Weblog on the Internet and public policy, journalism, virtual community, and more from David Brake, a Canadian academic, consultant and journalist

Archive forMay, 2002 | back to home

31 May 2002
Filed under:Uncategorized at11:41 pm

Even if you use cryptography to secure your email (and almost nobody does anyway) you still may not be safe, as Lenny Foner pointed out on a mailing list recently:

Someone was saying that the forged email generated by that pesky Klez virus would encourage people to use digitally signed email (so you should be able to verify that the sender is really that email address instead of a forged email address). He responded:

Signed on the Windows box? Since these things are running on OS’s
that don’t have a security perimeter (otherwise, these worms wouldn’t
be running there in the first place, right?), then:
(a) Son of Klez grabs your passphrase, and then
(b) Forges -signed- mail from you

What better way to completely invalidate the whole -concept- of
trusting cryptographically-signed mail? The mere existence of
anything like this would certainly give lots of plausible deniability
to anyone trying to prove in court that they did -not- sign a message,
make some transaction, etc. In court now, a handwritten signature
doesn’t prove much, since forgers exist—it’s the testimony by the
signer or the witness that the signer signed something, or the
circumstances around it that lead to a preponderance of evidence one
way or the other (I’m assuming a civil proceeding here). But with
Son of Klez, there doesn’t even have to be a human forger in the loop.

Such things are already easy to write, of course. But someone arguing
that they didn’t sign something might have an uphill battle convincing
a jury that some evildoer had compromised their machine. If they
could point to a known worm that did this and had compromised a
million machines, they wouldn’t have to make the case that they were
some special target—merely that they ran with the herd and used the
same operating system everyone else did.

This is why, about a decade ago, I was arguing that the -right- way to
use things like PGP was in a special-purpose box that -only- ran PGP,
had a built-in keyboard and screen, and only talked to the rest of the
world via a serial connection that -only- passed cleartext and signed
or encrypted stuff. The idea was that you write the mail anywhere
(on the box or not), have -its screen- show you the contents, then
sign/encrypt there, in the secure environment, where people can’t
easily infect your machine with a keyboard sniffer, or have it change
what you -thought- you were signing just before it gets signed, etc.
Pilots didn’t (quite) exist, and are only now getting fast enough not
to be painful for certain private-key operations, so I didn’t pursue
it at the time. But it was obvious that running PGP on a general-purpose
machine was sheer folly, especially if it ran a popular and insecure OS.
(I’ve omitted many technical details here; for example, you wouldn’t
-really- want to run this on a Pilot unless you broke its ability to
sync, since every sync is a way to compromise the code it’s running.)

P.S. I can’t wait for the stealthy worm that grabs credit card
numbers which are entered in forms. Or makes phantom purchases
on Amazon, or phantom bids on eBay, or… All of these would be
tremendously disruptive, yet awfully easy to write…

Filed under:Open source,Software reviews at8:06 pm

… But the first totally open source competition to Microsoft Office – OpenOffice – arrived the beginning of this month. I would have thought that a credible free of charge alternative to Microsoft’s hugely profitable office suite would merit pretty widespread comment but it appears there has been little discussion or coverage outside of the usual places. Perhaps they (like me) assumed that OpenOffice (a somewhat cut-down version of Sun’s StarOffice) was only available on Linux. Nope – it’s available on Mac and Windows as well.

Has anyone reading this attempted to switch over permanently to it? How are you finding it? While I think of it, is it worth downloading Mozilla? Or the beta of Netscape 7?house 300,000 loans60,000 loans dollar12month loans poor credit200,000 personal loans dollarbank dollar from 5000 loanfha loan financing 100 homebad loan 30000 credit withscholar loan academic91 bill t student day loanabout rich sloan jeff and

30 May 2002
Filed under:Current Affairs (World) at4:44 pm

I was surprised to read that according to a transatlantic survey in Spring 1999, the majority of the population of the “big 4” European countries tend to be in favour of globalization and inward foreign investment, and don’t view American popular culture as a threat. I thought anti-globalization propaganda had been much more effective – I guess because I read the Guardian!

29 May 2002
Filed under:Uncategorized at6:24 pm

It may be true that all-digital film-making and projection can produce a better image – free of wear and tear – and could make distribution more efficient – no more reel shortages etc – but as Alex Cox, a British independent director points out there are some risks involved for the public.

