Archive for September, 2004

The Future of Computer Security: A Question of Analogies

Wednesday, September 29th, 2004

Friday I expect to be on a panel at Gnomedex called “The Future of Security.” In preparation, I’ve been putting some thought not so much into the future of security, but into how we even go about figuring out that future.
Let’s start with some basic facts – the axioms of security if you will:

  • There will always be “bad guys” who try to break into systems, write viruses, steal, etc. They’ve existed throughout history, and there’s no reason to expect them to vanish from cyberspace.
  • Technology alone will never provide perfect security. Every walled city ultimately fell. However, technology may, for a while, provide “good enough” security.

The challenge with predicting Internet security is that the Internet is a new phenomena. We don’t really know where it’s going or what it will be like in 20 years. Even though we are in some ways better off than those who pioneered the Internet, because we’re at least paying some attention to security, that is offset by a huge increase in complexity (and complexity is the enemy of security).

In predicting the future, we try reaching for analogies from the past. But in doing so it’s sometimes tough to choose the right analogy. For example: those who expected “nation building” in Iraq to be analogous to post WWII Europe seem to have been woefully mistaken.

There are two analogies that I currently find useful in thinking about Internet security. One is inspired by the information superhighway, a term has lost some of its popularity but remains useful. In this analogy, the original ARPA-Net was the equivalent of dirt roads. Visitors rode primitive Model-T vehicles, at relatively low speeds. There were few accidents, no seat belts and no drivers ed.

As the highway system grew into its modern form, accidents became more common. Society dealt with this in two ways – using technology to make both cars and highways safer, and instituting strict requirements for drivers education. Even so, accidents still occur in huge numbers, but we’re presumably better off than if nothing had been done.

On the information superhighway some work has been done on safety features. Computers have antivirus tools and firewalls available, though like seatbelts they are optional and not always used. ISPs are adding security features to the “highway” itself. But we have no equivalent to driver’s ed – any clown can buy a system and get on the highway without learning a thing about security. I’m not suggesting we legislate computer security classes, but I wonder – what if a major ISP like AOL raised their prices $5 overall, but offered a $10 discount to anyone who passed an online security quiz?

The other analogy I like is the biological analogy. It’s not a new one – many elements of computer security are named for their biological analogs. The security implications of this analogy suggest that computer security is not a problem to be solved, but a chronic condition. That spam, viruses and hoaxes are destined to become a permanent part of the Internet that might, like today’s bacteria, even have beneficial results (I know of people who have cleaned up a severely infected computer by just buying a new one – which is presumably good for the economy). The book “The Shockwave Rider” portrays an Internet that follows this model, with some surprising consequences (it’s a great book and I highly recommend it). Of course this analogy has its disturbing sides – everyone dies, after all.

I’m looking forward to seeing what my fellow panelists think about the future of security, and if there are other relevant analogies that might work. I’d be interested in hearing your view either here, or even better, if you’re at Gnomedex please introduce yourself and let me know what you think.

Funniest Election News Ever (or how to tell if you’re an extremist)

Thursday, September 23rd, 2004

Ok, I admit I am jet-lagged, which certainly explains why I’m awake at 5:00am in a London hotel room. But it doesn’t explain why today’s election news isn’t the funniest thing I’ve heard yet. And if you don’t find it funny too you’re probably way too extreme (in either direction), are a conspiracy theorist, or have no sense of humor.

Today’s Donald Rumsfeld was quoted as saying:

“Let’s say you tried to have an election and you could have it in three-quarters or four-fifths of the country — in some places you couldn’t because the violence was too great,” Rumsfeld said. “So be it. Nothing’s perfect in life. You have an election that’s not quite perfect. Is it better than not having an election? You bet.”


“Will there be elections? I think so. Might there be some portion of the country where the terrorists decide they’re going to mess things up? Possibly. Does that mean that there won’t be elections? No.”

Reports left out that this is the map he was pointing too at the time:

Picture of map illustrating areas where elections might not occur.

Windows Forms to Developers: I’m not Dead Yet

Tuesday, September 21st, 2004

In my recent blog “Spolsky 1: Scoble 0 – Stegman’s Video, while Great, doesn’t apply to the API war” the most surprising results were in the responses. While many did address the focus of the item (that of API changes), there were a number of responses directly relating to Windows Forms as a technology. Recently, Mike Harsh elaborated on this topic as well. Clearly there is interest in where Windows Forms fit into the greater scheme of things. I think this is worth of further discussion.

