Andrew's shared items in Google Reader

Security Guru Calls Chrome OS's Security Claims "Idiotic"

2009-07-09T16:33:00Z

Noted security guru Bruce Schneier, chief technologist at BT, has scoffed at Google's claims about its new OS, just announced yesterday. According to the Google blog post, Chrome OS represents a complete redesign of the underlying security architecture of the OS "so that users don't have to deal with viruses, malware, and security updates." A bold statement to say the least...and apparently one Schneier doesn't think too much of. "It's an idiotic claim," he says.

Sponsor

In a Yahoo News story, it's reported that Schneier isn't completely buying Google's promises. "It was mathematically proved decades ago that it is impossible -- not an engineering impossibility, not technologically impossible, but the 2+2=3 kind of impossible -- to create an operating system that is immune to viruses."

That seems to us like he's picking on the semantics of Google's statement just a bit. Google says that users "won't have to deal with viruses," and Schneier is noting that it's simply not possible to create an OS that can't be taken down by malware. While that may be the case, it's likely that Chrome OS is going to be arguably more secure than the other consumer operating systems currently in use today. In fact, we didn't take Google's statement to mean that Chrome OS couldn't get a virus EVER; we just figured they meant it was a lot harder to get one on their new OS - didn't you?

Even Schneier himself admits that an OS redesign which takes security into account "all the way up and down" could make for a more secure OS than the ones available today. However, that's different than saying that users won't have to deal with malware, he added.

Carl Leonard, security research manager of Websense EMEA, also shares Schneier's beliefs. "All software is susceptible to issues - it just depends on how much effort the malware author wants to go to and how much profit can be made," he said. "Already we have seen vulnerabilities and issues with the Chrome browser, and Google even ran a contest in which two well-known security researchers found 12 exploitable security flaws in the company's Native Client system."

OK, we get it: Chrome OS can get malware...technically speaking. But won't it get less of it?

Forrester Research analyst Andrew Jaquith, on the other hand, has more positive things to say about Google's new OS. He notes that the company has made strong security strides through its Native Client code technology and Chrome web browser, which includes features such as "sandboxing" which could help contain malware. "If [Google] brings that kind of thinking to the operating system and looks at it from a clean sheet of paper, they should be able to introduce some significant improvements," he said.

Do you think the security community is making a mountain out of a molehill when it comes to Google's security claims? Or do you think they were right to point out that no OS is invulnerable to attack?

Discuss

Google To Announce Major Identity Initiative for 1 Million+ Companies and Schools

2009-07-09T04:06:30Z

Google plans to announce in coming weeks that it is turning each of the one million plus Google Apps customer domains into an OpenID provider, enabling millions of people to log in to OpenID-supporting websites with their work, school or organization ID.

"For these organizations," Google Security Product Manager, Eric Sachs, wrote on the public OpenID Board mailing list this morning, "Google Apps can now become an identity and data hub for multiple SaaS providers." Sachs appeared to believe his email was not being posted to a public board; he asked that it not be circulated so that some unusual technical work could be completed and political support shored up in the face of likely community and press cynicism. There's good reason for that - it may not be the good news it seems to be.

Sponsor

But First, A Word from OpenID's New Sponsor

OpenID is important not just because it makes logging in to sites around the web easy, with one username and a secure password, but because it's a way for people or organizations to maintain control over their own identities and data. There are no policy changes you don't approve of when you're in control.

Google's Sachs explained in his email that in order to pull this all off, OpenID relying parties will need to be redirected from the domain provided at user login over to Google's OpenID service. In order for this redirect to happen, all relying parties will need to start looking for a new OpenID extension that Google has developed and implemented in conjunction with one relying party technology, JanRain's RPX.

"There is the potential for some community members (or press) to assume (or at least imply in articles) some evil intent by Google to co-opt OpenID with these extensions," Sachs wrote today. "It would be nice to have a blog post on the formal OpenID blog that was supportive of our approach, so I wanted to see if the board members are comfortable with that."

Watching to see if the nonprofit OpenID Foundation will speak out in support of Google's forcing the rest of the industry's hand with new code extensions that are required to recognize the users of one million Google Apps customer accounts will now be a spectator sport.

Getting the Job Done

On the other hand, if one were to put a group of well-intentioned people in a room and ask them to solve the sticky problem of asking millions of organizations to adopt OpenID provider infrastructure - that might not ever happen. Enter Google's largess and the "proposal" that federated identity for all these companies and schools can be outsourced to a centralized player, Google, and OpenID might get a big boost in adoption. Companies and schools using Google Apps will now only need to flip a switch in their Google Apps admin controls to turn on OpenID support, and Google will do all the heavy lifting.

Caveat Emptor

Presuming that all the sites that let you log in with OpenID decide to play nice and look for Google's redirect (to Google) then the idea of logging in to sites around the web with your favorite, secure account credentials (My Job, Powered By Google) could become far more common.

It might defeat the purpose of putting people in control over their own identities through distributed identity providers, because so many "OpenID" users would be coming back to Google, but the OpenID brand would no doubt benefit in the short term at least. And Google can do no evil, right?