1) “If cinema owners do get rid of 35mm, what becomes of all the 35mm prints? And what happens to the work of third-world, or independent, filmmakers who prefer film on economic or aesthetic grounds?”

2) Digital projection may end up giving the studios/distributors more control over cinemas. If you have a big screen and a small screen you can now switch a dog of a film into the small screen. In future the studio’s software may not allow you to. Similarly software-based “film” may be easier for studios to forcibly “regionalise” as they have done with DVDs.

Certainly something to think about (though I admit having seen the Attack of the Clones with digital projection I was impressed by the quality).in show breasts moviesebony girls free movies clipsfree analingus moviesfree ass licking moviesporn ebony movies freebareback movies free gayhairy free pussy moviesmovies sex free hentaiincest movie freeporn japanese free movies

27 May 2002
Filed under:Humour & Entertainment at5:28 pm

Todd is a Flash programmer, unaccountably unemployed, who produces hilarious, bitter vignettes about the life of a laid-off dotcom slacker. He’s just produced a new one.

26 May 2002

From everyone’s favourite trusted news source – The Onion.alltel ringtone free totally3200 lg ringtones alltelnokia 3510i free ringtone logologo ringtone free 6610 nokiaringtone samsung a900free ringtone 6102 nokiawarrington 01925investment america bank harrington sec Map

25 May 2002

Wired Magazine now puts its articles online when the magazine hits the newsstand instead of a month later. In the latest issue, you can read about the extraordinary exodus of Filipinos to jobs across the world. I learned, among other things, that mobile phones and text messaging there is extraordinarily inexpensive:

“Each 160-character message costs 1 peso (2 US cents) within the Philippines and 10 pesos internationally, making this possibly the cheapest place on earth to get hooked on texting. And it’s only the calling party who pays. A typical cell phone costs the equivalent of $50; most people buy prepaid cards that, for $6, cover the cost of 300 domestic messages.”

Text messaging costs me 7 times as much…

24 May 2002

A small, dedicated group has formed to lobby for better rural access to broadband in the UK. Except for some pilot projects, the Government has so far largely left broadband provision to the market, and low density or unprofitable areas have been left un-served or under-served. The Government is aware of the problem – this group will be trying to ensure more is done.

I have agreed to be its news editor…loans agricultural arizona5000 bad credit loan securedhome equity advantages loan to aamerica loan contential homecollege interest loans 2007 lowestloan accept transactions card credit15000 bad credit loan5,000 personal loanloan 100 better 20 80 thanaccredited problems loans home

23 May 2002
Filed under:problems with technology at6:22 pm

This one sounds particularly interesting because they managed to find a place in British Columbia which (because of mountains) didn’t get TV until the mid-70s and were able to compare it to similar places which had had TV for years. The study seemed to suggest TV makes you dumber and more aggressive. Hm…

22 May 2002
Filed under:Online media,Personal at6:06 pm

I have been working my way through the streamed audio archives of This American Life – a radio programme I frequently plug on these pages – and I started listening to a collection of pledge breaks. These are the short pieces public radio in the US uses to drum up money from its listeners. I suddenly realised that although I am accustomed to feel like I am just evesdropping on something that is not really aimed at me, the fundraising message is just as valid for me as it is for the people it is addressed to in America.

I have been listening to TAL for more than a year and altogether I have heard and enjoyed more than a hundred hours of their programming. Yet I had not given them a dime though unlike conventional radio listeners I am actually costing the show money as I listen because each time they send more audio across the Internet they have to pay (for bandwidth and for additional hardware). So I tried to find a way to send TAL some money – there is nothing on their website even asking for it. And I contacted their broadcast network, PRI, but they only accept cheques.

Eventually, I emailed Elizabeth, who runs the TAL website, she passed on my request to Todd Bachmann, who is Production Manager for the show and I called him up directly and gave him $75 to salve my conscience.

And I found out a strange thing – I am the first person to do this! To the best of the knowledge of Todd and the guys at PRI, no overseas listener has ever asked to donate money even though they have been streaming their programmes over the web for years. Can I be the only person out of the 40,000 people every month who listen to the programme on the Internet who feels they should contribute a little something to make sure this stays on the air?

Come on, people! If through my prompting I managed to persuade you to listen to This American Life and you liked it please call Todd Bachmann on +1 312-832-3411 and pledge now. Tell him I sent you…

Next Page ?