software development, security, opinion
Archive for the ‘LINKS’ Category.
Don Park:
Workflow business evaporating?
“IBM announced that it will bundle
BPWS4J, a BPEL4WS-based web service workflow engine, with Websphere. If workflow becomes just another weapon in the application server feature war, what will happen to the workflow business?”
New York Times – free registration required Electronic Tracking System Monitors Foreign Students.
Mandated after terrorists first bombed the World Trade Center a decade ago and financed after they destroyed it, a vast new electronic tracking system became the central element on Saturday in the government’s effort to keep tabs on nearly a million foreign students and scholars in this country.
Through the system, the Student and Exchange Visitor Information System, or Sevis, schools, colleges and universities will send the federal government the names, addresses, courses and majors of foreign students, as well as information on any disciplinary actions against them.
Institutions that the government has not yet certified to log on to the system may no longer enroll foreign students.
“This is part of a national strategy for the national security of the United States — not the end-all and be-all, but a part of that,” said Christopher Bentley, a spokesman for the Immigration and Naturalization Service.
[ … ]
Given Sevis’s instant nature, “there’s no room to correct the record for errors,” said Robert J. Locke of the University of North Carolina. “That’s our biggest fear in the implementation of this, that students and scholars may unwittingly fall between the cracks and become illegal.”
Moore, Paxson, Savage, Shannon, Staniford, Weaver: The Spread of the Sapphire/Slammer Worm
The Chronicle of Higher Education 2/21/2003 – Control Issues. Microsoft‘s plan to improve computer security could set off fight over use of online materials
[ … ]
Colleges would decide whether to buy Palladium-capable software and hardware, and then whether to activate Palladium’s security functions. But practically speaking, they would face enormous pressures to do so, especially if publishers of books, journals, software, and other electronic “content” were to adopt Microsoft’s standard to deliver their materials online. The publishers could dictate that colleges had to use Palladium or else be denied access to the material. That worries many in academe, who believe that publishers would use Palladium to bar some uses of digital materials to which scholars argue that they are entitled under copyright law. That loss may outweigh the advantages of tighter security over student records, the critics say.
“If Palladium is adopted, and if other technology vendors exploit it fully to restrict access to copyrighted works, education and research will suffer,” says Edward W. Felten, an associate professor of computer science at Princeton University, who was the U.S. Justice Department‘s chief computer-science expert in its antitrust case against Microsoft.
[ … ]
Palladium’s software components will be part of the next major version of Windows, which Microsoft has said it may release toward the end of 2004. Some hardware components that Palladium needs, including a security chip, are available already in a notebook computer, the IBM ThinkPad T30. Chip manufacturers and the major computer companies — Dell, “Gateway”, Hew-lett-Packard, and IBM, among others — have begun work to redesign PC’s so that they will work with Palladium software.
A key component of Microsoft’s new technology is the “nexus,” a minisystem that runs in a sealed-off area in the computer’s memory, where private transactions can be conducted, and where designated security and copyright policies would be enforced. In theory, the nexus is immune to many of the problems that plague Windows machines, like viruses.
[ … ]
“It’s definitely going to solve a lot of security problems, but it’s like any kind of new technology,” says William A. Arbaugh, an assistant professor of computer science at the University of Maryland at College Park. “It can do good or evil.”
Whether it is used for “good” or “evil,” he says, will depend on who gets to control the technology — colleges or the publishers whose “content” the colleges use.
[ … ]
With Palladium, owners of content would gain at the expense of consumers of content, including professors and students, says Eben Moglen, a professor of law and legal history at Columbia University. In fact, if Palladium were to become a widely accepted way of protecting copyrighted material, Mr. Moglen says, it would create “a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution.”
In such a scenario, he says, “the very concept of fair use has been lost.”
Ross Anderson, who holds a faculty post as a reader in security engineering at the University of Cambridge’s Computer Laboratory, says Palladium will “turn the clock back” to the days before online information was widely available.