In other words, this move by Google could kill the spirit of OpenID by drowning the letter of OpenID with support. We think we're logging in to websites with our work or school ID, and OpenID lovers think we're logging in with OpenID, but we're actually logging in with a Google-controlled ID. All the heavy lifting would be done, Google would take care of the data storage and probably offer some neat value-added features. All the companies involved would have to do is hand online identity provisioning over to the company that they have already purchased email, calendaring and document sharing from. ("They who can give up essential liberty to obtain a little temporary safety," Ben Franklin once wrote, "deserve neither liberty nor safety.")

At least it's not Facebook!

So goes the wrestling of titans, on the very playing field created by champions of the free and independent little guy.

Discuss

VIDEO: Online Reputation Management As Seen From The Outside

2009-06-17T04:45:03Z

In a recent panel on online reputation management, a group of real-world recruiters and consultants convened to discuss how they saw social media use in both the general populace and among job candidates.

Social media types insist on transparency at the cost of every other virtue, including discretion. While noble, this point of view is not necessarily realistic in day-to-day American business and personal interactions.

Sponsor

Here, panelist Chris Gatewood, an IP, entertainment, and new media attorney, discusses a few important aspects of social media reputation management as it relates to the wider audience of social media users, not just the "new media gurus" who live online.

Discuss

Helpers mailing list

2009-03-17T15:12:01Z

One of the important aspects of linux.conf.au is the people that put it together, I'm not talking about the core team, but all the helpers that do odd jobs here and there and let us put a rocking conference on.

We've just created a mailing list for our helpers during the year to subscribe to so that we can start contacting you. If you want to help out, then head over to lca2010-helpers and subscribe!

At this stage the helpers mailing list is for those people that are going to help us during the year. The Call for Volunteers for helping during the conference will happen later.

New Podcast: Ronald Schmelzer of ZapThink on Growing your EA Skills and the Long Tail

2009-06-16T00:34:59Z

Shared by Andrew
I agree about the problem, not sure about the solution.
Maybe the solution is more access databases LOL.

Ronald Schmelzer, Managing Partner at ZapThink gave a lively talk on SOA Futures: Growing your EA Skills and the Long Tail, at the March 2009 meeting of the SOA Consortium in Washington DC.

Schmelzer began by commenting on the inflexible, unreliable, unpredictable and non-compliant nature of enterprise systems. Next, he spoke of the real digital divide – the technology experiences we have as consumers versus at work. This divide is the equivalent of turning the clock back 10 years.

In diagnosing the problem, Schmelzer ruled out bad technologists, bad technology and inadequate investment. In fact, enterprises are quite good at design and development. The problem is not the artistry, but the engineering. We lack the discipline to build durable systems that can meet new business needs for 10 years.

Equally troubling is that current IT practices – large buy and build projects – only satisfy a small portion of business opportunities. Schmelzer describes this as the long tail of un-served business needs. The keys lie in architecture, service-orientation and optimizing this equation: identifying the smallest number of services that enable the largest number of processes in the organization.

To hear Schmelzer’s advice on applying service-orientation to engineer durable solutions and view the slides go here.

This is the seventh of eight podcasts recorded at our March meeting. Previously, we released Sandy Carter’s Smart SOA in Tough Economic Climate, Dave Linthicum on Intersections of SOA and Cloud Computing, How SOA participates in a Green World Roundtable, Cory Casanave on Enterprise SOA modeling with SoaML, JP Morgenthal on Disassembling the SOA & BPM relationship and Todd Landry on Service Oriented Communications. Next up, Mark Herring of Sun Microsystems on SOA is Dead?!?! Then, What are these Companies doing?

Have you been "reorged" lately?

2009-06-14T11:00:00Z

Do you recall your response to the news of your last reorganization? Were you excited and encouraged? Or were you dismayed, frustrated or even angry? What was the outcome of the reorganization? Were things notably better? Were they worse? Was there any change at all (other than to whom you reported)?

When it happens in IT, I am of the belief that it is symptomatic of two problems. Lack of strong technical leadership and substituting process for competence. When IT is not aligned with the business, not delivering value, not managing risk, resources and performance, then we have to do something. We have to change. The people organizing the reorg still seek genuine leadership but have no way of identifying upfront and simply keep iterating until it emerges.

Shops that have long CIO tenure such as Fedex tend to be better aligned because they have strong technical leadership and encourage IT people to make IT better vs focusing on using process as a substitute for competence.

Pray, Fast and Be Charitable...

The King is Dead, Long Live the King

2009-06-11T01:00:00Z

I've been resisting the temptation to write about Android. But after reading some of the blogs about Android netbooks, I can't keep quiet.

Aside from being a Really Cool Idea, I don't have a lot to say about netbooks themselves. I've got an Android phone (thanks, Google), and I like it, and it would be nice to see the operating system move from the cell phone world onto other hardware. Netbooks are a logical step. But what's the next step after netbooks? How long will it be before we see "big" computers--full sized laptops and desktops, developer machines for serious coding, video and audio production, even servers--run on Android?

