Peter Coffee started out by remarking that eWeek magazine had been close to bankruptcy, but after an agreement was reached with bond holders they continue to lurch along. Information Technology (IT) advertising has dropped off greatly in the last year. Peter remarked that things have changed greatly over the last year when his talk came before the September 11, 2001 attacks. Since then many places that did not do it before have imposed access controls and other security procedures. Some people are already chafing at the inconvenience of some of these procedures. IT as a field has also been affected by the imposition of security measures.

In IT there have been what Peter called "False Demons and Feeble Angels". Crypto technology has been falsely demonized as an aid to terrorists and legislation proposed to ban it. There have been protective measures imposed by things like encrypting Word documents. This had led to the forming of multiple sources that are able, for a fee, to decrypt Word files with a standard fee of $45.00 to accomplish it. Their primary customers are legitimate users who have forgotten their passwords and need help to get access to their information. There are continuing attempts to censor the Internet, with China as a prime example. China tries to limit access to only government approved sites. Among others, they have banned Google. However, there is a site named "Elgoog" (Google backwards) where you can enter a search query typed backwards and get access to the site. This works because the Chinese government doesn't know about it yet. If they find out, then almost certainly another ruse will be used. The U.S. government tried to control crypto by calling stored versions of crypto munitions and prohibiting their export which resulted in a number of corporations moving these operations to sources overseas. Fortunately people seem to have forgotten about crypto lately which is a good thing, because crypto is a necessity if you want to conduct private operations over a public network. Also, use of foreign languages such as Arabic has been successfully used by terrorists because security agencies lack a sufficient number of linguists.

Crypto is not a complete security cure, because faulty implementations will still allow improper access to information. User problems can't be solved by technology, keeping track of multiple passwords is nearly impossible and people are very predictable in their choice of passwords. It is quite common for people who have to use multiple and changing passwords to keep them all in a single password protected file. Biometrics has not been catching on. Face recognition is very difficult to properly tune and apply. There are high costs in implementing it and there are social issues that impede its adoption. Finger print scanners are quite accurate, except sometimes people can activate them with the previous person's fingerprints still on the scanner. One security procedure that has worked very well is tracing people's tracks through cyber space.

With security, step 1 is assessment of the problem by identifying assets and processes that are at risk. You must consider non-IT elements, take appropriate legal measures, and use automated tools to decrease cost. You must measure success correctly. Success is about lost time, not the number of blocked attacks on your system. Step 2 is prevention. Harden your system by installing patches. Identify and remove or disable un-needed services, change default passwords, and regularly evaluate permissions to use the system. Put security close to the data and keep users far away from it. Anticipate failure, use "defense in depth". Document configuration changes and communicate policies and processes to your employees and users. Step 3 is detection. Know your network boundaries and what is normal activity and ask why anything else is happening. Use the protection you have already paid for by enabling logs and reviewing logs and performance monitors daily. Consider using third party services for monitoring and participate in joint reporting organizations to compare problems. Step 4 is response to an attack. Isolate the affected system, analyze the mechanism of the attack, and take corrective action. Try to trace the source of the attack and preserve the chain of evidence. Resist the urge to retaliate in kind such as directing a "denial of service" attack against the party you believe is guilty. Not only are you likely to be caught doing an illegal action, but it is quite likely that the party you have traced is not the real source of the attack. Step 5 is to establish and maintain a climate of vigilance. Establish the required criteria in terms of your business needs for data integrity and the costs you are willing to incur.

It is important to be aware of the risk. 30% of 227 IT security professionals said their companies do not have adequate security plans. 40% said their security plans were not reviewed regularly by senior management. 60% said they were at risk of major system attack in the next 12 months. After reviewing the results of the survey, another security expert said he would rather have the 30% who admitted their companies don't have adequate security plans working for him than the 70% who believed they were already well prepared.

Windows XP Service Pack 1 came out with 308 bug fixes. One problem was the inability to configure an uninterrupted power supply (UPS). The UPS system does not start and you may receive an access violation. Peter commented that Windows XP is very dangerous. In the other corner, is MAC OS X which is finally a real operating system for the MacIntosh that provides memory protection and threads along with excellent plug-and-play integration. It has improved software support and support for printers.

Peter remarked that USB 2.0 is "faster" than Firewire, but when you factor in overhead the advantage is offset for high bandwidth devices such as hard disks. Firewire can provide as much as 70% more throughput. But why choose? Combination cards are available at relatively low cost.

In the chip race, we have Intel vs. Intel vs. AMD. Intel's first Itanium release was implemented by Dell in a server, but they withdrew it because of lack of enthusiasm by users. Intel released the second iteration of Itanium in August and is promising to release the third iteration (Madison) in mid-2003. In the mean time the Pentium 4 has been speeded up and has demonstrated excellent thermal design properties. In the meantime AMD's Athlon has a price/performance lead. They have a new chip called "Hammer" that provides a 32 bit core and 64 bit x86 sixty-four bit upward mobility, not just compatibility. Intel is reportedly worried and is reported to have a special project team whose goal is "to save the company".

Peter Coffee discussed web services where everything becomes a set of protocols. Complexity is lowered but communication requirements may explode. As for wireless, local connections are useful and practical, but broader based implementations are much harder. There is a conflict between companies that want to unite on wireless standards and keep other companies out, and broader based standards groups that want to provide a level playing field.

Peter finished by discussing what is ahead. Computing will become more and more pervasive with a cpu in everything that moves electrons. There will be web connectivity everywhere and locator devices such as GPS will be common. The devices will exhibit context awareness with less human attention. Sensors on your car might determine when repairs are required, check your calendar for availability, and schedule an appointment with a mechanic to accomplish the required repairs. All of these devices will require code and a corresponding improvement in programmer productivity. There will be less predictability of the execution environments and more integration and testing will be required.

He said that yes, there will be tablet PCs, but handwriting input is over-rated. They will feature wireless connections and will be media oriented to make displays.

This was another of the superb presentations by Peter Coffee that he has provided to us year after year. Once again, this write-up is nowhere near like "being there" and getting his witty and highly informative take on the computing world of today and where he expects it to be tomorrow.

This was first meeting of the LA Chapter year and was attended by about 50 persons.
Mike Walsh, LA ACM Secretary