Monthly Archives: June 2002

Uncle Bob – “TOLD YOU SO” and actually he did – ‘cus I remember reading this the first time around!

I Told You So
Alas, a Couple of Bob’s Dire Predictions Have Come True

By Robert X. Cringely
http://www.pbs.org/cringely/pulpit/pulpit20020627.html

Just over three years ago I wrote a column titled “Cooking the Books: How Clever Accounting Techniques are Used to Make Internet Millionaires.” It explained how telecom companies were using accounting tricks to create revenue where there really was none. Take another look at the column (it’s among the links on the “I Like It” page), and think of Worldcom with its recently revealed $3.7 billion in hidden expenses. Then last August, I wrote a column titled “The Death of TCP/IP: Why the Age of Internet Innocence is Over.” Take a look at that column, too, and think about Microsoft’s just-revealed project called Palladium.

The end is near.

Sometimes I’d rather be wrong, but it’s a no-brainer to guess that accountancy, which has apparently become something of an art form or interpretive dance, could have a dark side. And you’ll never lose money betting for Microsoft and against Microsoft’s competitors and customers.

Let’s concentrate on the Microsoft story. Last August, I wrote of a rumor that Microsoft wanted to replace TCP/IP with a proprietary protocol — a protocol owned by Microsoft — that it would tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. I called it TCP/MS in the column. How do you push for the acceptance of such a protocol? First, make the old one unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. When the Net slows or crashes, the blame would not be assigned to Microsoft. Then ship the new protocol with every new copy of Windows, and install it with every Windows Update over the Internet. Zero to 100 million copies could happen in less than a year.

This week, Microsoft announced Palladium through an exclusive story in Newsweek written by Steven Levy, who ought to have known better. Palladium is the code name for a Microsoft project to make all Internet communication safer by essentially pasting a digital certificate on every application, message, byte, and machine on the Net, then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR. Palladium compatible hardware (presumably chipsets and motherboards) will come from both AMD and Intel, and the software will, of course, come from Microsoft. That software is what I had dubbed TCP/MS.

The point of all this is simple. It may actually make the Internet somewhat safer. But the real purpose of this stuff, I fear, is to take technology owned by nobody (TCP/IP) and replace it with technology owned by Redmond. That’s taking the Internet and turning it into MSN. Oh, and we’ll all have to buy new computers.

This is diabolical. If Microsoft is successful, Palladium will give Bill Gates a piece of every transaction of any type while at the same time marginalizing the work of any competitor who doesn’t choose to be Palladium-compliant. So much for Linux and Open Source, but it goes even further than that. So much for Apple and the Macintosh. It’s a militarized network architecture only Dick Cheney could love.

Ironically, Microsoft says they will reveal Palladium’s source code, which is little more than a head feint toward the Open Source movement. Nobody at Microsoft is saying anything about giving the ownership of that source code away or of allowing just anyone to change it.

Under Palladium as I understand it, the Internet goes from being ours to being theirs. The very data on your hard drive ceases to be yours because it could self-destruct at any time. We’ll end up paying rent to use our own data!

Can you tell I think this is a bad idea?

What bothers me the most about it is not just that we are being sold a bill of goods by the very outfit responsible for making possible most current Internet security problems. “The world is a fearful place (because we allowed it to be by introducing vulnerable designs followed by clueless security initiatives) so let us fix it for you.” Yeah, right. Yet Palladium has a very real chance of succeeding.

How long until only code signed by Microsoft will be allowed to run on the platform? It seems that Microsoft is trying to implement a system that will enable them, once and for all, to charge game console-like royalties to software developers.

But how will this stop the “I just e-mailed you a virus” problem? How does this stop my personal information being sucked out of my PC using cookies? It won’t. Solving those particular problems is not Palladium’s real purpose, which is to increase Microsoft’s market share. It is a marketing concept that will be sold as the solution to a problem. It won’t really work.

Let’s understand here that not all Microsoft products are bad and many are very good. Those products serve real customer needs and do so with genuine purpose, not marketing artifice. But Palladium isn’t that way at all. This is NOT about making things better for the user. This is about removing the ability for the end user to make decisions about how his or her computer functions. It is an effort by Microsoft to take literal ownership of Internet technology, Microsoft’s “embrace and extend” strategy applied for the Nth time, though on a grander scale than we’ve ever seen before. While there is some doubt that the PC will survive a decade from now as a product category, nobody is suggesting the Internet will do anything but grow and grow over that time. Palladium assures that whatever hardware is running on the network of 10 years from now, it will be generating revenue for Microsoft. There is nothing wrong with Microsoft having a survival strategy, but plenty wrong with presenting it as some big favor they are doing for us and for the world.

