Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Watch Video Donate Shop PBS Search PBS
I, Cringely - The Survival of the Nerdiest with Robert X. Cringely
Search I,Cringely:

The Pulpit
The Pulpit

<< [ The Death of TCP/IP ]   |  "You're a freakin' moron, Bob."  |   [ Making Lemonade ] >>

Weekly Column

"You're a freakin' moron, Bob.": Loyal Readers React to Last Week's Column

Status: [CLOSED]
By Robert X. Cringely
bob@cringely.com

In the week that has passed since writing my "Death of TCP/IP" column, I have been called godless and gutless, misguided and stupid, brilliant and dangerous. In other words, it has been business as usual. Everyone agreed, though, that I was wrong to attribute Zone Alarm to Steve Gibson. I don't know what got into me. This very good utility comes from www.zonealarm.com. That URL and others of interest are under the Links of the Week button at the top of this page.

Nobody liked my suggestions for cleaning up the Net, which were generally viewed as attacking personal privacy and perhaps even being illegal in Europe. I guess it is back to the drawing board there.

"This is Microsoft's sleazy business," wrote one reader, "and is their fault because they choose to make leaky software that serves them and not the open market. Do not suggest giving up our freedoms and choices for their taking advantage of us. Just because it's the way it is, doesn't mean that we should grab our ankles to accommodate Microsoft. And if you think that anonymous transactions aren't a fundamental pillar of our civil rights...well, wait till you can't buy an anatomically correct blow up Debbie Doll, without everyone and their brother potentially knowing who you are and where you lives."

Fortunately, I already have in stock a lifetime supply of Debbies, complete with patch kit and deluxe pump.

Many readers saw a bigger big picture than I could have ever dreamed — or than I am even sure exists. "The big threat of the Internet to the big Media/Software/Advertising giants is the peer to peer nature of TCP/IP," wrote another reader. "Way back before we ran out of routableaddresses (don't think we haven't), anybody could initiate connections toanyone else. Way too much equality and freedom for the common man. Fortunately for the giants, we have run out of addresses and much of the population are NAT'ed (mapped to routable IP addresses in a restricted fashion) and using dynamically allocated addresses. This is useful for outgoing connection but not suitable for peering. Just what industry needs. That combined with widescale deployment of PPPOE has left much of the original functionality of the Internet gone already. All the giants have to do now is compartmentalize the user experience a little more and add a PKI for accountability."

"Enter IPv6: This is the protocol that big business will only migrate to whenand if they are economically forced to. With 2^128 addresses, everybody canbe peers again. And not in the sense of the current broken peer to peermodels which can't scale. IPv6 will be technically feasable within 5 years,and a lot of the IP address 'have nots' (like Asia) are pushing for itsadoption. It will be an interesting tug of war between the need to grow theInternet and the strong desire to keep it in its current (dysfunctional) state."

"Have you ever heard of code access security or verifiable code?" asked one user who thought he had all the answers. "This is how worms and virus will be prevented from spreading on MS systems in the future. The CLR (.Net runtime) ensures that code (originating off of your machine or on it) is capable of only a limited sub-set of operations (unless you or an administrator modifies the security policy). This is not a rehash of Authenticode (which only was mainly concerned with installation anyway), but a security sub-system extremely similar to Java. In addition, verifiable code (another feature of the runtime) ensures that buffer overruns will not exist (also very similar to the JVM verification steps). Envisioning that MS is developing their own protocol to address these concerns is silly, since the real problem is execution of hostile code, not transmission."

This is an excellent point except that in my TCP/MS scenario, Microsoft wasn't really doing a proprietary protocol to address these concerns. They were doing a proprietary protocol to own the protocol.

Yet another reader said the answer to data security was having a secure execution environment like Java. "You basically don't hear about Java applets causing damage because they have security built in. They won't let the applet do things that they shouldn't be doing. So too Visual BASIC shouldn't be allowed to do certain things when embedded in e-mail or word documents."

Here's another guy with a fix I couldn't find fault with. "My TCP skills are somewhat rusty, but isn't the biggest problem with raw sockets that people can masquerade as some other IP address, and become untraceable? Wouldn't it much simpler to program the routers not to accept packets generated from an IP address out of range? For instance, (the place where I work) uses an address range starting with 35.8.x — I'm pretty sure in the last year we have added a filter so that we don't send any traffic from some other range. It seems like we could legislate that every ISP has to be a good citizen and only send out packets from its own IP addresses for a quick fix to the problem."

On the other hand, some readers thought that Microsoft was already on the right path if only we'd give then a bit more time: "I just read your column about lack of security in Microsoft products. You completely missed the code access security features of .NET. I've been working on .NET development for over a year now, and even in the early betas, I can enforce security policy based on the origin of code. I can block access to the registry, the disk, and many other very specific operations based on a rules-based system. So, instead of running only in the security context of my user account (picture the home user who essentially has administrator right but no clue about what they're doing), you also have code access. This way, if I download a virus or piece of software from an untrusted source (i.e. the Internet), it will block running it, even if I am administrator."

And some readers, quite bored with the current rash of computer crimes, wondered aloud how they might do a lot more damage should they decide to undertake their own crime spree. "You are, of course, right about the fact that virus writers have been (so far) staggeringly unimaginative and shortsighted in their work," wrote one reader, clearly entering some kind of fugue state. "One can draw parallels with graffiti artists, or bacterial pathogens, or terrorists. But just to give one example — if *I* were to make a virus, I'd for damn sure do something INTERESTING like, for example, seek out every Excel spreadsheet on the hard drive and change ONE randomly-selected "2" to an "8"...And not crash, interfere with anything else, or otherwise attract attention, except to spread. It wouldn't make CNN — at least, not right away — but once it did, the story would not be about how millions of people had trouble with e-mail. It would be more like how Merrill-Lynch had to declare bankruptcy."

Watch out for that guy.

Comments from the Tribe

Status: [CLOSED] read all comments (0)