StratVantage Consulting, LLC — Mike’s Take on the News 09/04/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 09/04/01

Clipped from: http://www.stratvantage.com/news/091001.htm

The News – 09/10/01

In this Issue:

The Right to Privacy?

Recently, in a discussion group I participate in, someone asked, “What happened to our right to privacy?” He was appalled at a recent judicial decision that, he claimed, stated “that phone calls you place and take in your own home cannot be considered private.

While I certainly agree with the sentiment, I must point out that there’s nothing in the Constitution that guarantees privacy. The 4th Amendment guarantees citizens’ security of “persons, houses, papers, and effects, against unreasonable searches and seizures,” but doesn’t guarantee privacy. In fact, the word doesn’t appear anywhere in the Constitution or the amendments.

There are some laws on the books regarding privacy, however, but most only concern the federal government. In 1998 the White House issued a memorandum on Privacy and Personal Information in Federal Records, saying: “Privacy is a cherished American value, closely linked to our concepts of personal freedom and well-being. At the same time, fundamental principles such as those underlying the First Amendment, perhaps the most important hallmark of American democracy, protect the free flow of information in our society.” The memorandum directs Federal agency heads to “assure that their use of new information technologies sustain, and do not erode, the protections provided in all statutes relating to agency use, collection, and disclosure of personal information,” and that they follow the Privacy Act of 1974. One wonders why it was necessary to direct government agencies to obey the law!

There is one bill, the Gramm-Leach-Bliley Act , enacted in late 1999 with a compliance date of July of this year, that does regulate what financial institutions can do with non-public information about you. It’s because of this law that you’ve been receiving the privacy policies of the various financial institutions in your life. These institutions must, “Provide an opt-out notice, with the initial notice or separately, prior to a financial institution sharing nonpublic personal information with nonaffiliated third parties.” So now’s your chance to opt out.

Also this year, the privacy provisions of the Health Insurance Portability and Accountability Act of 1996 became effective, with a compliance date of April 14, 2003. The original 1996 law gave Congress until August 21, 1999, to pass comprehensive health privacy legislation. When Congress did not enact such legislation after three years, the law required the Department of Health and Human Services (HHS) to craft such protections by regulation. The regulations basically protect your health information from being disclosed without your consent. However, since medical establishments share information all the time in the process of caring for you, this gets a bit sticky. The rules are expected to cost $17.6 billion over 10 years to implement, while generating significant offsetting savings.

Despite some recent advances, and despite the cherished nature of privacy, there are few rules is binding on non-financial or non-health institutions. Private citizens really have no right to privacy in other arenas. Sure there’s a lot of talk about privacy, and about the EU privacy rules, but, as you can see from Congress’ HIPAA foot dragging, our government really has little interest in proactively enacting laws to protect our privacy from non-governmental entities. The FTC has created the elements of fair information practices (notice, choice, access, security, and contact), but there’s no enforcement mechanism. There’s a lot of interest in trading in online information (failed dot-coms trying to sell client lists), but these challenges tend to stand on the concept of the contractual nature of a site’s voluntary privacy policy.

Sun CEO Scott McNealy said a couple of years ago, “You have no privacy. Get over it.” Is this our fate? Must we stand by while private companies amass tremendous databases of information (don’t get me started on Microsoft’s Passport!) on us? Or should we make our elected representatives aware that we’d just as soon keep our private matters private? Will it take being turned down for a job because you have a genetic predisposition to cancer to bring the point home? And while we’re at it, as marketers, what is our responsibility to refrain from infringing on privacy? We need answers to these questions soon, IMHO. I’m interested in your thoughts on these matters. Send them in and I’ll publish them in a future SNS.

Privacy Backgrounder

Briefly Noted

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 09/04/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 09/04/01

Clipped from: http://www.stratvantage.com/news/090401.htm

The News – 09/04/01

In this Issue:

Cybersquatting Is Legal – For Some

There’s nothing like a monopoly. You get to make your own rules and wield power however you want. So I guess it’s not surprising that, when ICANN gave monopolies to the registrars for the seven new top level domains (.biz, .name, .pro, .museum, .info, .aero, and .coop), there’d be opportunities for abuse. Turns out abuse is practically mandated in the new domain operators’ contracts, which entitles them to register up to 10,000 domains for themselves before allowing anyone else access. This means that 10,000 of the most valuable, juiciest domain names are likely to not be available to all comers. Names like business.biz, museum.museum and the like could be controlled by the domain registrar, who could auction them to the highest bidders. Afilias, a consortium of 18 companies and domain registrar for the .info domain, has registered search.info, for example. ICANN argues that a registry operator will need a wide range of addresses on that registry in order to work effectively. Here’s a list of names reserved by NeuLevel, the administrator of the .biz gTLD (generic Top Level Domain).

As if that’s not bad enough, other registrants have taken many desirable domain names in the early registration period, which is supposed to be available only to trademark owners. So if you had your heart set on getting sports.info, computer.info, bank.info, or finance.info, you can forget it. All have been snapped up by registrants who did not hold legitimate trademarks. Afilias says they’ll take action in December, after their review of the early registration period ends. One study found that of 11,000 .info registrations, between 15 and 25 percent were bogus. My personal favorite bogus registration was for bible.info, which claimed its trademark number was “1”. Not according to the USPTO, it’s not. With all this potential cybersquatting, Afilias has its work cut out for it if it hopes to clear it all up by yearend.

Domain registrar NeuLevel, which was awarded the .biz monopoly, has been accused by Amazon of running an illegal lottery, and has filed suit to defend itself. At issue is the pre-registration period NeuLevel established in which applicants pay a small fee to reserve the rights to a name. On September 17, the company will randomly award contested names. I don’t know about you, but that sounds an awful lot like a lottery to me. However, I don’t really know how else a registrar can resolve multiple claims for a single name, unless there’s trademark or other intellectual property rights at stake (like in cocacola.biz). Amazon supposedly has said in a letter to the company, “NeuLevel is deriving enhanced revenues by selling chances to register or to challenge registration of domain names that incorporate famous trademarks such as AMAZON.COM.” NeuLevel counters with a reasonable-sounding point: other firms, such as Amazon Imaging Inc., might reasonably stake a claim to the address www.amazon.biz. “Because amazon.com and amazon.biz exist in different top-level domains, they resolve to different and unique Internet addresses and thus can function and coexist without collision,” the suit says. Where’s Solomon when we need him?

The bottom line on all of this is, as I’ve said before , the new domain names will not provide any relief to the overcrowding of the .com top level domain. In a random check of .info registrations, the usual suspects held the domains coke.info, pepsi.info, nike.info, and nbc.info. How exactly is this better? If Amazon is insisting on getting Amazon.biz, even though they are by far not the only Amazon in the world, what can we expect of names like “Excel,” which are applied to various businesses in various industries. Trademark law allows this because a trademark only applies to a class of trade. The new gTLDs are not industry-specific, and so chaos will again reign, and the big companies will scoop up all the good names.

That being said, businesses need to evaluate the need for representation in the new gTLDs. Do you want your competition to register your name? Most businesses have no choice other than registering in all the gTLDs possible. It’s a shame ICANN has not come up with a better solution. Heck, at this point, we may not ever see a better solution.

IT Analysis

Briefly Noted

  • Shameless Self-Promotion Dept.: StratVantage’s P2P4B2B – Peer to Peer for Business Directory was featured in the July 16th issue of Network World File Sharing newsletter, along with some nice mentions of white papers I’ve done. Even more impressive is the fact that a search for “StratVantage” on Google now gets you two pages of hits! Hoohoo!
    NWFusion

One very confusing aspect about all the Code Red coverage involves whether or not Microsoft’s Personal Web Server is vulnerable. Microsoft requires you to install PWS when you install FrontPage, their Web authoring tool. Many FrontPage users probably did the install back when they were still learning about the Web and have forgotten that they are running a Web server on their computers. However, neither Microsoft nor CERT nor Information Warfare thinks PWS is vulnerable. Some reports claim PWS is vulnerable to Code Red when run on Windows NT or 2000, but Information Warfare says it doesn’t even run on 2000, and indeed I couldn’t install it on my Windows 2000 machine. PWS does run on Windows NT Workstation, according to the site. Whatever the real deal is, it just may be possible that some of these attacks are coming from people who do not know they are running PWS or Internet Information Server (IIS). However, your machine is not vulnerable unless you are running Windows NT or 2000.

