Quotulatiousness

June 19, 2011

Cyber-espionage in theory and practice

Filed under: China, Government, Military, Technology, USA — Tags: , , , — Nicholas @ 09:50

An interesting article at Strategy Page discussing online espionage:

Firms with the most to lose, like financial institutions, guard their data most successfully. They do this the old-fashioned way, with layers and layers of security, implemented by the best (and most highly paid) people and pushed by senior managers who take the time to learn about what they are dealing with, and what it will take to stay on top of the problem.

It’s different in the defense business. If the Chinese steal data on some new weapon, there might be a problem years down the road, when the Chinese offer a cheaper alternative to an American weapon, for the export market. But even that problem has a silver lining, in that you can get away with insisting that those clever Chinese developed your technology independently. Meanwhile, everyone insists that there was no espionage, cyber or traditional, involved. As a further benefit, the American firm will get more money from a terrified government, in order to maintain the American technical edge. It’s the same general drill for military organizations. But for financial institutions, especially those that trade in fast moving currency, derivatives and bond markets, any information leaks can have immediate, and calamitous consequences. You must either protect your data, or die.

It’s not exactly a secret that China has been active in this area, but the extent of their official activity is hard to state. However, just as non-state actors take advantage of individuals who fail to use anti-virus software on their computers, ignorance and apathy are tools for state actors:

But the biggest problem, according to military Cyber War commanders, is the difficulty in making it clear to political leaders, and non-expert (in Internet matters) military commanders, what the cyber weapons are, and the ramifications of the attacks. Some types of attacks are accompanied by the risk of shutting down much, or all, of the Internet. Other types of operations can be traced back to the source. This could trigger a more conventional, even nuclear, response. Some attacks use worms (programs that, once unleashed, keep spreading by themselves.) You can program worms to shut down after a certain time (or when certain conditions are met). But these weapons are difficult, often impossible, to test “in the wild” (on the Internet). By comparison, nuclear weapons were a new, very high-tech, weapon in 1945. But nukes were easy to understand; it was a very powerful bomb. Cyber weapons are much less predictable, and that will make them more difficult for senior officials to order unleashed.

So the first order of business is to develop reliable techniques to quickly, and accurately, educate the senior decision makers about what they are about to unleash. This would begin with the simplest, and cheapest, weapons, which are botnets, used for DDOS attacks. In plain English, that means gaining (by purchase or otherwise) access to hundreds, or thousands, of home and business PCs that have had special software secretly installed. This allows whoever installed the software that turned these PCs into zombies, to do whatever they want with these machines. The most common thing done is to have those PCs, when hooked up to the Internet, to send as many emails, or other electronic messages, as it can, to a specified website. When this is done with lots of zombies (a botnet), the flood of messages becomes a DDOS (Distributed Denial of Service) attack that shuts the target down. This happens because so much junk is coming in from the botnet, that no one else can use the web site.

June 17, 2011

DARPA’s “National Cyber Range” on schedule

Filed under: Government, Technology, USA — Tags: , , , , — Nicholas @ 10:07

In order to determine ways to fend off or prevent attacks on the internet, DARPA is hoping to have their scale model of the internet ready sometime next year for testing:

The US defence agency that invented the forerunner to the internet is working on a “virtual firing range” intended as a replica of the real internet so scientists can mimic international cyberwars to test their defences.

Called the National Cyber Range, the system will be ready by next year and will also help the Pentagon to train its own hackers and refine their skills to guard US information systems, both military and domestic.

The move marks another rise in the temperature of the online battlefield. The US and Israel are believed to have collaborated on a sophisticated piece of malware called Stuxnet that targeted computers controlling Iran’s nuclear centrifuge scheme. Government-authorised hackers in China, meanwhile, are suspected to have been behind a number of attacks on organisations including the International Monetary Fund, French government and Google.

[. . .]

Darpa is also working on other plans to advance the US’s cyber defences. A program known as Crash — for Clean-slate design of Resilient, Adaptive, Secure Hosts — seeks to design computer systems that evolve over time, making them harder for an attacker to target.

