While getting involved in some SSL/TLS programming in recent days, I have been wondering about real versus perceived threats to secure communication. Read any of the articles and books about secure communications, and you hear of many possible threats, some actually quite intricate. These books and articles rarely put threats into perspective. Here are a few examples of threats:
These are all threats, to be sure. But how much of a threat? How do these compare to the threat that a private key is compromised and the CRL is not distributed in time to stop the damage? Or the threat that someone falsely impersonates an organization to the Certification Authority to get a certificate? (like someone impersonated Microsoft not too long ago)
Yahoo says it will start using PHP for scripting its web pages. It will deep-six its own proprietary web scripting language, called yScript. [CNET News.com]
PHP is a very good web scripting language.
But what about other proprietary scripting languages, like Cold Fusion. Isn't Macromedia supposed to make money selling large Cold Fusion licenses to big companies like Yahoo? Or do they just sell large licenses to financial institutions and other organizations that seem to commonly choose expensive proprietary solutions (for some inexplainable reason). I can't see why anyone would buy a license for Cold Fusion, when PHP is equally good, if not better, and free. This can't be good news for Macromedia. Eventually, there will be a time when even the financial institutions will stop paying for Cold Fusion.
There's a lesson to be learned. If you are in the software business, you must pay attention to Open Source software. Depending on the products you sell, it's possible that one day in the not-so-distant future, you will be unable to sell your products because of an Open Source alternative.
The spam war has only just begun.
The Internet still relies too much on socially responsible behavior, and therefore, it is vulnerable to abuse by those with no social conscience.
Last week, it was a distributed denial of service attack on the root DNS servers. The denial of service attack problem has still not been solved. Fortunately, researchers are working on the problem, and there may be a solution. [See Aggregate-Based Congestion Control.]
Now, there is a story about spamming referrer links in web server logs. [wired news] [slashdot.org] I know there are sophisticated web users who dislike the referrer links that browsers send to web sites. But most of those users don't understand the web log culture. In the web log culture, the referrer links provide a form of cross-pollination that makes web logs more interesting. Now, that culture has been shamelessly trampled on by abusive spammers. (For the record, I am in favor of a broad definition of the term spam. Until we come up with a better term for intrusive marketing, I am fine with using the term spam to denote it.)
This problem with the spamming of web site log files brings to mind the potential for a lot more abuse. For example, how about the potential for adding porno site links to guestbooks on personal home pages? How about other kinds of clever denial of service attacks?
The jury is still out on whether the Web will ultimately succumb to the Tragedy of the Commons.
What will the future be like for digital media?
I have some thoughts on this that are not completely organized. I don't have time to get them really organized, so I'm just going to present my thoughts in perhaps a somewhat disorganized way.
What is missing today, which will make a big difference years hence, is a wealth of public domain content. A lot of the digital content available today is treated by many consumers as if it were public domain. That use by consumers is what has got the content owners so angry. On the one hand, we have consumers wanting to claim "fair use" rights, and on the other hand we have content owners wanting to call every use they don't approve of "piracy".
Leaving aside a discussion of fair use rights, I don't think this situation would be so charged if there were a large selection of public domain content. Consumers have the tools to do lots of very creative things with digital content: the result being what is often called "derivative works". There just isn't that much public domain content at the present time.
I would be quite happy just to get public domain recordings of popular classical works, and even some of the jazz and big band recordings from the first half of the 20th century. Many of these recordings are no longer marketable. Really, no one's going to make any money off some of the old recordings from the 1940's and 1950's. Let's get them into the public domain. Same with the old movies and photographs.
A wealth of content in the public domain would certainly lessen the value of current content. For that reason, the content owners have a vested interest in trying to keep works out of the public domain. Nevertheless, I think the public domain is good for consumers. It will force the current content producers to compete, to produce something of real value, not artificially inflated value that results from artificial scarcity.
With a large number of works in the public domain, the beta-max argument applied to peer-to-peer file sharing becomes more compelling. The Napster clones would have a legitimate use in exchanging content that's in the public domain.
I would like to see the issue of digital rights resolved with a push to get more content into the public domain. Content owners should be able to protect their content for the "limited times" that is stated in the U.S. constitution. However, all content should eventually pass into the public domain. We can argue over how long that should be. Certainly, 75 years is away too long (as specified by the Copyright Term Extension Act).
If you think about it, there will be more and more content in the public domain as time goes on. For that reason, I don't think the issues today, about how much control content owners should have over their content, will be issues 50 years from now. By then, there should be a lot of content in the public domain. That means there will be legitimate, legal, free content available as an alternative to non-free content. Most people like me won't care that the latest content isn't free. We will just choose the free content when we can. That will happen with Pallidium or without it.
I'll be watching Eldred v. Ashcroft.
