Dana Blankenhorn has been a business journalist for over 25 years and has covered the online world professionally since 1985. He founded the "Interactive Age Daily" for CMP Media, and has written for the Chicago Tribune, Advertising Age, and dozens of other publications over the years.
About this Site
Moore’s Law defines the history of technology. It held that the number of circuits etched on a given piece of silicon could double every 18 months as far as its author, Intel co-founder Gordon Moore, could see. Moore’s Law has spawned constant revolutions since then, not just in computing but in communications, in science, in a host of areas. Moore’s Law applies to radios, and to optical fiber, but there are some areas where it doesn’t apply. In this blog we’ll take a daily look at new implications of Moore’s Law in real time, as it rolls forward to create our future.
(That's actress Charlize Theron, but she's very small, hard to recognize. That's deliberate, as you'll see.)
In the wake of a scandal over the fact its Chinese affiliate cooperated with authorities to silence dissidents, the story Americans were told by Yahoo today was that it will do everything it can to fight Web censorship.
That’s not the way the story was carried in China. An American correspondent to Dave Farber’s list wrote:
“In my Beijing hotel room this morning CNN aired a piece about Yahoo calling for search engines to cooperate to deal with China's ‘search engine rules.’”
As the TV correspondent was about to say the word censorship, this writer added, the sound went blank, so it might have appeared to Chinese that Yahoo was, in fact, continuing to cooperate with its government. The Farber correspondent used asterisks in writing the word censorship, in order, he said, to get it past possible Chinese censorship. It got through.
The use of asterisks, of inference, of badda-boom badda-bing, in discussing subjects like freedom in China is widespread. It’s titillating – as sex was in America under the Hays Office. The level of sex in America didn’t decline under the code, but many Americans who were alive then say it was enjoyed more than it is in today’s era of free Web porn.
Could this be true for freedom as well? Chinese people share the government’s fear of anarchy. Americans, fortunately, have not faced the prospect in centuries, and this generation firmly shied away from it in the 1960s. We still prefer Nixon to Woodstock.
Should the Chinese be any different? Must they be?
If you want to launch a lynch mob against the "Chinese Communists," I'll probably be there with a pitchfork. I'm an American who believes in ordered liberty, after all.
Of course, when Congress tried to get the leaders of the search engine business to launch such a party today there were no takers.
All the major search engines are now in China, and all censor the results they deliver from their Chinese servers. (Outside China they all operate differently.) Thus China's "great firewall" seems, from the outside, to be effective in keeping citizens there from knowing anything about political issues other than what the government chooses to let them know.
All true. But something else is happening.
China is rationing liberty for its own survival.
China has nearly 1.5 billion people. China has been destroyed, literally destroyed, in ways only Southerners and American Indians can imagine, by politics several times over the last century. First came the democratic revolution against the Emperor, then came the Japanese invasion, then came the Communist Revolution, and finally several renewals of that revolution which left literal starvation in their wake.
Before that, for 2,400 years, China's system of rationed liberty, run by Mandarins, kept the nation fairly stable, at peace, and whole. Since the death of Mao Zedong China has returned to this pre-democratic order. It is run by Mandarins. Except for the facade of Communism it's run a lot like Japan (which retains a facade of democracy).
By that I mean there's an educated elite at the top, and a long series of steps which can lead a Chinese child into that elite:
Rural peasants have almost no freedom, and little contact with the outside world. Government can take their land (and does), natural disasters can wipe them out (and do). A peasant who is fortunate will have relatives in the city, and their knowledge, their freedom, will be limited by what those relatives choose to share.
Urban workers have a little more freedom. They live in cities, where there are many people, and many ideas. But their ambition is channeled totally into earning more money, because with each raise comes a little more liberty. A TV, a refrigerator, eventually (maybe) a computer.
Urban professionals have a little more freedom, but it's limited. They may have phones with data capacity, and they may have broadband Internet service, but what they can do with both is limited. They learn what not to ask, what not to say, and in finding these boundaries begin to test them. Their ambition is for education, which leads to promotion, and for trust, which leads them to become
Chinese travelers have the full Internet. Once a Chinese goes overseas they see it all, the decadence, the rhetoric, the full panoply of what freedom can be, and what freedom can do. By this time, however, they have background, and enter the fire of liberty with eyes wide-open to its dangers. Which may lead them to become
Mandarins. People who have high positions in the government are truly free. Those who are part of the system must know the world, all of it, or they can't function. Their liberty is full, but it is tempered by responsibility, for the ranks below them, and for the nation.
The control over the price of oil is in now in the hands of global guerrillas -- the open source, system disrupting, transnational crime fueled, sons of global fragmentation covered by this author. These actors can now, at will, curtail the supply of oil through low tech attacks on facilities in Iraq, Nigeria, central Asia, and India. The amount of oil effectively under their control exceeds five million barrels a day, more than Saudi Arabia's two million barrels a day of swing production.
What this means, simply, is that alternative energy research is no longer “something nice” to have, or that switching away from fossil fuels should be a goal.
It means that alternative fuels are now vital to our national security. No, let's be blunt. They are our economic security.
The Windows Metafile Format (.WMF) dates from 1990.
Personally, I'd hate to have to take responsibility for what I did back in 1990, but I haven't made $50 billion in the last 15 years so I don't have to.
The WMF format was designed to move graphics among Windows programs, and one of its features was to allow the execution of code within images. I'm calling this a feature because, at the time it was written that's what it was. What we now know is it was also a flaw.
It means that exploit code can be hidden in any Internet graphic, not just those with the .wmf extension. And it will run. It can turn into a keylogger, or a virus, or any other type of malware. And since the relevant code has now gone online, malware authors are hard at work creating exploits, all of which will continue to steal from innocent people until Microsoft finishes testing and distributing its own fix.
