netjeff.com

This is the first paper I've read about ad-hoc wireless networks that talks about managing security settings for devices without GUI's (like a Bluetooth headset). Basically, the idea presented is for a new device to "imprint" on the first device presented to them via a physical connection (kind of like a duckling with it's parent). From then on the device will look only to that first device for security issues. If the device owner want to sell it, or transfer it to another parent, the owner can kill and resurrect the device so that it can imprint again.

Bluetooth and other short-range wireless proponents tout capabillities where devices "automatically" connect when in range. But what if I don't want my device to connect? And what happens when I walk onto a crowded train or airplane? The "resurrecting duckling" is an encouraging model for dealing with these situations.

Summarized from the 15 May 2001 issue of Crypto-Gram by Bruce Schneier:

---

None of these are perfect; none of these are foolproof. If the secret police wants to target your data or your communications, none of these will stop them. But they're all good network hygiene, and they'll make you a more difficult target than the computer next door.

1. Passwords. You can't memorize good enough passwords any more, so don't bother. Create long random passwords, and write them down. Store them in your wallet, or in a program like Password Safe. Guard them as you would your cash. Don't let Web browsers store passwords for you. Don't transmit passwords (or PINs) in unencrypted e-mail and Web forms. Assume that all PINs can be easily broken, and plan accordingly.
2. Antivirus software. Use it.
3. Personal firewall software. Use it.
4. E-mail. Delete spam without reading it. Don't open, and immediately delete, messages with file attachments unless you know what they contain. Turn off HTML mail. Don't use Outlook or Outlook Express. If you're using Windows, turn off the "hide file extensions for known file types" option; it lets Trojan horses masquerade as other types of files. Uninstall the Windows Scripting Host if you can get along without it.
5. Web sites. SSL does not provide any assurance that the vendor is trustworthy or that their database of customer information is secure. Limit financial and personal data you send to Web sites; don't give out information unless you see a value to you. If you don't want to give out personal information, lie.
6. Browsing. Limit use of cookies and applets to those few sites that provide services you need. Regularly clean out your cookie and temp folders (I have a batch file that does this every time I boot.) If at all possible, don't use Microsoft Internet Explorer.
7. Applications. Limit the applications on your machine. If you don't need it, don't install it. If you no longer need it, uninstall it. If you need it, regularly check for updates and install them.
8. Backups. Back up regularly. Remember to destroy old backups; physically destroy CD-R disks.
9. Laptop security. Keep your laptop with you at all times when not at home; think of it as you would a wallet or purse.
10. Encryption. Install an e-mail and file encrypt or (like PGP). Encrypting all your e-mail is unrealistic, but some mail is too sensitive to send in the clear. Similarly, some files on your hard drive are too sensitive to leave unencrypted.
11. General. Turn off the computer when you're not using it, especially if you have an "always on" Internet connection. If possible, don't use Microsoft Windows.

Honestly, this is hard work. Even I can't say that I diligently follow my own advice. But I do mostly, and that's probably good enough. And "probably good enough" is about the best you can do these days.

Warp Drive Underwater in the May 2001 issue of Scientific American talks about the use of "supercavitation" technologies that make it possible for vehicles underwater (initially torpedoes) to go a few hundred miles per hour.

I thought the most interesting speculation was the effect of this technology on missile defense shields (e.g.. U.S. "Star Wars" initiative). Simply put a nuclear warhead on a missile that travels the first couple of hundred miles underwater very quickly, then pops up at the last minute to hit a coastal target.

Slashdot is discussing the legality of DeCSS in this thread. DeCSS allows DVD owners to bypass the CSS copy-control mechanisms in DVDs. One of the issues is whether software can be considered "speech". If so, then the software is subject to First Amendment protections. In that case, banning a program (like DeCSS) would be like banning speech; it's something that courts can do, but there has to be very good evidence that the banned speech will directly cause a lot of harm.

jamus has an intersting point regarding software as "speech" in this post:

---

If computer programs aren't expressive speach, then according to the Copyright office's website, it won't be covered under copyright law. See Circular 1, which lists Copyrightable works. They don't have a category for compute programs, but make this recommendation:

For example, computer programs and most "compilations" may be registered as "literary works"

It goes further by saying that "works that have not been fixed in a tangible form of expression" "are generally not eligible for federal copyright protection".

So, if programs aren't expressive speach, then where does that leave the copyright status of the million of computer programs out there? Is that a Pandora's box that the court wants to open?

Now, I'm not a copyright lawyer, so I'm not sure where or if this is in actual law. If anybody else knows, I'll be interested in hearing Slashdot is discussing the legality of DeCSS in this thread. DeCSS allows DVD owners to bypass the CSS copy-control mechanisms in DVDs. One of the issues is whether software can be considered "speech". If so, then the software is subject to First Amendment protections. In that case, banning a program (like DeCSS) would be like banning speech; it's something that courts can do, but there has to be very good evidence that the banned speech will directly cause a lot of harm.

jamus has an intersting point regarding software as "speech" in this post:

---

If computer programs aren't expressive speach, then according to the Copyright office's website, it won't be covered under copyright law. See Circular 1, which lists Copyrightable works. They don't have a category for compute programs, but make this recommendation:

For example, computer programs and most "compilations" may be registered as "literary works"

It goes further by saying that "works that have not been fixed in a tangible form of expression" "are generally not eligible for federal copyright protection".

So, if programs aren't expressive speach, then where does that leave the copyright status of the million of computer programs out there? Is that a Pandora's box that the court wants to open?

Now, I'm not a copyright lawyer, so I'm not sure where or if this is in actual law. If anybody else knows, I'll be interested in hearing

In this article in the May 2001 issue of Scientific American, Tim Berners-Lee (the "father" of the Web) discusses what comes next: First we had ftp, gopher, etc. Now we have the World Wide Web. Next comes the Semantic Web in which software can exchange "meaningful" content without the need sophisticated artificial intelligence.