So, Dataplay is dead. Why am I not surprised.
You know what Dataplay is? It's a technology that stores data, particularly multimedia data, on small disks the size of a quarter. The company thought the disks would be attractive to consumers because of their small size. They also thought the disks would be attractive to the music labels because the devices can restrict copying. Music on Dataplay disks can't be "ripped". The last I remember hearing about Dataplay, they were supposed to start releasing pre-recorded music on the small disks in stores. They actually thought that consumers would like a new kind of "CD" that doesn't permit ripping! Someone should have told them about the Divx disks.
C# standardization moves ahead [news.com]
So, here's my experience with C#. At the beginning of this year I had in mind a software product, to be sold to consumers and small businesses, that would run only on Windows. My strong feeling at that time was that the application should be written in C#. I did not have the opportunity to develop that application. Now that I am thinking about developing it once again, I cannot see C# as a good choice in a programming language. Here's why: The application is a server-type application, ideal to run on a small computer with a small amount of processing power. Writing the app in C# would mean that it can run only on Windows. I see that as a problem. Suppose it made sense to install the server on a low-cost, low-power, network-connected device. Linux would make a fine operating system to run the application. And using Linux, rather than Windows, would probably help to shave $50 off of each device.
How many other developers make a similar choice?
Microsoft, I'm sure, understands the hestitancy of developers to use C#. I'm sure they understand this situation well before they decided to go ahead with .NET. They want developers to think that using C# and .NET does not lock them to Windows, but who is going to believe it? Microsoft has chosen to ask developers this question: choose you this day whom you will serve. If you commit to Microsoft (and .NET), you have to commit totally, or not at all.
Whither the technology treadmill? Up until 1997, the technology treadmill was accepted as gospel. I'm referring to the continuous cycle of upgrading PC hardware. In 1997, that faith was shaken. An article in Byte magazine that year described it well: buyers came to realize that whatever PC they bought would be obsolete in two years, but they also came to realize that they could do a lot with an obsolete PC. Thus, buyers just started buying PCs that were already obsolete, saving themselves a lot of money. The result of these new buying habits was a push to make PCs cheaper, and there were lots of news stories about the sub-$1000 PC. If I remember correctly, the Byte article used the term "disposable PC", describing the fact that users would be unlikely to upgrade the components of a computer -- they would just throw out the computer and buy a new (cheap) one.
The technology treadmill hasn't stopped completely. But can it continue? Obviously not forever.
I'm sure there are millions of computer users like me who wonder what in the world they need so much processing power for. I am a software developer. Software developers have traditionally needed leading edge PCs. But that's not true now. If I don't need a high-end PC, how can a mortgage broker, realtor, dentist, accountant, etc possibly need a high-end PC? How can a family at home, whose primary uses include email, web browsing, word processing, and home financing need a high-end PC?
So, that's the dilema of PC makers, Intel, AMD, and Microsoft: how to keep the technology treadmill from stalling out completely.
But, let's suppose the technology treadmill does stall. What will the computer industry be like then? Here's a message posted on slashdot:
Since competing with speed is turning out to be non-productive, the focus will be on something else, and an obvious candidate is size. Another issue I would fervently hope gets on the table is noise and power consumption.
I am sick and tired of large beige boxes sounding like a jet taking off. Having a unit like that as the home-wide server would be a dream come true. In the same way, the 'maxi'-notebooks increasingly seem like an excellent alternative to a traditional desktop, and much for the same reasons. Maybe, hopefully, we are not too far away from another format switch, where the base hardware is smaller and quieter than the stuff we put up with today.
I wish I had said that!
It's seems funny, in a way. These big companies must convince customers that speed is the only thing that matters. It's also funny that the boxes they sell are just plain ugly.
Jon Udell: "What would it be like to Google your email?" [Scripting News]
Some great points in this essay. Here's one of my favorites:
We need to start to think of desktop applications not only as consumers of services, but also as producers of them.
"Anti-spammers have long sought to argue against those who would combine banner ads on Web pages and pop-ups into the spam problem," he said. "While most of those other technologies may be intrusive, they often help pay for the service you're using. Spam, by contrast, is deeply parasitic." [news.com]
Yes, if you are a company that buys pop-up ads, you don't want people calling your ads "spam".
But the fact is, that we don't have a term for the concept of "annoyance or intrusion in a communications medium". If there were such a term, people would use that term appropriately to describe pop-up ads, marketing-oriented email, telemarketing phone calls, and other intrusions. But because there is no term, people use the term they know that is closest to what they are trying to express. That term is spam. We can't dismiss the concept because we don't like the term. Spam has come to take on the meaning of "annoyance or intrusion in a communications medium".
Anyone care to propose an alternative term, so that spam can revert back to its original meaning?