@gdonovan: #Microsoft + #NYPD team up for “Domain Awareness” public #surveillance program

Seven Takes on Security

From the Compact Oxford English Dictionary:

noun (pl. securities)

(1) the state of being or feeling secure. (2) the safety of a state or organization against criminal activity such as terrorism or espionage. (3) a thing deposited or pledged as a guarantee of the fulfilment of an undertaking or the repayment of a loan, to be forfeited in case of default. (4) a certificate attesting credit, the ownership of stocks or bonds, etc.

From the DOD Dictionary of Military and Associated Terms:


(1.) Measures taken by a military unit, activity, or installation to protect itself against all acts designed to, or which may, impair its effectiveness. (2.) A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. (3.) With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.

From the Internet Security Glossary, p. 149:


(1.) Measures taken to protect a system. (2.) The condition of a system that results from the establishment and maintenance of measures to protect the system. (3.) The condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss.

From Setha Low’s Behind the Gates: Life Security and the Pursuit of Happiness in Fortress America, pp 77-78:

So what exactly do residents mean when they say “I feel secure in my community”? At an emotional level, it means feeling protected and that everything is right with the world; unconsciously it is associated with a sense of childhood trust and protection by parents. Socially it means “I feel comfortable with my friends and neighbors.” “I feel secure in my community” also means feeling physically safe, not just psychologically or socially comfortable. These meanings — and many others — are evoked whenever they talk about security. This simultaneity and ambiguity of meaning gives the concept the power to evoke a complex and ever-shifting set of feelings, feelings that become encoded in a variety of symbolic forms, including the built environment.

From Microsoft TechNet’s Active Directory Application Mode (ADAM) Glossary:

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user’s access token and in the object’s security descriptor. Together, the access token and the security descriptor form a security context for the user’s actions on the object.

From the Open Source Security Testing Methodology Manual (OSSTMM) 3, p. 16:


A form of protection where a separation is created between the assets and the threat. This includes but is not limited to the elimination of either the asset or the threat. In order to be secure, either the asset is physically removed from the threat or the threat is physically removed from the asset.

From Bruce Schneier’s Beyond Fear: Thinking Sensibly about Security in an Uncertain World, pp. 11-12:

Security is about preventing adverse consequences from the intentional and unwarranted actions of others. What this definition basically means is that we want people to behave in a certain way — to pay for items at a store before walking out with them, to honor contracts they sign, to not shoot or bomb each other — and security is a way of ensuring that they do so.

stop the madness and just switch to an open-source browser

Yet another major security flaw found in Internet Explorer, Microsoft’s proprietary web browser. Via the BBC:

Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

There’s no sense in using a proprietary web browser. Free and open-source browsers such as FireFox or Opera may be just a susceptible to security breaches as proprietary ones, but the problems are almost always identified and fixed in a shorter of time. Hierarchical dinosaurs like Microsoft may be good for certain things, but they simply can not identify and solve security breaches as quickly as a large decentralized community of networked users.

Just stop the madness and just switch to an open-source browser. I recommend FireFox.

goodbye learning, hello workforce training

Some sad news regarding the One Laptop Per Child (OLPC) project:

Microsoft has joined forces with the developers of the “$100 laptop” to make Windows available on the machines.

According to Wired, Microsoft has had their sights on emerging markets in developing countries for a while now and have viewed low-cost children’s laptops as ideal vehicles for distribution. Until recently OLPC has resisted integrating Windows into their XO Children’s Machine, insisting that free and open-source software was central to their constructionist learning philosophy and necessary to give “children the opportunity to use their laptops on their own terms” (for more background see here, here and here). Sugar, the Linux based operating system designed for the XO Children’s Machine, has been described by OLPC as the “core” of their laptop’s interface and to the sharing and learning affordances of the machine.

olpc's blue screen of death

Yet, according to OLPC, it now appears that Windows XP will be bundled with the XO. This decision has apparently been motivated by countries, such as Egypt and Columbia, demanding that the computers carry Windows before they agree to buy in to the program. Their reasoning seems to be that they aren’t interested in machines for learning and sharing, they want machines that will train a generation of children for a future tech-based workforce. Not learning how to think — learning how to USE Excel, PowerPoint, Word, etc…