This has a lot of people, like the folks at Softprose, very mad at Microsoft. But it's not the code, or the vulnerability, which troubles me. It's the process.
I understand the need to be certain before pushing out a cure that may be worse than the disease. But we're not talking about a flu vaccine here. We're talking about code and a computer feature.
The easy thing to do, as Google software engineer Matt Cutts notes, is to turn off the vulnerable code. "You’ll lose some thumbnail previews and such, but if you want to be safe until a patch is available, click Start->Run and then type “regsvr32 /u shimgvw.dll” to disable the vulnerable DLL."
Of course, this can cause other problems, Cutts admits, but there's a way around those
This has never been true. From the beginnings of the service, in the 1990s, eBay deliberately tried to hold its security expenses to a minimum.
First, "the community": was to be relied upon. Then you were told, it's your risk. The eBay financial system has never been a member of Visa because achieving that level of security would be too expensive. So eBay bought PayPal and tried to turn it into a private bank -- only it lacked banking security.
It is natural to rely on cops in the financial world -- after you have done everything possible to protect yourself. That costs money, and money is something eBay has always been reluctant to spend, at least on computer security.
Now eBay admits that many accounts are being hijacked by crooks, and it acts surprised. Once again, they seem to blame crime victims and "phishing" e-mails when in fact it's their own security (or lack of it) that is at fault.
Successful eBay merchants have been pushing-back on this story, with letters claiming they're happy bunnies, but they're insiders here.
The fact is that eBay has never paid-out what was necessary to assure any level of security. It has pocketed that money as profit, and now it's reaping the whirlwind for that.
The report correctly identifies the biggest problem, user acceptance:
Concerns over privacy and data protection are widespread, particularly as sensors and smart tags can track a user’s movements, habits and preferences on a perpetual basis. Fears related to nanotechnology range from bio medical hazards to robotic control.
None of these are unreasonable fears. Addressing them requires acceptance of some very new, and important societal values:
Privacy
Personal control of personal data
These must be enforceable to have meaning. The technology and tools for all this have been around for years now, but the business has not gone anywhere because no country on the face of the Earth has yet accepted the fact that it must give up absolute rights to its citizens' data before people can trust the technology enough to use it.
He starts with an analysis of the phishing business from Chris Abad of Cloudmark, which found that its vertical integration is very loose. Instead it consists of specialists in various horizontal skills -- mass e-mail, templates, chat rooms, fences - which individual gangs then put together. Then he notes this is just the way the IED market is run in Iraq.
The result is intense competition at each stage of the supply chain, and incredibly low prices for phishers and terrorists. A terrorist can get an IED to blow up an American convoy for just $50.
The bazaar for such transactions is the key. It's virtual.
Guy Kewney reports that Westchester County in New York is seeking to force all "public" WiFi hotspots to register in the name of security.
The intent is to force those who operate hotspots in coffehouses, etc. to install firewalls. But security is available through just about any router you can name. And what do they mean by firewall? Do they mean preventing any ports from activating other than those the authorities want? No, not now, but it easily could come to that.
The basic rationale leading to the claimed requirement, Kewney writes, is entirely bogus. Apparently someone went "wardriving" and found a bunch of "open" hotspots. Well, just because something is open doesn't mean you can just walk-in (although sometimes it does mean that). My new $80 NetGear wireless router doesn't have a firewall, but it does require the use of a password for access, and thus is "security enabled,." Does that meet the law's requirements?
Instead of attacking Windows, Linux, or the Mac, today's hip, new virus writers are going after the anti-virus programs.
Russian-born Israeli Andrey Bayora has documented how this is done at his company, SecurityElf. He dubs the attack, "The Magic Byte." and the trick is simply to hide from anti-virus scans the type of file you've inserted into the system.
In hexadecimal (which is where all software actually lives, no matter how it's written) all executable, or .EXE programs start with the characters MZ, expressed in hex as 0x4D5A. But many files let the header start anywhere, not just the head, so by just adding a byte in front of that header, or prepending, you're giving an anti-viral scan the equivalent of "go on along, there are no droids here." When in fact there are.
This problem affects just about every anti-viral scanner out there, including the one you're probably using, and definitely including the one I'm using. Bayora took some old, easily-disabled viruses, used this trick on them, and bango - they were invisible (but still active).
Some recent posts at Techdirt have me thinking of some basic questions, about the pace of change and the continuing battle between cops and robbers.
In successive entries, we have dismissal of new anti-crime ideas from the banking industry, copyright cops taking on tricks of online robbers, and the same industry trying to push DRM technology onto analog devices. (I know, the order should be reversed, because the last item was written first, and the first last, but what can you do?)
In many ways robbers have natural advantages over cops in technology crime. Cops have to stop everything. Robbers only have to succeed once. But that's misleading, because once a robber is caught they're "in the system" -- you only have to be caught a few times to have your life ruined.
Robbers can also use many open source advantages, sharing tips freely while cops obsess over secrecy, engaging in innovation while cops have to maintain standards.
These are some of the concepts John Robb deals with in his Global Guerillas blog. How popular must an uprising become before it becomes impossible to take down? Put in terms of more ordinary crime, how many must oppose a law before it becomes virtually unenforceable?
What cops, and civilization, fear more than anything else is that the answer to that question drops as technological sophistication rises. They see civilization as digital, either existing or not existing.
This is the great false assumption of our time. It's false in two ways.
First, technology does increase the need for consensus, rather than narrow majorities, in order to hold society together, because the percentage of "objectors" needed to threaten society does go down as technological sophistication increases. This is not a bad thing. In fact, consensus is far more stable than democracy. Consensus is what keeps the Internet together.
