:      For customer support please email support@lumison.net
remarks:        trouble:      or call +44 (0)845 1199 999
remarks:        trouble:      For abuse reports please send to abuse@lumison.net
remarks:        trouble:      For peering requests please send to peering@lumison.net
mnt-by:         EDNET-RIPE-MNT
e-mail:         hostmaster@lumison.net
admin-c:        GA8874-RIPE
tech-c:         GA8874-RIPE
nic-hdl:        LUMH-RIPE
changed:        neil.saunders@lumison.net 20040816
changed:        neil.saunders@lumison.net 20040908
source:         RIPE
abuse-mailbox:  abuse@lumison.net

role:           Lumison NOC
address:        Lumison Ltd
address:        7 Claylands Road
address:        Newbridge
address:        EH28 8LF
address:        UNITED KINGDOM
remarks:        trouble: For customer support please email support@lumison.net
remarks:        trouble: or call +44 (0)845 1199 999
remarks:        trouble: For abuse reports please send to abuse@lumison.net
remarks:        trouble: For peering requests please send to peering@lumison.net
mnt-by:         EDNET-RIPE-MNT
admin-c:        GT73-RIPE
admin-c:        GA8874-RIPE
admin-c:        IM1814-RIPE
tech-c:         RM7978-RIPE
tech-c:         GT73-RIPE
tech-c:         IM1814-RIPE
nic-hdl:        LUMN-RIPE
source:         RIPE
abuse-mailbox:  abuse@lumison.net
changed:        ian.mackinnon@lumison.net 20060727
e-mail:         noc@lumison.net

% Information related to ‘87.246.64.0/18AS12703′

route:          87.246.64.0/18
descr:          Lumison Limited IP allocation.
origin:         AS12703
mnt-by:         EDNET-RIPE-MNT
changed:        dns@ednet.co.uk 20050908
source:         RIPE

Again, we had to surmise this was indeed the IP address of the FETA website! The FETA domain is pointing at Lumison’s name servers and Lumison owns the IP address range that contains the FETA website server. The bits of the puzzle kind of link up.

Now it was worth sniffing the website traffic to see where the compromise was occuring. After a little digging around, the exploit code was found fairly easily: the obfuscated Javascript made it stand out like a sore thumb. Very nasty indeed!This code made the browser connect to a server in Turkey with an IP address of 88.255.90.130. Most of the time this server returned instructions to look at the BBC website, but occasionally it delivered another Javascript payload, which could have done anything it liked!

To confirm the problem was indeed a genuine website compromise we referred the incident to Roger Thompson over at AVG. He’s the person with all the experience in dealing with LinkScanner Pro detected exploits. In fact, he got a mentioned in a Baseline Magzaine 2006 article that detailed this very same exploit when it was first being seen in the wild. Expect to see a blog post from Roger very soon on his findings for this incident. We expect he will have completed the last piece of the puzzle and know the particular nasties being pushed out by the Turkish server.

Once the compromised website had been confirmed, we immediately informed FETA IT management about this incident. They took down the website within minutes, no hanging around waiting for any third party supplier to confirm the compromise. Kudos to them.

Our guess at this point would be one of the following:

1. A server patch hadn’t been applied allowing the full server to be compromised. This could potentially be very painful for the web server supplier if it turns out to be the case.

2. The website is built using a content management systems called “Joomla“. It is possible it is using an older insecure Joomla core or an older insecure module. Maybe someone has forgot or neglected to patch the Joomla files.

3. Something else on the web server has been compromised allowing access to the FETA website files.

4. One of the website developers has a compromised workstation computer that allowed hackers to gain the FTP username and password directly using a key logger.

Only the hackers know the exact nature of the compromise, but the FETA IT team should be able to investigate the nature of the compromise using a good forensics specialist and be able to evaluate the scale of the problem, thereafter putting in place the necessary fixes to ensure better security of the website in the future!

People who’ve visited the website over the last week need only panic if they are running a version of Microsoft Windows that hasn’t been patched or a version before Windows 2000. Security products may also have caught this nasty and blocked it from gaining a hold. This exploit was addressed in Microsoft Security bulletin MS06-014, released 11 April, 2006, along with updates to the affected MDAC versions. Customers running Windows Vista are unlikely to have been affected by this exploit.

Our advice to anyone who has visited the FETA website since about the 1st February is to run a variety of security products including antivirus, antispyware and antirootkits through your system to ensure nothing has slipped through. It is also vital to keep up with both Microsoft and 3rd party application patches and updates.