What’s saddest about this story is that it could be positive. The world is a dangerous place and finding ways to make people responsible for what they do on the Net is probably good, not bad. I just don’t think we have the right people on the job.

This entry was posted in weblog by .

gobcl.com – MS Word to PDF online – cool eh?

I reckon this is the neatest site I’ll find this month, just hope too many people don’t catch on.
Adobe’s $10 a month sucks.

Why don’t they PayPal it and charge up your account and you pay per byte?

However they nice people are doing it on the house to promote their PDF plug-ins.

http://www.gobcl.com/

Thank you Mr or Mrs BCL


FREE goBCL SERVICE FROM BCL TECHNOLOGIES IS BACK
goBCL: the fast, free and flexible PDF and HTML creation tool for business professionals

SANTA CLARA, CALIF. April 23, 2002 – BCL Technologies, Inc., a leader in document management and web publishing software, announced today that its free document publishing service, GoBCL is back online with new and improved functionalities and advanced features. GoBCL was offline for a short period of time while it was undergoing several major upgrades, but the service now is once again active. GoBCL provides customers with a fast and free document conversion tool for creating PDF (Portable Document Format) or HTML (Hypertext Mark Up Language) formats from anywhere in the world…

http://www.bclcomputers.com/corporate/press_releases/04_23_02_gobcl_back.htm

This entry was posted in weblog by .

Blunkett shelves access to data plans

Stuart Millar, Lucy Ward and Richard Norton-Taylor
Wednesday June 19, 2002
(c)The Guardian
http://media.guardian.co.uk/newmedia/story/0,7496,740063,00.html

Ministers were yesterday forced into a humiliating climbdown over plans to hand a host of public bodies the right to demand access to the communicatio

ADVERTISEMENT

ns records of telephone and internet users.

Bowing to intense public and political pressure, David Blunkett, the home secretary, admitted that the government had “blundered” into the issue as he announced that the proposals had been shelved to allow more consultation.

The move stunned opposition politicians and civil liberties groups, who had been expecting ministers to unveil tighter safeguards yesterday in response to the wave of resistance that had been growing since the Guardian revealed details of the proposals last week.

The draft order extending the reach of the Regulation of Investigatory Powers Act – due to be debated yesterday, then postponed until next week as opposition swelled – has been withdrawn until the autumn at the earliest. It would have given a host of government departments, local councils and quangos the power to demand, on their own authority, access to detailed communications logs, including individuals’ email records and mobile phone location data. Current legislation gives only the police, the intelligence services, customs and excise and the inland revenue these powers.

Last night the Home Office also withdrew a second draft order giving the same list of public bodies the power to authorise themselves to conduct surveillance against individuals and to use informers.

In a development certain to increase pressure on ministers to restrict the number of bodies able to demand communications data, the Guardian has discovered that the watchdogs appointed to monitor the way ministers and public bodies use the sweeping powers given to them under the act have expressed serious doubts about their ability to do their job properly. It emerged yesterday that the chief surveillance commissioner, Sir Andrew Legatt, will have to oversee the activities of 1,039 public authorities with only a staff of 22 to help him.

In a little-noticed report published this year, he warned: “I clearly cannot carry out any meaningful oversight of so many bodies without assistance.”

Attributing the government’s change of heart partly to the objections of his son, Hugh, who works in the IT industry, Mr Blunkett said the proposals had been interpreted “entirely in the wrong direction”.

“When you are in a hole you should stop digging, and having full consultation on the issues raised seems the best way to do it,” he told BBC Radio 4’s The World at One.

Lord Strathclyde, the Tory leader in the Lords, said: “Had we not made clear that we would seek to defeat these outrageous proposals they would have been rammed through the Commons.”

Richard Allan, the Liberal Democrat home affairs spokesman, said: “This government is not overly willing to stand up and defend civil liberties on principle so I think what has really caused this decision is the fact that the proposals are completely unworkable.”