What would have to happen for Android to become a developer operating system? Probably not as much as you think. We'd need the sorts of tools you expect on a desktop--but Google already has an office suite. We'd need developer tools, but I see no reason to believe that Eclipse couldn't be made to run well on Android. (Yes, you'd have to replace SWT with an Android UI.) And there's already Mozilla's bespin, which is looking more and more like a browser-based IDE every day.

A few other tools would be needed. Everybody Loves to Hate Java, so I have no illusions that developers will drop their favorite languages to write native applications. But that's not necessary on several levels. JRuby on Android? @headius reports that he's already done it.(thanks for the tip, AH). What about the other languages that run in the JVM? If JRuby runs easily, Scala, Groovy, Clojure, and the other 100+ JVM languages can't be far behind. C and C++ might fade into the past (running C in a virtual machine just misses the point), but that's about it.

Think about how that would change the game. We'd have a fourth major operating system to contend with--and two of the major operating systems would be open source, from the top down. Linux has a decent share of the server market, but has never thrived on the desktop. It would be great to see a new platform cause a big jump in open source's share of the end-user market. Do we really need another desktop/netbook option? I like chaos, and admit that I enjoy thinking about the creative forces that would be unleashed. We might indeed end up with the browser being the platform for the next generation of applications--and that might finally make operating systems irrelevant. That's something Sun promised, but never managed to deliver.

So--what does this have to do with royalty? In the past two weeks, there have been two conferences in Moscone Center: Google I/O (which I attended) and JavaOne (which I missed). While Larry Ellison's JavaOne keynote was described as a farewell party for the Sun execs, it struck me more as the captive nobility lead up on stage before having their heads put on pikes and paraded around Silicon Valley. I mean no disrespect to Mr. Ellison, but we're adults here--we know how this game is played. If it was a farewell party, where was the cake? Where were the gold watches?

For a long time, I thought that "The King is Dead, Long Live the King" was a funny bit of irony, or cool dadaist humor. But it really refers to the doctrine of the King's Two Bodies. A king is a mortal person: he's born, he lives, he dies. Nothing changes that. But the king is also the embodiment of the State, and when he dies, physically, the state lives on, embodied in the next king.

It's clear that Java's center of gravity has moved. Google I/O was filled with interesting developers doing interesting things and excited about the changes they were bringing to the industry--whether it's revolutionizing communications through Wave, bringing new applications to phones with Android, simplifying the deployment of JDK-based web applications with App Engine, or changing the way we generate applications with GWT. And, while I wasn't at JavaOne, and while many excellent developers were there, I haven't seen anything from JavaOne that I'd consider a major announcement or a new technology. Last year at JavaOne, developers were justifiably excited about the flowering of languages that run on the JDK. This year, the most important thing I've heard is that Oracle isn't ditching JavaFX. FX is interesting technology with some good potential; it's nice that Oracle isn't ditching it, but not killing FX hardly makes you a technology leader.

Google is exercising leadership and vision in the Java space in a way that reminds me of Sun in its best years. But there's a difference, and that difference is tilted decidedly in favor of Google. Sun has been good at coming up with great ideas, but abandoning them half-finished if the followers didn't show up. Think about Android again. Back in the early days, Sun used to talk about JavaOS, now a "legacy system", according to Wikipedia. But it took Google to build a true Java-based OS, and what's more, it took Google to make developers care about it. Think about GWT. GWT must be an acquired taste--I admit, I don't get it. But Google has been riding that horse for some time, and it's finally paying off for them. If it were Sun, it would be dead by the roadside, like JavaMedia.

Google is not exercising the other kinds of leadership that Sun has displayed during its tenure. On the whole, that's a good thing. Google have different goals, and their goals seem better aligned with what developers need now. I don't think Java needs more language pyrotechnics; is anyone really excited by the idea of Java 7? Not me. Java certainly doesn't need micromanagement of "official" libraries. While the JCP is less dysfunctional than most standards committees, it's riddled with politics, has made plenty of poor compromises for bad reasons, and at this point is holding things back rather than moving things forward. And while I appreciate the standardization of the JDK, Sun's position on compatibility (and compatibility testing) is unfair to non-corporate developers, and is one of the reasons that Sun remains the company people love to hate. The years in which Microsoft tried to "embreak and extend" Java are long past, and the paranoia that legitimately arose from that situation is no longer useful or appropriate.

Sun has accomplished great things, and I hope they continue to do so as part of Oracle. The JVM is wonderful technology, and "write once, run anywhere" really works: in the application I've developed and maintain, I never have to fix platform-specific bugs. But it's time to move on. Who is moving Java into new areas? Who is doing exciting work? Who is building the future?

The metaphysics of the two Moscone conferences are clear. Google is providing the idea leadership that the Java community needs.

Translating the world's information with Google Translator Toolkit

2009-06-09T16:00:00Z

At Google, we consider translation a key part of making information universally accessible to everyone around the world. While we think Google Translate, our automatic translation system, is pretty neat, sometimes machine translation could use a human touch. Yesterday, we launched Google Translator Toolkit, a powerful but easy-to-use editor that enables translators to bring that human touch to machine translation.