Regardless of the possible Code Red vulnerability, you should probably not be unintentionally running a Web server, as they can expose you to threats without your knowledge. You can check to see if PWS or IIS is running on your machine. One easy way is to see if you have either of the following directories: C:/Webshare/Wwwroot or C:/InetPub/Wwwroot. These are the default root directories of various versions of PWS and IIS. Another way is to go to Control Panel and see if you have a Personal Web Server icon. If you are running PWS, I recommend uninstalling it just to be safe. If you are running IIS, a patch is available on Microsoft’s Code Red page . By the way, it is important to note that the Microsoft patch that fixes the vulnerability only prevents future infections. If you are infected, you need to remove the file /inetpub/scripts/root.exe in order to disable the backdoor installed by Code Red.

Finally, system administrators can get a scanning tool to identify vulnerable computers from eEye . And Microsoft has released Personal Security Advisor , which takes a look at your NT or 2000 system and finds common misconfiguration problems.
FightBack Script

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/29/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/29/01

Clipped from: http://www.stratvantage.com/news/082901.htm

The News – 08/24/01

Wi-Fi Gaining Momentum

I begin this article with my new favorite quote: “Technology itself, you see, has no clue whether we are in a bull or bear market. It just marches ahead. Chips get cheaper, bandwidth gets more abundant, and new, fun things, not previously imaginable, become real.” That’s Andy Kessler, a partner in Velocity Capital Management writing in the Wall Street Journal in April. It’s a nice quote, and it is even better for being true, at least to a large degree. Sure the dots went bust and tech stocks are down, but the genie is out of the bottle, the bell can’t be unrung, we’re one minute into a 24 hour poker game, and whatever other cliché you want. Technology marches on because lots of smart people keep coming up with cool stuff, some of which they actually get to sell to us.

Stuff like Wi-Fi™ (AKA 802.11b High Rate wireless networking). Kessler points out, “A portable phone with 802.11

built in might actually be cheaper than today’s cordless. And cellular companies have also been overpaying for so-called 3G licenses around the world, mainly to keep upstarts without huge sums of capital away from their cozy oligopoly. But 3G’s main improvement over current generation cellular networks is high-speed data access. Who’s gonna pay for that when they can log in over Wi-Fi for free?” (Pretty populist talk for a VC!) He’s referring to the grassroots Wi-Fi networks that have sprung up in San Francisco, Seattle, (close to 100 nodes, see picture), Boston, London and Australia. These networks are run by volunteers who toss an antenna in the attic or hang one out their window, and offer free Internet access at 11Mbps to anyone with a Wi-Fi card in their laptop. It’s the great collective network, and it’s evolving just like the early Internet, when the only things that mattered were rough consensus and working code.

Kessler’s point is that networking like this makes huge telecom companies like Lucent and Sprint and ATT into the buggy whip makers of the new century. You see, the bandwidth that Wi-Fi works over is free and unregulated, unlike the cell phone bandwidth the wireless networks fight over in their multibillion dollar auctions. Sure, there are problems and conflicts and messiness in using unregulated bandwidth, but the devoted enthusiasts of Wi-Fi will keep plugging away until they either produce something everyone wants, or get squashed by an industry-prompted move to take away the spectrum.

Indeed, some of the biggest companies are getting into the act. Microsoft and Starbucks have teamed to offer Wi-Fi connections while you sip your overpriced cuppa. Microsoft and Intel have joined the board of directors at the Wireless Ethernet Compatibility Alliance (WECA), despite their backing of the competing Bluetooth short-range wireless standard. Intel Corp. and Comcast Cable will jointly develop and test a set of home networking products consisting of a new residential broadband gateway, wireless network adapter and Wi-Fi cable modem. Dell and IBM are building Wi-Fi into some of their machines. And Wi-Fi products are being cranked out and networks are being established by all sorts of other vendors, such as Wayport (airports, hotel public areas, and meeting rooms), MobileStar (locations along "travel ribbons" – airports, hotels, restaurants, conference centers and Starbucks locations), Surf and Sip (cafes, hotels, restaurants and other high traffic public establishments), and AirWave (coffee shops, bookstores, restaurants, laundromats, and other shops in the Bay Area).

This all sounds great, and it’s moving a whole lot faster than Bluetooth, its nearest competitor, which is mired in bureaucracy and incompatibilities and possibly doomed by the telecoms’ inability to prevent themselves from tweaking the standard to try to get an edge.

But there’s a real problem with Wi-Fi: It’s horribly insecure. Any half-decent cracker can pluck passwords and MasterCard numbers out of the air with only a little time and effort. This is because the security scheme used in most Wi-Fi applications, Wired Equivalent Privacy (WEP), has been shown to be eminently crackable .

As reported in a previous SNS, according to members of the Zealots mailing list , “several groups of researchers have described a number of ways to bypass [WEP’s] security. After scanning several hundred thousand packets, the attacker can completely recover the secret key and thus decrypt all the ciphertexts.” This technique works even if the standard 128-bit encryption key is increased to 2048 bits. To make matters worse, even script kiddies can use this exploit, thanks to a new program, called AirSnort , that automates the attack process so anyone with a Linux box and a wireless networking card with a Prism2 chipset can exploit WEP’s weakness. This is really bad news, and will put a damper on the proliferation of Wi-Fi networks, at least for business use.

What can be done? Gartner research director for network security John Pescatore said, “Over the long term, we think there’s been enough damage to WEP that it’s toast. . . We’ve been telling our clients, treat the wireless world like you treat the Internet. If you’re going to send data over it, encrypt it, and that means running your own VPN [Virtual Private Network] software on top of a wireless LAN. Firewall yourself off from it. Make sure your access point is on a protected network segment. On a PC with wireless NICs you should be installing personal firewalls on the PCs.

Businesses need to be aware that the latest and greatest networking techniques still need to be examined closely for security flaws. Analysts figure that the problems with Wi-Fi and WEP will be solved by year-end. Until then, make sure any wireless LAN solution also includes a robust security solution in addition to whatever the vendor provides. And, hey, hey, hey . . . let’s be careful out there!

WSJ

Briefly Noted

  • Shameless Self-Promotion Dept.: StratVantage’s P2P4B2B – Peer to Peer for Business Directory was featured in the July 16th issue of Network World File Sharing newsletter, along with some nice mentions of white papers I’ve done. Even more impressive is the fact that a search for “StratVantage” on Google now gets you two pages of hits! Hoohoo!
    NWFusion
  • Smile When You Type That, Pardner! Researchers at the University of California, San Diego have found that by combining three facial expression recognition techniques, they can make a computer as accurate as a human expert in determining the emotions felt by human subjects. Normal folks can discern emotions correctly based on facial expression only 73.7 percent of the time, while human experts and the hybrid computer software can get it right 91 percent of the time. It’s not too late to get rid of that Webcam . . .
    HHMI Bulletin
  • I Knew They Could Vote, But They Can Write, Too! The dead are really getting around. As always, plenty of them voted in the last election; that’s to be expected. But Alert SNS Reader Andrew Hargreave sends us proof that folks can write their elected officials from beyond the grave. Of the more than 400 letters in support of a settlement in the Microsoft antitrust case received by Utah Attorney General Mark Shurtleff, two were signed by dead Utah citizens, one from a city that doesn’t even exist. Microsoft has been accused before of sending bogus letters of support, but the reply from their publicity flack this time is absolutely priceless: “I think that it’s obvious that our competitors have waged a political campaign against Microsoft for a long time now,” said Jim Desler, a Microsoft legal spokesman. “It’s hardly a surprise that organizations and companies would mobilize and counter those efforts.” I think he got that response from page 342 of the Microsoft hymnal.
    NWFusion
  • Beat the Traffic Cameras: As more and more municipalities turn to traffic cameras to help in ticketing red light runners, speeders, and other scofflaws, it was inevitable that someone would develop technology to fight back. Several companies are now selling various transparent license plate covers that prevent cameras from getting a clear image from an angle. Some are specifically designed for overhead cameras, others for roadside cameras. No reports as yet of protectors for roadway-level angles, which you’ll need if lane marker wireless cameras (previously mentioned in SNS and in my talk, The Next Wireless Killer Apps: Will You Have to Have It? ) come to this country.
    PhotoBlock
    PhotoBuster

