The Caffeinated Penguin

musings of a crackpot hacker

More on the Word rant, Biometrics and the new Napster ads

Posted By on March 8, 2005

Remember this link? Well, there was a point to it, which was that I fail to see how Word is used for document preparation. If you do any work of any length a variety of things go wrong with it (oh, and I found another one – the blinking cursor goes away after your document gets too long as well). So, let’s break it down. Pro:
  1. Quick learing curve
  2. Industry standard
Okay, so 2 is what I’m trying to figure out, and seems like a circular argument – Word is an industry standard because it’s an industry standard. As for the quick learning curve, I concede that Word is quick to learn. However, so is OpenOffice. Now, I’ve heard OpenOffice characterized as the little kid trying to stand up to Microsoft’s Office. Well, when it comes to the document portion of the suite, it seems good enough to me. After all, it can’t be much worse than Word. I guess what I’m led to after this experience is that Word is useful for quickly and easily writing up a letter to your grandmother, but (like most Microsoft products) is not really suited for real work (their “we see your vision” commercials notwithstanding). No wonder people using Word to write books break them up into chapters – it’s the only way to keep Word usable. Speaking of commercials, I saw two of them that bothered me:
  • The IBM Thinkpad commercial demonstrating their biometric security systems. This is a fine commercial demonstrating a bad system. Biometric security is BAD. The problem with using it for authentication (note that I’m not saying ID here. Biometric ID’s are fine. After all, they already are – there’s a Photograph on most ID’s, which is a form of biometric identification) is that if the system were to be compromised, you can’t change it except to migrate to another authentication mechanism. Authentication should be done in one of two ways – what you know or what you have. What you know are things like passwords, answers to secret questions, etc. What you have has a longstanding precedent: your house or car keys. These two methods are simple, they work, and, most importantly, they can be changed if compromised. Change your password, change your locks. Easy. The problem is that if biometrics are used for authentication purposes, then what happens if they are compromised? For example, say that you use a fingerprint reader. I hire a sexy operative to chat you up in a bar. I’m two seats down. She gets you away from the bar, I get your class. I lift the prints and make a false finger with your fingerprint. Congrats, I now have your authentication mechanism. If the whole system is predicated around it, then you need to change the system to something else, because you can’t change your fingerprint. Congratulations, you’re screwed. Now, if people want to use biometrics for identification, that’s fine. I’d have no problem with a retinal scan + password combination. After all, that’s just like username and password. A similar system would be a voiceprint + spoken password combination (although the possibility that you might be overheard concerns me). What is the best way? I’d like smartcards, except that people would have a tendancy to leave them in machines for convenience. Bear in mind, you can’t make an authentication system too complex, because you’ll end up causing people to take shortcuts to make life easy. For example, when you enforce a monthly password change policy and strictly enforce strong passwords, users forget the password and end up just writing it down, which compromises any security you think you have. A better idea is to do a yearly or 6 month change policy, with a strong password validation. That way, people have time to remember it.
  • Napster I’ve finally seen the new Napster ad. For those of you who haven’t they basically posit that it will take $10,000 to buy enough songs to fill up your iPod. However, you can fill up your other random music players with songs from Napster for just $15 a month. However, there is a little bit of fine print at the bottom of the last screen of the ad (where they show the napster logo), which says (I’m going from memory here), that: “subscription must be maintained in order to keep access to songs”. That’s right. Any music that you buy goes away if you stop the service. Nice, hunh? At least with iTunes, you own the song. Now, one might ask how this is technically possible? Well, WMA has DRM functionality built into it. They can revoke access to any DRM-ed stuff at the whim of the “content provider”. Nice to know that this is going to be included in Word documents, isn’t it? Stops those pesky whistleblowers from emailing, printing, or copying Word documents to “unauthorized devices”. Plus, if you do manage to get it out, your reporter’s copy of Word will refuse to open it. OpenOffice won’t help much, because it will be encrypted, and circumventing that encryption would violate the DMCA. Welcome to Korporate Amerika, citizen.

Comments

Loading Facebook Comments ...

Leave a Reply

Please note: Comment moderation is currently enabled so there will be a delay between when you post your comment and when it shows up. Patience is a virtue; there is no need to re-submit your comment.