For example, if an Arabic-speaking reader wants to translate a Wikipedia™ article into Arabic, she loads the article into Translator Toolkit, corrects the automatic translation, and clicks publish. By using Translator Toolkit's bag of tools — translation search, bilingual dictionaries, and ratings, she translates and publishes the article faster and better into Arabic. The Translator Toolkit is integrated with Wikipedia, making it easy to publish translated articles. Best of all, our automatic translation system "learns" from her corrections, creating a virtuous cycle that can help translate content into 47 languages, or over 98% of the world's Internet population.

Besides Wikipedia, we've also integrated with Knol, and we support common document types including Word and HTML. For translation professionals, we provide advanced features such as terminology and translation memory management.

For more information, check out our introductory video below. And if you're a professional translator or just a linguaphile, try Google Translator Toolkit for easier and faster translations. Be sure and let us know what you think.

Posted by Michael Galvez and Sanjay Bhansali, Google Translator Toolkit team

Pirate Party Victory in Sweden

2009-06-09T17:00:09Z

“Together, we have today changed the landscape of European politics. No matter how this night ends, we have changed it,” Falkvinge said. “This feels wonderful. The citizens have understood it’s time to make a difference. The older politicians have taken apart young peoples’ lifestyle, bit by bit. We do not accept that the authorities’ mass-surveillance,” he added.
Funny thing about what happens when the majority of the population participates in an illegal activity: eventually it's not illegal anymore.

So writes John Quarterman in "Pirate Party Legitimized by Winning EU Parliament Seat."

As an author who'd love to make enough money to live off my writing, I'm somewhat saddened by the idea that people's creative work is easily copied. I wonder a lot about the business models of the future, and what winner-takes-all and the rise of prosumer enthusiasts means to the middle of the production curve. That is, people who aren't Steven King or J.K Rowling or ever going to get a book on the Times bestseller list. Will there be thousands of people able to earn a living writing book-length articles without a patron?

But I'm heartened to see the abuse of power result in a backlash. I can't help looking forward to the first copyright hearings in the new EU parliament.

The state of cloud computing

2009-06-09T19:24:00Z

Earlier today at the Clift Hotel in San Francisco, we convened a group of journalists, partners and customers for a discussion on Google Apps in the enterprise. We're pleased to report that the "state of the cloud" is strong, and we've taken a number of steps to make it stronger.

At the event we discussed the growth of our business, introduced some new customers, and announced a feature that makes switching to Apps even easier. The Clift was a particularly appropriate venue because it's a member of the Morgans Hotel Group, which is deploying Google Apps to its 1,750 employees. JohnsonDiversey, a global provider of commercial cleaning and hygiene products and solutions, has also gone Google. Choosing Apps helped JohnsonDiversey migrate its 12,000 employees to one communications platform while lowering its IT costs and furthering its commitment to sustainability through the elimination of a number of energy-intensive email servers.

Of course, when big companies like Morgans move all their employees from Microsoft Exchange to Google Apps, there are often a few folks who aren't ready to give up Microsoft Outlook right away. To help them make the transition, today we also introduced Google Apps Sync for Microsoft Outlook to our Premier and Education edition customers. It lets Outlook work easily with Apps and — like offline Gmail and the Google Apps Connector for BlackBerry® Enterprise Server — is another example of how we're making it dead simple to switch to Google Apps.

To read more about Google Apps Sync for Microsoft Outlook and hear why 1.75 million companies are now running their business on Google Apps, check out the Google Enterprise Blog.

Posted by Matthew Glotzbach, Product Management Director, Enterprise team

Remember Billy Mitchell

2009-06-01T19:05:05Z

Billy Mitchell was an iconoclastic American military airman from the early 20th century. He was a firm believer in military air power and was ordered court-martialed in 1925 by President Calvin Coolidge for criticizing his military superiors over the issue. My kind of guy. Gary Cooper played Mitchell in a 1955 movie, by which time everyone knew he had been right all along. My fear is that when it comes to cyber warfare there is no Billy Mitchell today in Washington.

Cyber warfare was big news last week. President Obama said he would name a cyber warfare czar to be a single point of contact on the issue for his Administration and that person would have direct access to the President.

If only that were true, but it isn’t, and the U.S. will be endangered as a result.

Billy Mitchell’s argument was that aircraft would come to play a huge role in modern warfare, supplanting battleships at sea and artillery on the ground. Air power was so important, Mitchell argued, that there should be a single air service to develop and deploy aircraft as needed in any war. This still hasn’t fully happened, of course, though Mitchell’s work did directly lead to the creation of the U.S. Air Force in 1947 — 22 years and one world war after his court-martial for suggesting it in the first place.

The problem with Obama’s cyber czar is that the Administration is CALLING the position a priority but not MAKING it one. The position has in some accounts been called a “member” of the National Security Council, but the czar is also said to “report” to both the Director of National Intelligence and to the President’s Senior Economic Adviser. Well you can’t be ON the council and also REPORT to those guys — one of whom is on the council and the other is allowed to drop in if he feels like it.

In short, this is an NSC staff job.

Obama said the czar would have “direct access” to him, but didn’t say how. At best I think they’ll pass in the corridor.