  • New Wireless SIG: Geneer has created the Midwest Wireless Application Developers Special Interest Group (SIG) a non-commercial group designed to promote discussion of wireless developer tips and tools. The first meeting is Tuesday, Sept. 18, 2001, and features Guest Presenter Rod Massie of Motient Corp., provider of eLinkSM and BlackBerry™ by Motient wireless email services. Rod’s topic is Developers’ Tips & Secrets for Motient’s Terrestrial Network and Motorola’s DataTAC Technology. The free meeting runs from 6:00 PM to 8:30 PM at the Marriott Suites, 8535 W. Higgins Road, Chicago, Illinois.
    SIG Signup

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/24/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/24/01

Clipped from: http://www.stratvantage.com/news/082401.htm

The News – 08/24/01

The Ethics of Defense

Alert SNS Reader Andy Stevko raises some very good questions about a technique some server administrators use to deal with the Code Red and Code Red II worms .

First of all, the Code Red worm, in the news a lot recently, is basically a type of computer virus. Code Red exploits a security hole in Microsoft’s Internet Information Server, which is their Web server that runs on Windows NT or 2000 machines. (A variant also infects Microsoft’s Personal Web Server, which runs on Windows 95, 98, and ME.) The worm has infected hundreds of thousands of Windows servers, and even has attacked DSL routers . If you’ve been experiencing a slowdown in response time on your Internet connection recently, it could be because of this worm and its variants.

Code Red uses a technique, called an exploit, in which it overwhelms a part of the computer’s memory called a buffer. Once in, it copies a program to an area of the Web site and thus allows anyone to execute any command on the computer. This is called installing a backdoor, and this is a bad thing.

Another thing Code Red does is to flood the local network with traffic, looking for other vulnerable IIS installations. Once one is found, it repeats its dastardly deed, and so on and so on. The infected computer becomes a drone, with the aim of recruiting more drones to use in its ultimate goal of attacking the White House’s Web servers. Because of the techniques used in this attack, which are similar to a Denial of Service (DoS) attack, even if a target computer has been patched to resist the buffer overrun exploit, it still can end up spending all its time replying to bogus Web page requests with “Page Not Found” messages. So even if you’ve been smart, and you’ve protected yourself against Code Red, it can still affect your computer and your network.

Andy reports that an enterprising bunch of server administrators have decided to fight fire with fire. They’ve created a program called a FightBack script that takes advantage of the backdoor installed on infected computers. According to Andy, “The FightBack script reads the IP [network] addresses off the request and triggers another request sent back to the infected server.” This request uses the backdoor to reboot the infected server, without the knowledge or consent of that server’s administrator, who probably doesn’t know he or she is infected. Since the Code Red worm only installs itself in an infected computer’s memory and not on the hard disk, this clears the infection. But it doesn’t remove the backdoor.

In essence, the FightBack script acts as a “good virus.” Andy questions whether there is such a thing:

Worms and Viruses live mainly by exploiting software cracks to ‘own’ someone else’s computer. The most evil ones deliver a nasty payload.

Are there ‘good’ worms and viruses? A good virus could contain a neutral payload or perhaps fix/patch the expoit it used. Would you want one to touch your systems? Nearly every sysadmin says NO!

But DoS attacks provide little defense. They leach CPU and soak up bandwidth. It is very hard to even reset a remote drone.

FightBack servers can be built to control offending hosts. Is the cure any better than the curse? Would you ever admit to owning one?

Good questions, and ones that will be faced more and more often as the antisocial microcephalic morons who write viruses and worms proliferate. Because many exploits and viruses can be built using tools requiring little technical knowledge, more and more bored adolescents are likely to turn from low tech annoyances like T.P.ing your house or ringing the bell and running away to becoming script kiddies and a major threat to the Internet. System administrators may well become more and more desperate and more likely to use questionable defenses in order to keep their networks and servers operational.

In answer to Andy’s question regarding the ethics of FightBack scripts: I am uncomfortable with this approach, but unfortunately, taking the completely ethical approach could yield a disastrous outcome. Your network could crash. Your servers could crash. Your business could go out of business. So, yes, fighting back is an option. However, I think the more ethical way to fight back is to use a script to try to find the email address of the administrators of the offending computer. Then, email them and give them some period of time to rectify the situation. This at least gives them a fighting chance to take care of the problem themselves. If there is no response, and there might not be one in the middle of the night or on holidays, for example, do what you need to do and follow up with an email. And if at all possible, remove the backdoor. I assume this isn’t done in the Code Red case because it is not possible.

What do you think? Is it ever right to make changes on another person’s server? In the absence of other effective defenses, is a FightBack script ethical? Would you want your business’ Web server “repaired” without your consent? Send in your responses, even (especially!) if you’re technologically-challenged, and I’ll print the most interesting ones in future SNSes.

National Infrastructure Protection Center

Briefly Noted

  • Shameless Self-Promotion Dept.: My speech at the Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will You Have to Have It? What You Need to Know About Future Tech and Your Business,” is now available .

    Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .

  • Take Two Cameras and Call Me In the Morning: Alert SNS Reader Roger Hamm sends along a pointer to this innovation that many of us superannuated geezers will appreciate. Instead of having to swallow a pole for an upper-GI series, you soon may be able to swallow a wireless camera-in-a-capsule to check things out. The FDA has given Given Imaging its approval for use of the camera in upper-GI series. Each pill costs $450, so you’ll want to be real careful where you go, if you know what I mean. The company even has cool videos of the camera in action on its Web site. My first thought was, it’s pretty dark in there, how can it see? Turns out the camera has its own light source. The system comprises the camera, a set of wireless sensors worn around the waist, and a workstation to analyze the results. Now if they can just develop one for the lower-GI . . .
    Given Imaging

  • Passport Correction and Response: Alert SNS Reader Larry Kuhn corrected a couple of inaccuracies in the previous SNS regarding Microsoft’s Passport online credentialing system. He points out that not all cookies are cleartext, a fact I knew but forgot. The cookie used in the Passport scheme to hold your authentication credential is binary, and thus not human-readable. Larry agrees that cookies are easily retrieved from a user’s PC, but points out that “since the Passport service expires authentication keys on a regular interval (not sure what that interval is though... ), a stolen cookie is very soon useless.” This isn’t good enough for me to know that someone can steal my identity, but only for a little while. One bad transaction could ruin a person. In addition, Microsoft leaves it up to the Web site owner to ensure that the authentication cookie is deleted at sign out : “For security reasons, you must delete all Passport-related persistent and session cookies from a member’s computer when the member signs out by clicking the sign-out link or by closing their browser.” Sorry, that makes me nervous.

    Larry also takes issue with the assertion that your Windows XP password and your Passport password will be the same. I have to bow to his superior knowledge on this one, and note that I didn’t make any of this stuff up, but got it from noted security expert Avi Rubin , a researcher at AT&T Labs. Perhaps his information was dated. It is clear that Microsoft requires signing up for a Passport to use many of XP’s services.

    Larry offers some comments on the whole single sign-on and online authentication problem:

Larry Kuhn: “This whole issue is a catch 22 for consumers – from a convenience standpoint, I’d really like to only ever have to identify myself once all day long as I use various computers... (or better yet, have each computer just recognize me, the way my friends do when they meet me on the street) – but in order for that to happen – all these systems need to know me – and if they know me, well – they know me.

