Monthly Archives: August 2009

The big kill switch

There is a troubling bill being drafted by Sen Rockefeller that would give the US government the power to essentially kill the internet (at least the US corner of it). The bill would give the government the ability to order all private systems deemed “critical” to be disconnected during an “emergency”.

I am simply not confident of the governments ability to properly define “critical” and “emergency”, much less make the proper decision as to whether or not throwing the big kill switch will make matters better or worse. I think the government needs to demonstrate much more core competency in the computer security space before they are entrusted with this kind of power.

Your doctor, the IRS, and you

One of the more unfortunate ramifications of the proposed healthcare reforms is that it will inject the IRS into your relationship with your healthcare provider. As John Stossel points out:

Cornell law school professor William A. Jacobson writes that under both the House and Senate plans, the IRS will serve as the enforcer of the rules against individual taxpayers. Doctors will have to report to the IRS the names, addresses, Social Security numbers and coverage periods of their patients.

Both current versions of the legislation slap a %2.5 percent tax on any not covered by medical insurance, so the IRS involvement seems inevitable.

Do you really want the IRS involved in your healthcare?

All you say

Jeff Atwood has an interesting post on web programming vs traditional desktop development. But he goes way too far with this blanket statement:

Pretty soon, all programming will be web programming. If you don’t think that’s a cause for celebration for the average working programmer, then maybe you should find another profession.

All you say? Really?

Putting aside entire fields such as embedded systems, game development, database administration, mainframes, developer tools and compilers, network management, systems administration, configuration management, identity management, source code control systems, etc; one could say that “all end user application development will soon be web programming”. But even that is unlikely.

First of all the death of the desktop application a long way off. I have email accounts with Yahoo and Gmail, but both feed into my Thunderbird email desktop app. I only use the web interface when I am forced to use another computer. Word processing is still done predominantly on desktop apps. As is IM, media editing, and a host of over things that people do on a day to day basis.

Even a good portion of web development will soon be desktop development. Or put another way, instead of writing clunky web applications that at best approach what is possible on a desktop app, RIAs will be written in Silverlight, Flash, or JavaFX that deliver true desktop app functionality on the web.

Flashers

It looks like Flash cookies, which are really old news, are back in the news (via Bruce Schneier). This form cookie is particularly insidious because it does not honor the cookie policies of your browser of choice.

This Wired article decries the practice of using flash cookies as a “backup” in order to recreate cookies the user has deleted. In fact if you use the BofA online banking web app, that’s exactly how the SiteKey knows your computer is the one you normally log in from. If you attempt to access your account from a different computer it will not detect that web cookie or Flash cookie and force you to answer additional challenge questions.

BTW if you want to know what sites have dumped these critters on you, Adobe has a Flash cookie manager plug-in which you can find here.

Top 10 cloud scares

This article lists 10 reason companies may resist adopting cloud services. There some good points here but number 6 is just silly. Even if you are a believer in anthropogenic global warming (as opposed to what is caused by the giant fusion reactor in the sky), you would sill be better off employing cloud services. Unless your company that has very sophisticated power management technology you won’t be able to run a service as efficiently on a per-user basis as a company that host services for a living. Power usage for that service is a much bigger cost item for them than for you and they have much more incentive to minimize it.

Number 7 is a good point but vastly understates the problem. It isn’t so important where the servers live but where your provider has a legal presence or does business. For example if your provider does business in China it will need to bow to their whims regardless of where the servers physically reside. Really US privacy laws (or the lack there of) are really the least of your worries in regards to your data.

Is Google the new Halliburton

One of the creepier aspects of the previous administration was the perceived influence of companies such as Halliburton. Is Google the Halliburton of this administration? Is it a company that is perceived to have undue influence in how the government conducts business?

That feeling comes across in this article about the government reconsidering it’s use of cookies:

Some privacy groups say the proposal amounts to a “massive” and unexplained shift in government policy. In a statement Monday, American Civil Liberties Union spokesman Michael Macleod-Ball said the move could “allow the mass collection of personal information of every user of a federal government website.”

Personally I have never liked the broad banning of cookies on government site. It seems to reduce the usability of web sites for little gain in privacy. Especially now that most recent browsers have a “porn mode” there doesn’t seem much need to maintain the ban.

But there is a perception that Google is driving this change. That is not a good thing.

Browsers anonymous

This is an interesting bit about building anonymity into the internet. Unfortunately this article tends to conflate privacy and anonymity.

When people talk about anonymity the usually fail to distinguish between real anonymity and granted anonymity. For instance my ISP could grant me anonymity using one of the schemes discussed in the article. Or I could pay cash to use an internet café computer. In the former my anonymity only lasts so long as my ISP protects it. It is granted and ephemeral. In the later case my anonymity is real to the extent of my ability not to reveal personal information as I browse.