This is no czar. That’s literally the case, of course, because nobody has yet been hired for the job. But it is also the case that the job will — as the NSC is organized — not have the power needed to do what must be done. Czars are dictators; this guy can only recommend and even then he’ll be recommending to people who may not then bother to inform the President.

If the cyber warfare czar is, in fact, a czar, the first thing he or she should do is give himself a promotion, which won’t happen.

In the meantime there are competing interests at the Department of Defense, the National Security Agency, the CIA, the Department of Homeland Security, the Department of Justice, and possibly elsewhere. Each of these agencies is building its own cyber warfare capability, each with a different agenda both stated and real. The stated agendas are to play either cyber defense or offense. The actual agendas are to protect departmental turf from the new cyber warfare czar, to undermine him or her.

Let’s go back to Billy Mitchell for a moment and think about how the technology of aerial warfare came to be in his era. Most of the military services developed their own air capability as lip service to the idea while actually protecting major — and antiquated — weapon systems. The U.S. Navy bought some planes and built some aircraft carriers, but not at the expense of battleships. Even when naval air power came to the fore during World War II it was almost an accident, since the only surviving capital ships in the Pacific after the attack on Pearl Harbor were aircraft carriers, the battleships having for the most part been destroyed. So the Navy had to rely on air power since that’s the only power it still had.

They weren’t smart at all, just lucky.

It is rare in U.S. military history for a technological innovation to come down on our side. That’s because as self-designated good guys we are generally playing defense and defense doesn’t usually get the cool new toys. It’s only in the U.S. development of nuclear weapons that we got a jump on the rest of the world — a jump that put us firmly in control for half a century (now past).

We are woefully unprepared for cyber warfare mainly because the military doesn’t want to lose funding for its other weapons — weapons that are likely to be rendered unusable or, worse still, actually used against us in a cyber attack.

Yes, it is that bad.

The best position here is to make cyber warfare a real priority, give the cyber czar some actual authority, and have him or her report to the President. Otherwise the lessons of Billy Mitchell will have been forgotten and our first cyber war could be our last.

Terrorism, Domestic and Foreign

2009-06-01T18:50:00Z

The assassin who killed Dr. George Tiller at his church, murdered Tiller in order to keep him from performing therapeutic abortions for women. The murderer is one of a long line of religiously inspired radicals who have tried to shut down abortion providers through bombings and murders. They are not the mainstream of the pro-life movement; they are a fringe sect who are not content to protest abortion or even to engage in non-violent civil disobedience. Instead, they believe that they are justified in bombings and killings to prevent great evils that they regard as contrary to God's fundamental law.

Using violence-- like bombings and murders-- to intimidate people in this way is terrorism. It is so in common language, it is so defined in U.S. law. The terrorist in this case and the terrorists in previous abortion clinic bombings and murders are, as far as I am aware, not foreigners. They do not have Arabic or Islamic names. They are American and they live in the United States. However, just like Islamist terrorism, this terrorism is driven by fanatical religious belief. Many religiously inspired terrorists live in other countries; some, however, (who include both Christians and Muslims among their number) live in the United States and are U.S. citizens or resident aliens.

If bombings of abortion clinics and murders of abortion providers are acts of terrorism, should we treat the problem of terrorism that they present the way we treat the problem of terrorism from Al Qaeda and other groups? That is, should Scott Roeder, who is currently suspected of being Dr. Tiller's murderer, be treated the way we would treat a suspected terrorist who we believe may have ties to Al Qaeda? Should we treat him like Jose Padilla, an American citizen who was apprehended at O'Hare airport and detained in a military prison in the United States for several years? (That is, until the government transferred him to the criminal process in order to avoid judicial review of his detention.)

In particular, consider the following questions:

(1) Should the United States be able to hold Roeder without trial in order to prevent him from returning to society to kill more abortion providers? If we believe that Roeder and other domestic terrorists will plan further attacks on abortion providers and abortion clinics if we let them free, can we subject them to indefinite detention?

(2) The Obama Administration is currently considering a national security court to make decisions about the detention of suspected terrorists, with the power to order continued preventive detention. Should this court be able to hear cases involving U.S. citizens, whether they are Muslim or Christian?

(3) The U.S. government has argued that at least some terrorists should not be tried through the criminal process with its various Bill of Rights protections but instead can and should be tried through military commissions, where the standards of proof and various procedural protections are lowered. If Roeder is a domestic terrorist, can the U.S. government subject him to trial by a military commission instead of a criminal prosecution? Although the current version of the 2006 Military Commission Act does not bestow jurisdiction to try citizens, could we or should we amend it to include citizens who we believe are likely to commit or have committed terrorist acts?

(4) One of the most important reasons for detaining terrorists (suspected or otherwise) is to obtain information about future terrorist attacks that may save lives and prevent future bombings. To procure this information, can the government dispense with the usual constitutional and legal safeguards against coercive interrogation? Should it be able to subject Roeder to enhanced interrogation techniques, including waterboarding and other methods, to determine whether Roeder knows of any other persons who are likely to commit violence against abortion clinics or against abortion providers in the future? Would your answer change if you believed that an attack on an abortion provider or a bombing of an abortion clinic was imminent?

