I hide nothing from you: I kicked back this Friday night. I slacked off. Now it’s Saturday at 2am and I’m finally getting to this. But, you all read this in the morning anyway so it really doesn’t matter much, right? (If I’m wrong I’ll surely hear in the comments)
Let’s start with a widely reported but badly reported story: DNSSEC. This is a framework for the Domain Name System (the framework for translating from hostnames such as www.redstate.com to IP addresses, which are the actual addresses used on the Internet). The system is akin to SSL for domains. Verisign will manage it for the Commerce Department and create a single “Root Key” which is then used to create certificates for domains, which will then be used to make sure your a domain’s DNS records are legitimate.
In my estimation, it’s just a big boondoggle for [Verisign] to get more customers. The vast majority of domains won’t be able to be secured by it, because Verisign is going to have a monopoly and will charge accordingly. This will only affect big businesses transacting large amounts of money, and they’re already secured against DNS-based attacks. If they’re smart they are, anyway.
What DNSSEC does that is bad, however, is create a new point of failure for the Internet, because there are 7 key holders which control escrowed access to the root key. If 3 of them lose the keys, the entire system will have to be re-keyed at expense and inconvenience to all, as pointed out by George Ou.
Continue reading »
Good evening. Sure, it’s technically morning, but when I went to post tonight I realized I had nothing queued up to write about, so I had to make a crash run through my news feeds before I could get started.
But get started we shall tonight with Apple and the Library of Congress. The Library of Congress is apparently entrusted with setting rules for what forms of reverse engineering are allowed under the Digital Millennium Copyright Act, a landmark bill which included (over)broad restrictions on software. In short, the DMCA pretty much bans reverse engineering or circumvention of software or hardware that enforces copyright. Exceptions are given though, and the Library of Congress has announced some more exceptions.
One of them is a doozy: Both major forms of Apple iPhone “jailbreaking” are now expressly legal in this country. It is allowed to circumvent Apple’s restrictions to install legitimate software otherwise inaccessible through the App Store. It is also allowed to buy a used iPhone and circumvent the AT&T carrier restriction in it.
In practice this might not mean much, as jailbreaking activity was already strong due to clear legality in other countries from the start. That fact forced Apple to fight jailbreaking technologically, rather than legally. But now the full might of American engineering may be brought to bear on iPhone jailbreaking, and Apple might have a tougher time going forward.
Continue reading »
Good evening. We’re now off to a good start with this new Monday-Wednesday-Friday column, because this time I’m getting it published before midnight on both coasts.
So let’s get right to it. The two big stories I’m seeing are that Google’s Street View spying troubles are coming home to the US, and the NSA is apparently expanding its mission to protect US communications from foreign agents in a new and potentially troublesome direction.
Continue reading »