2" GI Joe rifle confiscated at LAX. The British tabloid The Sun reports that security guards at LAX confiscated a two-inch plastic GI Joe rifle from a seven-year-old's toy action figure. I feel safer.

Security chiefs at Los Angeles airport said: “We have instructions to confiscate anything that looks like a weapon or a replica.

“If GI Joe was carrying a replica then it had to be taken from him.”

Link Discuss (via MeFi) [Boing Boing Blog]

The continuing efforts to eliminate judgment from human processes scares me no end.

1:57:07 PM •  • comment  

blogRolls Are Going Active. Outline style blogrolls are out this week. Looks like activeRoll is seeing some action. Ernie has an active BlawgRoll, so has Rick (he even had one before I released activeRoll). Donovan as one too on his Iceplant Radio and Coral Reef weblog. I'm forgetting Dix's dixiblog down South. So I think I'll start a directory as an activeRoll topic in "slam"'s own activeRoll. If you wish to enlist (or demit), drop me a line. [img] [Marc Barrot: activeRenderer]

Marc continues to create fabulous new tools to make my weblogging more useful to me (and others I hope). activeRoll is just one more example.

1:48:32 PM •  • comment  

InfoWorld - Fair use or foul play?

The other day I found a video of a kids' movie I bought for my son years ago. Because my son has long outgrown the video, do I have the right to give it to a friend with kids young enough to appreciate it?

I have found myself frequently raising this example in correspondence with readers about abuses of traditional fair use, free speech, and first-sale rights under the Digital Millennium Copyright Act (DMCA). With Congress considering even nastier laws that would hardwire copyright-holder protections into all types of digital devices, readers see many complex and troubling issues on the horizon.

[ ... ]

So returning to my kid's old video, do I have the right to give it away or even resell it? Under traditional interpretation of copyright law, there's no question that I do. And because it's an old video, I don't have to worry about whether or not it will play in my friend's VCR.

Why should that change because a company decides to slap a license agreement on its product or insert a copy protection scheme in it? It shouldn't. Yet in the DMCA era, it seems as if it does. Congress has already sold out some very basic rights, and with elections coming and campaign coffers needing to be filled, our politicians appear eager to sell out some more. What can we do about it? I recommend you go to http://www.eff.org and learn how you can tell your representatives that you have a vote and plan to use it.

[Privacy Digest]

In the annals of stupid legislation, the DMCA may be lapping the field.

1:15:44 PM •  • comment  

Web Security, Privacy & Commerce, 2nd Edition

Unfortunately, the security on the Yale Web site was atrocious: all anybody needed to look up a student's record was that student's name, social security number (SSN), and date of birth. And it just so happened that the officials at Princeton had this same information for the most highly-contested applicants. So in April, when the Web site went live, Princeton's admissions office sprang to action as well, allegedly downloading admissions decisions from the Yale Web site on at least 18 separate occasions. The most highly sought-after applicant? President Bush's niece Lauren Bush, according to an article that appeared in The Washington Post. (Read about it at http://www.washingtonpost.com/wp-dyn/articles/A2983-2002Jul25.html and http://www.washingtonpost.com/wp-dyn/articles/A2983-2002Jul25.html .)

Most of the cyber-security professionals I've spoken with have taken a decidedly "blame-the-victim" approach with this latest story of Web site hackery. Assuming that the allegations are true, it's terrible that an administrator at Princeton would engage in such patently illegal activities. But what's even worse, they say, is that Yale would deploy a Web application so poorly conceived and implemented.

To be sure, Yale is not alone in deploying systems with poor security for personal information. Many banks and credit card companies continue to treat widely-circulated personal information, like SSNs and birthdays, as if this information is secret, available only to the bank account holder or credit card applicant. Clearly it is not, as evidenced by the national epidemic in identity fraud. But financial organizations have been stymied in their attempts to find a better means for verifying the identity of account applicants -- people with whom, by definition, the banks have no current relationship.

[ ... ]

A translucent database uses cryptographic methods like hash functions and public key cryptography to mathematically protect information so that it cannot be wrongly divulged -- not even to a crooked database administrator. Translucent databases provide for unparalleled protection of sensitive information, be that information personal, corporate, or academic. Yet, with one notable exception, translucent databases are practically unknown and unused in IT today.

The Unix password file is the one translucent database that is in wide use today. When you log into a Unix computer, you're asked to provide a username and a password. If you type the correct information, you're logged in.

[Privacy Digest]

A new topic to study.

1:12:12 PM •  • comment  

"By the way, I am hearing more and more that 'Collaboration and Knowledge Sharing' is starting to replace 'Knowledge Management' as the term to describe what we are doing. This only seems natural to me, but it might be a leap for others."

And this [interview] with him in the Singapore Business Times on It's KS, not KM says a lot more on the subject. [Gurteen Knowledge-Log]

What if we all agreed to stop staying "knowledge management" and replaced it with knowledge sharing? Everyone I know who has devoted more the 30 nanoseconds to thinking about knowledge in the organization hates the term knowledge management. If we all start fixing our language on these weblogs maybe we'll help shift usage

1:09:44 PM •  • comment  

A Technological Maginot Line - great article in the Atlantic Monthly (special report Sept. 2002; not available online) by Charles Mann, who discusses security guru Bruce Schneier's views:

"The way people think about security, especially security on computer networks, is almost always wrong.  All too often planners seek technological cure-alls, when such security measures at best limit risk to acceptable levels.  In particular, the consequences of going wrong--and all these systems go wrong sometimes--are rarely considered."

Then, discussing our politicians' post 9/11 effort to festoon all public places with security measures, he offers these thoughts:

"To armor-plate the nation's security they increasingly look to the most powerful technology available: retina, iris, and fingerpring scanners; "smart" driver's licenses and visas that incorporate anti-counterfeiting chips; digital surveillance of public places with face-recognition software; huge centralized databases that use data-mining to sniff out hidden terrorists."

Schneier, who understands computer security at a level few of us can, says "if you think technology can solve your security problems...then you don't understand the problems and you don't understand technology."  I think this message needs more volume.  We need to crank it up to eleven (which, as Spinal Tap reminds us, is "one louder").   When politicians aren't kissing babies, or standing on the Capitol steps reciting the Pledge of Allegiance they are often touting how some new technology (which the government will implement and control) is going to solve our problems.   Let's use a centralized database (like Larry Ellison says) and let's make the unique identifier the person's thumbprint.  What's wrong with that?

"Okay, somebody steals your thumbprint," Schneier says.  "Because we've centralized all the functions, the thief can tap your credit, open your medical records, start your car, any number of things.  Now what do you do?  With a credit card the bank can issue you a new card with a new number.  But this is your thumb -- you can't get a new one."

These are the simple problems that people who really know something about security analyze.  And what do our politicians really know about computer, security, or technology?  That's the question we need to always remember to ask.  And the answer, of course, is obvious.

[Ernie the Attorney] [emphasis added]

So many smart people in the world (like Schnier and Ernie). Why is it that smart voices are so little heard in power debates?

12:49:58 PM •  • comment