It’s possible Mike may be too conservative about the future of Windows forms. Curiously enough, the very issues that Joel brings up with regards to the API war actually work in favor of Windows Forms. You see, even though Windows Forms is a managed wrapper for User32, the key point is that it does wrap User32 – the old Win32 GDI API that every Windows developer in the world is familiar with.

So here comes Avalon – a new approach and new API. Do the features that Avalon promises truly justify the investment in learning this new API? It’s too soon to say. It will likely prove compelling to those developers who really need to take advantage of new UI features, just as the DirectX API is worth learning for those who need that capability, but that may prove to be a minority of Windows developers.

My point is this – you have a huge number of Windows programmers, who grew up and know User32, how it plays with VB6, MFC, ATL and now Windows Forms. Do you really think they’re all going to just jump to Avalon overnight? Over a year? Over 10 years? .NET has compelling advantages over COM, and the transition is proving very slow. There’s every reason to believe that the transition to Longhorn and Avalon (that in my mind are still classified in the category of vaporware) will be as slow or slower. If there is no compelling economic advantage, Windows Forms might be the dominant managed forms package for many years.

Unless, of course, Microsoft abandons Windows Forms, either on purpose, or by implication (say, by failing to make interop work as smoothly as promised on future OS’s).

It’s a tough problem. Technically, I do believe Windows Forms is better than VB6 or MFC. But it suffers from the .NET distribution issue. Even ClickOnce may not change that (a topic I’ll be writing about soon). Avalon will suffer the same runtime distribution issue, plus the additional problems of limited OS support and the need to learn a new API.

I was discussing this earlier today with Christian Gross, and he suggested I take a look at GTK# . I doubt it’s as cool as Avalon, maybe not even as cool as Windows Forms. But I must confess, the idea of a forms package that runs on Windows, OSX and Linux is intriguing. Something to look at… in my copious spare time.

Hurricane Ivan and the X-Rayed Water Bottle

Saturday, September 18th, 2004

The other night I was watching the Hurricane Ivan show on CNN. It consisted mostly of newscasters standing in the rain and wind right outside of their hotel room, while waiting for a large planter to blow over (I’ll avoid comment about reports being smart enough to come out of the rain, and observe that the individual covering Hurricane Ivan for Jon Stewart’s Daily Show also stood in blowing mist – outside a carwash – thus fulfilling the journalistic obligation to be soaked while reporting on a storm).

Today, on my way to a conference in Germany, I saw someone carry a clear plastic water bottle through security – only to have it taken back through the metal detector and run through the X-Ray (I confess to being at a loss to imagine what an X-Ray might see in that bottle that we couldn’t).

This got me thinking. We all know that we’re spending lots of money to defend against terrorism and to X-Ray water bottles. About 40 billion in 2003 (not counting the war in Iraq, whose relationship to homeland security is an interesting question in and of itself). I wondered how it compared to what we are spending on various other threats – like hurricanes.

This is certainly a bad year for hurricanes, though we don’t know yet how much they’ll really cost. But looking at NOAA data, it looks like hurricanes and other storms typically cost 5 to 10 billion each year. Hurricane Andrew in 1992 was 27 billion (about the same as the direct costs of the 9/11 attacks). The NOAA budget is about 3.3 billion – that’s on all their activities, not just hurricane and storm tracking.

Terrorism though is worse than Hurricanes though. Why? Perhaps because it can strike at any time without warning.

So let’s consider earthquakes – they also can strike at any time without warning. I’m a California boy, and I got to ride the Loma Prieta quake (and trust me, “ride” is the operative word). That one cost about 6 billion. The Northridge quake cost 20 billion. The USGS annual budget is about 1 billion, of which 100 million or so goes to earthquake and volcano research and prediction.

But Terrorism is worse than earthquakes. Why? It kills more people (and why are we talking damage costs when lives are at stake anyway?)

World wide deaths from terrorism have been running under 4000/year (though increasing). The 9/11 attacks cost 2700 lives. Definitely more than have been killed by hurricanes are earthquakes (at least in the U.S.)

So let’s consider traffic accidents. In 2003 there were 42000 traffic fatalities in the U.S. (2.9 million injured). That’s more than killed by terrorism in the past decade. How much are we spending on high way safety? How does 3.6 billion sound?

But terrorism is worse than traffic accidents. Why? Because it has a greater risk of mass casualties due to possible use of weapons of mass destruction. But how much of that 40 billion is going towards controlling spread of nuclear weapons and detection, prevention and preparation for biological attack? I can’t help but wonder if that 40 billion is really being spent wisely.