If you have any doubts or queries then feel free to Contact Us for advice.

Technorati Tags: exploit, FETA, Fife, Forth Estuary Transport Authority, Forth Road Bridge, hacked, Joomla, MDAC-RDS, Roger Thompson, Windows

Technorati Tags: community, conference, Developer Developer Developer, Developer Day Scotland, Scotland, Scottish Developers

Continuing on with our “Geek Sayings” series:

“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.” - Unknown

Technorati Tags: funny, geek sayings, humor, humour

We’ve changed the theme on the blog for two reasons:

1. We fancied a change.
2. The theme previously used didn’t support Google Analytics out of the box.

We could have modified the theme to support Google Analytics, but it was easier to use an alternative Wordpress theme. If you’ve never considered using Google Analytics then check it out as it is very simple to implement and produces some very interesting and comprehensive reports.

A number of other minor issues were fixed by switching themes so we hope people find the change to their liking. Let us know if you have any issues or problems.

Technorati Tags: Google Analytics, theme, Wordpress

Us Brits are suffering from a bug in Windows Live Writer (WLW) when entering currency amounts. WLW fails to handle the pound sign (£) correctly when entered in one of the WYSIWYG modes. Here’s what happens when you enter it and publish the post:

�

Mmmm! That doesn’t quite look correct does it? But fear not, it is fairly easy to work around this issue until the bug is fixed:

1. Switch to HTML edit mode
2. Everywhere you see a “£” sign replace it with the HTML code for the pound sign, which is “£”

This bug has been reported on the WLW discussion forum. Hopefully this minor issue will be fixed for the next release.

For those bloggers that have still to try it out, Windows Live Writer rocks!

UPDATE:

The Windows Live Writer team have got back with a workaround, details of which are below and taken from HERE.

Non-ASCII characters render incorrectly on UTF-8 encoded blogs

Description: On WordPress 2.1+ and PHP versions older than 5.0.2, publishing posts using Writer results in non-ASCII characters showing up as either squares or question marks.

Reason and Solution: Writer erroneously prepends the UTF-8 Byte Order Mark to XML-RPC requests that are UTF-8 encoded. This prevents WordPress from correctly detecting the UTF-8 encoding declaration, so ISO-8859-1 is assumed instead.

Run regedit.exe and find the following key: HKEY_CURRENT_USER\Software\Windows Live Writer\Weblogs\<your-blog-id>

Verify that the subkey ManifestOptions contains a characterSet=”UTF-8″ value. If so, under the subkey UserOptionOverrides, add a new String Value named characterSet and leave its value empty.

Remember to do this tweak for all your affected blogs and as always use extreme caution when making changes to your computer’s registry. The cautious amongst you may even wish to backup your registry before making a change.

Technorati Tags: blogging, bug, pound sign, Windows Live Writer, WLW

Many people will remember those conversation in the school playground where kids would brag about the fighting prowess of their respective fathers. Let us consider the modern Internet variation of this game!

For those business and people whom are obsessed with web traffic, and more in particular hits and page views, you should question the business rationale for such a craving. Would it not be better to have in place procedures and systems that monitor and report the revenue being generated through your web presence?

Technorati Tags: amusing, blaugh.com, funny, hit, humor, humour, marketing, web stats

Please post us details of any bugs or issues you’ve found in Windows Vista. We’ll report them to Microsoft on your behalf and save you the risk of being charged loads of money!

Please report it in this format:

1. Summary of bug
2. Steps to reproduce the bug
3. Outcome/Application Output/Errors Being Report
4. Other info

e.g.

1. Summary of bug
Display driver crashes a dozen times a day!

2. Steps to reproduce the bug
Turn the computer on and use it! No pattern can be found as how to make the crash happen.

3. Outcome/Application Output/Errors Being Report
Error balloon from the system tray announcing the system driver crash.

4. Other info
Using an NVIDIA graphics card.

Technorati Tags: bugs, Microsoft, Vista, Windows

Please post us details of any bugs or issues you’ve found in Office 2007. We’ll report them to Microsoft on your behalf and save you the risk of being charged loads of money!

May we suggest you check out our popular Outlook 2007 post if you have an issue with Outlook before posting a bug report - the answer might already be there and Microsoft might already know of the issue.

Please report it in this format:

1. Summary of bug
2. Steps to reproduce the bug
3. Outcome/Application Output/Errors Being Report
4. Other info

e.g.

