Be on the wave or under it™

The News – 03/15/02

Cleaning Out the Old Links

I’ve got such a collection of interesting and important material that hasn’t found its way into SNS yet that I have to clean house. Here’s the best of what I’ve got.

• Face Recognition Not There Yet: OK, I’ll probably get in trouble again for linking to The Register, but I can’t help it. It’s one of the places on the Net I find unvarnished opinions about technology. This time, they’re on about the “dismal” failure of current face recognition technology. It seems the ACLU has gotten access to system logs created by the face recognition program in use in Tampa, FL (see previous SNS discussions here and here), and what they’ve found is that it doesn’t work all that well. “The earliest logs provided by the department show activity for July 12, 13, 14, and 20, 2001. On those dates, the system operators logged fourteen instances in which the system indicated a possible match. Of the fourteen matches on those four days, all were false alarms,” the ACLU notes. This bodes ill for Minneapolis-based Visionics, the maker of the Tampa system, and other firms like Viisage. And it brings up the question of whether airports should be scrambling to install face recognition systems.
  The Register
  
  
• Space Nukes Back in Vogue: NASA has requested funding for development of a space nuclear reactor in the 2003 budget for the first time in a decade. This doesn’t make me happy, considering that the first US space reactor, launched in 1965, operated for 43 days and remains in orbit, just waiting to rain nuclear material down on us upon its inevitable re-entry.  We spent half a billion dollars on the last space nuke project, a joint NASA-Defense Department effort called SP-100, and have launched around two dozen spacecraft utilizing plutonium-powered electrical generators for missions such as the Cassini probe to Saturn in 1995.
  
  NASA says they need nukes whenever moderate levels of electrical power (tens of kilowatts or more) are required in space over an extended period of time. For background see “Thermionics Quo Vadis?” a new National Research Council report on the status of thermionics, which is an energy conversion technology used in some space reactor designs.  The report provides some general information on space nuclear power.
  Department of Energy
  
  
• Pringles Cans a Security Threat? Oh, good grief! What next? Apparently you can find recipes on the Internet that teach you to make a wireless antenna out of a Pringles can or a cardboard tube. (Big whup!) You can then use it to tap into wireless networks. E-fense Inc. (no it’s not a shady pawnbroker firm!) found 60 wide open access points that allowed them see every computer on the entire network in just the 10 miles between an employee’s house to their office. At the recent CyberCrime Fighter Forum 2002, Arnold Kwong of Extratelligence predicted that, despite a coming improvement over the pitiful Wired Equivalent Privacy (WEP) standard, wireless networks like 802.11b will not be secured without the use of Virtual Private Network (VPN) technology. 
  Denver Post
  
  
• .Net Compiler Security Flaw: OK, first, the way this vulnerability was announced was wrong (even a monopoly can be a victim): Software risk management firm Cigital told The Wall Street Journal of a flaw in Microsoft's latest tools for creating Windows and .Net programs after giving the software giant a little more than 12 hours to respond. Such behavior is self-serving grandstanding, in my opinion.
  
  However, the security vulnerability was apparently pretty serious. The just-released Visual C++.Net and Visual C++ version 7 had a flaw that turned off checking for buffer overflows, one of Net miscreants’ most popular attack strategies. Cigital said that because the compilers were just released, they wanted to warn developers before any code could get released. However, it’s unlikely that any code would have made it into production in less than a day.
  ZDNet
  
  
• The Worm Turns in Napster Case: I guess the beleaguered P2P file-sharing service was due to get a break. Judge Marilyn Hall Patel is allowing Napster to investigate whether the record labels sought to create a monopoly of the digital music market with their MusicNet and Pressplay digital music joint ventures. In a forcefully worded ruling in which she called both sides “dirty”, Patel wrote: “These ventures look bad, smell bad and sound bad. If Napster is correct, these plaintiffs are attempting the near monopolization of the digital distribution market.” That sounds about right to me.
  New York Times (registration required)
  Wired
  
  
• Fiddling with Napster While CDs Burn: This is the type of thing that just had to happen: People are trading Zip files containing entire albums, or even the entire output of an artist, on online trading services such as Audiogalaxy. Searching for “zip” on the service turns up more than 3,000 compressed albums.
  New York Times (registration required)
  
  
• Domain Name Auction: As the result of a suit against Neulevel, the registrar of the new .biz generic Top Level Domain (gTLD), 40,000 coveted domain names such as SHOW.BIZ, INTERNET.BIZ, TICKETS.BIZ and AMERICA.BIZ were auctioned last month. Interestingly, the names of the winners of these four domains are not listed in the registration records yet. (Check out the registration of StratVantage.biz.)
  