There are some other things I wonder…

For example: I recently read that Afghanistan has become a leading export of Heroin and other drugs (70% of the world’s opium comes from there). I realize that the war on drugs has been preempted by the war on terrorism, but still, it’s hard for me to see that hunting for Bin-Laden is incompatible with getting a country out of the drug business.

And it does seem curious that Iraq seems to be developing into a new home and school for terrorists. I mean, freeing the Iraqis from Sadaam Hussein is all very nice, but exactly how did that make us more secure?

Anyway, these are some of the questions I’ve been wondering about. Not that I have any answers, but it did lead me to one thought I’d like to leave you with. Virtually all of the political discussion has related to Bush vs. Kerry as individuals (and what they may or may not have done 30+ years ago). Let’s remember that we aren’t just hiring a president – we’re hiring their staff. If you rehire Bush you get Cheny, Rumsfield, Ashcroft, Rice and maybe Powell in the bargain (it’s not clear if Powell’s staying on) – not to to mention the likelihood of a Supreme Court justice or two. With Kerry you get… Hmm… who do you get? Hopefully we’ll hear soon.

Ok, I’m out of questions. It’s raining outside, but I’m safe and warm in my hotel room, drinking water from a nice, safe, thoroughly X-Rayed bottle.

(P.S. it’s not really raining outside. That part is poetic license).


National Oceanic and Atmospheric Association (NOAA).
Center for Contemporary Conflict – U.S. Navy.
Centers for Disease Control and Prevention (CDC).
U.S. Geological Survey (USGS).
US Department of Transportation.
Congressional Hearing: Afghanistan Drugs and Terrorism and U.S. Security Policy Feb 12 2004.

Spolsky 1: Scoble 0 – Stegman’s Video, while Great, doesn’t apply to the API war

Tuesday, September 14th, 2004

In a recent blog item, Robert Scoble suggests that Joe Stegman’s video on Windows Forms answers Joel Spolsky’s article “How Microsoft Lost the API War.”

Sorry Robert – but it doesn’t.

Make no mistake, Windows Forms is great stuff. Ok, perhaps you hype it a bit too much – that great looking Outlook application that is created with 100 lines of code largely looks like Outlook because it uses an Outlook control. But nevertheless – it’s great.

And yes, Windows Forms will “play” with Avalon. Microsoft’s “Developer’s Guide to Migration and Interoperability in “LongHorn” on MSDN chapter 5 addresses this.

But “play together” in this sense is an interoperability issue. Avalon and Windows Forms represent two different programming models or API’s.

Let me stress the word “interoperability” here. Sure, Avalon can host Windows Forms and vice versa. Just as Windows Forms today can host COM ActiveX controls. But do you know many people writing COM ActiveX controls for use with .NET? No.

Why not?

  • Because people are reluctant to trust an interoperability layer, both from reasons of compatibility and reasons of performance.
  • Because once Microsoft adopts and promotes a new technology (.NET), they tend to stop development and gradually support on the old one (COM).
  • Because psychologically, developers want to play with the latest technology, and managers feel pressure to adopt the latest technology.

Having two technologies that have different API’s have all the costs Joel discusses such as the cost to learn a new technology and the cost to port applications (even when there is no feature, performance or economic benefit in doing so).

With Avalon and Longhorn we are faced with the same process. Sure Windows Forms is being invested in big time. Sure Windows Forms controls will be hosted in Avalon through an interop layer (and vice versa). It doesn’t matter. The same pressures will apply in just a few years to migrate to Avalon. There will be inevitable problems in the hosting, concern about long term support, and pressure in the media and development community to use the latest and greatest thing.

Sure, if you’re writing software with a lifespan of a few years, Windows Forms is a great way to go. But we all know that software, enterprise software especially, lives a long time. Can Microsoft categorically promise to maintain a full commitment to development, maintenance and support of Windows Forms for the next 15 years? (A more typical lifespan for enterprise software). Will they maintain that commitment during at time where their marketing department and media are pushing Avalon and Longhorn?

Do you really want to invest full bore in Windows Forms today given the uncertainty of which technology will become dominant, run on the most platforms, and have the best long term support?

For smaller applications, absolutely. But if you’re going to invest in a large project, this is a very difficult decision, and waiting for Avalon might be the better strategy. It’s too soon to know.

RSS feeds for sites referred to in this item:

Joel on Software

Reinventing Software Licenses

Monday, September 13th, 2004

Let’s start with the obvious. Almost nobody reads software licenses. You know why – they’re incomprehensible, too long, and in cases where you have to use the software anyway, you’re stuck with the license regardless. The only exceptions are the large corporations who have the lawyers, time and money to deal with them. Normal people don’t bother.