The Cyber Insider Threat program, or Cinder, would help monitor military networks for threats from within by improving detection of threatening behaviour from people authorised to use them. The problem has loomed large since Bradley Manning allegedly passed confidential state department documents to WikiLeaks, the anti-secrecy website.

Another is a Cyber Genome, aimed at automating the discovery, identification and characterisation of malicious code. That could help figure out who was behind a cyber-strike.

May 30, 2011

Cory Doctorow: “Every pirate wants to be an admiral”

Filed under: Economics, Law, Liberty, Media, Technology — Tags: , , , , — Nicholas @ 10:09

May 25, 2011

Australia: leading the charge to our over-Nannied future

Filed under: Australia, Bureaucracy, Health, Liberty — Tags: , , , — Nicholas @ 12:31

There once was a time when the popular image of Australia celebrated its rugged, independent, free-spirited approach to life. It’s hard to recognize that in today’s Nanny State paradise:

Last week, the Preventative Health Taskforce published a report which, in its words, launched a ‘crackdown’ on drinking, smoking and the eating of ‘energy-dense, nutrient-poor’ food. This report made 122 recommendations, called for 26 new laws and proposed establishing seven new agencies to change the behaviour of Australians. To take just a few examples related to tobacco, the Taskforce called for the price of 30 cigarettes to rise to ‘at least $20’ (£13) by 2013, for a ban on duty-free sales, a ban on vending machines and a ban on smoking in a host of places including multi-unit apartments, private vehicles and ‘outdoors where people gather or move in close proximity’. They even contemplate a ban on filters and the prohibition of additives that enhance the palatability of cigarettes.

As in so many countries, Australia’s anti-smoking campaign has acted as a Trojan horse in the effort to fundamentally change the relationship between citizen and state. By no means does it end with tobacco. The Taskforce also wants to ban drinks advertising during programmes that are watched by people under 25 — a category so broad as to include virtually every programme — and calls for graphic warnings similar to those now found on cigarette packs to be put on bottles of beer. It also wants the government to establish ‘appropriate portion sizes’ for meals, to tax food that is deemed unhealthy and to hand out cash bonuses to those who meet the state’s criteria of a healthy lifestyle.

And it’s not just the booze and ciggies getting the full Nanny treatment, either. Australia is very concerned about the internet browsing and video game habits of the citizens:

It is the professed concern for the well-being of children that props up so much authoritarian legislation in both hemispheres. This does not just apply to smoking, nor even health issues in general. Australia has a unenviable record of internet censorship, for example, and a national website filter has been proposed to protect children from pornography and gambling. It also has a longer list of banned video games than any other Western democracy. And so if you, as an Australian adult, want to exercise your right to gamble and play violent video games, that’s just too bad. The rights of some hypothetical teenager to enjoy freedom from grown-up pursuits trump your own rights to pursue them.

Netflix now the 500lb gorilla sitting on your internet bandwidth

Filed under: Economics, Media, Technology — Tags: , , , — Nicholas @ 07:41

In a shocking display that if you make something legally accessible, people are willing to pay for it (who’d ever have expected that?), Netflix has supplanted Bittorrent as the largest user of peak-time internet traffic:

Is solving the copyright “wars” really so difficult? New traffic research shows that Netflix has overtaken Bittorrent as America’s favourite internet application, knocking http into third place. “P2P is here to stay,” note the authors in Sandvine’s Global Internet Report, Spring 2011 edition, which shows that demand for legal, paid-for stuff is the single biggest internet traffic trend.

Copyright-holders who are slow to bless legal services, by contrast, find themselves being swamped by pirates.

Netflix now accounts for 24.71 per cent of peak time aggregate traffic in the US, pushing Bittorrent into second place with 17.23 per cent. By contrast, the Sandvine numbers show that in markets where there are no legal services, pirate services flourish. In Latin America, file-sharing program Ares grabs 15.48 per cent of peak-time (fixed line) internet traffic, behind http. In Europe, Bittorent rules, with 28.4 per cent of peak-time traffic, ahead of http. Here, YouTube grabs third place, with almost 12 per cent of peak-time traffic.

We signed up for a month-long trial of Netflix (on the recommendation of Dark Water Muse) and have been quite happy with the service. In fact, it was a major factor in our buying a PS3 over the weekend, as our existing Blu-Ray player was incompatible with Netflix.