  Neulevel was found to be operating an illegal lottery in using their method of allocating domains, and thus had to auction off all domains with at least two applicants. Oddly, I could find no press coverage of this event and only became aware of it through direct mail spam from an outfit called .bizauction. Curious.
  ZDNet
  
  
• Is the Web Ready for 3D? Back when I first got on the Net in 1993, I was excited about its potential for three dimensional, immersive, virtual collaborative environments. At 3CyberConf in Austin, TX in the summer of 1994, Amy Bruckman of MIT reported on MediaMOO, a text-based, networked, virtual reality environment, and I met Mark Pesce, co-creator of Virtual Reality Markup Language. VR seemed almost close enough to touch.
  
  Unfortunately, VR has remained a technology ahead of its time, always just out of reach. Only recently has connectivity and processor power caught up with the demands of this technology. Non-immersive 3D gaming has been a success (Doom, Quake), but using VR to do real work has been elusive.
  
  In what could be a breakthrough for the VR effort, Linden Lab is readying a product called Linden World, an online 3D environment enabled by a technology that the company claims yields a 100-fold improvement in graphics streaming techniques. “With the ability to collaboratively build and modify a 3D environment in real time, users will not simply consume content—they will create it,” the company said at the recent DEMO 2002 conference. Yeah, I’ve heard that before. Nonetheless, immersive environments may finally take off, making telecommuting an even more attractive and feasible alternative to congregating in 100-story towers.
  New York Times (really, I do read other sources!)
  

• Bruce Schneier’s Recommendations: OK, I promised myself I’d lay off Microsoft on the security issue, and here’s the second item in this newsletter about it. Well, it’s only to report the sage advice of renowned security expert Bruce Schneier of Counterpane. Here’s what Bruce thinks the monopoly should do:
  

Office: Macros should not be stored in Office documents. Macros should be stored separately, as templates, which should not be openable as documents. The programs should provide a visual interface that walks the user through what the macros do, and should provide limitations of what macros not signed by a corporate IT department can do.

Internet Explorer: IE should support a complete separation of data and control. Java and JavaScript should be modified so they cannot use external programs in arbitrary ways. ActiveX should eliminate all controls that are marked “safe for scripting.”

E-mail: E-mail applications should not support scripting. (At the very least, they should stop supporting it by default.) E-mail scripts should be attached as a separate MIME attachment. There should be limitations on what macros not signed by a corporate IT department can do.

.NET: .NET should have a clear delineation of what can act and what cannot. The security community has learned a lot about mobile code security from Java. Mobile code is very dangerous, but it's here to stay. For mobile code to survive, it should be redesigned with security as a primary feature.

Implementation of Microsoft SOAP, a protocol running over HTTP precisely so it could bypass firewalls, should be withdrawn.

There. That was constructive, wasn’t it? Microsoft says they’re serious about security, so I can’t imagine why they wouldn’t seriously consider Schneier’s advice.
Crypto-Gram

• EU Plans to Tax Internet Sales: Well, it had to happen: Some jurisdiction was bound to tax Net sales sooner or later. Looks like it's sooner. Last month, the European Union Council of economic and finance ministers approved a European Commission proposal that levies a value-added tax (VAT) on digital products delivered online, including computer games and software, as well as radio or television broadcasting.
  
  What's worse, non-EU companies will have to calculate and collect the tax, making eCommerce suddenly a lot more complicated. US Treasury officials hate the tax and are threatening to take up the matter with the World Trade Organization.
  News.com
  

Briefly Noted

• Shameless Self-Promotion Dept.: Take our survey on corporate policies on home use of network resources.
  
  StratVantage has launched a new service, CTOMentor™, designed to allow Chief Technology Officers and other technical leaders to get rid of the Guilt Stack, that pile of magazines you’ll get around to reading someday.
  
  CTOMentor is a subscription advisory service tailored to customers’ industry and personal information needs. Four times a year CTOMentor provides a four-hour briefing for subscribers and their staffs on the most important emerging technology trends that could affect their businesses. As part of the service, subscribers also get a weekly email newsletter, Just the Right Stuff™, containing links to the Top 10 Must Read articles needed to stay current. These and other CTOMentor services will let you Burn Your Inbox™.
  
  As part of its launch, CTOMentor is offering a two-part white paper on peer-to-peer technology: Peer-to-Peer Computing and Business Networks: More Than Meets the Ear. Part 1, What is P2P?, is available for free on the CTOMentor Web site. Part 2, How Are Businesses Using P2P?, is available for $50.
  CTOMentor

Return to Mike’s Take