In other news, the air force is fed up with "drag", and will "re-write laws of aerodynamics". I wish them the best of luck with both efforts.

doing nothing less than the "rewrit[ing]" the "laws of cyberspace."

It's always scary when you see an article that includes the US military and the words "rewrite" anything.

And what about this:
"A research program, launched in May, shoots for "gain access" to "any and all" computers."

Sounds like the movie Eagle Eye is coming true!

This BB piece from August seems timely:

Air Force suspends controversial "Cyber Command"

Suuuuuuure they did.

This bit about some problems at the USAF academy a few years back may or may not have anything to do with anything, but it might just be interesting, too.

Sounds like the movie Eagle Eye is coming true!

I mean, this also isn't anything that Jonathan Zittrain or Richard Clarke hasn't already been saying for some time.

Not to mention echoes of John Brunner's The Shockwave Rider. The Chinese, the Russians, and to some extent the Germans, are way ahead in this vis-a-vis the distributed programming of botnets and information warfare.

In addition to Larry Lessig's warning about the iPATRIOT Act.

An upcoming Air Force doctrine calls for the service to have the "freedom to attack" online.

If you have the freedom to attack, others do too.

Our mission is to control cyberspace both for attacks and defense

That's always their response (CONTROL!!) and they keep getting the same results. One of these days they'll try a different response. Who knows? They might actually get different results.

"Can we create a cyberspace with different rules?" asks Paul Ratazzi, a technical advisor at the AFRL's Information Directorate. "Let's challenge those fundamental assumptions on how these things work, and see if there's a better way."

Yes, lets think outside the box shall we?

For instance, it's extraordinarily difficult to find the hacker behind a cyberattack today. Network traffic can be run through dozens of different proxies and anonymizers; "botnets" of enslaved computers can be controlled from the other side of the world; millions of PCs spew out malicious data without their owners ever catching on. AFRL would like to see a way to change existing network protocols, to make it easier to trace and locate the source of an online threat.

No, you're doing it wrong, that's still inside the box. Think really really outside... why are there botnets? Why are PC's turned into zombies? Well, people want what pirates have to offer. They download pirated content and then become infected. Anti-virus techniques only catch a small number of the viruses out there. If you've downloaded pirated content, you're infected, even if Norton says you're clean.

So perhaps a different response would be to address the conditions that give rise to botnets in the first place. So how about:

Sane copyright laws that don't criminalize people using media how they want to.

Speaking of copyrights, you should only be able to own content for a limited period. Not forever and ever as the corps would like. Corporations are not persons and should not be treated as such.

Ending DRM, it only drives people to pirates.

Convince corporations to abandon their nutcase, sociopathic control freak policies and understand how the internet really functions.

Finally, since "millions of PCs spew out malicious data without their owners ever catching on" how about working with people instead of just reflexively reaching for the CONTROL! CONTROL! button? But that would mean helping people instead of fighting or criminalizing them and that would in turn mean changing the culture in the military, or at least a subset of it. Heck, that might even spill over to addressing the causes of political instability instead of bombing cities, sending in death squads and assassinating their leaders. Before you know it, peace might break out all over the place.

And we can't have that can we?

rejoice! Money to be made!

SkyNet... or VIKI... or SHODAN... or GLaDOS...

No, you're doing it wrong, that's still inside the box. Think really really outside... why are there botnets? Why are PC's turned into zombies? Well, people want what pirates have to offer. They download pirated content and then become infected. Anti-virus techniques only catch a small number of the viruses out there. If you've downloaded pirated content, you're infected, even if Norton says you're clean.

But it does have alot to do with the path-dependent design of Microsoft Windows.

It also has alot to do with stateful imperative programming, instead of distributed asynchronous message-passing concurrency (like TCP/IP protocol stack itself).

It also has alot to do with the lack of capability-based security. c.f. principle of least privilege

There is so much to be said for this topic, but the poster NOEN sufficiently addressed my feelings on this matter. Great job.

I wonder whether the Air Force's plan involves surreptitiously inserting back doors into commercially-available CPUs allowing them to be pwned remotely.

Um, it has nothing to do with "downloading pirated content". That's agitprop spread by the MAFIAA.

Ok, I guess I bought into the propaganda if what you say is true. I just always thought that the way PC's get turned into zombies was through the user downloading a virus or trojan. Or perhaps through a poorly setup firewall.

I'm not an expert but I help out some of the people I know from time to time. Their PC's are a nightmare of malware, porn, trojans, porn, Kazza, porn and then more porn. They've never heard of Firefox and have Yahoo messenger running on Explorer 5. gah!

I wonder whether the Air Force's plan involves surreptitiously inserting back doors into commercially-available CPUs allowing them to be pwned remotely.

Yeah, that won't backfire now will it?

they'll make sure they can pwn everyone - and then they'll lose the memorystick with the keys on it. then we can all pwn each other. yeah.

