Fed II Star newsletter - masthead The weekly newsletter for the Fed II game by ibgames

EARTHDATE: January 15, 2006

OFFICIAL NEWS
Page 13

Last Next



WINDING DOWN

An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton

The big news of the week was the arrival of the Intel powered iMac, reputedly at least twice as fast as the old Macs. Well that's what Steve Jobs said, anyway. The FCC zapped a couple of spyware scammer companies, Microsoft's 'FAT' patent was confirmed, and it issued yet more critical security patches. Three critical patches in the first ten days of the year is a record, even for Microsoft.


Story: ...And the walls came tumbling down

There was a piece of very bad news for the e-commerce community at the end of last year. The brilliant Chinese cryptographer Xiaoyun Wang announced that she had found a way to break SHA-1. SHA-1 was considered the most secure algorithm in general use, and was endorsed by the US National Security Agency. The previous year Wang broke MD-5, another widely used security algorithm.

The e-commerce world isn't going to come to an end because of this - it still requires formidable resources to break the code, but SHA-1 and MD-5 are absolutely central to e-commerce. No one has actually broken SHA-1 yet, but the first demonstrations of MD-5 being broken are already out there in the crypto community. Since MD-5 and SHA-1 are used to digitally sign documents and to secure passwords, the problem is being taken very seriously.

Replacing the old algorithms won't be pretty. Once a new algorithm is available - and that could take several years - all the existing security infrastructure will have to be replaced. Think about it - all the secure (https) web servers will have to be upgraded, so will the browsers, just to mention the most obvious cases. Then there is digital signing for formats like Adobe's Acrobat (.pdf). Just as bad, what about documents that were signed with MD-5 and SHA-1? They will probably have to be re-signed and distributed to the people they were originally sent to.

None the less it will have to be done, and sooner rather than later. As crypto guru Bruce Schneier put it in an interview with New Scientist, "Attacks always get better, they never get worse."

(Source, New Scientist, 17 December 2005)


Shorts:

Thunderbirds are Go! Well, a Thunderbird, anyway. And the Thunderbird in question is the new version - 1.5 - of the Open Source Mozilla Thunderbird mail client, which was launched with lots of razz earlier this week. I use Thunderbird 1.02, but I'm not upgrading just yet, and I'd advise readers to do the same. There are a number of potential issues which have surfaced, suggesting that it might be better to wait off until a bug fix version is launched. According to Mozilla's figures the program has been downloaded more than 18 million times since it was launched in December 2004. That's a lot of downloads. I wonder how many people are actually using it on a daily basis?

http://www.theregister.co.uk/2006/01/12/thunderbird/

Here's some interesting figures that came through from analysts Gartner at the end of last year. In 2004 financial compliance and management spending took up less than 5 per cent of corporate IT budgets. This year it is estimated that it will take anything up to 15 percent of the IT budget. Corporate IT departments are being flooded with demands for new compliance programs, and there are more regulations on the way to increase the load.

I searched Google for the two main pieces of legislation currently affecting corporations. 'Sarbanes-Oxley', the US legislation, threw up 15.2 million entries, while 'Basel 2', the European version of the legislation, threw up a further 13.2 million entries. Some people are making plenty of money out of the insatiable appetite for regulation, but all is not rosy, because the money has to come from somewhere.

It's coming from two sources. Increased prices for the consumer (that's you and me) and it's siphoning off cash from other IT projects. Remember how all new IT development was put on ice as the year 2000 approached and all resources went into fixing those problems? Well it's starting to happen again, but this time rampant legislation is the cause. So now, not only is half the result of programmer productivity going to the lawyers, but the other half is going on meeting even more government regulation. Yuk!

http://newsletter.infoworld.com/t?ctl=106D400:1F69382
http://www.theregister.co.uk/2005/12/16/gartner_sarbox_it_spending_estimate/

It's not very often that a company starts shipping a product ahead of schedule, but Apple managed it this week. At the MacWorld Expo in San Francisco, Steve Jobs showed the new Intel powered iMac desktop computer. Effective immediately, Jobs announced, all iMac computers will use the new Intel dual core 'Duo' processor. Jobs claims that with the new chip the iMac "will knock our customers' socks off".

Quite likely, but I wonder how much heat the new chips will generate? Intel chips have a nasty reputation for being power hogs and running very hot. The last dual core Intel ship I saw benchmarked came in slower than the AMD equivalent, and much hotter. I await the benchmarks with some interest.

http://www.physorg.com/news9754.html
http://ct.news.com.com/clicks?c=1147348-7863277&brand=news&ds=5&fs=0

There was an interesting case came before the High Court in the UK a few weeks ago. It doesn't, in itself, create a legal precedent, but it does show the way things are moving. The case involved a maritime arbitration decision. The exact details of the arbitration are not relevant, what was at stake was that the papers had been served by e-mail. The receiving firm ignored the emails as being unsolicited email because the address was normally used for cargo booking, although it was listed as the address on the firm's web site and in Lloyds Maritime Directory.