Second, civilization is analog, not digital. The alternative to the absolute triumph of law and order is not chaos. We're talking about a much more complex structure. A certain amount of chaos must be acceptable in order for progress to continue. Shrinkage is natural. We work to balance shrinkage with costs in all our enforcement efforts. It's the only rational way to go.
We all grow older, even tech executives. And this week, my free weekly newsletter, A-Clue.Com offers some thoughts on that. (Subscribe here.)
Think of it as another product of...the aging process (you should live so long).
Enjoy.
I have been thinking a lot about second acts lately.
Part of it is my work with Voic.Us. I'm having to become a system administrator, at least part-time. I am trying to recruit a staff, some paid and some not. I'm trying to be an executive.
These are roles I never took on before. I wrote about them, I critiqued them, but I never had to play them before. And there are times when they make me tired.
There are other reasons, on my regular tech beat, for me to think of second acts. The great tech companies founded by my generation - Microsoft, Dell, Apple - are all into the second act thing these days. Apple's is highly successful, as Steve Jobs has become a consumer electronics mogul, a content gatekeeper. Microsoft's second act has not been so successful. Bill Gates keeps fiddling with the deck chairs, and in the latest fiddling a guy near my age, Jim Allchin, found himself forced into retirement.
This week's issue of my free weekly newsletter, A-Clue.Com, was closer to the subject of this blog, talking about international economics. (Subscribe here.)
Enjoy.
It's a special responsibility to have a reserve currency. (The picture is of the late John V. Lindsay (1921-2000), Mayor of New York from 1966-1974.)
The honor is not lightly given. History requires liquidity, military power and a reputation for sobriety before it grants the honor. The honor, once lost, can never be reclaimed.
Until the 19th century gold was the world's reserve currency. The British pound became a reserve currency only because it was believed to be tied to gold. Precious metals make good reserves because their supply is fairly fixed. They're difficult to mine and extract. Gold's ability to serve as a reserve currency in this century is being undermined, in part, by new chemical mining techniques which dramatically increase yields.
The American Indians' reserve currency of choice until the 17th century, wampum made from mother-of-pearl, was undermined by the western invention of a machine that let colonists mass produce the stuff.
The lesson is simple. A reserve currency must be supply-constrained. If it can be inflated, if it is over-inflated, it pops and ceases to have value.
The U.S. dollar has been the international reserve currency since 1945. Spending produced liquiity, our armed forces brought us victory, and our central bankers knew to take the punch bowl away when the party got going.
Democrats lost the faith of the world's other central bankers during Vietnam. By spending on both guns and butter we ran what looked like large deficits. The first Nixon budget showed a surplus. Democrats have never recovered that faith. Even the reign of Clinton was accompanied by the conservative Republican Alan Greenspan running our central bank, the Federal Reserve. By the 1990s there was no real alternative to the dollar as a reserve currency.
You've seen it. Two characters are falling through the air, but they are still fighting over which one will hit the gruond first, Galileo be damned.
In the cartoon, one character "wins" (always the protagonist) and the other goes splat.
In real life, it doesn't matter much which one reaches the bottom first. They're both going down.
The U.S. and China are the cartoon characters, the fall is history's greatest ponzi scheme. The U.S. imports goods and exports debt, while China imports debt and exports goods. Both sides pretend to be growing, and that growth is used to prop up corrupt regimes. In fact the U.S. debts can't be paid without destroying the currency, and the Chinese government is still losing the race against its own people.
I reflected on all this today on reading an AP story on China's new "Internet controls." The story stated "The government says there were 74,000 major protests last year nationwide." Most were over corruption, the seizing of private land (Chinese peasants don't like Kelo either), and pollution.
These protests are happening, and growing, despite an increasingly-restrictive Internet censorship regime. But the logic of that regime is self-defeating. You can't control thoughts. You certainly can't both control thought and increase prosperity. Not for long.
In an era where money is magnetic ink, even the rich of New Orleans may not be safe.
A friend forwarded an American Banker feature (all content is behind their firewall, only the headlines are in front) that explains all this.
The story, by Steve Bills, details the problems banks had in the impacted area, and as many as five banks were still out of action as of Tuesday.
Those banks hurt worst were small community banks that did not outsource their financial processing.
Customers of those banks who managed to escape may be unable to get to their money, although they may not all know that because financial networks do have a limited ability to "stand-in" for their absent customers.
This could happen again-and-again, because only 40% of small banks out-source. Would out-sourcing solve the problem? Not necessarily. One of the bigger outsourcers, Fiserv, has operations in New Orleans (fortunately they're based in Wisconsin) and eight employees are still missing.
Given all this there are some basic things that need to be required:
This is how Democrats felt forced to respond, because they'd been stuck into a political wilderness for a generation by Vietnam. They were afraid to equate Iraq with Vietnam, fearing that political wilderness, and its chains, which bound liberalism and the cause of human rights for a generation.
Well, Cindy Sheehan broke through that fear. She lost her son. It transformed her. (It didn't transform her husband , but everyone's journey is different.)
By putting that transformation in our face, and in the face of George W. Bush, Cindy Sheehan is also making a change in us. Damn the past, damn the present, our kids are dying. Scales fall from the eyes.
That's why they're acting as they are toward Sheehan. It's like the crowd in the story, at first. Of course the Emperor's New Clothes are beautiful. You're just a stupid little boy. You just can't see the big picture.
Stupid. Little. Boy.
Stupid Little Boy, says Cindy Sheehan? Look at him, look at the Little Boy. Look at Casey. You call him Stupid, you call me Stupid?
Maybe we were. We were stupid because we believed in you. And look at what it's gotten us. My son is dead! And this is no fairy tale.
As previously noted, I became an un-person last week as the Social Security decided to waste my time over a "mistake" some one made back in 1970. (Image from Mindfully.Org.)
Either my wonderful mother (who still walks among us, to my great joy) failed to check the box indicating I was a citizen on my Social Security application, or some clerk failed to do so when the data was entered because there were separate forms then for citizens and non-citizens.