Their PC's are a nightmare of malware, porn, trojans, porn, Kazza, porn and then more porn. They've never heard of Firefox and have Yahoo messenger running on Explorer 5. gah!

I wonder if Al Qaeda has a porn problem? Seriously.

Their PC's are a nightmare of malware, porn, trojans, porn, Kazza, porn and then more porn. They've never heard of Firefox and have Yahoo messenger running on Explorer 5. gah!

Exactly. That's hardly the setup of your average "pirate." The zombie PCs are the ones owned by the luddites who think their computer runs Internet Explorer for an OS and that "the TV part" is the actual computer. The ones who are smart enough to "pirate" well (I still have issues with the term) are also smart enough to run a decently secure system.

Also, this is completely off topic but I've noticed it a lot in this discussion (and everywhere bleeding else): you DO NOT add an apostrophe when pluralizing abbreviations. PCs, CDs, DJs... these are neither possessive nor are they contractions. Gah! Sorry, just had to get that off my chest.

Iamcantaloupe @ 15: actually, I DO add an apostrophe to abbreviations. So do lots of other people. It is a legitimate typographical convenience, about which grammar books differ. Many agree that "funny looking" abbreviations can be pluralized with an 's. For example, "SOSs" is inferior to "SOS's". There is also the issue of referring to a letter: "How many as are in this sentence?" Isn't it clearer to write: "How many a's are in this sentence?"

The purpose of grammar and typographical rules is clarity, and when your adherence to rules reduces clarity, the rules are mistaken and need to change.

Furthermore, regularity is better than irregularity, so given that apostrophes greatly enhance the readability of some abbreviations, and there is nothing but an arbitrary rule to count against them, the preferable solution is to apostrophise all abbreviations.

Now (desperately veering back to something remotely related to the topic) if only it were so easy to revise the rules of cyberspace...

geeks ;)

Grammar be whate'r 'th Dept. O' D'fence says it is.

"I wonder if Al Qaeda has a porn problem? Seriously."

I believe they have a zero tolerance for pornography of any kind. It must be why they're so angry all the time.

AGF

Sounds like the Clipper Chip

The government was to hold the encrytion key in escrow. Coz we trust them.

I'm sure this is just a small hurdle for them to get over before they're simply allowed to access any computer connected on the internet 'for the safety of Americans.' We just got rid of the Ted Stevens threat to the internet, and now we have a military take-over attempt.

How soon we forget that some of the 9/11 hijackers went to a strip club the night before.

Antinous, they were just window shopping before winning their virgins.

Tom @16 I've been Googling around the internets and can't find any source to say that in the instances which I described it is proper to use an apostrophe. However, in the examples you cited it is. From what I can find, an apostrophe is only appropriate when either there is punctuation involved (Ph.D.'s), the subject is a single letter or digit (A's, 6's), or it can cause confusion of the subject (SOS's). In all other instances it is inappropriate as this denoted possession. And just because it is in common usage is no reason to accept it as proper, as per the confusions between your/you're and its/it's, or using unspaced hyphens in place of mdashes. I've even seen people using apostrophes before the s in any plural, abbreviated or not. Gah!

Back on topic: This talk of internet "laws" seems a bit absurd. Reading through the article, they only seem to be beefing up security - there's no bending of the internet "physics" as it were. This seems like another "series of tubes" explanation. The three bullet points (making hostile traffic inoperable on Air Force networks, locating and identifying once-anonymous hackers, enabling Air Force servers to evade or dodge electronic attacks, somehow) hardly seem to be objectives which should be outside the scope of how modern network security is run.

But it does have alot to do with the path-dependent design of Microsoft Windows.

No, it has a lot to do with the market penetration of Windows: Targeting Windows has a high yield.

Malware can be made to run on any OS, and you don't even need to find a security vulnerability if you can convince the user the malware should be allowed run.

You can do a lot as an user without taking over the system. Identity theft is trivial. Principle of least-privilege has little protection if the user is allowing the software to do it's dirty work. For example: If the user can browse Boing Boing, and I can convince the user to let my code run, I can spam Boing Boing as that user. I don't need to fully take over their computer (but they might let me do that as well... see below!)

Now, if I can find a way to exert some authority over what the user can allow the computer to do, I can stop a lot of malware users might have foolishly allowed. That's the premise antivirus programs operate on, and they have limited success against an unknown virus. It's already been pointed out that trying to enforce a degree of control of numerous, diverse, independant assets such as PCs is not going to work all the time. Also, people don't like software that second guesses or restricts them: They paid for it, and they don't want to be told what they shouldn't do with it.

For example: Vista stops and asks the user when a program could possibly do something nasty, and it's widely considered annoying because people got used to Windows just allowing stuff to run!

FWIW, most other systems do the exact same thing or actually require you to type your password, which is actually a bad idea. A program can fake an "Are you really sure?" prompt but you'll get a real one if it actually tries something privileged. If it fakes the password prompt and you don't notice, it has your password!

Arkizzle - I hadn't read that before. thnks.