The Devil is in the detail

· Police, the intelligence services, customs and excise and the inland revenue will be given the power under section 22 of the Regulation of Investigatory Powers Act 2000 to compel telephone, internet and postal service providers to hand over the detailed communications logs of individual users, without first seeking the permission of a judge.

· The Home Office wants to expand this list to include seven government departments, every local council and a host of other public bodies, including the postal service commission and the food standards agency.

· Until this section of Ripa comes into force, the police and all these other organisations can request communications data from service providers under the Data Protection Act, but the provider can refuse if they do not believe there are sufficient grounds for the request. In such cases, the agency making the request must convince a judge to give a court order to obtain the data.

· The data obtained could include name and address, phone calls made and received, source and destination of emails, identity of websites visited, and mobile phone location data which records the user’s whereabouts whenever the phone is switched on to within a few hundred metres. To access the content of communications (eg by placing a wiretap on a telephone or intercepting an email), the authorities still require a warrant from the home secretary.

· The data obtained could include name and address, phone calls made and received, source and destination of emails, identity of websites visited, and mobile phone location data which records the user’s whereabouts whenever the phone is switched on to within a few hundred metres. To access the content of communications (eg by placing a wiretap on a telephone or intercept an email), the authorities still require a warrant from the home secretary

· The data can be obtained on the grounds of national security, preventing or detecting crime, protecting the economic wellbeing of the UK, public health and safety, collecting tax, preventing death or injury in an emergency and any other purpose specified in an order by the home secretary.

This entry was posted in weblog by .

McAfee: New virus is first to infect image files

Sam Costello, IDG News ServiceBoston Bureau
June 13, 2002, 09:20
http://www.idg.net/go.cgi?id=699337

A new virus can, for the first time, infect image files, according to antivirus software company McAfee Security, a division of Network Associates Inc. This means that the virus could be spread through Web sites containing infected image files, and force antivirus companies to re-engineer their products, McAfee officials said.

The virus, which is being called W32/Perrun by McAfee, is not yet in the wild — meaning it is not spreading on the Internet — and was sent to McAfee by its author early Thursday morning Eastern time, said Vincent Gullotto, senior director for McAfee AVERT (Anti-Virus Emergency Response Team), located in Santa Clara, California.

The virus is built to spread first as an executable, or .exe, file and then in JPEG (Joint Photographic Experts Group) image files, he said. The virus, were it to be spread in the wild, would appear as an executable which would infect JPEGs when it was run, he said. The executable can be transmitted in standard ways, such as by downloading and via e-mail. The first JPEG viewed after the executable is run will have the virus code appended to it, Gullotto said. The virus will then seek out other JPEG files in the same directory and try to infect them, he said.

W32/Perrun is the first virus to infect JPEGs, according to McAfee.

Only machines that already have the executable file on them could be infected because of the way the virus is written, he said. It’s possible, though, that future derivatives of the virus could do away with the executable as a prerequisite for infection, he added.

Because JPEGs are a common image format on the Web, the virus poses a risk of infecting any user who views an infected file on a Web site, Gullotto said. Users would have to have the executable on their systems for this to occur, he said.

The initial version of W32/Perrun that McAfee has examined does nothing more than try to infect other JPEG files, but future versions could be modified to include all manner of code, including Trojan horses and other programs that could potentially leave PCs open to attackers, he said. Future versions of the virus could also be modified to attack other file types, including text files, MP3s and more, he said.

“This may begin to change the face of what files virus writers start to pay attention to,” Gullotto said. “While these files have been safe, we may see a time in the future when these files are not safe.”

Such a circumstance could also force antivirus companies to re-engineer their products, he said. Current antivirus software would experience serious performance degradation if it had to scan image and other files for viruses, he said. If this type of virus attack becomes more prevalent, antivirus software will have to be modified to handle it, he said.

This entry was posted in weblog by .

Deception about plans to extend surveillance amounts to an abuse of power in UK?

Deception about plans to extend surveillance amounts to an abuse of power
The snooper’s law proves government can’t be trusted

Hugo Young
Tuesday June 18, 2002
(c) The Guardian

http://media.guardian.co.uk/newmedia/comment/0,7496,739531,00.html

Whether Tony Blair is worth trusting is a personal judgment. We can all have our opinions. Look into his eyes, study his body language, gawp at his sortie to the press complaints commission, measure the density of his apologia for what did or did not happen round the Queen Mother’s catafalque, and you may decide against him. Contemplate his enemies, think about their motives, reflect upon the obsessive malignity of their campaign, stare blank-eyed at the self-righteous hyperbole with which they pronounce that he will never be believed again, and you may come to a different view – if you care enough to get into this stuff at all.