The clerk who put me through this hell blamed "Homeland Security." But I think he was really responding to the reality of how this number is used.
As I've noted many times before, the Social Security Number is an index term. Everybody has one. Everyone's number is different. By indexing databases based on Social Security Numbers (SSNs), government and businesses alike can make certain there's a one-to-one correspondence between records and people.
Stories like this AP feature don't really address this need, this fact about how data is stored. Without the SSN we'd have to create one. Some companies like Acxiom do just that. Every business and individual in their database has their own unique identifier, created by the company. Which also means that the Acxiom indexing scheme is proprietary. The only way toward a non-proprietary indexing scheme, in other words, is for government to provide one. Which gets us back to the need for an SSN.
The big trend of this decade, in technology, is a move toward openness.
It started with open frequencies like 802.11. It then moved into software, with open source operating systems and applications. Now we have open source business models. The ball keeps rolling along.
Open source has proven superior in all these areas due to simple math. The more people working a problem, the better. No single organization can out-do the multitudes.
But this simple, and rather elegant, fact, is at odds with all political trends.
One of the differences between card processing and many other businesses is that you're totally dependent on a few big players for survival.
Of the three big guns -- Visa, Master Card and American Express -- the first is most important. The bank association's changing requirements are generally a road map for other processors, defining necessary changes under enforced deadlines.
When Visa pulls its business from a processor, even for a little while, it's terribly destructive. When they do it permanently, and publicly, it's time to get out the resumes. When they do it alongside American Express, it's a corporate death penalty.
UPDATE: My saintly wife (that's the original St. Jennifer there to the left) notes the AmEx decision is effective at the end of August. Visa's decision becomes effective at the end of October, so you might call them the "good cop" in all this.
A reporter can make a good living just covering Microsoft.
This is not a good thing.
One fact that attracted me to technology journalism in the first place was its social mobility. I often write about companies I call "Clueless" and find they have disappeared practically before I can get the piece into digital print. Those that are "Clued-in" can also fall quickly, corporate management in this space being much like tightrope walking.
Intense competition makes for rapid evolution. Call this Dana's First Law of Competition. Markets in India and China are intensely competitive. You can't let your guard down for an instant. This is a very good thing.
It's not what human nature wants, of course. As people we want to relax, to enjoy our lives, to set the competition aside sometimes so we can, say, raise our families, get more education, or retire with dignity.
Both Microsoft and the government had opportunities to prevent this, to re-ignite competition. They chose not to take these opportunities.
Bill Gates had one vision for Microsoft, but the company has gone beyond it. He was wise to pass the baton to his majordomo, Steve Ballmer. Ballmer is all sales, all the time, a whirling picture of aggression. (He's also, admittedly, what we call on this blog a Truly Handsome Man (grass don't grow on a busy street) but looks ain't everything.)
It also represented the first time that the blogosphere actually gave better coverage to a major event than any news organization.
UPDATE: Media outlets like the BBC and GMTV are featuring calls for photos and eyewitness accounts as part of their ongoing coverage.
London suffered a decades-long IRA bombing campaign which killed hundreds. It was able to bring many bombers to justice, and discredit their cause in the eyes of their Irish-American sponsors, before finally reaching a political settlement which, while tenuous and setback-filled, is still an ongoing process.
Each time an event like this happens, moreover, we learn more about what citizens can do to cover it, and how media can adapt to citizen journalism.
The picture above, for instance, was taken by commuter Keith Tagg and quickly posted to photo-blogging sites like Picturephone. It's not a great picture, it's certainly not professional, but it does catch the immediacy of an eyewitness. That's probably why the BBC quickly adapted it in its own photo coverage, adding a second photo of commuters moving along the tracks from Alexander Chadwick.
The BBC Online site in general scored high marks for innovation and audience participation, teaching the important lesson that most people don't want to be journalists, but to be heard, and that those who listen will win their loyalty.
David Stephenson, looking to increase his exposure as a security expert, quickly linked to several important documents, including the London Strategic Emergency Plan, which guides the city's response to such events. (Does your city have one? Great follow-up story.) And John Robb offered the real low-down on all this at Global Guerillas.
Prime Minister Tony Blair also needs to be singled out here. He understands that, in a time of crisis like this, the head of government becomes, in essence, a mayor, and needs to act like one. He left the G8 Summit but didn't cancel it, quickly convening a meeting of his emergency committee, dubbed Cobra. (The Brits are much better at naming things than Americans.)
Overall the blogosphere coverage of this act was an Internet year (at least) ahead of what we saw during the winter's tsunami, let alone the Madrid 3-11 blasts of 2003. The fact this happened in London had something to do with it. So did advances in blogging technology.
The question, of course, is what can we learn from this?
It's nice when "real" (paid) market analysts agree with one of your premises. Especially when it's a key premise to you, as Always On is to me. (This is advertised as an Always On Server, from Virtual Access.)
M2M stands for Machine to Machine (ironically this sits right below an item about how poor most tech nicknames are) but we're talking about the same thing, intelligent sensors linked to wireless networks. Programming the sensors to deliver some result, then automating delivery of the result in some way (sending an alarm, telling the user, etc.) is what I mean by an Always-On application.
As I have said here many times the tools are already at hand, and cheap. We're talking here about RFID chips, WiFi and cellular networks, along with standards like Zigbee that let these things run for years on a single battery charge.
There are problems with every application space, however:
The recent theft of 40 million card numbers at CardSystem Solutions is a turning point in the identity theft wars.
Previous thefts involved third parties, insiders or numbers left in bins, things that are easily fixed.
The CardSystems case stands out, first, because it happened at an actual processor and second, because it involved the use of a computer worm.