1. Summary of bug
Outlook hangs up email server when downloading emails.

2. Steps to reproduce the bug
Set-up pop email accounts. Hit send/receive to download emails.

3. Outcome/Application Output/Errors Being Report
Outlook generates errors. Server logs show the AUTH command is invalid. [Sample of log would also be useful]

4. Other info
Outlooks use of the AUTH command isn’t legimate under internet standards.

Technorati Tags: bugs, Microsoft, Office, Office 2007, Outlook

The world famous Freuchie Cricket Club is now online and Roundtrip Solutions is involved as developers and sponsors of this new online resource. The first stage has been delivered in the form of a Wordpress powered blog titled, “Round the Wicket”.

We’re building and bring together some exciting technologies to better serve Freuchie Cricket Club, its committee, fans, sponsors and the local community here in Freuchie, Fife. Keep watching to see the developments over the coming weeks and months.

Freuchie Cricket Club is most famous for winning the Village Cricket Competition in 1985. It certainly put the village onto the map and illustrated to our neightbours over the border that us Scots are every bit as good at cricket.

Technorati Tags: blog, cricket, freuchie, Fife, Freuchie Cricket Club, sponsorship, web design, Wordpress

Those folks over at Microsoft have been busy releasing important updates and new products.

1. Virtual PC 2007
The latest version of this virtualisation technology now has support for Vista.

It can be downloaded for free from HERE.

More information on Virtual PC.

2. SQL Server 2005 SP2
Bug fixes and new features are contained in this important service pack for SQL Server, the flag ship database product from Microsoft.

It can be downloaded for free from HERE.

Technorati Tags: Microsoft, service pack, sql server, update, virtual pc

Read all the post and comments before doing anything!

As people start to use Outlook 2007, there is an alarming pattern starting to emerge regarding performance issues when receiving POP3 email. Even the smallest and most trivial of emails can take ages to download and be available, ranging from 30 seconds to minutes. During this time, Outlook and Windows can become slow to respond or become completely unresponsive, usually returning to normal when the send/receive cycle has completed.

One of the first things to try is to run the Office Diagnostics, with the hope it finds the problem and fixes it automatically. In Outlook this is easily achieved by:

Help -> Office Diagnostics

In the early days of this problem people thought the performance degradation was down to Microsoft’s implementation of the AUTH command, which seems to be missing a parameter. This omission by Microsoft is specified in RFC 1734.

Our own investigation, along with the assistance of people like Steve Foster (a Microsoft MVP), reveal this isn’t part of the performance problems as it doesn’t slow down the receiving of emails at all. We enabled logging to see what was going on with the server and it may also be worth your while putting Outlook into logging mode and inspecting if the delay is down to the server communication or whether it is down to Outlook’s processing of the email once it is received. It is easy to do this, within Outlook:

Options -> Other -> Advanced Options -> Enable logging (troubleshooting) - tick it

Accept everything to get back to Outlook’s normal windows then close down Outlook and restart. All your email send/receive sessions will be logged in a file located on your main Windows drive, which if it was the C drive would look like this:

C:\Documents and Settings\user name\Local Settings\Temp\Opmlog.log

Our typical log is shown below. The time it takes to connect, download and disconnect should be about the same time as you observe physically.