Nicholas Negroponte (founder and chairman of OLPC) claims that a dual-boot option, similar to Apple’s, which allows the child to choose between Windows and Sugar is in the works — yet Ivan Krstić, the former top security architect for OLPC argues otherwise:

The whole “we’re investing into Sugar, it’ll just run on Windows” gambit is sheer nonsense. Nicholas knows quite well that Sugar won’t magically become better simply by virtue of running on Windows rather than Linux. In reality, Nicholas wants to ship plain XP desktops. He’s told me so. That he might possibly fund a Sugar effort to the side and pay lip service to the notion of its “availability” as an option to purchasing countries is at best a tepid effort to avert a PR disaster.

Krstić goes on to write that this realization that learning was never part of the OLPC mission (i.e. the mission is about laptop distribution) is precisely what lead him to resign from the project. Krstić concludes his post, in part, by stating:

OLPC can’t claim to be preoccupied with learning and not with training children to be office computer drones, while at the same time being coerced by hollow office drone rhetoric to deploy the computers with office drone software.

Although disagreeing with a number of key points made in a recent post by Richard Stallman (founder of the free software movement), Krstić and Stallman appear to agree on what is at stake here. As Stallman puts it, this is about “whether the XO is an influence for freedom or an influence for subjection.” Indeed, close attention to the built pedagogy of the XO Children’s Machine is needed. As the XO shifts from an entirely free and open-source machine (with the exception of a proprietary firmware program for wifi access) designed for the promotion of open learning and sharing in the social and structural environments of developing countries — to one that increasingly adopts proprietary software for the vocational training of a future workforce — the lessons being taught are of great importance. Lets be clear, its not a mistake that the mesh networking capability of the XO, which allows the computers to talk to one another and share data, is not currently supported by Windows XP. And I don’t expect that problem will be “fixed” anytime soon. If it is ever “fixed,” the sharing component will be tightly controlled and heavily regulated.

In a previous post about the XO, I praised its mesh networking capability as a way to generate autonomous communication networks which might help afford a new media space for citizen power. Of course, such autonomous digital communication poses a threat to intellectual property enforcement and thus a threat to Microsoft’s entire business model. If information and communication flows freely in developing countries (aka “new markets”) it makes it more difficult to start charging one day. Immersing children, early on, in proprietary environments where information circulation is tightly controlled and intellectual property rights are strictly enforced, helps to socialize a generation that will continue to play by the old rules rather than one that will challenge them by imagining new rules. In fact, “play” is exactly what is being co-opted here. Children’s play in technological environments (in this case, the XO) is being shaped to socially reproduce certain behaviors for future work in an informational economy. Of course children are not passive recipients, they are actors in this equation. What they do in these proprietary environments and how they may (or may not) reclaim play for creative and innovative purposes is worth watching.


Couldn’t help but notice these two stories about facebook today: Facebook investigated on child safety and Microsoft Is Said to Consider a Stake in Facebook. While I discovered social networking on friendster, moved to myspace and flirted with orkut – my favorite social networking service these days has been facebook. Its clean interface, minimal advertisement, panoptic social feeds and its open-source platform won me over. Facebook has been my most updated and frequented social profile for months now. However I may have to reevaluate my long term commitment to facebook in light of these two stories, they certainly echo the headlines which circled myspace prior to its acquisition by News Corp. Msnbc even referenced Rupert Murdoch in their article:

Facebook, the fast-growing social networking group, has come under investigation by Andrew Cuomo, the New York attorney-general, who said on Monday that the company did not do enough to protect children from sexual predators on its website...

The attorney-general’s investigation comes days after Rupert Murdoch, chief executive of News Corp and owner of MySpace, a rival social network, predicted Facebook would run into problems over child safety…

Good thing there are giant corporations waiting in the wings to save social networks like myspace and facebook from child safety problems…