My wife works at a payment processor in Atlanta (most processors, for some reason, including CardSystems, are based here) that has (knock on wood) not been hit (yet).
update I finally surrendered in this case and renewed my daughter's antiviral, for $55. I would rather have her choose when to make the Linux switch. The anti-viral did, finally, get rid of all the malware, although we lost a second evening to it and she wound up writing her last paper on my own machine.
Actually it had been breaking for some time, I learned. My lovely daughter is a big fan of Fanfiction.Net, a site where kids are allowed to post their own stories based on popular characters. (Think Harry Potter meets the Three Stooges.)
It's a harmless avocation but it comes with a price. Fanfiction is filled, absolutely filled, with spyware and malware. Ad pop-ups were filling her screen, and no matter how many I clicked away (even if the browser was turned off) more appeared. She had been running an anti-spyware program, but it had not been updated. And her anti-viral had just expired.
The solution seemed simple enough. Her anti-spyware program was updated and deployed. But here's a dirty secret of our time. Most adware today is no different from a virus.
All the tricks of the virus creep were deployed to keep crap like eZula infesting my girl's PC. Copies were hidden in memory, in the restore directory, in directories under program files. (None had ever asked permission, nor told her what it would do.)
When I deployed Spybot in normal boot, the spyware was so thick (download this, click here) the program actually stopped -- the pop-ups and demands to download more garbage were a primeval forest. When deployed in "safe mode," there were several "problems" that couldn't be eliminated. Re-boot and start Spybot again? Well, dozens more spy-virii popped up during the re-boot.
This is power politics. China is pushing Japan out of the world power picture, letting Taiwan know that resistance is futile, and successfully challenging America's status as a Great Power. Just 12 years ago we were The Hyperpower. Now we're becoming second rate, losing our status to tyrants.
The reaction in the U.S. to all this has been silence. Deafening silence.
Few U.S. outlets have covered the story. The right-wing Cybercast "News" Service actually offered a balanced perspective. The New York Times offers only a fearful editorial on possible Chinese revaluation of the Yuan -- at another time this would be called appeasement.
The reason for this silence is not subject to dispute.
If your company runs all its Internet traffic through an internal server, and that server runs Microsoft Windows, then you're vulnerable to a new type of hack known as DNS Cache Poisoning. (The illustration here comes from a Brazilian blog, marketinghacker.br.)
The alert went out about a month ago. The idea has been around for a decade, but it's now being adopted by sophisticated criminal gangs.
Here's how it works.
Criminals break into a Windows server caching DNS requests for an Intranet, then insert instructions redirecting users to poisoned pages. The 12-digit IP address chosen by the criminal is thus linked to a chosen Internet address, and requests for Google.Com (for instance) could go to a site that downloads spyware or key-logging software in the background.
I am a supporter of the U.N. I want it to have real power and influence.
This makes me a minority among my countrymen. So be it.
But I found myself troubled in reading this definition of terrorism today from U.N. Secretary-General Kofi Annan:
"any action constitutes terrorism if it is intended to cause death or serious bodily harm to civilians or non-combatants with the purpose of intimidating a population or compelling a government or an international organisation to do or abstain from doing any act".
In effect this prohibits any violent action against any tyrannical government, and puts the U.N. on record supporting that tyranny.
There are more American labels around. Apple. Motorola. Microsoft. The U.S. companies are good at seeing the opportunity and writing software that works.
Our balance of payments is not helped by it.
As Cynthia notes (deep in the article), these boxes are being made in China. (Actually most of them are being made in Taiwan.) Some of the software conceptualizing is being done here, as is the marketing (although I suspect some of that software work was off-loaded to India).
Those failing, flailing Japanese outfits she mentions, meanwhile, are still doing everything in Japan. Or they're doing "too much" in Japan. Except for Sony and Nintendo Japanese companies were never good at anticipating demand. Mitsubishi, Canon, C. Itoh, Ricoh, et al -- they were manufacturing houses. They were China before China was cool.
It's easy for someone to criticize Wind River's strategy as an attempt to maintain proprietary control in a world of open source, but the fact is there are opportunities here for the Always On world that need to be explained, and then seized.
Fact is Wind River's VxWorks is the leading RTOS out there. RTOS stands for Real Time Operating System, folks. An RTOS is used to make a device, not a system. You find RTOS's in things like your stereo, and your TV remote. What the device can do is strictly defined, and strictly limited. Your interaction with the device is also defined and limited.
An RTOS is not a robust, scalable, modular operating system like, say, Linux. And over the last few years, Wind River has been creeping into your world. VxWorks is used in most of your common WiFi gateways. This limits what they can do. They become "point" solutions. You can't run applications directly off a gateway, only off one of the PCs it's attached to.
What does the FBI have in common with Paris Hilton?
They're both making news this week as victims of hackers. (The image is from a conservative humor site. Some of the stuff is pretty good.)
We wrote about Paris earlier this week. (Here's a poem for the occasion. Ahem. I've seen Paris, I've seen France, girl pull on some underpants.)
Now ZDNet reports a new virus comes in the form of an e-mail claiming to be from the FBI. (Not to be undone, Ms. Hilton herself is the subject of a new e-mail virus, called Sober.K.)
As Matt Hines writes, "The mail is disguised as correspondence warning people that their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have 'accessed illegal Web sites.' The e-mails then direct recipients to open the virus-laden attachment to answer a series of questions."
The last time Paris Hilton featured on this beat, she was leading to the rise of BitTorrent, and crying crocodile tears over the interest we had in a sex tape she made with a (presumably ex-) boyfriend.
That's because Paris Hilton is totally innocent this time. As with other Sidekick II users, her data was synced to a T-Mobile Web site, and it was T-Mobile that got hacked.
Now her calendar, phone list, and photos taken with her cameraphone are being spread all over everywhere.
