Author: Eliot

iOS 7.0 Upgrades and Security

Well, here we are.  Another version of Apple’s iOS that is supposed to wow us with all sorts of new functionality.  That’s all great and everything but since I use my iPhone for work our work people have an internal page that shows what will work and what won’t with the current release.  They’ve performed both a great service to me and a great disservice to you.  For me, I’ll know when I can safely upgrade and have all of my work-based apps work.  For you, since I’m delaying my upgrade, it also means delaying any fixes to security vulnerabilities that could impact people elsewhere on the network.

Did Apple make a mistake by not making iOS 7 compatible with iOS 6? If their goals are to have a very secure operating system, then it’s quite possible.  But typically a company’s goal is profitability, and here an expanded platform with broader capabilities might suit the tastes of both users and developers in the long run.  And so once again, security may have taken a back seat.

It is possible that Apple could mitigate this situation directly by telling developers that the phone won’t run apps on the old platform after a certain date.  This might actually align both sets of interests: the public’s security interest and Apple’s interest in not having to support older interfaces.

This works until the value to the consumer  of laggards well exceeds that of the combination of those who have updated their software and the value of the upgrade itself to the consumer.  Once that line is crossed, people will stop upgrading their operating system, returning us to the state we are in, today.  Let’s all hope Angry Birds is up to date.

Interesting Geoff Huston Posting on CircleID

Geoff Huston has established himself as perhaps the foremost authority on IP address markets.  A senior researcher at APNIC, Geoff has tracked this issue for over a decade.  He has recently posted a new blog entry at CircleID, to which I’ve commented.  Here’s what I wrote there:

The fundamental basis for the article above is a lack of transparency within IP address markets.  This is something that Bill Lehr, Tom Vest, and I worried about in our contribution to TPRC in 2008.

Amongst other things, transparency or its lack has the following effects:

  • Assuming it is a goal, efficiency in markets demands transparency.  When markets lack transparency, neither the buyer nor the seller know if they have gotten a good deal, because it could be that there existed either a buyer who would have paid for more, or a seller who would have sold for less, who was simply not identified.  Is $10 per address a good price?  There is at lest a tidbit of information from some of the brokers that indicates wide variance in the cost of IP address blocks.  Whether that information is accurate, who cannot say?  It is not required to be so.
  • Network administrators and owners should be making informed decisions about how and when to move to IPv6.  Absent pricing information regarding v4, there is uncertainty that is difficult to price.  In this sense, hiding pricing information may actually encourage IPv6 deployment.  Keep in mind that large institutions require years if not decades to make this sort of transition.  Were I them, given the increased number of devices (if you can believe the numbers above, and I suggest that we take them with a grain of salt), I would start now to get out of this rigamarole.  Heck, even with transparency, that only tells you today’s price, and not tomorrow’s.  Certainly it is well worth researching methods to price this risk.
  • It is important to know if there is an actor who is attempting to corner the market.  Proper registration of purchases and sales provides an overview of whether dominant players are acquiring addresses beyond the needs of their customer base.  Such acquisitions would have the impact of increasing costs for new entrants.
  • Finally, the Internet Technical Community (whoever we are) need to know if new entrants are in fact unable to access the Internet because IPv4 addresses are too high, if we want to see the safe and secure growth of the Internet everywhere.

The funny aspect of all of this is that governments may already be able to track some pricing information retrospectively through, of all things, compulsory capital asset sale reports, such as the U.S. Form 1040 Schedule D.  However, in general this information is confidential and not very fresh, and hence not sufficient to advance policy discussions.

Snowden disclosures reveal NSA abuse

I had no knowledge of the NSA’s programs, but I’m not surprised by most of it.  James Bamford articulated in The Puzzle Palace in 1980 what the NSA was capable of, and it has always been clear to me that they would establish whatever intelligence capabilities they could in order to carry out their mission.  There are several areas that raise substantial concerns:

1.  NSA’s own documents indicate that they intended to interfere with and degrade crypto standards.  That on its own has caused the agency substantial harm to its reputation that will take decades to recover from.  But they haven’t just sullied their own reputation but that of the National Institutes of Standards and Technology (NIST) who are a true braintrust.  Furthermore, they’ve caused the discounting in the discourse of anyone who is technology knowledgeable who have either recently held or currently hold government posts.  I will come back to this issue below.

2.  It is clear that the FISA mechanism just broke down, and that its oversight entirely failed.  Neither Congress nor the Supreme Court took its role seriously.  They all gave so much deference to the executive because of that bugaboo word “terrorism” that they failed to safeguard our way of life.  That to me is unforgivable and I blame both parties for it.  In fact I wrote about this risk on September 12, 2001.  I wrote then:

I am equally concerned about Congress or the President taking liberties with our liberties beyond what is called for. Already, millions of people are stranded away from their loved ones, and commerce has come to a halt. Let’s not do what the terrorists could not, by shrinking in fear in the face of aggression, nor should we surrender our freedom.

Sadly, here we are.

3. There are reports about law enforcement taking intelligence information and scrubbing the origin.  Where I come from we call that tampering with evidence in an egregious attempt to get around those pesky 4th and 5th amendments.

4. The NSA’s activities have caused great harm to U.S. services industry because other nations and their citizens have no notion as to when their information will be shared.  This is keenly true for companies such as Google and Microsoft who, it is reported, were ordered to reveal information.  The great Tip O’Neill said that all politics is local.  That may be true, but in a global market place, all sales are local.

It would be wrong to simply lay blame on the NSA.  They were following their mission.  Their oversight simply failed.  Congress needs oversight.  That is our responsibility.

Restore Morsi Now!

I am no fan of the Muslim Brotherhood, as many of their political positions are diametrically oppose to my own.

However.

I am a big fan of democracy.  However imperfect his election and that of the parliament, President Mohammed Morsi deserves the world’s support.  We in America often forget just how imperfect our democracy is.  Putting aside hanging chads, they used to have a saying in Chicago: vote early, vote often.

Democracy takes time to get right.  It takes commitment, and it takes patience.  Could you imagine the United States Army going in and taking over CNN in Atlanta, and arresting the president, simply because of a large protest on the Mall?  Those protests are meant to sway legislators and those who vote for them peacefully.

And it hasn’t always been so peaceful, even in America.  Some people may remember Sheriff Bull Connor who set dogs and fire hoses on peaceful protestors.  And we don’t even have to go back that far.  But we got better at it.

So would Egypt, if they give it time and patience.

What was the strategy of the Allied Forces in WWII?

I’ve recently read two books  relating to World War II.  The first was Ike: An American Hero, a biography of Dwight D. Eisenhower by Michael Korda, which is a near idolizing tale of Ike, in which the man can seemingly do no wrong.  The other is saga of Winston Churchill’s life, starting from the day he becomes Prime Minister in 1940.  This is the third of The Last Lion trilogy by William Manchester.  These are two very different perspectives on how WWII was won.

In the case of Churchill, Manchester describes his Mediterranean strategy as somewhere between nibbling around the edges, a war of opportunity, or an attempt to coax Turkey into the melée, while at the same time placing blame on Americans for delaying the end of the war, first by not entering it earlier, and second by not being more aggressive in the taking of Italy.

On the other side, Korda points out that Eisenhower took his strategy directly from Grant, which was to destroy the enemy’s ability to make war.  That necessitated the destruction of all German armies the hard way, under the belief that so long as they had armies that could fight, they would fight.

What is stunning about the difference in points of view is that neither seems to acknowledge the others at all.  As an American I found Manchester’s book helpful to understand the British perceptions of history, while at the same time having some understanding of the history of the Americans involved.