May 24, 2011

Why is the move to IPv6 so important?

Filed under: Media, Technology — Tags: , — Nicholas @ 08:42

As you may remember, June 8th is World IPv6 Day, where hundreds of major players including Google, Facebook, and Yahoo will all turn on IPv6 access (but then turn it off again at the end of the day). It seems odd to make a big to-do about IPv6 Day then go back to business as usual after 24 hours. Most end users will not notice the change, as most of us connect through our various ISP networks using IPv4 addresses anyway.

So, what happens if IPv6 isn’t taken up by the movers and shakers of the networking world?

Proponents of IPv6 make dire predictions about the fate of the Internet if usage of IPv6 doesn’t rise dramatically in the next few years. They say the complexity of the Internet infrastructure will increase, network operations costs will rise, and innovation will be hampered. This is due to the multiple layers of network address translation (NAT) devices that will be required to share limited IPv4 addresses among a rapidly growing base of users and devices.

“If IPv6 fails to catch on, then the Internet will include nesting of NAT upon NAT,” says Russ Housley, chairman of the Internet Engineering Task Force (IETF), the Internet standards body that created IPv6. “I hope this is not our future because it would be a very fragile Internet, making innovation more difficult. On the other hand, IPv6 will greatly reduce the need for NAT, restoring the opportunities for innovation that were envisioned by the original Internet architecture.”

Dorian Kim, vice president of IP engineering, Global IP Network at NTT America, a leading provider of IPv6 services in the United States, says that without IPv6 the Internet “will be even more heavily NATed than it currently is, but life will mostly go on. Unfortunately, such an Internet likely will have a negative effect on potential development of application or service innovation due to inherent issues with NATs. Additionally, should service providers become more and more reliant on NATs, this will probably change the cost and scaling trajectories of Internet services over time due to high cost and limited scalability of large-scale NAT solutions.”

May 11, 2011

QotD: The instinctive reaction to progress

Filed under: Humour, Media, Quotations, Technology — Tags: , , — Nicholas @ 12:39

I suppose earlier generations had to sit through all this huffing and puffing with the invention of television, the phone, cinema, radio, the car, the bicycle, printing, the wheel and so on, but you would think we would learn the way these things work, which is this:

1) everything that’s already in the world when you’re born is just normal;

2) anything that gets invented between then and before you turn thirty is incredibly exciting and creative and with any luck you can make a career out of it;

3) anything that gets invented after you’re thirty is against the natural order of things and the beginning of the end of civilisation as we know it until it’s been around for about ten years when it gradually turns out to be alright really.

Apply this list to movies, rock music, word processors and mobile phones to work out how old you are.

Douglas Adams, “How to Stop Worrying and Learn to Love the Internet”, Sunday Times, 1999-08-29

Michael Geist: the “Lawful Access” legislation does not criminalize hyperlinking

Filed under: Cancon, Law, Liberty, Technology — Tags: , , , — Nicholas @ 12:16

At least, on a reasonable person’s reading of the proposed law, it doesn’t criminalize hyperlinks to material that “incites hatred”:

The source of the latest round of concern stems from the Library of Parliament’s Parliamentary Information and Research Service legislative summary of Bill C-51. On the issue of hyperlinking, it states:

Clause 5 of the bill provides that the offences of public incitement of hatred and wilful promotion of hatred may be committed by any means of communication and include making hate material available, by creating a hyperlink that directs web surfers to a website where hate material is posted, for example.

I must admit that I think is wrong. The actual legislative change amends the definition of communicating from this:

“communicating” includes communicating by telephone, broadcasting or other audible or visible means;

to this:

“communicating” means communicating by any means and includes making available;

The revised definition is obviously designed to broaden the scope of the public incitement of hatred provision by making it technology neutral. Whereas the current provision is potentially limited to certain technologies, the new provision would cover any form of communication. It does not specifically reference hyperlinking.