This is very bad for T-Mobile, which is still advertising the Sidekick II as a way to have a private box to store connections to your rich-and-famous friends. (Snoop Dogg is the ad's star, although Paris does appear.) Those ads are still running, but what kind of impact are they making now, as the story of this hack (and how it happened) gains more prominence?
Permanent hardware encryption isn't going to happen. (The image, by the way, is from DBC of Germany, a player in this market game.)
This does not mean we should give up on encryption as protection, or on hardware for encryption. It's just that, just as Moore's Law means today's state-of-the-art PC is tomorrow's door stop, so today's RFID lock could become tomorrow's open door.
Unfortunately this has major implications for the security industry as it is today.
The digirati are in a fury today over claims by an outfit called i-mature which claims to have solved the problem of age verification with a $25 device that checks a finger's bone density to determine just how old you are.
The image, by the way, is from Vanderbilt University, which has no affiliation with either Corante, i-Mature, or this blog. It describes x-rays of a finger taken at different power settings. Go Commodores.
RSA announced "a joint research collaboration" with the company. But there is skepticism over exactly how precisely a bone scan can measure age, and the more people investigate, the more questions they raise.
MCI grossed an estimated $5 million/year violating the law in its home state of Virginia, by knowingly hosting sales of a Russian virus used to turn PCs into spam zombies.
The full story, by Spamhaus' Steve Linford (below) was distributed online today. It charges that MCI knowingly hosts Send-Safe.Com, which sells a spam virus that takes over innocent computers and turns them into spam-sending proxies. Linford tracked Send-Safe to a Russian, Ruslan Ibragimov. Linford estimates MCI earns $5 million/year from its work supporting spammers.
The theft of broadband-connected PCs by viruses, mainly Send Safe and another Russian-made program, Alexey Panov's Direct Mail Sender ("DMS"), is responsible for 90% of the spam coming into AOL and other major ISPs, Linford charged.
Here's the nut graph:
MCI Worldcom not only knows very well they are hosting the Send Safe spam operation, MCI's executives know send-safe.com uses the MCI network to sell and distribute the illegal Send Safe proxy hijacking bulk mailer, yet MCI has been providing service to send-safe.com for more than a year.
The final destruction of e-mail as an Internet service has begun. (This is as serious as Comic Book Guy's heart attack, right.)
Mainline spam software publishers have added a new worm to their product that not only turns PCs into spam zombies, but runs that spam through the zombies' e-mail server. This on top of an "industry" that already costs legitimate businesses $22 billion.
The result is spam that looks like it's coming from a legitimate address, and despite all the warnings most people still don't update their anti-virals so as to prevent this kind of infection.
Has Microsoft, and its ecosystem, built planned obsolescence into PCs so as to force upgrades?
I know this is tinfoil hat territory, but hear me out. (The tinfoil hat on the left is being modeled by Elizabeth Kramer of Pleasantville, NY, daughter of the blogger Kathlyn Kramer.)
In theory the MTBF (Mean Time Before Failure) of all PC hardware extends not years but decades. There is no theoretical reason for an old machine to stop working, and refuse repair.
Yet that's just what is happening here.
It started a year ago. My 6 year old Windows 98 machine started acting up, refusing to boot, and Scandisk just wouldn't complete. A big part of the problem, I concluded, was the Norton security system I had installed.
But PCs were cheap so I changed it out. I got me a new Windows XP set-up for about half the price I'd paid for the original box back in 1998, and felt like I'd gotten off cheap.
Texas Instruments is using only 40-bit cryptography on the RFID chips it sells for car locks, RFID tags, and things like toll booth passes.
What this means, according to students at Johns Hopkins, profiled this week in The New York Times, is that the codes aren't hard to break.
There are caveats. You have to get a few inches from the car you want to steal to get the code. Then you have to spend time breaking the code and making your own key, which only lets you hotwire the vehicle. But the whole thing can be done in an hour, the students said, and the required technology could easily be put into a device the size of an iPod.
The significance of WiFi-cellular roaming lies in Always On applications.
Think about it. Cellular channels are relatively low in bandwidth, WiFi channels are high in bandwidth.
Now, you're wearing an application, like a heart monitor. When you're at home, or in your office, this thing can be generating, and immediately disgorging, tons and tons of data, detailed stuff that may be fun for your doctor to analyze later.
I've been re-reading the last in Harry Turtledove's Worldwar series, called Homeward Bound, and I'm once again struck by the similarities between the U.S. military in Iraq and the Lizards of the story.
The Lizards (not to give the story away) invade Earth i 1942, at the height of World War II. They have the weapons of 2000, Earth has what it had. The overall theme of the piece (which has now run into its seventh 500-page book) is human ingenuity vs. reliance on technology.
I don't know what they're thinking with this latest battle robot. (The picture, which I'm confident betrays no military secrets, is from the BBC.) But I'm pretty certain we're going to have some captured, disabled electronically and then grabbed under covering fire. The wireless link between the operator and the bot is the weak link.
Tegam International, which makes something called Viguard, called Tena a "terrorist" after he published his analysis of their product in March 2002 and a French court is apparently dumb enough to take the claim seriously.
Now, Tena's no angel. Tegam says he was once a virus writer himself, credited with (among other things) Happy99, the first e-mail virus. But, they admit, he went straight and is now on the side of the angels. (This assumes, of course, that there are angels at Harvard.)
UPDATE: Tena writes to say that reports he's a virus writer are false, that they were started by Tegem and picked up by the media without questioning it. "Cite a credible source if you have one," Tena writes. "This article is now on the web for eternity. Please do something about it."
I have no independent source, other than press reports, to indicate Tena has so much as a parking ticket to his name. Absent evidence, I shouldn't spread rumors, so this is being reposted with my apologies.