The judge ruled that the case hinged on whether the arbitration had been properly commenced or not, and then went on to rule that the delivery by email meant that the notification had been properly served. While it doesn't set a formal precedent, it does show a massive step forward. Even five years ago, email wouldn't have been accepted as a valid means of serving legal documents. "Tell me, Mr Smith, exactly what is this new fangled email your client is referring to?" I suspect within another five years, email will be acceptable for serving all legal documents.

http://www.theregister.co.uk/2006/01/10/lawsuit_started-by_email_is_valid/

There was excellent new from the US this week. Two dodgy spyware firms were fined a total of US$2 million for their activities. Their scams involved persuading people to go to a web site for a 'free spyware scan', which, of course, 'revealed' spyware present, whether it was or not, and persuaded the unsuspecting mark to pay out US$39.95 for a product called 'SpyKiller'. The program was also deceptive. When run it claimed to have found and removed all sorts of phoney spyware, while not removing real spyware. In other words, electronic snake oil. We need more of these sort of fines to discourage such con merchants.

http://www.theregister.co.uk/2006/01/10/ftc_spyware/

And the bad news is that the much disputed Microsoft file format 'FAT' patent has been upheld by the US Patent Office. Although theoretically this means that Microsoft could go after some Open Source projects, I think it's more likely Microsoft will head for the makers of digital camera Flash cards, where there is more money to be made. Also, Microsoft is being careful not to trigger renewed close examination of anti-trust issues at the moment. I suspect that this decision is likely to result in renewed calls for the current system of patents to be overhauled, although I suspect doing so will be very, very, difficult given the widespread use of the system by big business.

http://www.theregister.co.uk/2006/01/11/microsoft_wins_patent_case/

It's not all going Microsoft's way, though. Hot on the heels of last week's patch comes the regular monthly collection of patches, with another two important security patches. The URLs for the patches are at the end of these pieces. The first one affects web fonts, so everyone needs it, while the second one affects Outlook, so most of you will need that too. If you haven't already applied the patch from last week, do so soon, there are already programs out there exploiting the security hole.

http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx

I was fascinated to read about how the Armenians deal with bad customer service. It seems that the electricity went off in the abode of Armenian culture minister Ovik Oveyan. Failing to get satisfaction via the telephone he resorted to pistol whipping a couple of employees, after which electricity was restored! I guess that's what you call a robust culture!

http://www.theregister.co.uk/2006/01/09/armenian_complaints_procedure/


Homework:

Ubiquity Magazine has an excellent interview with the legendary inventor Ray Kurzweil. His inventions include the first print-to-speech reading machine for the blind, the first CCD flat-bed scanner, the first text-to-speech synthesizer, and the first music synthesizer capable of recreating the grand piano and other orchestral instruments. He is discussing his new book, 'The Singularity is Near', which is on my list of books to get 'soon'. Some of Kurzweil's ideas - especially those on machine intelligence - will make disturbing reading for some people. But just because ideas are disturbing they won't go away. Highly recommended!

http://www.acm.org/ubiquity/interviews/v7i01_kurzweil.html

Also in Ubiquity is an article about reading glasses. You probably didn't think there was much to say about reading glasses. Neither did I. But these are reading glasses with a difference :) It's a short piece, well worth a few minutes of your time...

http://www.acm.org/ubiquity/views/v6i45_thiru.html

And finally an interview about a subject that is dear to my heart, when I remember it. I refer, of course, to absent mindedness. Now, where was I ? Oh yes. This is an interview with Jim Reason who is an expert on the subject, and possibly more absent minded than I am - after all I don't think I've ever got into the bath with my socks on! Even if you're not absent minded, it's still worth reading this interview - the insights are fascinating and have implications for how we take structural steps to avoid human errors that cause loss of life.

http://www.abc.net.au/rn/talks/8.30/helthrpt/stories/s1529677.htm


Scanner - Other Stories

Blu-ray Disc developers complete specification
http://www.theregister.co.uk/2006/01/06/blu-ray_spec_done/

Is Google DRM crippling culture as great as it seems?
http://www.theregister.co.uk/2006/01/08/google_drm_question/

Symantec fixes 'rootkit' bug in Systemworks
http://www.theregister.co.uk/2006/01/12/symantec_fixes_rootkit_bug/

Nikon to end film camera production
http://www.theregister.co.uk/2006/01/12/nikon_goes_all_digital/

Alan Lenton
alan@ibgames.com
15 January 2006

Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan.

Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.


Last Next


Fed II Star Index
Previous issues

Back to the Fed II home page


Return to top of the page