Michael is much more informed about this issue than I am, so I find his confidence as a welcome balm to all the concern raised about this issue. The bill itself, of course, remains a civil liberty disaster in other ways, even with this issue addressed:

As I have argued for a long time, there are many reasons to be concerned with lawful access. The government has never provided adequate evidence on the need for it, it has never been subject to committee review, it would mandate disclosure of some personal information without court oversight, it would establish a massive ISP regulatory process (including employee background checks), it would install broad new surveillance technologies, and it would cost millions (without a sense of who actually pays). Given these problems, it is not surprising to find that every privacy commissioner in Canada has signed a joint letter expressing their concerns.

How resilient is the internet?

Filed under: Economics, Media, Technology — Tags: , , , — Nicholas @ 09:57

Richard Clayton summarizes a recent study by European Network and Information Security Agency (ENISA) on the internet’s ability to cope with disruptions. Among the ways the internet is vulnerable are:

First, the Internet is vulnerable to various kinds of common mode technical failures where systems are disrupted in many places simultaneously; service could be substantially disrupted by failures of other utilities, particularly the electricity supply; a flu pandemic could cause the people on whose work it depends to stay at home, just as demand for home working by others was peaking; and finally, because of its open nature, the Internet is at risk of intentionally disruptive attacks.

Second, there are concerns about sustainability of the current business models. Internet service is cheap, and becoming rapidly cheaper, because the costs of service provision are mostly fixed costs; the marginal costs are low, so competition forces prices ever downwards. Some of the largest operators — the ‘Tier 1′ transit providers — are losing substantial amounts of money, and it is not clear how future capital investment will be financed. There is a risk that consolidation might reduce the current twenty-odd providers to a handful, at which point regulation may be needed to prevent monopoly pricing.

Third, dependability and economics interact in potentially pernicious ways. Most of the things that service providers can do to make the Internet more resilient, from having excess capacity to route filtering, benefit other providers much more than the firm that pays for them, leading to a potential ‘tragedy of the commons’. Similarly, security mechanisms that would help reduce the likelihood and the impact of malice, error and mischance are not implemented because no-one has found a way to roll them out that gives sufficiently incremental and sufficiently local benefit.

Fourth, there is remarkably little reliable information about the size and shape of the Internet infrastructure or its daily operation. This hinders any attempt to assess its resilience in general and the analysis of the true impact of incidents in particular. The opacity also hinders research and development of improved protocols, systems and practices by making it hard to know what the issues really are and harder yet to test proposed solutions.

H/T to Bruce Schneier for the link.

Belgian newspapers win appeal against Google

Filed under: Europe, Law, Liberty, Media — Tags: , , , , — Nicholas @ 07:45

Apparently, even a short summary and a hyperlink are considered to be a violation of copyright in Belgium:

A Belgian appeals court has upheld an earlier ruling that Google infringes on newspapers’ copyright when its services display and link to content from newspaper websites, according to press reports.

The search engine giant is responsible for infringing the copyrights of the papers when it links to the sites or copies sections of stories on its Google News service, the Belgian Court of Appeals said, according to a report in PC World.

Google must not link to material from Belgian newspapers, the court said, according to the report (in French). No translation of the ruling is yet available.

[. . .]

The newspapers argued that they were losing online subscriptions and advertising revenue because Google was posting free snippets of the stories and links to the full article on Google News.

Google’s search engine offers links to the websites it indexes but also to “cached” copies of those pages. The copies are stored on Google’s own servers.

May 10, 2011

IPv6 day is coming

Filed under: Technology — Tags: , — Nicholas @ 09:45

There’s been a short cycle of “we’re running out of internet addresses” articles over the last few months, as the available free blocks of IPv4 addresses are allocated. By now, we were all theoretically supposed to have moved on to the successor addressing scheme, IPv6:

On the 8 June, it’ll be World IPv6 Day — a coordinated effort by major services on the internet, including Google and Facebook, to provide their services using the new version of the Internet Protocol. It’s part of the plans to cope with internet addresses ‘running out’. But just what is IPv6 — and what does it mean for most users?

At its most simple, IPv6 is the successor to IPv4 which has become the de facto standard for both local and global connectivity. It includes many extra features, including processing speed-ups, and enhancements to security and to quality of service, but the one that’s really driving the need to change is that there are many more internet addresses available with IPv6.

