WINDING DOWN
An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton
Apologies to all my discerning readers for the lack of a Winding Down last week. As most of you will know I write this magnificent opus in my copious free time. Last week, time was far from copious, and definitely not free, because I was involved in organising a fund-raising conference for Bletchley Park, home of the World War II 'Enigma' code breakers.
It was a one day (Saturday) conference, and the speakers were great. For me the highlight was Phil Zimmermann of PGP fame talking about his Zfone project to provide free encryption for all mobile phones.
The net result was that I didn't get home until very late on Saturday night after driving back from Bletchley Park, and I hadn't been able to do all the preparatory work I normally do on a Saturday.
So, here is a little something to keep you going over the next week.
Shorts:
Well, what do you know? Nine out of ten serious security flaws discovered in a recent survey turned out to be in web applications. That's hardly a surprise, given that few web site designers and programmers have any idea about security. I'm not boasting mind you. It took over ten years for 'regular' programmers to start taking security seriously, and even now a large number still regard it as a nuisance.
According to the report by Cenzic, 87 per cent of the analysed web applications, "had serious vulnerabilities that could potentially lead to the exposure of sensitive or confidential user information during transactions."
That's very worrying. Even more worrying is the fact that the main language used on web sites, PHP, has built-in facilities for preventing the two most prevalent problems - SQL injection and Cross Site scripting. in spite of the fact that the facilities provided are very easy to use, these two were involved in 25 per cent and 17 per cent respectively of all web attacks.
Add to this the oft reported browser vulnerabilities and you start to get some idea about why it is that several million computers are compromised and used in botnets for spam and phishing. The outlook, as they say, is gloomy.
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?
articleID=221600880&cid=nl_tw_software_txt
There is a very important case being heard by the US Supreme Court at the moment. The case is known in the trade as 'Bilski', after the name of its protagonist, and the decision made by the court will have a major effect on the scope of US patent law. This case has been wending its way through the courts for years, and has finally reached the Supreme Court.
Basically the case involves whether or not a business method, and by extension computer software, is patentable. Judging by the comments from the bench in the initial hearing, the supporters of patentability are going to have their work cut out if they are going to prevail.
In the meantime, as though to underline the inexperience (I'm being kind here, many would say incompetence), of the US Patent Office, they've just given Microsoft a patent on a computing utility that has been around almost since interactive multi-user computing has been in existence!
In Unix the utility is called 'sudo', for which Microsoft filed a patent in 2005, calling it 'runas'. Only one problem. Everyone else in the world have been using it since at least 1980! Some very early versions are believed to predate 1980. I was certainly using it in the early 1990s, if not before. I conducted a search for the word 'sudo' on Google. It came up with just under eight million hits - and no I didn't look at them all!
The amount of public prior science is completely overwhelming, and yet the Patent Office blithely handed over a patent for it to Microsoft.
Even if you support the idea of software patents (I for one don't), this is a crazy decision. The roots of it lie in the fact that the Patent Office doesn't have to pay for the damage it does when it makes mistakes of this epic nature. Everyone else has to fight it out with massive legal costs - the Patent Office gets off scot free.
http://www.scotusblog.com/wp/analysis-the-lorenzo-jones-case-emerges/
http://www.groklaw.net/article.php?story=20091109191422928
http://www.groklaw.net/article.php?story=20091111094923390
OK - enough doom and gloom for a while. It seems that Google has turned its hand, and its mapping software, to creating new towns where none previously existed. Ladies and gentlemen (and geeks) I give you the thriving Lancashire town of... Argleton.
Well... Not exactly thriving, it's a muddy field. In fact there is no town of Argleton, it is an entirely fictitious creation of Google maps! But it's not just a location on the map - Google also reports business in the town - Mossack Hall Golf Club and the Hope Street Hotel for starters.
Apparently excitement is running high at this new discovery - T-shirts with the slogan 'New York, London, Paris, Argleton' are flying off the shelves, and the muddy field is becoming even muddier as people flock to see this entirely fictitious creation of the mighty Google.
Perhaps someone should start selling Argleton wellington boots!
http://www.theage.com.au/technology/technology-news/argleton-the-phantom-town-
that-google-created-20091104-hwfh.html
Now, here is a little something my US readers probably didn't know. Where do you think the fuel for your nuclear generator plants comes from? Give up? Well actually, it comes from decommissioned Russian and US missiles! This was one of the little known bonuses of the limited nuclear disarmament at the end of the cold war.
But now the supply is running out, which is why the nuclear electricity generating industry is looking hopefully to the Obama administration for a new arms treaty. To give you some idea of what's involved, about three percent of US electricity comes from renewables, and about six per cent from hydro-electricity. Salvaged bomb materials, on the other hand provide ten percent of the electricity used in the US. That's a lot - and hopefully new cuts in missile levels will ensure that it continues for a while yet.
http://www.nytimes.com/2009/11/10/business/energy-environment/10nukes.html?_r=2
Since we are on trivia, here's another snippet for you to air in the next quiz you happen on. In 1924 the Chief of Naval Operations Edward W. Eberle sent out a telegram instructing the United States Navy to listen for radio transmissions from the planet Mars. The search for extra-terrestrial intelligence (SETI) is usually reckoned to have started in 1960 with Project Ozma, but this, it turns out was not the case. The US navy was there first and spent three days listening for radio signals from Mars while it was in opposition to the earth.
