Locksmith Opinions that just didn't fit my usual newsletter/column format.
Satchel Page said, Dont look behind you, but Santayana said,
Those who dont learn from the past are doomed to repeat it, while Dr. Phil (pop
behavioral psychologist and not much of an original thinker) says, The bestpredictor of future behavior is past behavior.
Over 45 years in the IT game Ive found that the real trick
is to decide what recent events are predictive and which ones are justbackground noise.
In IT security you need experience and technical skills but
you also need the right kind of education to see into the future personally I
studied both quantum physics AND behavioral psychology. Before I began in
computer security I fleshed out that meager resume with several years working
for law enforcement and later a private detective firm. In fact, I was even a
real locksmith so, while Im not always right about future trends, Im seldomuncertain.
Ill leave it to you to decide which recent events were background
noise and which predict the future but I have my opinions and I bet you canguess what they are.
>A few years ago Congress passed anti-spam laws (which did
little except to make spam from big businesses legal) but the same legislators
have failed to protect private data or pass any laws against phishing (it isnt
even a federal crime to COLLECT someones private data, only to misuse itlater).
The lesson Dont look to Congress
for protection in personal data matters. The old saying, Were from the government
and were here to help you, is still a good reason to hide your wallet and runfor cover.
My reasoning most people elected
to Congress are lawyers and their campaigns are paid for by businesses that
simply LOVE to collect data about customers and potential customers. Why would theirlegislators vote against it?
>A number of serious vulnerabilities in the much-touted open
source Firefox browser surfaced soon after Rel. 1.0 appeared this despiteyears of development in the superior open source environment.
The lesson - although it is sometimes
patched more quickly, the open source model isnt necessarily more secureexcept to the extent that it is often smaller (smaller is always more secure).
My reasoning useful software is far
too complicated to ever be perfect. As for the open source idea of fixing vulnerabilities
before they cause damage, why would malicious hackers share any bugs they had
found before they had a chance to exploit them? Only the honest testers report
> FBI Assistant Director Louis
Reigel, head of the agency's Cyber Division, said in December 2005, Al-Qaida
and similar groups do not have the ability to disable power plants, airportsand other 'critical infrastructure' through the Internet."
The lesson terrorists can
probably disrupt the Internet or at least some vital services whenever theywant to.
My reasoning much as I respect
FBI work in some areas, outside the crime lab technology isnt their strong point. It
took more than a decade for the FBI to really grasp that child predators were
actively prowling the Internet for victims; they routinely reject ideas and ignore
threats reported by non-FBI sources or even by agents outside HQ (remember Minneapolis
agent Coleen Rowley and 9-11?); and the bureaucrats quickly at the top dismissthreats they arent really able to address adequately.
My evidence? Just a month before The
Assistant Directors statement, the FBIs own computer system almost collapsed under
the flood of emails triggered by the Sober worm. Most worms have been created
by individuals, so is it difficult to believe a well-funded terroristorganization couldnt do something a 17-year-old German hacker can do?
>President Bush gave secret orders allowing The National
Security Agency to spy on people in the U.S., including citizens, without
warrants either before or after the fact. Both the CIA and NSA are precluded by
law from conducting surveillance of people inside the U.S. For better or worse,
that job was specifically given to the FBI. Even worse, they could have donethe same surveillance legally by getting secret warrants.
The lesson is if the president
can decide on his own to turn the NSA loose on anyone, then none of your data is
ever really safe, not even from the people who are required by The Constitution
to protect us and by their oath of office to protect The Constitution. If youhave really critical data, never transmit it electronically.
My reasoning politicians will
always do whatever they think is in their best interest, even in violation
their own laws. Heads of state often do so. Why? They do it because they think they can get
away with it, even when if it is illegal. Several Senators, including Russ
Feingold (D) Wisconsin, have said
the White House activities are illegal. Sen. Feingold said on TV that President
Bush is just making up laws as he goes along. In addition, US District Judge James
Robertson of the same Foreign Intelligence
Surveillance Court that would have had to pass onwiretap requests recently resigned in protest. (Some in Washington are even whispering the dreaded 'impeach' word.)
>Open source advocates continue to ignore flaws in their favorite
software development and support methodology. They point out how bad Microsoft
is, while failing to explain why Microsoft continues to enjoy a massive
market share despite being so terrible. Open source advocates cite all the
reports of problems with Microsoft software but, until open source fanatics (as
opposed to those who, like me, are merely reasonable advocates of using open
source where appropriate) temper their rants and admit that the main reason
Microsoft flaws are so well known is simply because most people use Windows andIE.