Unfortunately, this has some pretty serious side-effects. Aside from the obvious fact that millions of people are in effect agreeing to contracts they’ve never read, one of the common ways that spyware and adware are spread are by having users agree to them without realizing they are doing so.

I think it is time to completely revolutionize the way we deal with software licenses. To do so, I offer the following modest proposals.

  • A law should be passed that restricts the length of software licenses for consumer software to no more than 500 words. For comparison: the BSD Open Source license is 225 words, The Claria (formerly Gator) adware license agreement is over 6600 words (15 pages single spaced).
  • Software licenses must be written in plain language that can be clearly understood by the average 13 year old.
  • Security updates to software may not include any license terms that were not present in the original software.
  • No license for released (not beta) software may include any terms that restrict speech, review or benchmarking of the software. For a software publisher to restrict free speech and commentary on their products is shameful and unethical. I do think, however, it’s fair to require that any benchmarks include the source code of the benchmark so people can independently review the results.

My Challenge to Microsoft

As the software industry leader, I call on Microsoft to take the lead in coming up with creative and user friendly solutions to this problem. To start with, try taking the software licensing process out of the hands of your lawyers, and hand it to your user interface people. They’re good, and if they can’t figure out a way to revolutionize software licenses so they work, then we should all go to open source, because the situation will truly be hopeless.

My Challenge to the Government

Yes, I know – asking Congress (which is made up primarily of lawyers) to create laws that simplify license agreements seems like a long shot. But I can dream, right?

How else do you think software licenses need to be changed? Comments welcome.

Lies and Truths

Sunday, September 5th, 2004

Fool me once shame on you, fool me twice shame on me… well, so says the quote. But honestly, with so many conflicting claims and lies, I’ve become increasingly frustrated by my own inability to figure out what’s actually true. Whether it’s lying through omission, lying through misdirection, or outright lies, it’s awfully hard to extract nuggets of truth from the noise.

So, being a civic minded individual, I did some extensive research, and am pleased to offer this guide to detecting who is lying during this joyful campaign season:

  • Anyone who explicitly claims to be telling the truth – is lying. Groups with “truth” in their name, lie. “Swift Boats for Truth” – dead giveaway. If they weren’t lying, they wouldn’t need to convince you otherwise.
  • Every political advertisement lies (by omission- obviously).
  • All issues ads lie (you know, the kind that aren’t sponsored by the candidate, but rather by their best friend, leading contributor, ex college roommate, etc.)
  • All news broadcasts lie. The one exception: Jon Stewart’s Daily Show, which claims to lie, has a higher degree of truth than any news broadcast. This is not surprising because all comedy is ultimately based on truth.
  • Anyone claiming the other side is lying, is lying (Michael Moore, Rush Limbaugh, you know the type).
  • All the candidates and their spokespersons lie. You see, if they actually said anything truthful the media would squeeze it of any ounce of subtlety and portray it as a mistake or gaff. So the campaigns must stick with carefully polished and scripted sound bites – lies.
  • Anyone who mentions 9/11 in a political context more than once in a speech or conversation is lying (it’s the ultimate misdirection). Oh, except for Rudolph Giuliani, who’s the only guy who’s earned the right to say it twice in a speech before it’s a lie.
  • Anyone who talks extensively about how great America is, is lying. Real patriots know America is great – we don’t need politicians going on about it. We’d rather hear them explain HOW they’re going to keep America great. And how we’ll pay for it. Specifics please?
  • There are probably more – comments are welcome.

Finding the truth is clearly a greater challenge than I ever imagined. And it poses some fundamental challenges when it comes to voting this November. But since it is clear that lies far outnumber the truth, the following axiom, stripped of spin and manipulation, must be fundamentally true:

Since all politicians and media are lying (either through omission, misdirection, or outright), you cannot predict their future actions based on what they say. This implies that you can only anticipate their future actions based on past actions of themselves and their supporters.