(5) Terrorists and terrorist organizations need money and resources to operate effectively. Often the only way to stop them is to dry up their sources of financial and logistical support. Can the U.S. government freeze the assets of pro-life organizations and make it illegal to contribute money to a pro-life charity that it believes might funnel money or provide material support to persons like Roeder or to organizations that practice violence against abortion providers? Can the government arrest, detain, and seize the property of anti-abortion activists who helped Roeder in any way in the months leading up to his crime, for example by giving him rides or allowing him to stay in their homes?

My assumption is that the government may not do any of these things. Roeder lives in the United States. He should be treated according to the ordinary criminal process. We should not be able to strip him of his rights simply by calling him a suspected terrorist, and it should make no difference whether he is a Muslim or a Christian, whether he is white or brown. And pro-life organizations, like Muslim charities, have rights of freedom of association that governments should protect lest we effectively criminalize political association and belief in the name of national security.

The difficulty is that our national deliberations on terrorism have largely proceeded on the assumption that all terrorists are non-Americans and/or non-Christians who live in or come from distant lands. They are not part of the American community, they are not "people like us" and therefore do not deserve the rights and protections of "people like us." We can detain them indefinitely, and even subject them to interrogation procedures that we would never apply to "real Americans."

But terrorism is a tactic, not a religion, an ethnicity or a nationality. There are, and always have been, American terrorists, including white and Christian terrorists. We have tended to obscure these facts in our debates, engaging in a sort of collective amnesia about domestic terrorism. We have done this even though, prior to 9/11, the country's attention was riveted for months by the Oklahoma City bombing, planned and carried out by homegrown terrorists who looked nothing like the bogeymen we associate with Al Qaeda.

Whenever we contemplate national security courts, or preventive detention, or military commissions, or enhanced interrogation techniques, or any of the various devices that have become characteristic of the War on Terror, we should always stop to ask whether we would apply those techniques and devices to domestic terrorists born and raised in the United States with white skin, Christian beliefs and Christian names. That is because Dr. Tiller's assassin is not the last domestic terrorist claiming to act in God's name. There will be more.

How Justice Marshall Affected the Court’s Deliberations Just by Sitting There

2009-05-31T19:27:00Z

Much of the discussion sparked by the Sotomayor nomination has focused on whether race, gender and ethnicity should shape an individual judge’s jurisprudence. But a separate question has received little attention—how these attributes of individual judges affect the deliberative process. As I've argued in previous posts here and here, one value of the deliberative process is that it increases the odds that individual assumptions about how the world works will be subject to challenge, or at least that no judge will assume his or her own perspective is universal.

I was glad to see Adam Liptak’s article in today's New York Times focusing on the impact of diversity on the deliberative process. Liptak cites a study by Washington lawyer Jennifer Peresie concluding that the presence of a female judge on a three-judge panel in a sex discrimination or sexual harassment case significantly increased the likelihood that the male judges would find for the plaintiff. He also cites a study by Tom Miles and Adam Cox concluding that the presence of an African-American judge on a three-judge panel in a voting rights case significantly increased the likelihood that a white judge on the panel would find for the plaintiff. As Peresie cautioned, these findings about three-judge courts can’t simply be extrapolated to a nine-judge court (particularly the Supreme Court, which has a different set of institutional constraints). But they do point to the importance of examining how heterogeneity affects the deliberative body as a whole.

The literature on the dynamics of judicial deliberation is surprisingly sparse. Much of what we’re learning about the dynamics of deliberation in the legal context comes from the study of juries. (Speculatively, this may be because the very notion that judicial interpretation is influenced by background or life experience offends the conventional wisdom that the rule of law transcends individual interpretation). But these jury studies contain some fascinating findings about how racial composition affects the deliberative process.

Liptak quotes Justice Scalia observing about Justice Marshall in conference, “Marshall could be a persuasive force just by sitting there. He wouldn’t have to open his mouth to affect the nature of the conference and how seriously the conference would take matters of race.” A series of studies by Sam Sommers, a psychologist at Tufts (often in conjunction with Phoebe Ellsworth), help explain this dynamic. In one 2006 study (involving a mock jury) Sommers found, as expected, that heterogeneous groups deliberated longer and considered a wider range of information than did homogeneous groups. But this effect was not simply due to the contributions of the black participants. In fact, it occurred even when the black participants didn’t contribute to the discussion at all. “White participants were largely responsible for the influence of racial composition, as they raised more case facts, made fewer factual errors, and were more amenable to discussion of race-related issues when they were members of a diverse group.”

This effect seems to depend partly on the fact that the participants push themselves to formulate better arguments when they know they will have to justify them. But in addition, it reflects the fact that people generally try to correct for implicit attitudes of racial or gender bias when reminded to do so. A couple of the many questions for further study: How would the dynamics Sommers identified play out when other implicit biases are triggered—biases that people are not as motivated to avoid? How would the dynamics Cox and Miles and Peresie identified play out in cases in which race and gender played a role, but not as explicit a role? Perhaps the current national discussion will lead to more much-needed empirical work on the dynamics of judicial deliberation.