2007.02.17 11:39:40 POP3 (myserver.com): Port: 995, Secure: SSL, SPA: no
2007.02.17 11:39:40 POP3 (myserver.com): Finding host
2007.02.17 11:39:40 POP3 (myserver.com): Connecting to host
2007.02.17 11:39:40 POP3 (myserver.com): Securing connection
2007.02.17 11:39:40 POP3 (myserver.com): Connected to host
2007.02.17 11:39:40 POP3 (myserver.com): +OK Hello there.
2007.02.17 11:39:40 POP3 (myserver.com): Authorizing to server
2007.02.17 11:39:40 POP3 (myserver.com): [tx] AUTH
2007.02.17 11:39:40 POP3 (myserver.com): -ERR Invalid command.
2007.02.17 11:39:40 POP3 (myserver.com): [tx] USER me@myemailaddress.com
2007.02.17 11:39:40 POP3 (myserver.com): +OK Password required.
2007.02.17 11:39:40 POP3 (myserver.com): [tx] PASS *****
2007.02.17 11:39:40 POP3 (myserver.com): +OK logged in.
2007.02.17 11:39:40 POP3 (myserver.com): Authorized to host
2007.02.17 11:39:40 POP3 (myserver.com): Connected to host
2007.02.17 11:39:40 POP3 (myserver.com): [tx] STAT
2007.02.17 11:39:40 POP3 (myserver.com): +OK 0 0
2007.02.17 11:39:40 POP3 (myserver.com): ==== Comparing server and local blobs ====
2007.02.17 11:39:40 POP3 (myserver.com): ==========================================
2007.02.17 11:39:40 POP3 (myserver.com): Do deletions: LoS: no
2007.02.17 11:39:40 POP3 (myserver.com): ========= No blob changes =========
2007.02.17 11:39:40 POP3 (myserver.com): ===================================
2007.02.17 11:39:40 POP3 (myserver.com): Disconnecting from host
2007.02.17 11:39:40 POP3 (myserver.com): [tx] QUIT
2007.02.17 11:39:40 POP3 (myserver.com): +OK Bye-bye.
2007.02.17 11:39:40 POP3 (myserver.com): Disconnected from host
2007.02.17 11:39:40 POP3 (myserver.com): ========= No blob changes =========
2007.02.17 11:39:40 POP3 (myserver.com): ===================================
2007.02.17 11:39:40 POP3 (myserver.com): End execution
2007.02.17 11:39:40 Email Account Name: ReportStatus: RSF_COMPLETED, hr = 0×00000000
2007.02.17 11:39:40 Email Account Name: Synch operation completed

Untick the Enable Logging option, exit Outlook and restart to disable logging to the file.

The incorrect usage of the AUTH command has been raised with Microsoft by us. Hopefully we’ll see this syntax error being fixed in a future update / service pack.

It can be seen the whole receive cycle took less than a second, but it took another 30 seconds for the email to come into the inbox. All during this time, the hard drive light was on solidly indicating sustained disk access. Now that is a big clue to the real root cause of the problem.

More recently people have been starting to look towards the size of PST files, which are the files used to store the data and emails within Outlook. Undoubtably, the size of PST files are now affecting Outlook performance when using Outlook 2007. Microsoft have released a knowledge base article on this topic:

You may experience performance problems when you are working with items in a large .pst file or in a large .ost file in Outlook 2007

We tried splitting our 900MB PST main file into multiple smaller ones, with the biggest PST now being about 600MB, but this didn’t fix the performance issues. A small improvement was noticed but it was still taking an eternity for emails to reach the inbox.

When performing the PST management / cleanup, it is important to reduce your file size as much as possible by moving emails/folders to other PSTs, deleting whatever you don’t need and emptying the deleted items folder before compacting the older (fatter) PST files. Compacting is essential as it reclaims the free space, although it may take some time on large PST files:

File->Data File Management -> (select a PST data file) -> Settings -> Compact Now

Leo Notenboom has an excellent article on reducing the size of your PST files and performing the clean-up afterwards. He explains everything you need to know to perform this stage of the fixing attempt.

Likewise, the following suggestions were made as potential fixes by various people in the Microsoft Outlook Discussion Forum:

1. Create a new mail profile

2. Turn off various “Options” to improve performance - see below

3. Disabling plugins

4. Disable RSS sync feed - we use a separate RSS aggregator anyway

None of those fixes affected the poor performance for us.

We also uninstalled the recently installed Windows Desktop Search 3. It got installed during the set-up of Outlook 2007. It seemed to make a small different to the performance.

Still experiencing problems with Outlook 2007 we tried restarting Outlook in safe mode:

Start -> Run -> outlook /safe

Our Outlook ran much better when in safe mode! This usually indicates a configuration data corruption problem or a misbehaving add-in/plugin. In our case, it looks like a big part of the problem can be put down to file corruption when upgrading from Office (Outlook) 2003 to Office (Outlook) 2007.

Shane Keller has offered the following general solution on the Microsoft Outlook Discussion forum, which has been refined through feedback by other users as they implement it:

STEP 1: Turn off Outlook 2007 and locate each of these files in turn and rename as indicated.

For some reason, during the upgrade these four files can become corrupted - the migration from 2003 to 2007 isn’t the smoothest but not having to create all your POP3 accounts again is excellent.

1. extend.dat - you will find this file in the location | Drive Letter:\Documents and Settings\user-directory\Local Settings\Application Data\Microsoft\Outlook\extend.dat
//change it to extend.old

A user has reported that this file was the only thing that he needed to rename, so at this point try restarting Outlook normally and see if it has improved. If no difference has been made then rename the new version of the extend.dat as extend.old2 and continue on with the remaining files.

