Utility { Computing, Storage, Services } Considered Helpful

Nicholas Carr and Om Malik find on-demand infrastructure and utility storage (e.g. Amazon S3) “particularly attractive to startups.”

Jon Udell continues to look at various ways of interconnecting users, applications, and back-ends — only some of which have been explored yet.

I particularly like the idea of (having the option for) the user being in control of the back-end repositories, offering more freedom to retrieve their data unharmed and replace application components without necessarily being at the mercy of an application vendor.

Storage Innovation Ahead

The existence of cheap and presumed-reliable storage services such as
Amazon S3
will cause a burst of innovation in personal and corporate storage options.
A particularly good fit: content-addressible storage schemes such as
plan9 venti
that offer frugal use of bandwidth (important when metered), and attractive features like version snapshots “for free.”
A little searching shows one talented software developer thinking along these lines already:
Brad Fitzpatrick: wsbackup — encrypted, over-the-net, multi-versioned backup.
There will be more.

NY STAR: An accident waiting to happen

The New York State School Tax Relief (STAR) program is an identity theft “accident” waiting to happen. Homeowners apply for property exemptions on their primary residence, and file with their local tax assessors. (In the first year or so of this program, total chaos ensued in assessor’s offices all over the state.) Extra tax exemptions for senior citizens are means-tested, and require homeowners to submit their SSN or a copy of their income tax returns to the local assessor.

  • In New York City, they want SSNs from everybody. Just because it’s authorized by law (in the NYC Administrative Code) doesn’t mean it’s a good idea. Everywhere else, they’re only collecting SSNs or income tax returns from low-income seniors.
  • It’s hard to justify leaving so much personal financial information sloshing around assessor’s offices all over the state. And which is worse: copies of tax returns in piles in sleepy small-town assessor’s messy offices, or huge indifferent big-city assessor’s chaotic offices? Need to know? Mind your own business.
  • As their normal traffic is public information, assessors are not necessarily tuned to protecting private personal information. For a recent example of a public record agency handling private data, see the story of how the Suffolk County (NY) clerk’s normal processes put a few thousand SSN’s in the public record [via Emergent Chaos].
  • Perhaps all these violations of “don’t ask for information you don’t need” and “don’t store information you don’t need again” were less serious even a few years ago, but the consequences of these old ways are getting worse every day.
  • Though it’s hard to patch the process perfectly, one simple fix would be to direct the flow of sensitive information away from local offices, e.g. create a state tax return checkoff that allows the income tax people to inform the assessors about eligibility and primary residence status without revealing any income information.
  • Well, the politics is irritating too. Creating yet another “take with one hand, give back with another” program is inefficient, and clearly its primary purpose is to create an opportunity for attaching a politician’s name to a tax cut, with extra discrimination making the program harder to kill.

Update 3/7/2006 see also: The public servants at the Ohio secretary of state insist on treating documents that pass through their hands as public despite embedded SSNs.

Update 4/11/2006 see also: Broward County (FL).

Cross Site Cooking

Michal Zalewski identifies a new class of attacks, that he dubs Cross Site Cooking:

There are three fairly interesting flaws in how HTTP cookies were
designed and later implemented in various browsers; these shortcomings
make it possible (and alarmingly easy) for malicious sites to plant
spoofed cookies that will be relayed by unsuspecting visitors to
legitimate, third-party servers.

While a well-coded web application should be designed to resist attacks from hostile HTTP clients, these new attacks turn every browser into a hostile HTTP client, and it’s a good bet that many web applications are hanging on a pretty thin thread of “this can’t happen” assumptions, soon to be violated. Expect a large number of embarrassing vulnerability reports to ensue.

[via http://del.icio.us/emergentchaos/new.attack.class%3F]

GP* articles on Financial Cryptography

I am enjoying the series of articles on business growth and fraud at the Financial Cryptography web site.
The overall theme is that, whatever level of technical perfection you achieve in a money-handling system,
things really only get interesting once the business takes off — at which point an equilibrium is reached based both on what you implemented and on how much it’s worth attacking.
The first article started the series a bit slow and abstract; for me, I like details.
The latest installment, the most concrete so far, is a case study regarding e-Gold, with some bonus comments regarding WebMoney. Note that even without technical flaws, your business is still affected by attacks on the whole business ecology (much of it out of your direct control): partners, customers, complementary businesses, reputation mongers.


Here are two books that I’m enjoying right now. Neither of them is hot off the presses, but I thought I’d put a good word for each nonetheless.

Tor onion router: social good or anti-social practice?

At Rose-Hulman Institute of Technology:

Earlier this week, a hacker infiltrated the website of a company in France, defacing the site and using it to send vulgar emails. The hacker was not a Rose-Hulman student. But through a router maintained by a Rose-Hulman student, the hacker was able to do this anonymously.

The student, senior computer science major David Yip, was maintaining a router on his computer called a Tor onion router.

There are many ways to describe this activity: exercise of freedom, negligence, lack of due diligence, accomplice or accessory to crime. Is it a social contribution or an anti-social practice? Drawing the lines is very difficult (as legislators trying to ban open access points will discover).
One example of how universities do tend to have a stricter social compact than, say, ISPs.

[via Justin Mason]

more Sarbanes-Oxley backlash

While discussing the current venture capital situation, Paul Graham points out

An experienced CFO I know said flatly: “I would not want to be CFO of a public company now.”


This law was created to prevent future Enrons, not to destroy the IPO market. Since the IPO market was practically dead when it passed, few saw what bad effects it would have. But now that technology has recovered from the last bust, we can see clearly what a bottleneck Sarbanes-Oxley has become.

As always, read the whole thing.

Astronomical nonce sense

Ed Felten discusses an interesting dispute among astronomers regarding how long scholars should withhold discoveries so they can retain exclusive access and get credit for more original papers. (Aside: As I note in his comments, while this is largely self-governing because everybody has incentives to publish, there are occasional extreme examples of scholarly hoarding, such as the decades-long embargo on publication of some Dead Sea Scroll materials.)

The security angle on this is that the dispute is about whether the Spaniards scooped the Americans by reverse-engineering a temporary name published in an advance abstract of a paper. The temporary name contained a date that could have served as an index into a telescope activity log, revealing the position of the newly-discovered object.

The lesson is that a cookies or nonces (temporary data values to be used only once) should usually, in security applications, be content-free (long, random, unpredictable, and generated with a random number generator not prone to reverse engineering itself). Structured or predictable nonces can lead to information leaks or to vulnerability to forgery. Short nonces fall to brute-force search.

GMail fronts for other domains

I just happily discovered that GMail settings support non-GMail “From:” addresses. It’s a welcome feature for me, as I had no intention of binding to a vendor domain name ever again.

Perhaps it has been a feature for quite some time, and I just wasn’t aware of it. GMail is predisposed toward pleasant surprises without fanfare (e.g. “plus addresses” are supported too).