Most Reg Hardware readers will be familiar with the look of an IPv4 address: it’s 32 bits long, and typically written as a series of four eight-bit decimal numbers, separated by full stops, like 10.0.0.1.

An IPv6 address is 128 bits long, and usually represented by groups of four hexadecimal digits, separated by colons. Each of those four digits represents 16 bits, so there are up to eight groups, giving IPv6 addresses that look like 2001:0470:1f09:1890:021f:f3ff:fe51:43f8.

It won’t be a simple case of turning on IPv6 and turning off IPv4, however, as there’s still huge numbers of devices that depend on IPv4. Over time, more and more devices (not just computers, or not only what we tend to think of as “computers”) will work natively with IPv6 addresses.

You won’t just get a single IPv4 address from your ISP anymore: you’ll get a huge block of addresses (“you’ll receive more addresses for your home network [than the] whole of the IPv4 internet”).

Typically, a broadband customer will be given a set of IPv6 addresses for their network, and the router will also provide an IPv4 address and NAT (Network Address Translation) for devices that can’t use the new protocol. The big change for many people is that all their IPv6 devices will be publicly available to the net. That will make setting up many devices much simpler, but also reinforces the need for a proper firewall in the router.

May 6, 2011

CRTC: broadband decision now in government’s hands

Filed under: Cancon, Economics, Government, Technology — Tags: , , — Nicholas @ 13:16

Michael Geist sums up the CRTC’s universal service decision:

The CRTC issued its universal service decision this week, which included analysis of funding mechanisms for broadband access, broadband speed targets, and whether there should be a requirement to provide broadband access as part of any basic service objective. Consumers groups and many observers were left disappointed. The CRTC declined to establish new funding mechanisms (relying on market forces) or changes to basic service and hit on a target of 5 Mbps download speed (actual not advertised) to be universally available by the end of 2015. Critics argued this left consumers on their own and suggested that the targets were underwhelming, particularly when contrasted with other countries.

While I sympathize with the frustration over the CRTC’s decision to essentially make broadband a “watching brief,” I wonder why Canadians should expect the CRTC to lead on broadband targets and funding. Universal access to globally competitive broadband (in terms of speed, pricing, and consumer choice) is a perhaps the most important digital policy issue Canada faces and it should not be viewed through a narrow telecom regulatory lens.

May 3, 2011

The lawfare threat to bloggers (and anyone else who posts on the web)

Filed under: Law, Liberty, Media, Technology — Tags: , , , — Nicholas @ 18:15

Box Turtle Bulletin lays out the details of a very disturbing development:

By providing blockquotes, we let the source material speak for itself without any inadvertent inaccuracies or biases which may creep in if we were to paraphrase it. And by providing links, we allow you, the reader, to click through for more information. Of course, we cannot copy the source material in its entirety, nor can we copy major portions of it. That would violate copyright laws, which is a very serious issue. But copyright laws do allow us to copy small portions of source material for commentary and discussion purposes.

As I said, copyright laws — or more specifically, copyright lawsuits — are serious business. And now, three newspaper chains have discovered that filing copyright lawsuits can become yet another profit center. The problem is, their definition of copyright infringement not only contradicts copyright law, but also poses a serious threat to bloggers and other online outlets everywhere.

Righthaven LLC is a copyright holding company which acquires “rights” to newspaper content after finding the content published on other web sites without permission, and files lawsuits against those web site. Righthaven was created as a partnership with Stephens Media, publisher of the Las Vegas Review-Journal, and their business model rests entirely on suing web site owners and operators for extravagant “damages” as a shakedown exercise. (“Rights” are in quotes, because, contrary to what is required under copyright law, Righthaven doesn’t actually acquire any legitimate copyright “rights,” which is yet another problem with their business model.) Two other newspaper chains, WEHCO Media and Media News Group have entered into agreements with Righthaven to split the profits from lawsuits stemming from their respective newspapers’ contents.

The three newspaper chains partnering with Righthaven represent some very important voices in the newspaper industry, including the Las Vegas Review-Journal, Denver Post, Salt Lake Tribune, San Jose Mercury News, Oakland Tribune, St. Paul Pioneer Press, Detroit News, El Paso Times, Arkansas Democrat-Gazette, and Charleston Daily Mail.