Panix, a 16-year old ISP in New York, told its users that ownership of the domain was apparently moved to Australia, the DNS records were moved to the United Kingdom, and its e-mail was directed to Canada.
Where's the best place to learn the art of network security?
My guess is it's an online gambling site.
Most such sites are based in either the UK, the Caribbean or Australia. Because of U.S. legal pressure they were already in the forefront of isolating traffic geographically, at the ISP level. Also because of U.S. pressure, they are frequently on their own when it comes to defending their business interests. (UK police, however, are apparently cooperative.)
All this means that, if you're into security, this is an opportunity.
For the last year I've been harping here on the subject of Always On.
The idea is that you have a wireless network based on a scalable, robust operating system that can power real, extensible applications for home automation, security, medical monitoring, home inventory, and more.
As I wrote I often came back to Motorola and its CEO, Ed Zander. They would be the perfect outfit to do this, I wrote.
Little did I know (until now) but they did. A year ago.
It's called the MS1000.
The product was introduced at last year's CES, and re-introduced at various vertical market shows during the year. It's based on Linux, responds to OSGi standards, and creates an 802.11g network on which applications can then be built.
At this year's CES show, Motorola is pushing a home security solution based on the device, with 10 new peripherals like cameras and motion sensors that can be easily set-up with the network in place, along with a service offering called ShellGenie.
Previously the company bought Premise, which has been involved in IP-based home control since 1999, and pushed a version of the same thing called the Media Station for moving entertainment around the home.
What should Motorola do now? Well, the platform is pretty dependent on having a home PC. The MS1000 could use space for slots so needed programs could be added as program modules. They need to look at medical and home inventory markets, not just entertainment and security.
But they've made an excellent start. And from here on out everyone else is playing catch-up.
In our zeal to stamp out bugs that hackers can exploit are we destroying all the features that make software useful? (The picture to the right is of a perfectly harmless computer bug. Learn how to make one from Irenecrafts.)
It's a pop-up hijack, in which a malicious site hijacks, say, a session with your bank or broker. If that bank or broker uses pop-ups, the malicious code may tell you to input account information in the pop-up. Then the hacker goes into your account as you and drains it.
Pretty nasty. But what was nastier, as ZDNet revealed, was the reaction to it.
I first came up with the line above about four years ago, soon after I got my first software firewall, from ZoneAlarm.
Nothing has happened since to change my mind, except to make the call more urgent.
USA Today's test of a half-dozen "honeypot" computers, left unprotected with broadband connections, should be required reeading. It's gone from threat to certainty that your computer will be turned into a spambot zombie if you don't have a firewall.
The situation is so dire I had to change my mind on something.
Intelligence comes from data collection and data analysis. With the Internet creating a gusher of data on everyone and everything, that last is becoming harder. (The Spy vs. Spy game shown is available at Amazon.com.)
For those too innocent or too young to remember, the drummer in the movie "Spinal Tap" was always changing, while the rest of the band stayed the same.
Well, in an Administration noted for its stability, the Bush Administration has finally revealed who holds the drum kit -- it's the chief of cyberspace security.
That's right, kiddies. Ireland has gotten into its second major cyber-scrape, one big enough to use the word "war" in describing. (You will also notice that the ancestral home of my mom's people, the O'Donnells, is not shown on this Irish map from the Goingonvacation site.)
Ireland's first cyber-war came in the late 1990s, when an Irish entrepreneur, Connect-Ireland, won the contract to manage East Timor's registration service. East Timor at that time was trying to break away from Indonesia. So Indonesian hackers engaged in a cyber-war to try and take the Irish site down.
Despite a regulatory regime that is impossible to obey (isolating data traffic that's to be turned into voice on a network with trillions of transactions going through it each second) hardware makers are going ahead with the production of Voice Over IP (VOIP) hardware.
Linksys and Netgear are the latest to say that voice support will become part of their residential gateways Real Soon Now. (For more on VOIP, buy O'Reilly's VOIP book, right.)
In this case, however, the Feds will be glad to know there's actually less here than meets the eye.
On the other hand it is big news. (One more reason to love O'Reilly is at left. They do better parodies of themselves than any rival can.)
At the DefCon show in Las Vegas, a few weeks ago, a speaker from Avaya noted that DNS, the Internet's "white pages," makes it inherently easy to attack. At another conference in the same town a speaker noted that the best tool for hackers is...Google.
My very first editor at Rice, Steve Jackson, took O'Reilly's Clue after graduating. Instead of finishing law school he went to his first love, board games, and started a company to make them.
His first hit was called Ogre. (This image is from Goingfaster.com, a gaming enthusiast and Jackson fan.) At a time when the big cost of producing games was making, and printing, all the cardboard game pieces, Steve cut costs in half by having one player take one piece, the Ogre.
I deliberately waited before writing about the atrocious, god-awful "Councilman" decision, in which a U.S. Appeals Court panel ruled, 2-1, that your e-mail isn't private when it's in transit, on someone else's server.
To arrive at this decision, executive director Marc Rotenberg of the Electronic Privacy Information Center wrote, the court basically had to twist the 1986 Wiretap Act into a pretzel. It's one more example of how important judges are in the American judicial system. (That's Rotenberg, left, as he appeared on the PBS NewsHour in 2000.)
Here's another reason why we need portable, biometric identity.
You may be about to lose your online bank account.
As MSNBC reports, over 2 million Americans have had their online accounts raided in just the last 12 months. Their source is the Gartner Group. (The image is from the El Dorado Savings Bank, with convenient locations throughout the California gold country. Fine, friendly people, too, I'm sure.)
Criminals have begun using keylogger viruses to steal user passwords, phishing e-mails, and special accounts created solely for the purpose of collecting the ill-gotten booty.
Like many people, I need a lot of passwords. Again, like many people, they're not very secure.