SNS: "So you’re saying, basically, Passport is cool, you’re OK with the level of detail Microsoft will be privy to, and the single point of failure problems don’t bother you, yes?"

LK: “Yes, I have the same type of problems with the multiple front door keys for my home that are floating around among my neighbors and relatives. They know all about my new TV when they see the delivery truck, they know all about my vacation when I ask them to let the dog out for a week while I’m gone. It’s a chance I take in exchange for having some options when I get locked out of the house.

“Also, one other point on "who ya going to trust?" – I figure MS has a lot more to lose than some no-name guy (or even the government!) in terms of brand equity if they let my info get stolen or if they use it for illegal or unsavory purposes. Plus, I might eventually need to sue someone for damages; it may as well be someone who can pay. So, there’s actually some value to me in enlisting them in protecting my personal data.

Leaving aside the existential question, “Can we ever truly know anyone?” Larry points out the fundamental difference between online life and offline life: On the Internet, nobody knows you’re a dog. To establish trust offline, you don’t need to know a person’s Social Security Number, mother’s maiden name, address, credit card number, and three references. You meet them, recognize them the next time you meet, work with them, and build trust.

Online is a completely different story. You don’t necessarily recognize a person the second time you meet, and you lack a lot of the information and cues you use to establish trust. Thus, there’s a need for schemes like Passport, or like biometric methods of determining identity via fingerprints or iris scans. But there’s something fundamentally more intrusive about requiring intimate information about my life or my body in order to identify and trust me. I feel it is much easier to abuse our relationship if you have this information than it is if we work together or bank together or worship together in the real world.

As I said last issue, this is obviously a complex issue and one that businesses need to come to grips with if the Internet is going to evolve into the kind of marketplace many eCommerce pundits envision.

  • New Wireless SIG: Geneer has created the Midwest Wireless Application Developers Special Interest Group (SIG) a non-commercial group designed to promote discussion of wireless developer tips and tools. The first meeting is Tuesday, Sept. 18, 2001, and features Guest Presenter Rod Massie of Motient Corp., provider of eLinkSM and BlackBerry™ by Motient wireless email services. Rod’s topic is Developers’ Tips & Secrets for Motient’s Terrestrial Network and Motorola’s DataTAC Technology. The free meeting runs from 6:00 PM to 8:30 PM at the Marriott Suites, 8535 W. Higgins Road, Chicago, Illinois.

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/21/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/21/01

Clipped from: http://www.stratvantage.com/news/082101.htm

The News – 08/21/01

May I See Your Passport, Please?

Regular readers know I am not a fan of Microsoft’s monopoly tactics, although I am a fan of some of their software, and certainly appreciative of their leadership in creating the desktop revolution. But even died-in-the-wool Microsofties should be concerned about Microsoft’s Passport service and the company’s plans to make it ubiquitous.

The idea behind Passport is simple. It’s the idea behind a lot of Microsoft’s software, and it’s at the root of most of Microsoft’s security problems: Convenience. If you’re like me, you’ve created accounts at all sorts of Web sites. There are email accounts, discussion groups, white paper download registrations, eCommerce accounts – you name it. If you’re like most people, you have a problem remembering passwords. In fact, you may use names of family members or pets as your passwords (which is a really bad idea). Chances are, very few of your passwords are secure, meaning a cracker could guess them or use software to discover them quite easily. You may even use the same password for all your accounts (also a really bad idea; for more information on creating secure passwords, check this out).

Microsoft, to their credit, have offered to solve this problem with Passport. But there are some very disturbing aspects to the service. Basically, when you create a Passport account, which you must do, for example, to use MSN Messenger, HotMail, or Microsoft Support, you store lots of personal information on Microsoft’s servers. Already I have a problem with this. We trust all kinds of companies with intimate details of our lives and selves. MasterCard knows a lot about my purchasing habits. ATT knows a lot about my calling habits. Northwest Airlines knows a lot about my traveling habits. Having this sort of information in the hands of commercial interests is a necessary evil. Where the problem comes in is when this information is combined. For example, suppose thieves could access my electric bill, my Northwest account, and my MasterCard account. They could tell when I’m on vacation and come and steal the new TV I just bought. (Notice to thieves: This is a hypothetical scenario; I’m waiting for the HDTVs to come down in price before buying another.)

Using Passport, Microsoft becomes aware of a lot of your personal information as well as a lot of your behavior. The way the service works is, when you visit a site that uses Passport, Microsoft forwards your credentials to that site, and obviously knows what site it is. So if I have a yen for Japanese porno sites, Microsoft knows. If I purchase Viagra online, Microsoft knows. In fact, anything I do online, Microsoft knows. It’s a marketer’s dream, and a law enforcement dream. That’s problem number 1.

Another problem involves the way Passport actually works. There are two main concerning areas:

· First, Passport is being built in to Windows XP, Microsoft’s next operating system. Thus XP users will use the same password to log in to their system each morning as they use with the Passport system. Since people rarely use secure passwords on their personal systems, this is a problem. Also, if crackers compromise the Passport password, which is bad, they also have access to your computer, which is worse.

· Second, and more important, when you visit a Web site that uses Passport, a cookie containing your credential is placed on your hard drive. A cookie is a plain text file that contains information regarding a Web transaction. Cookies are normally used for things like identifying you by name when you return to a site, or saving the status of a transaction so it can be recovered if the connection is broken. By placing the credential in an insecure, easily readable file on your computer, you are left wide open to identity theft. It is quite easy to steal a cookie, and thus quite easy to masquerade as another user.

Finally, Microsoft has a children’s service called Kids’ Passport which many privacy advocates feel collects more information than necessary from this vulnerable group.

The issue is complex, and I encourage you to read the C|Net article linked below and view the video from the article to get up to speed on some of the issues. Businesses especially need to be aware of the possible impact of a Microsoft hegemony on authentication. If their scheme plays out, you may be forced to use them for all Web site authentication simply because they’ve established yet another monopoly. Given Microsoft’s dismal security record, that could be a problem.

C|Net

Briefly Noted

  • Shameless Self-Promotion Dept.: My speech at the Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will You Have to Have It? What You Need to Know About Future Tech and Your Business,” is now available .

    Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .

  • Planet of the Apps: There’s a tremendously funny video you’ll never see on World’s Funniest Videos but which has caused a bit of a stir in software circles. It seems Steve Ballmer, excitable head of the World’s Funniest Monopoly, Microsoft, got a little pumped up at the beginning of his keynote at a recent internal conference. Many wry commentators have suggested his antics confirmed the origin of the human species with the apes. You be the judge.
    Jump Jive and Wail (You’ll need a media player that can handle MPEG files like, say, Apple’s QuickTime)
  • Let Be Be Finale of Seem:You probably never heard of Be, but they created BEOS, a wonderful operating system, and were run by Jean-Louis Gassée of Apple fame. I’m not really sure what Palm’s got in mind here, but the acquisition, for $11 million in stock, sparked this wonderful quote from US Bancorp Piper Jaffray analyst William Crawford: “Where they have to go, Be already is.” Is you is or is you ain’t my OS?
    C|Net
  • Jargon Watch:This is a bit old, but I’ve just run across a new “C-level” title that made me laugh. Back in April, troubled Internet Service Provider (ISP) PSINet, in an effort to show exactly how serious they were about returning to profitability and surviving NASDAQ delisting, appointed Lawrence Hyatt, their chief financial officer, to the newly created position of Chief Restructuring Officer (CRO). Must not have worked. PSINet filed for Chapter 11 protection in early June, and then promptly contributed to a major Internet outage when ISP Cable & Wireless intentionally stopped peering with it. (Peering is the practice of swapping traffic and is part of what makes the Internet work.) When C&W quit peering, every PSINet customer could not longer see sites on C&W networks, and vice versa. Since smaller ISPs buy connectivity from larger ones like C&W and PSINet, this affected whole sections of the country. Nice restructuring, guys! Hyatt has returned to his old title, CFO.
    C|Net
  • Nothing To Disclaim At This Time: The UK site, The Register, which is a bit of a gadfly on the rump of information technology, ran a contest back in May to find the most outrageous disclaimers. You know disclaimers: that bunch of rubbish at the end of a report or a post or an email that intends to absolve the writer of everything short of being born. I particularly like the winner of the Longest Disclaimer competition, which was won easily by investment house UBS Warburg. This 1,081-word nauseous gasser ends with a declaration that truly reflects the uncertainty and even the futility of life: “E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.” So if we gave you a virus, tough bounce. I think I’ve lost the will to go on.
    The Register
  • Things That Make You Go Hmmmm Dept.: In April, Sony released a version of Linux for its PlayStation 2 console. What can they be thinking? PS2 already plays DVDs. Hmmmm. Could it be the uber-consumer-device a-borning? Thanks to Alert SNS Reader Todd Mortenson for the pointer.
    DI Wire