Ok, we’re making progress. Having written off the media, the candidates, the ads, the campaigns, and statistics (which are also subject to manipulation and later correction), it becomes remarkably easy to choose a candidate. Let’s consider the major topics:

  • Iraq & Terrorism:
    Both sides now agree that the arguments for going into Iraq were either outright lies, or the results of gross incompetence. Frankly, I supported going into Iraq because I could not imagine our government either lying about WMD, or being so grossly incompetent as to go to war without an incredibly high degree of certainty on the issue. Spin aside, the buck stops there: It was either a lie or gross incompetence.
    If you believe the current administration has learned from their mistakes, and has become highly competent at intelligence and foreign policy, you should stick with Bush. If you’re one of those people who, if you had an employee who lied or was grossly incompetent, would fire them, you should choose Kerry.
  • Taxes:
    This one is simple. You either choose a Tax and Spend Democrat. Or a Borrow and Spend Republican. Sorry, you can’t have a true responsible economic conservative (control spending and balance the budget) – that was Clinton and he can’t run again.
  • Economy:
    If you’re making more money, have better job security, and your friends and family are happily employed, the economy is good. If your economic status is uncertain, and you know people who are out of work, the economy is bad. Since the media and statistics lie, all you can base it on is what you see around you.
  • Social Issues:
    If aborting fetuses and gays getting married is more important to you than security, taxes or the economy, you know who to choose.
  • Health Insurance:
    If you don’t have health insurance or can’t afford it, and want it, choose Kerry. It’s virtually certain the Democrats will do more than the Republicans on that score.
  • Civil Liberties:
    If you’re willing to give up more privacy and civil rights in the hope of gaining more security, stick with Bush. If you’re willing to accept more risk in order to keep privacy and civil rights, choose Kerry.

Those are the big ones. There are lots of other issues, but it’s much harder to distill the truth out of lies on those, or to figure out which “experts” might be closer to the truth. But I’ll keep working on it.

Scams and Quotes

Friday, September 3rd, 2004

This week I was quoted in an SD Times story about 64 bit Windows. In it I say:

“Migration to 64 bits is likely to be slow, as is migration to any new technology. What’s more, delays of major products from Microsoft are common, so it’s hard to get excited about them.”

Now, for the record, I was not misquoted. Nor was this taken out of context. However, also for the record, I’d like to include the remainder of the quote that was not included in the article:”

Not only are delays on major products common, but as an industry we would much rather Microsoft take the time needed to “do it right”, and make sure the technology is secure and reliable, than to rush something out the door.
Kudos to Microsoft for having the discipline to wait until it’s truly ready to ship.

Now, on another note. I saw the most remarkable phishing email scam today. The misdirected link was subtle and hard to spot in the message source code, even when I knew what I was looking for. I wrote up a description of this IE specific attack at Visit the page using IE – it’s a trip.

Weapons of Mass Distraction

Wednesday, September 1st, 2004

The ongoing flap about Kerry’s service in Vietnam is an all too typical example of the media (and others) focusing on triviality and completely missing the bigger picture. Were there bullets flying? Did Kerry bleed on his Purple Heart?

Who cares?

The bottom line is that Kerry did serve in Vietnam. And if he didn’t get shot at in this particular instance, there’s no doubt he was shot at other times. Those boats sailed dangerous waters. Even if he exaggerated the danger on some report 35 years ago, the idea that this should influence today’s election is ludicrous.

But unfortunately our political system is all too often based on the big lie and distraction – shout a lie long and loud enough and people start to care and to believe it.

Or how about flip-flops?

“Flip-flop” is a common insult in this political season. I think it’s overtaken “liberal” as a dirty word (in part because more Democrats are willing to stand up and proudly claim the term, a common schoolyard technique for shutting up a bully). Could the same approach work for “flip-flop?” Absolutely. Why, I myself flip-flopped recently. Just a few months ago I explained why I had no interest in blogging. And here I am, blogging furiously. Flip-flop is a childish way of saying “changing your mind.” If someone learns something new, and has the courage to acknowledge that their previous opinion was wrong and to adopt a stance based on their new knowledge – that’s something to be admired, not condemned.

Is there hope?

They say that California leads the nation, and a recent flap with our Governor gives hope. You remember him, governor Schwarznegger. Just yesterday we were the laughing stock of the world with an open ended recall election that had 135 people running for the office. They laughed harder when we chose an ex-body builder movie star with a thick accent. But guess what – most Californians are absolutely thrilled with the job he’s been doing. But there’s one recent incident that gives true hope for the future.

The legislature was in the midst of their usual annual deadlock on passing a budget. In frustration, Governor Schwarznegger called those who refused to act “girlie men.” The media went into a frenzy: he was sexist, he was homophobic, he was….

Meanwhile, the reaction of most of the population seemed to be “yeah, he was funny. Now pass the d#*# budget!”

In other words, by and large the electorate did not buy into the media distraction, and stayed focused, maybe even appreciated the humor of the Governor using a phrase that was originally used on Saturday Night Live to parody him. And we got our budget.

Weapons of Mass Distraction is also the title of a wonderfully wicked movie. Though a bit hard to find, I highly recommend it. Might be available from Barnes & Noble