Monthly Archives: September 2006

Producer/Consumer v. Participants

The FCC’s definition of net neutrality is phrased in terms of consumers. How does this fit with how people actually use the Internet?

Let’s look at BitTorrent as a social network:

The parent sites are key to the process, where you can go and get information about what has been made available. The other portion of the socialability indexing is that the support sites, where you can get tools, support, help, and FAQ’s on the process is the second level or secondary index of data.

The socialability of Bit Torrent Networks rmorril (Senior Security Engineer), ITtoolbox Blogs, Posted 9/24/2006

Already it’s a bit confusing who’s the producer and who’s the consumer.

Continue reading

Passport Shields Considered Illegal

Spire Security Viewpoint notes that Colorado and several other states are passing laws against any theft detection shielding device, which is a device intended to elude property theft detection devices by shielding the loot as the miscreant walks out of the store. This, according to the Colorado bill,
includes, but is not limited to, any laminated or coated sack or container that is capabile of avoiding detection by a theft detection device.
Er, what about those aluminum pouches commonly used to shield toll road cards when not in use? Or aluminum passport covers used to keep miscreants from reading RFID passports? Seems to me both of those would be capable of being used to shield small merchandise during theft.

The bill does include wording about “intent to use during theft” but it seems to me we have a collision between the idea of an enabling device for theft of physical items, and a prevention device for theft of information.

How long will it be before someone walks out of a store with a toll card protector and a passport cover in their pocket, and are arrested for intent to steal because they had multiple “theft detection shielding devices” on their person?


Taking Care of Business

By the middle of the ’90s:
“…almost all labels were owned by one of five companies: BMG, EMI, Sony Music Entertainment, Universal Music Group, and Warner Music Group. A new emphasis on quarterly results discouraged label executives from nurturing new bands and focusing on long-term development.”

No Suit Required. Terry McBride has a maverick approach to music management: Take care of the fans and the bands, and the business will take care of itself. by Jeff Howe, Wired, Sept 2006, p. 180

The article is mostly about Nettwerk, a record label that leaves copyright to the actual artists, while it handles distribution in multiple formats (CD, iPoD, ringtones, P2P networks, YouTube, etc., along with promotion of concerts and radio play).

What’s this got to do with ISPs? Continue reading

Metricon Posted

All the slides from Metricon are posted. Note especially Dan Geer’s digest, which contains information on how the various presentations and presenters interacted. Lots of good stuff in there.

I already blogged a few items about Metricon: House Construction Security, Why Did the Titanic Sink?, and Risk-Based Funding. More to come.



Microsoft wants a clear green light from the European Commission before releasing Vista, but the EC is saying it isn’t going to do that; rather, it’s up to Microsoft to behave ongoing, according to EC spokesman Jonathan Todd:
The main rule for Microsoft is to ensure that the market allows competition between security providers on the merits of their products, Todd said. “If business and home users are deprived of choice, a security ‘monoculture’ based on Microsoft products may lead to less innovation and could harm all computer users. Security risks could increase, and not decrease,” he said.

Vista’s European battleground As the slippery due date draws near for the Windows release, Microsoft and the EU are now at odds over security features. By Joris Evers, Staff Writer, CNET, Published: September 18, 2006, 4:00 AM PDT

I wonder how much effect Dan Geer’s report of 3 years ago had on the EC’s awareness of this issue?


Pirates and Net Neutrality

Today be Talk Like a Pirate Day, me hearties, so here be a pirate video: Pirates of the Caribbean Verizon commercial.

The fine captains of Verizon, AT&T, Bellsouth, and other ships o’ the main Internet shipping lanes tell us they be needing special timbers to deliver the goods, like that pirate video, and so all ye land lubbers be able to speak to each other.

Yet some captains of politics, such as Ted Kennedy, say avast! We be already speaking just dandy, and what we be needing is more lanes for all, and faster!

‘Tis a fine day to be speakin’ free, I say!  Arr!


Airline Security Creates a Market

John Robb notes that contemporary airport security has produced a market demand that has already been filled:
Fractional jet ownership programs have zoomed, since these programs suffer none of the security delays and hassles mass transit endures. A great example is Warren Buffet’s NetJets, which has a 50% market-share in the fractional jet industry. It has already expanded to 600 aircraft (equal in size to the world’s second largest airline, albeit with much smaller jets) and sports global coverage.

JOURNAL: Parallel Security Systems John Robb, Global Guerrillas, Sunday, September 10, 2006

That’s good, right? The market responds to a market demand? Continue reading

Microsoft Monoculture Myopia

It’s Dan Geer’s report’s anniversary:
Exactly three years later this month, Geer insists that the risks associated with Microsoft’s virtual monoculture remain the same, but a quick glance at the future direction of the world’s largest software maker gives Geer a sense of “total vindication.”

Indeed, three years ago on Sept. 24, Geer penned “CyberInsecurity: The Cost of Monopoly,” a 25-page report he co-authored with a who’s who of computer security experts, including celebrated cryptographer Bruce Schneier and intrusion detection systems specialist Rebecca Bace.

IT Wrestles with Microsoft Monoculture Myopia Ryan Naraine, eWeek, September 10, 2006

In many ways, nothing has changed: Windows still runs on more than 90% of all end-user systems, and buying Microsoft is like buying IBM used to be. Continue reading