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/17/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/17/01

Clipped from: http://www.stratvantage.com/news/081701.htm

The News – 08/17/01

A POX on P2P

Once again consumers may lead a technology revolution that will advance technology that can be used by business. Many analysts have recognized that peer-to-peer (P2P) computing and wireless technology is a match made in heaven. You’ve got all these devices out there in people’s pockets. What if they could communicate directly with one another? The possibilities are endless. I particularly can’t wait for a wireless application to help me find kindred contacts at business networking meetings and conferences, for example.

Now it’s looking like gaming may be the killer app for wireless P2P. Alert SNS Reader Andrew Hargreave sends along an item on toymaker Hasbro’s efforts to market their new peer-to-peer handheld game, POX. In a twist to the tired cliché, “viral marketing,” Hasbro operatives hit the playgrounds of Chicago asking kids, “Who’s the coolest kid you know?” They then found the cool kids in question, and asked them the same question. They continued in this way until they found a kid who replied, “Me.” (Is it just me, or is this kind of a creepy way to do marketing? Do you want strange adults asking these questions of your kids?)

About 1,600 of these so-called alpha pups were corralled in small groups and given the pitch for the POX game (which Alert SNS Reader Deb Ellsworth says should be referred to as a “game platform.”) Playing POX involves creating alien warriors, called Infectors, to use to fight other players and collect their body parts. The game contains a radio frequency unit that allows players within 30 feet to play, even through walls. Each alpha pup was given 10 of the $25 units to give out to their friends. The characters the players create can be set to do battle automatically with any fellow player who walks by, even while the unit sits in a school locker.

In other infectious news , 10,000 middle-school-aged students in Detroit, Miami, and Union City, New Jersey, are testing a program called "Cooties" on donated and pre-owned Palm PDAs. The University of Michigan’s Center for Highly Interactive Computing developed the classroom learning program, backed by a $16 million Palm and National Science Foundation grant, with the aim of teaching kids about the ways diseases spread. To spread Cooties, teachers beam a fictitious virus to selected Palms. Students break into smaller groups and map how the virus spreads throughout the class. Palm obviously hopes the project will show teachers that teaching using Palms is easier than using personal computers.

In Sweden, Ericsson R520 cell phone owners play the game BotFighters, in which the object is to create a robot and send text attack messages to a central game server and thence to your intended victim. While the game does not use P2P technology, the “bullets” you use have a limited range. You can use the game’s “radar” to determine the location of an opponent and players often pursue each other trying to get into range for a wireless shot. I shudder to think of what real-world methods fanatic players will use to bag their prey. European cell phone carriers need to find some reason to extract extra money from users since many of them paid exorbitant prices for the radio spectrum necessary for the next generation 3G wireless services. BotFighters players pay an extra $5 to $10 a month on top of their cell phone charges for the privilege of playing the game.

There are likely to be many more P2P wireless games in the near future. This past spring Pocit Labs of Sweden released its BlueTalk development kit which enables wireless applications using Bluetooth, the popular short-range wireless standard. This week, Impart Technology released its Java-based Impart Technology SDK, which creates applications that automatically configure ad hoc infrared connections among mobile devices. Most PDAs and some cell phones feature infrared connectors. The company said Bluetooth will be supported by the end of the year.

Despite the fact that businesses are ordinarily not too concerned about games (except when they impair productivity), enterprises should keep an eye on the wireless P2P gaming arena, as it will probably generate several innovations that can be put into practice in business computing. Besides, knowing this stuff helps you look cool (OK, somewhat more cool) to your kids.

New York Times

Briefly Noted

  • Shameless Self-Promotion Dept.: My speech at the Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will You Have to Have It? What You Need to Know About Future Tech and Your Business,” is now available .

    Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .

  • PDF Virus Spreading: One doesn’t often worry about virus infection when opening any of the myriad of Portable Document Format (PDF) files on the Internet. Traditionally, Adobe’s PDF files have been considered benign, much safer, for example, than Microsoft’s Word documents, which can contain nasty viruses. Alert SNS Reader David Dabbs passes along an item concerning a PDF virus called Outlook.pdf. Although the virus is considered experimental and not very deadly, it can presage a new infection type that is likely to now become popular. According to a ComputerWorld article:

In order to spread itself, the virus uses Adobe Acrobat and functions of Microsoft Corp.‘s Outlook that have never been used before. According to both researchers, the worm uses Outlook to send itself hidden in a PDF file. When opened using Acrobat, the file will launch a game that prompts the user to click on the image of a peach. After the user clicks on the image, a Visual Basic script is run and the virus gets activated, they said.

The virus spreads itself using all the addresses from the e-mails in any Outlook folder, not just the program’s Address Book, and it will send itself in a PDF file, and disguising itself by changing the e-mail’s subject, body and attachment lines every time, they said. An image from the game can be seen at HispaSec’s Web site.

Fortunately, you don’t need to worry unless you have the full version of Adobe’s Acrobat. Most people use the Acrobat Reader that allows you to read PDF files. The full $249 Acrobat package lets you create PDF files as well. There’s no telling whether just reading a PDF will ever spread a virus. So be careful out there.
ComputerWorld

  • Another One Bites the Dust: Apparently, the Industry Standard magazine is closing up shop and seeking a buyer. This is a pity, as I rather enjoyed their coverage of eBusiness. The company blames the cost of splitting off from IDG and readying for an IPO. The Web site thestandard.com will continue for the time being, employing the remaining 20 of the 180 workers. Thanks to Alert SNS Reader David Dabbs (in another SNS twofer) for the pointer. Also noted: Beenz follows Flooz into the dumper. Online currency vendor Beenz has declared the end of the Beenz economy as of August 26th. Their demise couldn’t have had anything to do with their stupid name, right?
    C|Net

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — StratVantage News Summary 08/15/01

From Evernote:

StratVantage Consulting, LLC — StratVantage News Summary 08/15/01

Clipped from: http://www.stratvantage.com/news/081501.htm

The News – 08/15/01

Congress Puts the Squeeze On ICANN

Poor Vint Cerf. The guy practically invents the Internet (by inventing the TCP/IP transport it runs on) and this is his reward: to preside over a bureaucracy that should be the most powerful force on the Internet, but which is mired in global politics and has little independent power. Cerf is Chairman of ICANN (The Internet Corporation for Assigned Names and Numbers), the non-profit corporation that is supposed to be the authority on a number of technical workings of the Internet, including the assignment of domain names. Domain names form part of the human-understandable addresses you type into your Web browser. Examples include yahoo.com, aol.com, and StratVantage.com.

Over the last year or so, ICANN has struggled to identify and release what are known as Generic Top Level Domains (gTLDs). The current gTLDs include the popular .com and .net as well as .gov, .edu, and .mil. While it is possible for companies or individuals to make up and register any arbitrary second level domain (the yahoo, aol, or StratVantage portions of a Web site address), ICANN is the only recognized entity that can authorize the creation of new gTLDs, although others have tried (for example, New.net, as previously reported in SNS). ICANN authorized the creation of seven new gTLDs (.biz, .info, .pro, .name, .coop, .aero, .museum) last November. These new gTLDs are in the process of being rolled out now, as previously reported here and here .