The lesson comes in two parts -
Microsoft is likely to remain the dominant force in business and home software
for years to come. Open source will never gain a real foothold until there is a
solid business model to make money off of it. Marx and Engels thought people
would work hard for the good of others without compensation communism failedbecause most people do what is in their own interest or benefits them.
My reasoning also has two aspects
First, most people using computers dont understand them and will continue to
use what is shipped pre-installed on their computers they will also continue
to demand Microsoft because that is the brand name they know. Second, many open
source fans fail to grasp what Newton demonstrated and every sailor knows in
their bones, it takes a very, very long time to turn a supertanker and thereneeds to be a very good reason to start the process.
Some trends I intend to watch in 2006 include:
>The threat from bird flu (if it hits some government plans call for drastic
quarantines of large areas, including closing national borders); increasing
world-wide terrorism; and especially the end of the age of oil (world oil
production may already have peaked, see http://www.peakoil.ie) will continue to
push e-commerce and e-business activities including teleconferencing,
telecommuting, and online collaboration, while reducing the need for big
companies to have centralized management in large cities. Bet New Yorkers havesome special thoughts on that just now!
>Outsourcing from industrialized countries, especially to China
and India will continue and accelerate. While the number of U.S.
continues to drop, China and India are graduating a vast number of
engineering students each year and will soon host most of the worlds
work hours. In the past many of the top foreign students studied in the
U.S. and stayed here to work. With todays improved communications they
are now training
at home or heading back because they can live like kings on relatively
lowincomes within their familiar cultures.
>The real pocket book threat to average computer users is
identity theft and that is mostly due to social engineering, not worms or flaws
in browsers. Social engineers dont care what OS or browser people are using.
Far too much is made of technical threats and far too little attention is givento the human threat. More people and companies will realize that in 2006.
>Some sophisticated users are beginning to move from
Google to Clusty.com, a search site which does a far superior job of sorting
and displaying hits. Clustys superior interface will soon force other searchengines to make it easier to locate just the information you want.
passes cyber and privacy laws which force Congress into taking action - that almost
always weakens state cyber laws. Look to your state for legal cyber protection but
realize that you stand to loose protection when Congress steps in if there is
any business anywhere which benefits from weaker laws and has a lobbyist in Washington.
>Look for China to take piracy much more seriously in ten years when their engineers are
responsible for most new inventions. A sign of the times? Chinese could always
buy Marlboro cigarettes, but they were counterfeit Altria (Philip Morris) is about
to license the cigarette in China.
Can movies and software be far behind?
Ive been doing this a very long time too long according
to my wife (GRIN) but Ive always been fascinated by computers and constantadvances in the IT field have always kept my interest fresh.
Never before in history has any new technology had such a massive immediate impact on society so quickly as PCs have in the past quarter of a century.
Automobiles essentially governed social changes in the 20th
century and personal computers will do so in the 21st.
It is already hard to imagine a world without computers but
the first PCs were sold only 25 years ago. This technology is still in itsinfancy. Comparing a Pentium computer to a Model T isnt far fetched.
Gottlieb Daimler and Carl Benz were born before the American
Civil War. The first Benz was sold in 1894 and Steinway (the piano people) built
Daimlers on Long Island before WWI. Ford was selling Model Ts in 1909 but most
roads in the United States were still unpaved in the 1930s and the car didnt
radically change life in the U.S. until after WWII (motor vehicles also
radically changed the way wars were fought) that was essentially 60 years fromthe initial product to major societal changes.
By contrast, the first microcomputer kit (the Altair 8800)
appeared on the cover of Popular Electronics in January 1975 (the magazine cost
75-cents and also carried a story about a $90 pocket calculator more powerful
ones are now given away as advertising premiums.)
But while computers are making information available even in
rural China, I am concerned that the United States is falling far behind in the
technological race. In terms of scientific and mathematical literacy the U.S.is rapidly becoming a third-world country seriously debating Darwin.
Computers were essentially invented in England and became a massive
agent of change when IBM built the first PC. Most computer components now come
from overseas and IBM labeled computers are built and sold by a Chinesecompany.
But that is only a concern to me because I live in the U.S. and,
anyway, I really work on the Internet so it has little major effect on
me. I mention it because it is a major power-shift in the world of
technology, not because I think it is either bad or good. For
countries, the growth of businesses which dont consume massive amounts
natural resources and export knowledge while keeping workers (and their
incomes) at home is probably the greatest single advance in society
since theend of Feudalism.
I may be wrong, but I'm not uncertain - 2006 will be an interesting year.