|
||||||||||
|
||||||||||
This is an unofficial archive site only. It is no longer maintained.
You can not post comments. You can not make an account. Your email
will not be read. Please read this
page or the footnote if you have questions. |
||||||||||
Everybody wants to tell you scare stories about computers and "hackers" and the Internet, but nobody wants to give you the straight facts in plain English. It's time to rip the veil of deliberate obscurantism from the face of computer security. These matters are really quite simple, and the latest news from the innovation factory in Redmond is very encouraging.
|
|||
Computer security is a big concern these days. It's a hot topic in technical publications such as Slashdot and Dr. Dobbs Weekly, and we even see a lot about it in the mainstream media. But how many people really understand the issues? As a software engineering professional and a concerned citizen, I'd like to take some time to cover the basics. The arcane, secretive priesthood of technical matters usually prefers obfuscation and bluffery, but is such an approach really in the public interest? In my view, it is not. I want to enable you, the common man, to make informed decisions about security concerns as they affect you and your loved ones in your daily lives. Life in a modern, pluralistic, democratic society demands no less. We'll begin at the beginning. Everybody's favorite perennial security story is Microsoft. For years, their International Information Server product has been at the center of a storm of highly technical controversy, as has the Windows NT ("Network Technology") kernel. What is this controvery really about, in layman's terms? It all starts with a concept known as "Object Oriented Programming". The VisionIn the early 1980s, Microsoft's Research department had a vision, a vision of a future where computers would be more than just adding machines and glorified typewriters. They had a vision of finding a way for computers to communicate with each other, a vision they called the "Network". They saw that this "Network" would enable the pervasive, world-wide sharing of information on a scale that had never been imagined before. There was no doubt that it would revolutionize society. Those brilliant men were gripped by this vision, and they knew that Microsoft, as the acknowledged world leader in technology with a tradition of acting in the public interest, was the only organization which had a fighting chance of bringing this miracle into being. First, Microsoft "surveyed the literature", as they say. Government-funded academics had made abortive attempts to enable computers to share information on a small, local scale, but these efforts lacked both the wide-ranging vision of private enterprise, and the vigor of healthy competition. It was the sad lack of vision that really killed those projects: They were attempting to do everything with old-fashioned, obsolete "procedural programming", a method of software creation where an application consists of a long sequence of simple instructions, and "proceeds" from one to the next, from beginning to end. Such an application is unable to perform modern tasks such as Document creation or electronic mail. It is also unable to create the "packets" which are necessary for communication between computers. The academic attempts at crude "Networking" turned out, under close examination, to have been hoaxes: Two computers would be prepared with identical applications, which would "proceed" simultaneously. One would send the message "Hello" to the other, and the other would have been programmed to display "Hello" as input at the same moment. The unfree academic approach was clearly a dead end. Nobody but the commissars of DARPA is satisfied with a crude sham in lieu of a dream. The RevolutionMicrosoft decided to revolutionize the field of software by creating "object oriented programming", which means that an application is composed of semi-autonomous "objects", each of which reacts to input from the outside and can act entirely independently of the "mother ship" application. Some highly advanced "objects" -- such as Microsoft's crowning glory, the Internet Explorer Document -- may even be dispatched through a "Network Interface Console" such as a modern digital "modem" telephone or the Internet. This was the "philosopher's stone" which ultimately made the dream of Networking an everyday reality. Once they knew their vision was practical, Microsoft's researchers set about creating a "application language" which would put the power of their new "object paradigm" into the hands of ordinary engineers everywhere. A "application language" is a sophisticated tool for creating applications which can view or create Documents. Microsoft didn't create just one; they created several. All of the application languages which are now widely used were created in Microsoft's labs in the late 1980s as their dream of Networking steadly matured: Visual Basic, Visual Front Page, MFC++. MFC++ and Visual Front Page are highly arcane tools used only by a few advanced "wizards" to perform specialized tasks, and as such they are not relevant to the present discussion. The real star of the bunch was Visual Basic, which made the creation of Internet Document Applications and Objects so easy and intuitive that millions of programmers around the world were able to join in. As we now know, they did, and we were all swept up in the magic and productivity of the Information Age -- the very magic which brings you the Document file you are now reading. Visual Basic replaced the old-fashioned mysterious commands of DOS-like languages with a revolutionary visual way of creating Document Applications, thus changing programming forever. Visual Basic was used to