May 21, 2001-- Newsletter #131
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
May 21, 2001--Newsletter #131
This newsletter is part of the internet.com network.
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
The manuscript for my third book, Web Design Goodies went to press last week. You can pre-order it right now from Amazon.com. Head to the HTML Goodies homepage at: http://www.htmlgoodies.com and you'll see the link to order the book.
I'm proud to say that the book took so much longer to write than my other two because it is not content from HTML Goodies. It was written completely apart from the site. I would guess that 95% of the book does not appear on the HTML Goodies site. We also performed a very large survey in regards to the topic. We wanted to make the book something that could be understood and helpful to anyone who picked it up in a bookstore right up the ladder to graduate students.
Did you hear
The U.S. Pentagon appears to be leading the pack as the site people would most like to hack. According to the Pentagon's Chief Information Officer, there has been an almost steady flow of hack attacks this year. Last year 215 of 23,662 attacks were successful. This year appears to be on track to break the record.
Egarden.com is calling it quits. The online store closed its doors on the one-year anniversary. If that's not much of a shock to you, how about Dell computers also shutting down its online marketplace just four months after it opened? Wow. It appears to be getting rougher out there.
Just when I decide to buy a PDA, it appears as if the market is drying up. Palm has announced that sales are falling quite short of all expectations. Financial analysts are stating that this might be the quickest downturn yet in the world of high tech. It's so bad that it's been suggested that the company leave the hardware side of the business altogether. All this happened in just six months.
Now onto today's topic
I make part of my living as a University professor. I've now been at my latest position with Southeastern Louisiana University for two years. I am what is known as tenure track. That means I am under consideration to become a tenured professor.
The process is more or less stringent from school to school but where I am, the process is six years long with yearly evaluations. In order to get tenure I must have good teaching evaluations, provide service to the university, and publish.
You may have heard the term, publish or perish. Well, that's a true statement. Tenure track is actually a double- edged sword. You either get tenure or you are out of a job. If you do get tenure, it certainly isn't a guaranteed job. It doesn't mean that a professor can now sit on his or her can, do nothing and collect a paycheck. In fact, research from the NEA and the American Federation of Teachers shows that tenured professors generally publish more than untenured professors. The few stories you may have heard regarding lazy tenured professors is certainly not representative of the vast majority of college and university educators.
Tenure was created to act as a shield for a professor whose research and writings might anger or go against the beliefs of an establishment and in turn threaten his or her job. A tenured professor has met the requirements of his or her school and, because of meeting the requirements, has been granted a kind of safe haven in which to produce research.
There's this Princeton professor by the name of Edward Felten who, as many professors do, took the time to deliver the results of some research to a group of people at Stanford University.
Professor Felten only delivered a good portion of his research leaving off some of the best parts. You see, he was in fear of being sued for what he might say.
Professor Felden headed up a research team that included persons from Rice University and Xerox-PARC. Guess what they did.
They broke music security technologies created by the Secure Digital Music Initiative, a collection of major record labels and hardware/software manufacturers dedicated to protecting digital audio content. What watermarks they created, Felten, and his team, broke. Better yet, the entire process of breaking the watermarks took only three weeks.
These are obviously some smart researchers.
It seems easy enough to me. Professor Felten performed research and that research should be published. Tenure should protect him.
Not so fast. Professor Felten did present his research, but stopped short of giving away all the answers mainly because of a threat delivered by senior vice president of business and legal affairs for the RIAA, Matthew Oppenheim.
Oppenheim stated, in a letter to Felten, that publishing or presenting his results could land him on the wrong side of a federal lawsuit.
Oh, it gets better. Later that week, Cary Sherman, general council for the RIAA, said the letter was a mistake. They stated they were taken aback regarding how the letter would have been perceived. The RIAA, through Sherman, stated that the group should have been more tactful. Sherman went on to say that if Felten published his research that he would not be sued.
The RIAA's position is that people should be involved in this kind of research but that the results should not harm another's technology. Felten countered by saying that the technology was just too easy to break. One member of his team, Felten said, broke one of the codes by accident.
I'd like to stand here, throw my fist into the air, and tell professor Felten to publish the work anyway but it's not my university and my position that would take the heat. This is the question of tenure being brought into play. Professor Felten has created research that goes against an establishment and that establishment got its guff up.
Will society stand for such a thing? Can a professor at an institution of higher education be silenced simply because the major corporation he or she is researching doesn't like the results? We'll see.
I am saying society rather than the university structure because if a single university went up against a force as financially powerful as the RIAA, they would be defeated and bankrupt as a result. It could ruin the school.
No, where the RIAA will be defeated in such a case is in the court of public opinion. The NAPSTER debacle will uphold that statement if it hasn't already.
I would suggest that the RIAA look to the results of professor Felten's research as help. If it were really as easy to crack the codes as professor Felten said it was, then why sue? Take the money you were going to use to sue the team and give it them. Fund them. You got beat. They beat you.
If you can't beat em', fund em'. Get these people on your side so that they are now working for you rather than against you.
The only problem isthey may not want to work for you. They may want to stay on the opposite side of the fence. If so, then once again, don't sue. Take the money you'd spend on the suit and put it towards research and technology. It's obvious that the technology you came up with was cracked like a walnut. Put more funding into it. Better it.
Hopefully society will stand behind a professor who is performing credible research allowing him or her to publish results without sitting in fear of lawsuits and monetary punishment.
If we don't, the new line may become, publish and perish.
That's that. Thanks for reading.
Joe Burns, Ph.D.
And Remember: Speaking of publishing, Emily Dickinson wrote over 1700 poems. How many were published during her lifetime? None.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...