Tim O’Reilly joins the technology versus Hollywood debate
O’Reilly Network article

“I wanted to weigh in from two perspectives. First, as the CEO of one of the country’s largest and most successful computer book publishers, I am in a unique position to see both sides of this issue. My business is content and copyright, just like Disney’s, but my subject matter is technology. And I want to go on record as saying unequivocally that the Silicon Valley perspective on this issue has far more substance to it than the Hollywood/Nashville/New York version. The legislation currently being explored in the Senate Judiciary Committee, to require computer makers to build copy-protection into its products, is extremely ill-conceived. ”

Internetnews.com reports on a potential FCC ruling limiting 2.4 GHz radiated signal: this is the most frightening development to hit Wi-Fi in its history. If the attempt by satellite radio firm Sirius succeeds, public space, wISP, and community Wi-Fi could suffer crushing blows.

[80211b News]

Richard Clarke’s Six Lessons on network security
(with commentary by Bruce Schneier). From Bruce’s latest newsletter…

1. “We have enemies.” Everyone does. Companies have competitors. People have others who don’t like them. Some enemies target us by name, others simply want to rob someone and don’t care whom. Too many organizations justify their inattention to security by saying: “Who would want to attack us?” That just doesn’t make sense.

2. “Don’t underestimate them.” Don’t. Whether it is a DVD pirate living in a country with no copyright laws, or a hacker kid who spends days trying to break into a network, cyberspace attackers have proven to be better funded, smarter, and more tenacious than anyone has estimated. If you assume that your enemies won’t be able to figure out your defenses and bypass them, you’re not paying attention.

3. “They will use our technology against us.” This is especially true in cyberspace. Almost all attacks involve using the very network being attacked. Maybe it’s a vulnerability in the software; maybe it’s a feature that should never have been created. Hacking is judo: using network software to do things it was never intended to do.

4. “They will attack the seams of our technology.” As bad as most cryptography is out there, it’s almost always easier to break a system by some other method. Attacks on the seams — the places where different technologies come together — are more fruitful. Think of the FBI reading PGP-encrypted mail by installing a keyboard sniffer, or people who bypass copy-protection controls by mimicking them rather than breaking them. This lesson is obvious to anyone who has broken security software.

5. “Our technology is surprisingly interdependent.” That’s certainly clear. We’ve seen vulnerabilities in IIS affect all sorts of systems. We’ve seen malicious code use features of Microsoft Word and Outlook to spread. A single SNMP vulnerability affects hundreds of products. Interdependence is how the Internet works. It’s also how it fails.

6. “The only way to solve this problem is for government and industry to work together.” This is more subjective, but I agree with it. I don’t think that industry can do it alone, mostly because they have no incentive to do it. I don’t think that government can do it alone, because they don’t have the capability. Clarke seems to think that it’s government’s job to provide some funding, high-level coordination, and general cheerleading. I think it’s government’s job to provide a financial incentive to business. If you want to fix network security, hack the business model. Remove the liability exemptions from software. Demand regular reporting similar to what was required for Y2K. Make the CEO care.

The Missing Internet
Extraordinary, insightful article. An excerpt:

“There is a tendency to confuse artifacts with concepts. More important than the current Internet is the concept behind it [^] extreme simplicity. Traditionally telecommunications is defined in terms of services such as telephony and television. The Internet itself just carries packets of bits and doesn’t even guarantee that they will be delivered. The Web and, for that matter, telephony and television, are applications that are created outside of the transport network itself.”

And:

“You can think of the bursting of the so-called Internet bubble as a pileup as we hit a wall. While much of the value of such companies was indeed fantastic (in the sense of a fantasy) there was reality in the idea that anyone can innovate and create something new. After all, if the Web was so easy why stop there? But most of the innovation was about new ways to use the Web for commerce. What was less obvious but more important was the difficulty of creating new innovations like the web and email. We have been simply mining just one small vein when there are so many others.”