The solution, offered in a recent AP story, is a second password, a temporary password, a scratch-off password European banks are resorting to because their customers' accounts are fundamentally insecure. (The illustration is from the AP story, as posted on CNN.Com.)
But what if, instead of a scratch-off card linked to a bad password, you had a Smart card you stuck into your PC, one that contained biometric data, and which would allow you to have just one password?
I'm a big Guy Kewney fan. He knows what he's talking about, and he writes really, really well. (The picture is from his old eWeek column.)
His latest discovery is snarfing. Specifically he's talking about "bluesnarfing," abusing bad Bluetooth stacks to get inside peoples' cell phones.
As Guy notes, this is a problem with a few Bluetooth stacks. Easy to fix with updating, or by using something better. But Guy, naturally, has found an ignorant someone shouting about this as though the sky is falling. And, to make it more fun, it's an authority figure, this time the wondrously-named Sir Archy Kirkwood, president of the House of Commons Commission.
There's an old rule that every reporter knows. Where you stand depends on where you sit.
In other words, you discount what a source says based on what he or she is expected to say.
If a source is a sell-side analyst covering a stock for a broker who makes a market in that stock, and the source says "buy," you discount it. The source is selling stock, not passing information. (I originally wrote this as "buy side" analyst, but Brian wrote to correct me. You're buying, the analyst is selling.)
Well, a brave Slashdot reader apparently went a little further than we recommended. Rather than just looking around for these skimmers and avoiding them, he got his mates together and stole the thing, then took it apart.
We have had a good discussion here on my post about Security and Source so I have decided to re-visit the topic. (The picture, by the way, is taken from this page at Computerworld's Windows Advantage.
PhilipW pointed out the 95-5 rule as it applies to Linux. Nearly all the work on its kernel is done by a handful of people. Given that, he asked, how can it be any more secure than Windows?
That's true, but Linux is better when trouble hits because you don't have to be passive in the face of it. With Windows, all you can do is wait. It's the difference between being able to shop for a mechanic or being totally dependent on dealer service for your car.
There's a new scam going around that can catch you out easily.
It involves two pieces of technology, installed by thieves at an ATM machine. This is already happening in Brazil, and Texas police are now on the look-out for it. (The picture is from Brazil, but if you can't see it just click on the Texas police link -- they have some grainier versions.)
But if that's the case, why isn't Linux, whose source code has always been available, more vulnerable? (The picture, by the way, is from a BBC Q&A on the Microsoft leak.)
The fact that it's not should tell you something about the intersection of politics, creativity, and copyright in our world.
Dana Blankenhorn has been a business journalist for over 25 years and has covered the online world professionally since 1985. He founded the "Interactive Age Daily" for CMP Media, and has written for the Chicago Tribune, Advertising Age, and dozens of other publications over the years.
If you want to launch a lynch mob against the "Chinese Communists," I'll probably be there with a pitchfork. I'm an American who believes in ordered liberty, after all.
The Windows Metafile Format (.WMF) dates from 1990.
The eBay Myth is that you are somehow safe there.
The International Telecommunications Union has released a full report on 
John Robb, at his 
Guy Kewney reports that Westchester County in New York is seeking to force all "public" WiFi hotspots to register
Some recent posts at 
It's a special responsibility to have a reserve currency. (The picture is of the late 
The U.S. and China are in a Bugs Bunny situation.
In an era where money is magnetic ink, even the rich of New Orleans may not be safe. 
As previously noted, I became 
The big trend of this decade, in technology, is a move toward openness.
Let us now praise a famous brand, Visa.
UPDATE: My saintly wife (that's the original 
It's nice when "real" (paid) market analysts agree with one of your premises. Especially when it's a key premise to you, as Always On is to me. (This is advertised as an Always On Server, 
The recent theft of 40 million card numbers at 
"Dad, the Internet's broken again."
On the surface, the 
If your company runs all its Internet traffic through an internal server, and that server runs Microsoft Windows, then you're vulnerable to a new type of hack known as 
I am a supporter of the U.N. I want it to have real power and influence.
What does the FBI have in common with Paris Hilton?
The last time Paris Hilton featured on this beat, she was leading to the rise of BitTorrent, and crying crocodile tears over the interest we had in a sex tape she made with a (presumably ex-) boyfriend.
Word that the SHA-1 encryption scheme 
The 
The final destruction of e-mail as an Internet service 
Has Microsoft, and its ecosystem, built planned obsolescence into PCs so as to force upgrades?
Texas Instruments is using only 40-bit cryptography on the RFID chips it sells for car locks, RFID tags, and things like toll booth passes.
I've been re-reading the last in Harry Turtledove's 
Guillaume Tena of Harvard is 
Panix.Com has apparently had its domain hijacked. 
Where's the best place to learn the art of network security?
For the last year I've been harping here on the subject of Always On.
In our zeal to stamp out bugs that hackers can exploit are we destroying all the features that make software useful? (The picture to the right is of a perfectly harmless computer bug. 
I first came up with the line above about four years ago, soon after I got my first software firewall, from 
Intelligence comes from data collection and data analysis. With the Internet creating a gusher of data on everyone and everything, that last is becoming harder. (The Spy vs. Spy game shown is available at 
For those too innocent or too young to remember, the drummer in the movie "Spinal Tap" was always changing, while the rest of the band stayed the same.
That's right, kiddies. Ireland has gotten into 
This is not news. 
My very first editor at Rice, 
I deliberately waited before writing about the atrocious, god-awful 
Here's another reason why we need portable, biometric identity. 
Like many people, I need a lot of passwords. Again, like many people, they're not very secure.
I'm a big Guy Kewney fan. He knows what he's talking about, and he writes really, really well. (The picture is from his old 
We have had a good discussion here on my post about 
Been to your ATM lately?