I had already heard that the Las Vegas Review-Journal had some unusual views on quoting from their website, so I’ve avoided using that site for years. I didn’t know that the St. Paul Pioneer Press had also adopted that highly restrictive view of copyright, and they were one of the newspapers I read regularly for Minnesota Vikings information. I’m going to have to avoid quoting from them, however. Here is how Box Turtle Bulletin will be handling the situation in future:

And so to protect ourselves and this web site, we will no longer cite any content from Denver Post, Las Vegas Review-Journal, Salt Lake Tribune, or any of the other news sources listed no linkhere. There will be no links, no blockquotes, nothing. For the most part, it will be as if these sources simply don’t exist.

But if it happens that, for example, the Denver Post has an exclusive story that no one else has, we will do what the Associated Press does whenever the New York Times breaks a story. We will write about the story by paraphrasing the Post’s article, but we will not quote from it or provide a link to it — just like the Associated Press does. There will be however one tweak from standard AP practice: we will provide a link, but it will be to an explanation as to why there is no link. It will look something like this:

     “The Denver Post (no link) reports blah, blah, blah…”

H/T to Walter Olson for the link.

Michael Geist on what the Conservative majority means for digital policies

Filed under: Cancon, Economics, Government, Liberty, Technology — Tags: , , , , , , — Nicholas @ 12:29

In short, he sees it as a mixed bag:

For example, a majority may pave the way for opening up the Canadian telecom market, which would be a welcome change. The Conservatives have focused consistently on improving Canadian competition and opening the market is the right place to start to address both Internet access (including UBB) and wireless services. The Conservatives have a chance to jump on some other issues such as following through on the digital economy strategy and ending the Election Act rules that resulted in the Twitter ban last night. They are also solidly against a number of really bad proposals — an iPod tax, new regulation of Internet video providers such as Netflix — and their majority government should put an end to those issues for the foreseeable future.

On copyright and privacy, it is more of a mixed bag.

The copyright bill is — as I described at its introduction last June — flawed but fixable. I realize that it may be reintroduced unchanged (the Wikileaks cables are not encouraging), but with the strength of a majority, there is also the strength to modify some of the provisions including the digital lock rules. Clement spoke regularly about the willingness to consider amendments and the Conservative MPs on the Bill C-32 committee were very strong. If the U.S. has exceptions for unlocking DVDs and a full fair use provision, surely Canada can too.

The Conservatives are a good news, bad news story on privacy. A fairly good privacy bill died on the order paper that will hopefully be reintroduced as it included mandatory security breach notification requirements. There will be a PIPEDA review this year and the prospect of tougher penalties for privacy violations is certainly possible. Much more troubling is the lawful access package which raises major civil liberties concerns and could be placed on the fast track.

April 27, 2011

High computer use linked to “smoking, drunkenness, non-use of seatbelts, cannabis and illicit drug use, and unprotected sex”

Filed under: Cancon, Health, Media, Technology — Tags: , , , — Nicholas @ 07:20

Talk about upsetting the stereotype of basement dwelling, dateless nerds:

The revelations come in research conducted lately in Canada among 10 to 16-year-olds by epidemiology PhD candidate Valerie Carson.

“This research is based on social cognitive theory, which suggests that seeing people engaged in a behaviour is a way of learning that behaviour,” explains Carson. “Since adolescents are exposed to considerable screen time — over 4.5 hours on average each day — they’re constantly seeing images of behaviours they can then potentially adopt.”

Apparently the study found that high computer use was associated with approximately 50 per cent increased engagement with “smoking, drunkenness, non-use of seatbelts, cannabis and illicit drug use, and unprotected sex”. High television use was also associated with a modestly increased engagement in these activities.

According to Ms Carson this is because TV is much more effectively controlled and censored in order to prevent impressionable youths seeing people puffing tabs or jazz cigarettes while indulging in unprotected sex etc. The driving without seatbelts thing seems a bit odd until one reflects that old episodes of the The Professionals, the Rockford Files etc are no doubt torrent favourites.

« Newer PostsOlder Posts »

Powered by WordPress