ICANN’s major problem is summarized in its backgrounder document:

ICANN has no statutory or other governmental power: its authority is entirely a consequence of voluntary contracts and compliance with its consensus policies by the global Internet community. It has no power to force any individual or entity to do anything; its ‘authority’ is nothing more than the reflection of the willingness of the members of the Internet community to use ICANN as a consensus development vehicle.

While the Internet has always worked on “rough consensus and working code,” the consensus has gotten rougher and harder to obtain since the Internet became commercialized in 1995. The rest of the world has resented the control the US government has had over the Internet, and especially the arbitrary rule of Network Solutions, which used to have the monopoly on assigning domain names until ICANN and the US government opened the task to competition in 1999.

As if dealing with global squabbling over domains wasn’t enough, now ICANN Chairman Vint Cerf has to deal with pressure from Congress which, in its typically clueful way, has decided to hop on the bandwagon by demanding that ICANN add even more gTLDs. The House Energy & Commerce Committee and the Internet Subcommittee sent a joint letter Monday to Commerce Secretary Donald Evans urging him to lean on ICANN to create a .kids domain. Apparently our elected representatives feel if there’s a .kids domain, somehow kids will be safer on the Internet. In order for that to happen, of course, we’d need some kind of oversight organization to approve not only the applicants for these domains, but also all content. Hmmm. Sounds like censorship. But it’s for the kids! Who could complain? Anyway, the oversight organization is not likely to be ICANN, with its 14 staffers and 19 board members (OK, what’s wrong with that picture? More bosses than workers?). Why, this sounds like a job for SuperCongress!

Strangely enough, Congress is missing the point. More gTLDs are not going to solve anything, as I argue in the TrendSpot and a previous SNS. Basically trademark owners will register in every unrestricted gTLD. In addition to coke.com, coke.net, and coke.org, you’ll see coke.biz, coke.info, coke.name, even coke.kids, all owned by the Coca Cola Company. How does this help? Rather than opening up opportunities and widening the name space, the new gTLDs will just increase the number of domains trademark holders will register. While restrictions on some of the gTLDs will help (.pro is only open to accountants, lawyers, and physicians), I think the new system will just foster confusion. I can even see Coke arguing that they should be granted coke.museum because they run a museum of Coca Cola products.

Whatever happens, businesses need to be aware that the opportunities for registering their trademarks in the new gTLDs may be drawing to a close. The sunrise period, the period during which trademark owners can make their case for ownership of a domain name, for the .info domain ends August 27th, for example. If you don’t register your name, what are the chances your competitor or a domain squatter will? So if you’ve got a .com, you need to be acting now to secure your new .biz or .info domain name.

Newsbytes

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. today, Tuesday, August 14th in St. Paul, MN. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.”Also, my white paper, Taking Control of the B2B Exchange: What’s Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four stars. I am honored to share the page with eCommerce expert Mohanbir Sawhney .Plus, I’ve updated my Resources page to include several interesting links to eCommerce, online news, information, and opinion Web sites. These are some of the sources I use to compile SNS. The page is a bit disorganized at the moment, as I’m still adding to it.
    MN Entrepreneurs
  • I’m Getting a Bit Floozy: Flooz (stupid name alert), the online incentives vendor used by firms such as P2P hive computing firm DataSynapse , has ceased operations and is looking for a merger or acquisition. Flooz worked as sort of an online trading stamps (remember S&H Green Stamps or Gold Bond Stamps?) provider. Companies would buy Flooz points and distribute them to users. In DataSynapse’s case, they used Flooz to compensate members who donate computer time to their P2P network. Visits to Flooz’s Web site produce a message that they can’t handle your transaction now, but are working to remedy the situation. In a press release, Flooz said they have suspended operations due to the effect that economic conditions have had on its client base. The statement also said that capital market conditions have proved challenging and that the company is engaged in merger discussions with more than one company.
    Flooz
  • The New Harrow Report: As previously reported here , Jeffrey Harrow has left Compaq and the newsletter he wrote for 15 years, the Rapidly Changing Face of Computing, and struck out on his own. He recently released the inaugural issue of The Harrow Technology Report, which, oddly, looks a whole heck of a lot like the old RCFOC, for which we’re grateful. Harrow promises to broaden the scope of his new newsletter beyond the familiar computing, wireless, nanotechnology, and related emerging technology focus of RCFOC.
    The Harrow Technology Report
  • Access Up In the Air: Also as previously reported in SNS , chances are getting better that your next Internet access provider will service you from at least 50,000 feet straight up. Two more companies are pursuing the goal of delivering access from perpetually flying high altitude aircraft. AeroVironment’s Helios unmanned 254-foot flying wing uses solar panels and a water-based fuel cell to fly at 65,000 feet around the clock. The company recently completed an 18-hour record-setting continuous flight and on Monday, broke the high altitude flight record, crusing at 85,100 feet. The company will offer up to 150Mbps service. Unlike the Helios, which would land every 6 months or so for servicing, Advanced Technology Group’s StratSat blimp will stay aloft at 60,000 feet for up to five years at a time. The Teflon®-coated airship will also use solar power and can carry a payload the equivalent of three 747s.Newhouse News Service
  • E911 To Be Delayed: While we’re at it, another update to a previously-reported story: Verizon and the other major US wireless carriers are warning that they won’t make the October deadline for compliance with the FCC’s E911 initiative. E911 specifies that carriers be able to locate a cell phone making a 911 call to within 167 feet for 67 percent of calls, and 500 feet for 95 percent of calls. The 1997 mandate has already been delayed, but Verizon claims the technology to enable compliance has only just now come on the market. Companies not showing significant progress could be fined. Locating cell phones will open up the possibility of location-based services, as well as location-based advertising. See the TrendSpot for more information.
    New York Times (it’ll cost you)
  • Oh, How the Mighty Have Fallen, Part DXCIII: Web site webmergers.com reports that at least 592 Internet companies have folded since January 2000, 32 in July alone. Well, this is not quite a quit-business failure, more of a bailure: The founder of Buy.com has bought all outstanding shares of the company, which once traded as high as $209, for 16 cents apiece. On a positive note, July’s failures were the lowest since September 2000, and buyers spent more than $3 billion acquiring 99 dot-coms during the month.
    eCommerce Times

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/10/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/10/01

Clipped from: http://www.stratvantage.com/news/081001.htm

The News – 08/10/01

A Grand Conspiracy Theory

Alert SNS Reader David Dabbs sends along a pointer to Robert X. Cringely’s polemic, “The Death of TCP/IP: Why the Age of Internet Innocence is Over.” This was actually one of the top links listed on Blogdex , which was covered in a recent SNS.

Anyway, Cringely blames Microsoft and its “business decision” not to include security in its operating systems or applications for the sorry state of affairs today. Any enterprising moron can create and release a virus based on Microsoft’s Visual Basic and its ever-helpful Outlook email client. Cringely states that the impending Windows XP “is the first home version of Windows to allow complete access to TCP/IP sockets, which can be exploited by viruses to do all sorts of damage. Windows XP uses essentially the same TCP/IP software as Windows 2000, except that XP lacks 2000’s higher-level security features. In order to be backward compatible with applications written for Windows 95, 98, and ME, Windows XP allows any application full access to raw sockets.” If you’re not sure of what raw sockets are, basically what Cringely is saying is that XP is bad because virus writers and crackers will have tremendously more power to wreak havoc.

Cringely doesn’t stop there. He says he’s heard from several sources that Microsoft’s Grand Plan is to make the TCP/IP protocol that runs the Internet unusable so the company can ride to the rescue with its own proprietary protocol. He even postulates that Microsoft would get Congress to mandate the new protocol to solve kiddie porn and other disgusting Net problems. It is a tribute to Microsoft’s already considerable conspiratorial efforts that this “rumor” doesn’t sound implausible. The company is already pushing its Passport technology as the standard for managing users’ personal information on the Internet, for a fee, of course. Hook Passport to a proprietary protocol from Microsoft, and you’ve got a pretty believable scenario for Web hegemony.