HTTP is Dead, Long Live The Realtime Cloud

2009-06-01T01:28:00Z

Last week Google announced a new service called Google Wave. Loosely it can be thought of as a realtime communication and collaboration platform & protocol. The platform is based on hosted XML documents (called waves) which focus on supporting massive concurrency and low-latency updates on top of a decentralized XMPP architecture. It's taken me a few days to fully understand what this announcement really means and the importance it may have in terms of the future of the Internet and how we use and consume it.

The Internet for all intents and purposes is a living organism, continually adapting and changing. It has evolved from a somewhat static medium where content updates were typically pulled from fairly simple syndication and transfer sources to a network of realtime data sources continually changing at an ever quickening pace. Combined with the ability to semantically describe millions of new data sources through powerful on demand cloud based computing platforms -- we are in the midst of a realtime computing transformation. One that is fundamentally different then the hyper text based Internet that was first described more then 26 years ago.

In Google's announcement what I found most fascinating was the protocol they choose for the basis of their new realtime vision. It wasn't HTTP but instead XMPP was selected as the foundation for this decentralized and interoperable vision. What this means in very simple terms is Google has declared the HTTP protocol is dead, an inefficient relic of the past. A protocol that was never designed with the requirements for the reality of a global realtime cloud.

Among HTTP numerous problems is it's requirement that a user's machine poll a server periodically to see if any new information is available. For a few data sources this may seem like a small burden, but multipled by millions or even billions of constantly changing sources and you have a major problem on your hands -- enter the wonders of decentralization & XMPP.

XMPP is the ultimate interoperability layer, letting one server send messages to any other XMPP server that it is available to receive new information. When another user sends new content through the XMPP server, the message is passed on immediately and automatically to all recipients who are marked as available. Building upon this core, Google's XMPP based Wave federation protocol goes well beyond by including the additional auto discovery of IP addresses and ports using SRV records (Service record is a category of data in the Internet Domain Name System specifying information on available services). As well as TLS authentication and encryption of connections. The great thing about TLS authentication is it's unilateral: only the server is authenticated (the client knows the server's identity) but not vice versa (the client remains unauthenticated or anonymous). Basically Googles vision for XMPP is everything HTTP should be, but sadly isn't.

Googles ambition with Wave goes far beyond the creation of a new kind of messaging or collaboration platform but instead seems to be an effort to fundamentally re imagine how the Internet itself is managed and used.

Announcing The Enomaly Cloud Service Provider Edition | Twitter Me | Get Linkedin | Contact Reuven | Disclosure Policy

Google Book-Scanning Pact to Give Libraries Input on Price

2009-05-21T15:52:07Z

In a move that could blunt some of the criticism of Google for its settlement of a lawsuit over its book-scanning project, the company signed an agreement with the University of Michigan that would give some libraries a degree of oversight over the prices Google could charge for its vast digital library. - Miguel Helft, NYTimes

Fakes and Fraud

2009-05-22T17:47:17Z

I got acquainted with something new this week: Women's fashion and knock-off's. And before you get the wrong idea, it's close to my wife's birthday and she had a designer dress really wanted. These things are freakishly expensive for a piece of fabric, but if that is what she wants, that is what she will have. I have been too busy to leave the house, so I found what she wanted on eBay at a reasonable price, made a bid and won the item. When we received our purchase, there was something really weird ... the tag said the dress was "100% Silk". But the dress, whatever it was made out of, was certainly not silk, rather some form of Rayon. And when we went to the manufacturers web site, we learned that the dress is not supposed to be made from silk. I began a stitch by stitch examination of the dress and there were a dozen tell-tales that the dress was not legitimate. A couple Internet searches confirmed what we suspected. We took the dress to a professional appraiser who knew it was a fake before she got within three feet of it. We contacted the seller who assured us the item is legitimate, and all of her other other customers were satisfied so she MUST be legitimate, but she would happily accept the item and return our money.

The seller knows they are selling a fake. What surprised me was, and that is probably because I am a dumb-ass newbie with 'fashion', the buyer typically knows they are buying a fake. I started talking to some friends of my wife, and then other people I know who make a living off eBay, and this is a huge market. Let's say a buyer pays $50.00 for a bad knock-off, and a good forgery costs $200. The genuine article costs 10x that, or even 20x that. The market drives it's own form of efficiency and makes goods available at the lowest price possible. The buyers know they cannot ever afford the originals, so they buy the best forgeries they can afford. The sellers are lying when they say the items are 'Genuine', but most product marketing claims are lies, or charitably put, exaggerations. If both parties know they are transacting a knock-off, there is no fraud, just happy buyers and sellers.

To make a long story short, I was staggered that there is huge in-the-open trade going on. Now that I know what to look for, perhaps half of the listings on eBay for items of this type were fake. Maybe higher. I am not saying that this is eBay's fault and that they should do something about it: that would be like trying to stop stolen merchandise being sold at a flea market, or trying to stop fights at a Raiders game. Centuries of human history have shown you cannot stop it altogether, you can only hope to minimize it it. Still, when eBay changed their policy regarding alleged counterfeit items, it's not a surprise. It is a losing battle, and if they are even somewhat successful, the loss of revenue to eBay will be significant.