Personal assessments will doubtless reflect some prior prejudice. And because they’re ultimately unverifiable, they attract thousands on thousands of words. There’s an inverse ratio between journalistic output and evidential proof. The issue is as elusive as the passion is intense and the objectivity resonantly absent. Does this one man, Prime Minister Blair, deserve our trust? There will be no final answer, just as there never was with Margaret Thatcher, or John Major, or any other leader.

Government, on the other hand, is something else. It is never to be trusted. Here, there is a final answer. Not that government is always bad or wrong. It is essential to the good of mankind. But in the matter of power, government absolutely never deserves our unquestioning reliance. Its use of power demands eternal vigilance. Yet perhaps because this is so tediously so – so lacking in novelty, so unamenable to prurient speculation – its truth is neglected. Contrast the passions about our leader’s disputed follies, and the bored indifference directed to an outrage now being committed by the machine of which he is temporarily in charge.

Next Monday there will be a last chance for MPs to stop this abomination. The story began two years ago, when the Regulation of Investigatory Powers Act (Ripa) passed into law. It was a complicated measure, essentially addressing the outgrowth of electronic data and the need to both enable and control the use of such data by government. It was about sharing and disclosing, and the thrust of it was about crime and national security, along with tax evasion. The branches of the public service listed as authorised to make demands on relevant internet providers and users were exclusively the police, the military, the intelligence services and the inland revenue.

Even before September 11 showed us how this kind of data might be legitimate and useful for the protection of society, Ripa had taken its place in a growing body of such extensions of government power. Hardly a terrorism atrocity could take place anywhere without the British governing machine seizing its moment for emergency legislation. Collecting more and more information became part of the official response to such crisis, regularly approved by parliament. Its justifica tions seeped into the economic as well as security area. Just about anything harmful to any kind of national interest provided a pretext for official data collection.

Then came September 11. The security machine – ie government, one might say, rather than this government uniquely and as such – grew greedier. Last winter’s anti-terrorism bill, among other things, entered the same information warehouse as Ripa, demanding that more should be made available, for a range of purposes which, but for the vigilance of a handful of Lib Dem peers, would have extended even further. As a pair of measures, Ripa and the latest anti-terrorism act legitimise the official capture of private communications – not their content, but every other telling detail electronically available by piecing them together – more copiously than in any other democratic regime in the world.

All this is a done deal, passed by parliament, and it is bad enough. Challenged to defend it, the representatives of the machine – pro tem known as Labour ministers – trot out familiar claims. It was all entirely benign and above board, Bob Ainsworth, Home Office minister, wrote in the Guardian last week: there would be no “fishing expeditions”. Moreover, the system would be regulated. The interception of communications commissioner was in charge of the public interest, and would see it defended: a promise that might be more credible were it not for the disclosure by a parliamentary committee in March 2001 that the commissioner, Lord Justice Swinton Thomas, with a two-strong office, “did not even have enough staff to open the mail”.

Now, though, the story gets worse. Unless parliament vetoes the relevant executive order on Monday, a story broken by the Guardian last week will come to pass. A panoply of new public authorities will be vested with the powers that Ripa confines to police, military, intelligence and tax officials. There are 24 new categories, one of which includes every local authority. Everything from the Health Department to the food standards agency will be given the power to snoop, with only Swinton Thomas to check them: tens of millions of privacy invasions, potentially, invigilated by an office of three people, with the subjects of the snooping left in ignorance.

Trust is the right neuralgic word to raise here. There are several breaches of it. One was the calculated failure to list all these public authorities when Ripa was struggling through the Lords. Controversial already, the bill might have been judged insupportable if ministers revealed that the health and safety executive were to get the same powers as MI6. Plainly the machine’s full intentions were held back as a piece of crude political calculation which parliament could do nothing about. This was a conventional, but still confidence-sapping, abuse of power.

Second, when the question was raised with Patricia Hewitt – on the Guardian website, during the election – she denied three times that a new law would be passed compelling service providers to log and retain for up to seven years all data on email addresses and websites browsed, which is in effect what the anti-terrorism act and the extension of Ripa provide for. Confronted with this u-turn, the machine says that September 11 changed everything. That is an irrelevant distraction. The authorities that are about to be given power to call on such data have little, more usually nothing, to do with terrorism.