Personally, I’m skeptical that Microsoft would be willing to damage the Web in order to gain control over it. I’m much more willing to believe that the addition of raw sockets access without sufficient security is just another blunder by a company that can’t seem to buy a security clue (despite $12 billion a year in research). Nonetheless, I do not doubt that Microsoft will employ its very effective “embrace and extend” technique to try to gain control of the Internet. I fully expect to see some kind of “value-added” proprietary communications protocol come out of the monopoly. But it seems very unlikely that Microsoft would sabotage one of its products to bring about total control of the Net. But that’s just my opinion, and I could be wrong.

PBS

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.

    Also, I’ve re-ranked the trends in the TrendSpot , and added a new one, Remaking the Web.
    MN Entrepreneurs

  • Test Your Security: By now, you might be wondering if you need some protection against viruses, worms, cracker attacks, and all the other baddies on the Internet. A good place to start is Steve Gibson’s Shields Up site, which will analyze the current security of your computer and make recommendations on improving it. One thing everyone should have is a personal firewall such as the free Zone Alarm from Zone Labs. Even if you have a hardware firewall, Zone Alarm can protect you against Trojans, programs that mimic real, useful programs, but do bad things like sending your passwords to an Internet server. BTW, you should always run a firewall when using a dialup connection to the Internet. Once you do, you’ll be surprised at how many times Zone Alarm alerts you to an intrusion attempt it has blocked.
    Zone Alarm
  • Of Patents and Matchmaking: Alert SNS Reader John Gehring had a couple of comments about the previous SNS: “Regarding patents, the plant biotech industry went through the same process. I handled media relations when our competitors issued news releases announcing extremely broad patents. Every time our employees and dealers freaked, and the courts overturned every broad patent in the end.

    ”The P2P dating app reminded me of a bar that I went to in NJ in 1989. In a cruder version of what your source describes, each table had a large number posted, and a phone that you could use to call other tables. No caller ID back then, though.” Sure, there are lower tech versions of the matchmaking app, but one difference could be the amount of control involved. If you go to one of those bars, you’re looking to meet someone. But if you happen to forget to turn off that function on your PDA, or if you can’t turn it off, that could be disoptimal.

  • With This Ring, I Thee Scan: Alert SNS Reader David Dabbs noticed that UPS is implementing what is being called the largest wireless LAN and short-range wireless Bluetooth network. It involves a wireless Bluetooth ring-based scanner that workers throughout its worldwide distribution hubs will use to scan barcodes on packages and transmit the information through a hip-based 802.11b wireless terminal. The brown-suited Lords of the Rings are expected to help the company reap a payoff of $13.7 million per year over a five-year period. After a pilot at their Chicago facility, UPS plans to rollout 50,000 Motorola terminals next year to its 2,000 worldwide distribution centers. This project is especially notable since Bluetooth and 802.11b, which operate on the same unlicensed wireless frequencies, have been known to not get along too well.
    ComputerWorld

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 08/08/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 08/08/01

Clipped from: http://www.stratvantage.com/news/080801.htm

The News – 08/08/01

IBM Legitimizes P2P

IBM is investing $4 billion to build 50 computer server farms around the world to try to turn computing into a utility like electricity or water. Based on the peer-to-peer (P2P) computing concept variously known as grid computing, distributed computing, or hive computing, IBM will allow users to purchase supercomputer-grade computing power that is produced by combining the resources of dozens or hundreds of relatively inexpensive servers. IBM will use an Open Source distributed computing system from Globus , a cooperative effort involving several universities, NASA, and the Argonne National Laboratory.

To say that this validates the hive computing approach is an understatement. There are various dot-com startups trying to develop the hive computing market, including DataSynapse , Parabon , Distributed.net , and United Devices . Many have found it tough sledding. Two of the most publicized early entrants, Popular Power and Process Tree, closed their doors earlier this year. These and other hive computing companies are listed in the P2P for Business Directory .

The target market for hive computing currently includes companies with large computing needs – companies that otherwise would need to buy expensive supercomputer time. These include companies in the life sciences (gene sequencing, protein folding, cancer cures), oil exploration (crunching massive geological databases), meteorology (climate prediction), automotive and aerospace (crash simulation, virtual wind tunnel tests, design rendering), entertainment (animation, special effects), and financial (derivatives pricing) markets. However, if hive computing is legitimized and becomes affordable, the market could open to pretty much any large enterprise and used for such mundane tasks as nightly database updates or payroll processing. There’s more on hive computing in my white paper, The Buzz About Hive Computing .

Of course, there are also many darker applications, such as nuclear weapons design and encryption-breaking. Indeed, any privacy or security scheme that depends on bad guys not having access to tremendous computer resources should be rethought. In fact, an early demonstration of the power of hive computing was the 1997 breaking of RSA’s 56-bit encryption key by a network of thousands of computers linked over the Internet.

Also, not every large computing application will be appropriate for a hive computing solution. Any application requiring real time response or tremendous coordination between resources will not benefit from loosely federated hive clusters due to the amount of network latency (delay from transporting information across the Internet or other network) inherent in such an approach.

What the IBM announcement means is that the idea of computing as a service has really arrived. IBM’s $4 billion investment is one more step toward a future where computing is no longer a place you go (to sit in front of a keyboard and monitor) but rather a service of the environment around you. In this case, supercomputing has become not a tremendously expensive investment in hardware, air conditioning and raised-floor data centers, but something you buy by the piece. Businesses with large investments in computing capacity and any business with CPU-hungry applications should definitely explore this new trend. Even companies without accelerating computing needs should be aware of hive computing. Be on the wave or under it™.

Wall Street Journal (requires subscription)

Briefly Noted

  • Shameless Self-Promotion Dept. Correction: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.

    Also, the P2P for Business Directory has been listed on the University of Tennessee’s P2P Information Page .
    MN Entrepreneurs

  • VenueMaitred Networks People: Alert SNS Reader John Gehring sent along information about a new service that will debut at the Wireless World 2001 trade show in New York in late September. VenueMaitred (stupid name alert: Wouldn’t VenueMaitreD be better?) is a suite of wireless information tools for conference-goers and other travelers. It uses the 802.11b protocol, AKA WiFi™ or WLAN, to connect users to information and services at hotels and conference venues. But of more interest is the possibility of enhancing business networking and even, dare we say it, dating. Cruising a tradeshow and cruising for a simpatico companion are very similar. Both are terribly random, except at least prospects at trade shows have business cards. The chairman of Wireless World 2001 puts it this way: “I could see Hooters or college bars setting up a wireless LAN, or cruise ships. If people had more pocket PCs and every bar has a wireless LAN, you could be walking down the street and you might pass a bar, search the profiles of the people there. You see that there are 30 girls with certain vital statistics, all looking for someone like you. It is amazing, the implications it could have.” There’s no need to point out that Wireless World Chairman Jonathan Sarno is a guy, is there?
    mCommerce Times
  • More Signs the Patent Office Doesn’t Get It: Alert SNS Reader Andrew Hargreave sends along news that antivirus vendor McAfee was recently granted a patent on software as a service. The patent covers both the business and technology models used to deliver software services through a browser. CEO Srivats Sampath gloated, “You either work with us, or you work around this patent.” Here we go again. There have been a number of extremely broad patents granted since the early ‘90s. Quarterdeck’s patent on swapping memory and Compton NewMedia’s patent on multimedia spring to mind. More recently, Amazon got a patent on the idea of clicking once to buy a book. In general, time has cured these incredible goofs by the USPTO. We can only hope it will again.
    InfoWorld
  • Don’t Get Gatored: There’s a new, rather unsavory, ad practice becoming popular on the Web. Named for the software plug-in that started it all, gatoring means to pop up a window from a rival Web site when a user visits a competitive site. For example, users who go to 1-800-Flowers.com see a pop-up ad offering a discount at FTD.com. The culprit is the Gator plug in, which is a password and user ID management program that users download and use with their browsers. Unbeknownst to many of these users, Gator has sold keywords to advertisers and pops up ads when the user visits a related site. But the practice is not limited to Gator. Other companies such as TopText, eZula, and Microsoft all have similar technologies. Microsoft’s version, Smart Tags, was profiled in an earlier SNS. To make matters worse, it can be hard, if not impossible, to remove these obnoxious plug-ins once installed. LavaSoft makes a program called Ad-Aware that can help uproot the little buggers.
    ZDNet