They detected only static...
http://www.examiner.com/x-21670-Houston-Space-News-Examiner~y2009m11d8-
US-Navy-Ordered-to-Listen-for-Martian-Radio-Broadcasts-in-1924
http://en.wikipedia.org/wiki/Project_Ozma
And finally, in this section, a wake up call for programmers everywhere. In the US, the FBI has arrested the two programmers who designed and implemented the software used by Bernie Madoff. They were arrested on criminal charges of conspiracy for falsifying books and records. The implication is that if you write code that is solely for criminal purposes, then you can be held just as liable as the person who uses it.
You have been warned!
http://www.reuters.com/article/domesticNews/idUSN1346294620091113
Homework:
I've been spending a bit of time trying to catch up with my 'serious' web reading, which seems to have piled up the last few months.
One of the articles I read needs wider circulation, especially amongst US citizens. It's in the web magazine 'acmqueue' and it's called 'Communications Surveillance: Privacy and Security at Risk', and it's written by two very well respected names in the security business, Whitfield Diffie and Susan Landau.
It's not highly technical, in fact it's a very easy read for non-techies. The article takes a historical look at wire-tapping in the US from its inception in the 1890s through to the present. It shows how the techniques used changed, as did the legal basis for tapping by law enforcement, over that time. it also looks at what the implications are for security and privacy in a world where communications via the internet are dominant. It's well worth a read.
Highly recommended.
http://queue.acm.org/detail.cfm?id=1613130
The other really fascinating piece I came across will be of special interest to teachers. It's a piece by Lisa M. Lane about how computerised course management systems (CMS) affect, and in many cases distort, course teaching.
Teachers will know more than I do about the details of this subject, but the gist of the argument is that because the expertise of teachers is teaching and many are not IT experts, the default settings of the most popular CMS software packages determine how teachers use online facilities in their teaching.
It definitely made me think, and also wonder just how many other professions are also affected by the default settings on commonly used packages. Thought provoking and well worth a read whether or not you are a teacher. If you are a teacher, it's a must.
http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2530/2303
I note that scientists have simultaneously solved the cosmic conundrum known as 'the lithium mystery' and at the same time opened the door to a new method of figuring out which stars are most likely to have orbiting planets.
The lithium mystery is very simple - there isn't as much lithium in the sun as there 'should' be. And there are other stars out there that seem to suffer from the same low levels of lithium. How do we know this? Well most lithium was produced immediately following the Big bang just under 14 billion years ago. Stars don't produce it, so most stars should have the same amount of lithium, and indeed most stars do. The sun, however, is different. It has very little lithium.
Now though, with a relatively large number of stars with planets identified, a common picture has emerged, indicating that all such stars have low levels of lithium. And the scientists who figured this out have even come up with an explanation of why this is. With 'normal' stars most of the lithium is near the surface, but in systems with planets, the gravitational tides of the planet mix the hot material more thoroughly, driving the lithium deeper than it would normally be. Eventually, it ends up in an area of the interior where is can be 'burnt' as nuclear fuel for the star.
So to find stars that are worth looking at more closely with our limited telescope time, all we have to do is compile a list of stars whose spectra show a shortage of lithium. Neat - very neat.
http://www.physorg.com/news177168122.html
http://www.scientificamerican.com/article.cfm?id=exoplanets-lithium&sc=
CAT_SPC_20091112
Geek Toys:
Fancy the ultimate geek e-mail address? I have just the thing for you: the Linux Foundation are currently purveying 'lifetime' (they don't say whose lifetime, though) @linux.com addresses. The addresses cost a mere US$150, although if you are not a member of the Linux foundation already, you'll also have to buy a one year membership for US$250. It's a geek's dream.
http://www.theregister.co.uk/2009/10/12/linux_foundation_oct_09_membership_perks/
Scanner: Other Stories
The Zfone Project
http://zfoneproject.com/
Bank IT worker charged in $1.1 million fraud
http://www.informationweek.com/news/global-cio/security/showArticle.jhtml?
articleID=221500017&cid=nl_tw_security_txt
HP buys 3Com for $2.7bn cash
http://www.theregister.co.uk/2009/11/11/hp_to_buy_3com/
Hundreds of Facebook groups hijacked
http://news.cnet.com/8301-17939_109-10394058-2.html?tag=nl.e703
Speeding tickets: Use of laser guns in Chicago to catch speeders is questioned
http://www.chicagotribune.com/news/chi-speeding-tickets-09-nov09,0,7869040.story
T-Mobile account services serving up porn
http://www.infoworld.com/d/adventures-in-it/t-mobile-account-services-serving-porn
-201?source=IFWNLE_nlt_gripe_2009-11-10
Acknowledgements
Thanks to readers Barb, Fi, and to Slashdot's daily newsletter for drawing my attention to material used in this issue.
Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Spamato spam filter...
Alan Lenton
alan@ibgames.com
15 November 2709
Alan Lenton is an on-line games designer, programmer and sociologist, the order of which depends on what he is currently working on! His web site is at http://www.ibgames.net/alan.
Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.
|