Third, where is this to lead? A natural ambition of the machine is to have access to all information about every citizen, which electronic storage makes possible if the right legislative framework is provided. The extended Ripa helps make that framework. This prospect seems rather more central – more revolutionary, bold and sinister – to the life of Britain than the question of whether we see Alastair Campbell as a bigger liar than the editor of the Daily Mail. Yet the same level of indignation somehow eludes it. Raging at the leader, we miss the elephant, on which he is but a passing gnat.

h.young@guardian.co.uk

This entry was posted in weblog by .

UK Police in new email spying row

Secret plan to prevent disclosure at trials

Stuart Millar and Richard Norton-Taylor
Tuesday June 18, 2002
(c) The Guardian

http://media.guardian.co.uk/newmedia/story/0,7496,739518,00.html

Surveillance techniques to be used by law enforcement agencies to access internet and telephone records will be kept so secret that criminal prosecuti

ADVERTISEMENT

ons may be abandoned to prevent their disclosure, according to a classified police manual passed to the Guardian.

Amid mounting opposition to government moves to allow a host of public bodies to access phone, email and internet traffic data without a court order, the leaked document from the Association of Chief Police Officers sets out the lengths to which forces must go to prevent their communications surveillance methods being revealed.

The manual, dated March 20 2002 and marked “Draft – not for open publication”, reveals that law enforcement agencies will be expected to seek controversial public interest immunity (PII) certificates to prevent disclosure at trial.

Senior officers acknowledge in the manual that the ability to access communications logs without first seeking the permission of a judge gives British police powers far in excess of those enjoyed by their counterparts in most other countries.

“In many other countries this process requires a judicial order,” the manual says. “There is a need to balance this important power against the right to privacy and to ensure that it is properly used.”

The document, which will be used by every police force, the national crime squad, the national criminal intelligence service, the Scottish drug enforcement agency and customs and excise once approved, states: “This manual contains significant areas of explanation concerning the application of covert techniques, the release of which would be likely to aid offenders in the frustration of law enforcement.”

It continues: “There is an expectation that law enforcement agencies will take all reasonable steps to protect any sensitive methodology in accessing communications data through applications for PII, even in cases where the product is intended for use in evidence.”

In cases where this tactic is inappropriate and sensitive material is at risk of disclosure, the crown prosecution service may have to advise that the prosecutions be stayed.

The use of PII certificates has been at the centre of some of the most high-profile judicial scandals. They were savagely attacked by Labour, most famously in the Iraq supergun trial, when they were in opposition. Their use was heavily criticised by Lord Scott in his arms-to-Iraq inquiry.

PIIs were also used in the M25 murder case, where the conviction of the three defendants was quashed after the European human rights court said they had been denied the right to a fair trial because evidence of informers – protected by PIIs – was not disclosed at the trial. John Wadham, director of Liberty, said: “This story gets worse and worse. Preventing the defendant from having access to secret documents but giving them to the judge is a fundamental erosion of the right to a fair trial.”

Details of the manual emerged as the government indicated that it will make limited concessions to proposals, revealed by the Guardian last week, to extend the power to access communications records without a court order to a range of government departments, local councils and quangos.

But the modifications, which may include limiting the scope of data these organisations can authorise themselves to obtain, are unlikely to quell the public concern.

A committee of MPs was today due to debate the proposal, introduced under the Regulation of Investigatory Powers Act, but the hearing has been postponed until next week, when the move will face stiff opposition from across the political spectrum.

Tom Watson, a Labour member of the home affairs committee, said: “When I read the breadth of this order I was shocked. I have no problem with the police having these powers to crack down on organised crime or terrorism. But the draft order gives the world and his dog the right to snoop on emails and phone calls.”

The latest Acpo document will hand fresh ammunition to government critics. According to the manual, the interception of communications commissioner, a senior judge appointed by the government to monitor how the powers are used, will provide an adequate safeguard to prevent the powers being misused.

But critics say the commissioner, Sir Swinton Thomas, a retired appeal court judge, is so under-resourced that it will be impossible for him to check the thousands of data retention notices likely to be issued by police and other agencies.

This entry was posted in weblog by .