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com . This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/ . Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

Return to Mike’s Take

StratVantage Consulting, LLC — The News – 08/06/01

From Evernote:

StratVantage Consulting, LLC —

The News – 08/06/01

Clipped from: http://www.stratvantage.com/news/080601.htm

The News – 08/06/01

The Cashless Society and Your Privacy

The recent SNS article, Wireless and Cashless , provoked a response from Alert SNS Reader John Skach. During an email exchange, we debated whether the dual technologies of wireless position-sensing (the ability to find you by tracking your cell phone) and cashless transactions (the ability to track your purchase behavior) represent a slippery slope toward Big Brother-ism. I expressed the opinion that I almost preferred the government knowing more about me than corporations, because there’s at least some possibility of controlling what the government does with the information. John begged to differ. The following is an edited version of his response, which brings up some of the issues around our use of these new technologies.

For the commercial side – no I don’t mind. There are strong market forces at work there. First time they screw up and expose me to something insidious, they’re toast and they know it. Despite all the hoopla surrounding online credit card transactions, more fraud occurs from retail personnel lifting numbers and names during physical activity than any bad stuff on the web. Something funny actually happened when someone pointed out that little fact to the credit card agencies: Suddenly the carbons disappeared – almost overnight.

On the other hand . . .

When my ex-wife went thru five years of hell with breast cancer, we didn’t get the genetic test done for a reason. Given her heritage (Ashkenazi Jew), there is a 75% chance she would have tested positive on the BRCA 1 and BRCA 2 [breast cancer gene] tests. However, since we had no idea what that information may do to our daughter’s future insurance eligibility – we didn’t get the test done. Hell, we already knew my ex-wife had cancer. That family history alone at some point in my daughter’s life will give her problems with insurance companies.

The government – now that’s a whole other story. Twenty-dollar bills are popular for a reason. There are pros and cons to all information trading. Gee if I could get rid of my yearly nightmare of tax filing by sharing a tad more information (what exactly remains to be seen), I would most certainly allow that information to be gathered.

Amex is probably on the right track with the one-time credit card numbers but I’m not sure where that goes.

Each day we make little decisions about how much of our privacy to release and how much to hold back. There is a constant trade off of effort and convenience. The price we pay more and more is that little bit of privacy. How do we stay connected and keep it? Use garbage email accounts like Yahoo Mail or Hotmail, or anonymous IP address providers. How much do you want to spend versus what you get? [I particularly like this point. We should all put a value on our personal information and consider giving it up as a form of spending that we watch as closely as any other spending.]

Don’t know that this is all that new a thing actually. The woman I am dating is from a small town outside Peoria. Everyone, and I mean EVERYONE, just knows that she is dating a drug dealer from Chicago who drives a BMW instead of a mild-mannered software engineer with great taste in cars. <wink, wink> How much privacy is there really in a small town where everyone knows everyone’s business anyway? Metropolitan life offered privacy simply through the ability to lose oneself in a crowd. Nowadays though, one of the script kiddies’ favorite things to do is to bang on your next door neighbor’s IP address on the shared broadband connection and see just exactly what is on their hard drive. I used to watch all the attempts on my firewall when I was connected via cable instead of DSL. Was kind of funny. The moral equivalent of school kids peeking in windows to see if it’s true about what they heard about the young school teacher’s evening entertainment.

This reminds me of a similar point about window peeping, made in John Keller’s rant, Big Brother :

The socialist’s dream of constant observation as a means of people control is arriving, albeit 17 years behind Orwellian schedule. Like Will Smith, in “Enemy of the State,” the g-men know where we are, and what we are doing at all times. Well, not at all times, just when we’re in “public”. So far Tampa and Virginia Beach are the only two cities stupid enough to announce what they’re actually doing. No doubt some cities with “traffic cameras” propped up all over the place have designs or have already linked similar software to track specific vehicle or personal movements from camera to camera. All to more safely design highways, and understand traffic patterns, you see. We’re Government, and we want to serve you, our customer! [For a more insidious potential threat, there’s a company building video capabilities into highway lane reflectors. I profiled them in my speech, The Next Wireless Killer Apps: Will You Have to Have It? ]

Finally, people are starting to wake up. The apologists’ argument for this system usually goes along the lines of “If you haven’t done anything wrong, you don’t have any reason to object to it.” Sure. Why don’t we let stalkers and Peeping Toms use the same argument in court? Because it’s an invasion of privacy. The folks in the streets, the ones who know Soviet-style thought control when they see it, understand that this changes the dynamic completely. You aren’t considered innocent until proven guilty under this system. You have no right to privacy, not in public at least, and the government is a master of making the steepest slippery slope arguments look prophetic in hindsight.

A pet peeve of mine is the response I often get when I bring up privacy concerns: “Well, I don’t do anything illegal, so I don’t really care.” What you do is not illegal yet. And I’m sure you never, ever, exceed the speed limit, or take too many items into the express checkout lane at the supermarket. Anyway, John Skach wraps up:

I’m not saying that the loss of privacy is good, merely observing that once again the pendulum swings.

Unfortunately, the pendulum could stay swung, especially if Microsoft’s HailStorm service takes over authentication and user information validation services on the Internet. The service is based on Microsoft’s Passport service, which, by the way, you have to sign up for if you want technical support from the software monopoly. Passport stores information about users—ranging from their address to their credit card numbers to their favorite Web sites—on server farms operated by Microsoft.

So what’s the big deal? Microsoft plans to charge you for access to your own information, that’s what. According to Summit Strategies, “It expects to charge an as-yet-undetermined subscription fee to HailStorm customers and also to charge some usage-based fees—for example, fees for customers that require more than a base-level storage capacity for their Web-based data and documents.” That’s some catch, that Catch-22 . Other problems with the proposed service include the vulnerability of a single location that stores important information to not only typical Web site glitches, but also to hackers.

Regardless of how serious you think the question of privacy is, or how likely a Big Brother scenario is, businesses need to decide for themselves how much personal information to require of customers, and what the permissible uses of this information are. On the flip side, what kinds of information are being gathered about you, and how is it being used? If your business doesn’t have a privacy policy , you should get one. And if you don’t know what your doctor’s or hospital’s information-sharing policies are, I suggest you find out before information you’d rather remain private escapes.

TechRepublic

Briefly Noted

  • Shameless Self-Promotion Dept. Correction: I’ll be speaking at the Minnesota Entrepreneurs Club pre-meeting workshop at 5:30 p.m. on Tuesday, August 14th in St. Paul, MN, not the 7th as previously announced. The meeting is at the Minnesota Business Academy . My topic is “Will You Have to Have It? What You Need to Know About Future Tech and Your Business.
    MN Entrepreneurs
  • Metricom Out of Business: Success has many fathers; failure has many analysts. Ricochet sounded like such a good idea: Offer 128Kbps wireless Internet access in major metropolitan areas. That’s more than twice the speed of dialup modems. Who wouldn’t want it? Well, lots of folks, it turns out. They stayed away in droves, and now Metricom, after filing Chapter 11 only a month ago, is quitting business. The analysts are in a feeding frenzy, trying to determine how a can’t miss proposition went south. Some blame the price, $70/month. Some blame the positioning: It probably wasn’t smart to target consumers rather than businesspeople. Whatever the reason, some lucky company can receive a potential windfall as the entire Ricochet wireless network, which consists of 17 wired cities, the company’s patents, its spectrum and its subscribers, goes up for auction August 16th.
    The Standard

Return to Mike’s Take