[ … ]
Some critics, like Mr. Schiller, say Palladium might achieve the results intended by the Uniform Computer Information Transactions Act, a model law devised by the National Conference of Commissioners on Uniform State Laws, which has been enacted only in Maryland and Virginia. UCITA is “an attempt to give these software licenses the force of a signed contract, even though you didn’t sign a contract,” Mr. Schiller says. With Palladium, technology would “enforce” the licenses de facto, he says.
Microsoft insists that its new technology is a neutral platform. “It is certainly possible that an application vendor could choose to use [Palladium] to evaluate and enforce some software licensing terms,” acknowledges Ms. Carroll. But “at the end of the day,” she says, “the terms of the license for an application are strictly an issue between the vendor and the university.”
Others think Palladium would be an anti-competitive tool in the hands of software publishers, especially Microsoft, which, in 1999, was found guilty by a federal-district court of monopolistic practices. With Palladium, software publishers could decide to create programs that refuse to work with rival programs, a tactic that is difficult for them to get away with now, says Seth Schoen, a staff technologist at the Electronic Frontier Foundation, a group that promotes civil liberties in cyberspace.
[ … ]
Will MIT, whose researchers have studied Palladium, want to run it? Maybe not, says Mr. Schiller, the university’s network manager. “Personally, I would never use this technology,” he says. As for MIT, though, it’s an open question, he says. “Palladium has to become more real for us to really decide if we can use it.”
“If I had my druthers, I’d love the technology to be available and used for all the good things we could use it for,” Mr. Schiller says. “But I’m enough of a realist to know that’s not how it’s going to play out.”
Doc Searls Weblog:
Cut off the customer and the industry dies:
| In Embrace file-sharing, or die, John Snyder, president of Artist House Records, board member of NARAS, and 32-time Grammy nominee, says something I said several years ago; but he does it with infinitely more credibility, and, hopefully, far more effect. Me: |
| Napster and its successors are the listeners’ workaround of the failed radio industry, which replaced trusted music connoisseurs with payola-driven robots that serve only as freebie machines for the record industry’s pop music factories. |
| Snyder: |
| Why is it that record companies pay dearly for radio play and fight Internet play? What is the real difference between radio and the Internet? Perfect copies? If we look at the Internet as analogous to radio, the problem becomes one of performance rights, not the unlawful exploitation of intellectual property. People are creating their own Radio on their hard drives, and they are constantly changing it. Would this have anything to do with the “McDonaldization” of radio by Clear Channel and others? Would the fact that almost every song on commercial radio is bought and paid for have anything to do with the narrow focus and homogeneous nature of radio? What drives radio is advertising and money, not music. A lot of music gets left behind thanks to the current state of radio; that consumers are rejecting it shouldn’t be surprising. They’re creating their own MP3 playlists, and if the labels were smart, they’d be doing everything in their power to be on those playlists, just like they do everything in their power to be on the playlists of radio stations. Instead, they scream copyright infringement and call their lawyers. |
| I wonder if the rest of the NARAS board is listening. Anybody know? |
Strategies for Securing Cyberspace and Protection of Infrastructure Released:
The National Strategy to Secure Cyberspace and the National
Strategy for the Physical Protection of Critical Infrastructures and
Key Assets will help us protect America from those who would do us
harm, whether through physical destruction or by attacking our
infrastructures through cyberspace.These strategies recognize that the majority of our critical assets
and infrastructures, such as those in the banking, telecommunications,
energy, and transportation sectors, are privately owned and operated.
The strategies outline Federal efforts and State and local roles in
securing the Nation’s critical infrastructures, and identify
opportunities for partnership with the private sector. The Department
of Homeland Security will take the lead in accomplishing many of the
objectives of these strategies. Other departments and agencies also
have important roles to play. I encourage everyone, government at all
levels, industry, and private citizens to continue to work together to
make our nation secure.
ESJ: Aberdeen security predictions for 2003:
Fun: The Flash Mind Reader, and how it works (try to figure it out yourself first though).
Lots of good stuff related to digital identity management can be found at the
weblog of Andre Durand.
You are currently browsing the archives for the LINKS category.