2. views.dat - may not find it most of the time

3. frmcache.dat - Drive Letter:\Documents and Settings\user-directory\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT
//change it to FRMCACHE.old

4. outcmd.dat - C:\Documents and Settings\user-directory\Application Data\Microsoft\Outlook\outcmd.dat
//change it to OUTCMD.old

STEP 2: Restart Outlook 2007

1. Send yourself some test emails and watch the messages appear.

This made a big performance improvement to our version of Outlook 2007.

To summarise, during the fault diagnosis of Outlook 2007 we did the following:

- Created a new mail profile
- Recreated the account settings
- Imported old PST
- Created new PSTs (x5) and sorted email from the main PST into those
- Compacted the main PST
- Removed the old profile
- Uninstalled Windows Desktop Search 3
- Disabled plugins
- Turned off various options
- Renamed the Outlook configuration files outlined above

Knowing what we know now, our recommendation is to try safe mode as one of the first things in faulty finding Outlook problems. It could save you so much time and effort.

After getting Outlook 2007 working, Windows Desktop Search 3 has now been reinstalled to evaluate the overall impact on the performance issues. Initial impressions are favourable, with no noticeable impact by reinstalling and using Windows Desktop Search. It was later uninstalled again due to the system running poorly. Windows XP certainly runs smoother when Windows Desktop Search 3 is uninstalled.

It is also worth pointing out that Business Contact Manager was never installed at any time! Perhaps this is something else that needs further exploration by those still having performance issues with Outlook 2007.

Mike Bisson has posted a comment on Tim Anderson’s blog that offers a fix for Outlook 2007 performance issues when running on Vista:

Go to Programs -> Accessories and right click on command prompt and select “run as administrator”

Then type in the following:
netsh interface tcp set global autotuninglevel=disable

Quarrel commented on a problem with Outlook rules and offered a fix involving upgrading the rules to work in the new Outlook 2007 format.

“Discovered that in Tools->Rules&Alerts->Options there is an “Upgrade Rules” option (I’d upgraded my 8Gb pst from 2003).

Upgrading my rules took about 1 second and FIXED my problems. (I had about 100 local rules)”

To summarise a further Vista issue that was pointed out by Marc, it is possible for legacy network hardware to cause issues with receiving of emails. Further, it is worth pointing out that both Vista and Longhorn Server have a new network TCPIP stack which will undoubtably break some existing network devices. Vendors are releasing new firmware and drivers to account for this redesigned network stack, hence it will be worth checking for updates for your network hardware.

Rob March commented on the nature of the steps he took to get things fixed and added another option to our list of things worth trying:

“I also did a SCANOST and SCANPST on the data files that makeup my mailbox which seemed to help too.”

Further issues and fixes with Outlook 2007 can be found HERE.

Note that Office 2007 Service Pack 1 is now available and it fixes a load of bugs and performance issues. Doesn’t make Outlook perfect by any means, but it does make enough of a difference to make it an immediate recommendation.

More solutions to the performance issues to follow as we get them. We will also be editing this posting to reflect new information and to improve suggestions for diagnosing and fixing Outlook 2007 POP email issues.

Technorati Tags: bug, error dialog, fix, IT, Microsoft, Microsoft Office, Outlook, performance problems

How do you know when you’re spending too much time using computers?

Perhaps this video will act as a warning:

Technorati Tags: addiction, amusing, computers, joke, YouTube

It doesn’t seem like three months ago that John A Thomson of Roundtrip Solutions met Ed Gibson at DDD3. Now is your chance to be impressed and captivated by Ed.

Ed “The FED” Gibson, Chief Security Advisor of Microsoft UK, is coming up to Edinburgh on the 2nd of November as a keynote speaker at an extra special security event. He will be discussing cyber security and organised crime online.

Duncan Harris, Senior Director of Oracle will also be presenting a session with a different slant during the afternoon.

Both of these experts will then host a Q&A session where people will have the opportunity to grill them on any aspect of IT security!

Register today or miss out as places are going fast!

Contact John A Thomson if you need any further details.

This event is brought to you by NxtGenUG and Scottish Developers.

Microsoft have released Visual Studio 2003 SP1 to developers this week. It contains 400+ bug fixes, security enhancements and new features.

Expect to hear about VS2005 SP1 very soon!

Scottish Developers has just published a book review by John A Thomson of Roundtrip Solutions. The book being reviewed is Design for Community.

Design for Community Book Review

You need to be logged in to access this section of the web community.