safer browsing

here is what i am currently using to make browsing safer and less annoying:

  • Use Firefox (duh)
  • Don’t install the Flash plugin
  • Turn off “Allow sites to set cookies” and keep a small whitelist
  • Use NoScript to only allow javascript on a small number of sites
  • Install this hosts file to remove most advertising
  • Use TargetKiller to get rid of pages opening up in new windows
  • Disable Java

It’s amazing how much faster and pleasant the web becomes if you take the garbage out..

the profits of fear

Elected representatives on committees that established policy at the highest level were motivated by base self-interest, expediency, and petty rivalries. They were not only ignorant, but uninterested in educating themselves. Given a choice between saving public money and spending it, they preferred to spend it. Allowed the option of destroying a city or leaving it unscathed, they opted to destroy it. Forced to choose between maximizing human suffering on innocent civilians or minimizing it, they chose to maximize it.

a must-read piece on sam cohen, the inventor of the neutron bomb, which he concluded, quite legitimately, was the most moral weapon ever developed. if history education were designed to prevent the eternal rehashing of mistakes, this is what would be taught. we get to obsess over times and places, instead of explaining the (lack of) thinking behind events that shaped the world. my history education was fairly short on recent developments, and i had to learn about game theory and nuclear deterrence on my own. considering how much they shaped the world we live in, i wish there was more emphasis on them. one way to do that might be to start from the present and work backwards. this would make sure you don’t run out of time just as you get to the present (happened in my high school, for sure), and would put the weight on what is probably most important today. on the other hand, one might argue that in order to understand the present, you need to be more mature, and therefore you are first presented with all these tales about ages past, until you grow up enough to hear the juicy stuff. another option might be to work with the arcs of history (page 4) that philip bobbitt had in his excellent the shield of achilles.

proactive security

turns out microsoft really means it this time. i had an older sql server 2000 running that stopped working after the update. turns out xp detected the missing service packs for mssql and disabled tcp access on the default mssql port. (1433) commendable, although the error message could have been displayed more prominently (maybe as part of the new security center)

invisible applications

microsoft monitor on managed code

Twice during keynotes on Monday, Microsoft executives demonstrated applications installing seamlessly, without any prompts or dialog boxes. Gone were the prompt boxes asking the demonstrator if he really wanted to install the application. Click once, and the application installed and launched without any user intervention.

i appreciate the vision behind this. tools should be usable just by picking them up, like in the real world. i do not buy the line that “computer users ought to know about [insert random technology here]”. without code signing and a body that rapidly revokes certificates for spyware and the like, this will sink faster than a grindstone. though, your spyware / adware is my revenue stream..

DCOM security

very interesting perspective on the security of DCOM after last weeks worms:

Microsoft has made some pretty strong claims about the improved security of our products as a result of these changes. And then the DCOM issues come to light. Unfortunately, it’s still going to be a long time before all our code is as clean as it needs to be.
Some of the code we reviewed in the DCOM stack had comments about DGROUP consolidation (remember that precious 64KB segment prior to 32-bit flat mode?) and OS/2 2.0 changes. Some of these source files contain comments from the 80s. I thought that Win95 was ancient!

klaxon

seems the new game in town is to adopt a klaxon approach to security:

Subject: Important Security Update for the .NET Messenger Service
Date: 19 Aug 2003 02:23:18 -0700
From: .NET Messenger Service Staff
ATTENTION: IMMEDIATE ACTION REQUIRED FOR MSN AND WINDOWS MESSENGER USERS.

i got that email 1113 times so far.
UPDATE: of course, that number is laughable compared to the dozens of emails i got from the SoBig virus today. It seems no day passes without a microsoft incident.

identity theft

while dubya claims to enhance security by fostering denunciation, the theft of identities continues unabated. joshua allen: the government has failed to protect the voters from identity fraud, and instead protects only the banks and government bureaucrats and don’t think it only happens in the us. companies everywhere are busily profiling their customers (in able to deliver personalized spam), and the notion that any data that is created through the activities of a person should be their property is foreign to them. maybe i should get a new face, and jump into the fray.