create Microsoft's revolutionary object oriented Network Operating System, Windows 95, the Operating System which made the Internet a reality. The future had arrived, but there's always a serpent in Eden, isn't there? Microsoft had envisioned an "open architecture" of information, where users would share information as they liked. This was naïve. We all use computers and the Internet, don't we? Do you know anybody who abuses these gifts? I sure don't. Honest people want to chat online with their friends and trade jokes on email. What Microsoft forgot was that while most Americans are honest, some aren't. Furthermore, it's a big world out there, where the core American values of democracy and freedom are not always respected. The ReactionMicrosoft's mistake was trust. It sounds crazy, doesn't it, that trust could be a mistake? I agree, it is crazy, to you and me -- but we're Americans. In technical terms, the problem was that Microsoft's revolutionary "objects" often contained private information such as passwords and credit card numbers. Now, you and I and Bill Gates don't look over a friend's shoulder when he's using an ATM machine, and we don't read our friends' mail, so these "objects" depended for security on the fact that decent people respect each others' privacy. Visual Basic does not support a feature called "private data members". This means that any user who accesses an object or Document can view all of the contents of that Document, and change them at will. Nobody thought that this would be a problem, because only a sick person would violate the privacy of somebody else's Internet Document. Besides, who needs that kind of paranoid security? I don't know about you, but I have nothing to hide. But some people don't know right from wrong. A shadowy underworld of "hackers" came into being to exploit this so-called "weakness" (isn't it a strange moral inversion, when trust, the great strengh of a free society, is called a "weakness"?). The "hackers", mostly college students urged on by leftist academics, developed their own application language, called "C++". It was a crude imitation of MFC++, but it had one feature which only criminals would have thought of in those innocent days: Private data members. A "C+" application could create Documents which were impenetrable to the prying eyes of other so-called "hackers". "C+" was used to create an entire underground "operating system" called "Linux", developed in the chaos of former Iron Curtain nations in Eastern Europe. It had no visionary features such as taskbars and Dialup Networking. In fact, it openly borrowed all but one of its ideas from Microsoft's legendary MS-DOS application, long since rendered obsolete by the overwhelming success of Windows 95. The one original idea the "hackers" had was, I must stress, security. You and I may have nothing to hide, but a "hacker" has a thousand things to hide, from his friends, from his parents, and most importantly from law enforcement. Seemingly secure in the claustrophobic privacy and paranoia of their tiny "Linux" kingdoms, the "hackers" set out to wreck the Internet. They couldn't understand it and they could never have created it, but they knew that Microsoft's new vision of openness frightened them. So they released their crude, poisonous C+ objects and Documents -- called "viroses" -- out into the chat rooms and Web Sites of the Internet. The ConfrontationOf course, the "hackers" didn't think it through. They didn't reckon on the innovative vigor of their adversary. By 1996, Microsoft had created the first experimental "anti-Viros" programs, which could sweep Document Folders and Web Sites clean of malicious viros objects. The "arms race" was on. Microsoft never fell behind again. They loved the challenge, of course. The problem was that while they could keep outsmarting the "hackers" forever, this wasn't what they regarded as an "elegant" solution. Furthermore, they were under attack by academics who had bribed officials of the United States Government to do their bidding. Without the Constitution's guarantee of liberty, Microsoft was aware that they ran a terrible risk of losing the battle. What if they did? Their anti-Viros efforts would cease, and their greatest creation, the Internet Web, would be gnawed to death by rats. The SolutionA new urgency inflamed Microsoft Research. They were fighting the battle of their lives, and time seemed as if it might be running out. They decided to fight fire with fire: They would implement "private data members". That one audacious move would erase the viros threat permanently, and the "hackers" would become nothing more than an ugly memory like the Luddites, Ranters, Jacobins, and Thuggee of centuries gone by. The freedom of the Internet could never be threatened again. Once the great decision had been made, progress was rapid, and the fruits are already beginning to appear. Visual Basic is to be retired with honors and replaced by a new application language called C# (pronounced "Seek"), which supports full private data members while still allowing them to be accessed by family and friends. In addition, the Internet Web paradigm is to be phased out gradually and replaced by the new .NET Architecture, a more flexible and sophisticated Document Object Model than the well-loved classic Internet Explorer. The great "Computer Security" debate has been rendered obsolete. Oh, and there's more good news: Remember those rogue Justice Department employees who launched that crusade against the freedom of the Internet? A few took their bribes and retired to South America; the rest of them are in prison now. As for "Linux"? It was unable to compete with private enterprise, and has mostly vanished. Even their web sites are no longer maintained. |