I admit I was indignant when I realized I bought a fake, and I started this post trying to make the argument that the companies producing the originals are being damaged. The more I look at the information available, the less I think I can make the case. Plus, now that I got my money back, I am totally fine with it. If 1/1000 of a percent of the population can afford a dress that cost as much as a car, is the manufacturer really losing sales to $50 fakes? I do not see evidence to support this. When Rich and I were writing the paper on A Business Justification for Data Security, one of the issues that kept popping up was some types of 'theft' of intellectual property do not create a direct calculable damage, and in some cases created a positive effect equal or greater than the cost of the . So what is the real damage? How do you quantify it? Do the copies de-value the original and lower the brand image, or is the increased exposure better for brand awareness and desirability? The phenomena with on-line music suggests the latter. Is there a way to quantify it? Once I knew what to look for, it was obvious to me that half the merchandise was fake, and the original manufacturers MUST be aware of this going on. You cannot claim it is lost sales because the people who buy a $50 knock off cannot afford a $10,000.00 genuine article. But there appears to be a robust business in fakes going on and it appears to drive up interest in the genuine article, not lessen it. Consumerism is weird that way.

- Adrian (0) Comments

On the Anonymity of Home/Work Location Pairs

2009-05-21T11:15:21Z

Interesting:

Philippe Golle and Kurt Partridge of PARC have a cute paper on the anonymity of geo-location data. They analyze data from the U.S. Census and show that for the average person, knowing their approximate home and work locations -- to a block level -- identifies them uniquely.
Even if we look at the much coarser granularity of a census tract -- tracts correspond roughly to ZIP codes; there are on average 1,500 people per census tract -- for the average person, there are only around 20 other people who share the same home and work location. There's more: 5% of people are uniquely identified by their home and work locations even if it is known only at the census tract level. One reason for this is that people who live and work in very different areas (say, different counties) are much more easily identifiable, as one might expect.

"On the Anonymity of Home/Work Location Pairs," by Philippe Golle and Kurt Partridge:

Abstract:
Many applications benefit from user location data, but location data raises privacy concerns. Anonymization can protect privacy, but identities can sometimes be inferred from supposedly anonymous data. This paper studies a new attack on the anonymity of location data. We show that if the approximate locations of an individual's home and workplace can both be deduced from a location trace, then the median size of the individual's anonymity set in the U.S. working population is 1, 21 and 34,980, for locations known at the granularity of a census block, census track and county respectively. The location data of people who live and work in different regions can be re-identified even more easily. Our results show that the threat of re-identification for location data is much greater when the individual's home and work locations can both be deduced from the data. To preserve anonymity, we offer guidance for obfuscating location traces before they are disclosed.

This is all very troubling, given the number of location-based services springing up and the number of databases that are collecting location data.

A Modest Proposal: Three-Strikes for Print

2009-05-16T18:57:57Z

This is such a good idea that it should be applied to other media as well. Here is my modest proposal to extend three-strikes to the medium of print, that is, to words on paper.

My proposed system is simplicity itself. The government sets up a registry of accused infringers. Anybody can send a complaint to the registry, asserting that someone is infringing their copyright in the print medium. If the government registry receives three complaints about a person, that person is banned for a year from using print.

As in the Internet case, the ban applies to both reading and writing, and to all uses of print, including informal ones. In short, a banned person may not write or read anything for a year. - Ed Felton, Freedom to Tinker

A Modest Proposal: Three-Strikes for Print

2009-05-13T14:50:32Z

Yesterday the French parliament adopted a proposal to create a "three-strikes" system that would kick people off the Internet if they are accused of copyright infringement three times.

This is such a good idea that it should be applied to other media as well. Here is my modest proposal to extend three-strikes to the medium of print, that is, to words on paper.

As in the Internet case, the ban applies to both reading and writing, and to all uses of print, including informal ones. In short, a banned person may not write or read anything for a year.

A few naysayers may argue that print bans might be hard to enforce, and that banning communication based on mere accusations of wrongdoing raises some minor issues of due process and free speech. But if those issues don't trouble us in the Internet setting, why should they trouble us here?

Yes, if banned from using print, some students will be unable to do their school work, some adults will face minor inconvenience in their daily lives, and a few troublemakers will not be allowed to participate in -- or even listen to -- political debate. Maybe they'll think more carefully the next time, before allowing themselves to be accused of copyright infringement.

In short, a three-strikes system is just as good an idea for print as it is for the Internet. Which country will be the first to adopt it?

Once we have adopted three-strikes for print, we can move on to other media. Next on the list: three-strikes systems for sound waves, and light waves. These media are too important to leave unprotected.

[Français]

Using the Official Information Act

2009-04-17T22:47:59Z

The good folks at TVNZ Media7 have kindly shared this cheery video tutorial on what the Official Information Act allows in New Zealand and how to use it.

Thrown in for extra value is a panel discussion between host Russell Brown, investigative journalist Nicky Hager, DomPost chief reporter Haydon Dewes, and PSA national secretary Brenda Pilott.