Title: Thinking Aloud

Looking over my notes for this column I find a wide selection of possible topics. I guess I will just try and include them all - at least that way it will be easy for Francis to edit if he runs out of space.

But first an unashamed plug...

Towards the end of last year I wrote a piece for my web site about computers, education and computer games. Normally I send Francis a copy of such material to see if it is suitable for inclusion in C Vu. This time I didn't, because I thought it was too far off C Vu subject matter. However, I have since been told that I was wrong and that there are readers who are interested in this sort of discussion. So if you would like to read a game designer's take on educational games and software you will find it at http://www.ibgames.net/alan/education.html.

The Internet denial of service attacks over the last few months have yet again raised the profile of security and allowed security firms to come to the fore. The problem is that all this high profile publicity - demands for the perps to by dealt with by Judge Dredd and such like - is obscuring the real problems.

What is being missed is that most computer crime/fraud etc is carried out by insiders. Much of the rest is carried out not by technically clever hackers, but by those who obtain passwords because of the carelessness of the password owner.

Compared to the scale of these problems, the recent Distributed Denial of Service attacks are just the equivalent of nuisance raids. I say that not to belittle their effects, but merely to point out the severity of the other problems.

The fascinating thing about such problems is that they are frequently crimes of opportunity, rather than hardened criminals burrowing into a company with intent to steal. If you leave your wallet lying around in a public place, it will be stolen, because you have made an opportunity for it to be stolen. Similarly, the failure to take advantage of the security provided by your computer(s) and by the issuing of crazy passwords provides for computer crimes of opportunity.

Most of these password-based problems are self-inflicted.

I know of several companies that issue everyone the same password. This means you can access someone's computer 'if they are ill'. Oh yeah. Even more pernicious to my mind is the issuing of 'random' style passwords - you know the ones that look like 'cxoiam193od'. The problem with this sort of password is that no one except a memory prodigy can remember them. So, of course, people write them down. Not only do they write them down, but because they need them every day the note of the password is easily accessible. Frequently they write them down on Post-It notes and stick them on the front of their monitor.

The other week I was asked by my bank to give them a 'memorable' ten-digit number. Sometimes I wonder who makes up these rules. We need a little common sense applied to the business of security, not the mindless application of computerese.

Lenton's rule of Computer Security: If you make security difficult and obscure then people will break it in order to get the job done. Corollary: If your security gets in the way of day to day work you will soon have no security worth talking about.

Lately the discussion in the USA has been about the so-called 'digital divide' - those who have Internet access as opposed to those who do not. (It is interesting to note that there is no discussion about whether such access is desirable or not.) Since we are in the middle of a US presidential election campaign such issues make good soundbites, and it is true that Internet access in the US is currently a split along income and race lines.

I have little doubt that, in the end, some type of Internet access will become as ubiquitous in America and Western Europe as the television now is. My feeling, though, is that the discussion is missing the issue, and that there are two much more important digital divides.

The first is that between the industrialised world and the so-called third world. How can you have an Internet where there are no phones? Perhaps no electricity? Definitely no computers. The Internet needs a substantial, and expensive, infrastructure to support it.

In any case, who is going to be worried about getting on-line when they are starving to death, or have no roof over their head? The Internet is a luxury for people in much of the world. Without the basic problems of daily survival being solved first, browsing is a meaningless concept.

But even within the industrialised countries there is growing up a much more subtle digital divide which will eventually change the whole nature of the Internet. It is a divide defined by what means you use to access the Internet.

Just arriving on the market are a new generation of what are called 'Internet Access Devices', probably the best known of which is the set top box which allows you to browse the Internet on your television. ('Do not download porn in front of mommy, darling, it's not nice.')

Much (not a lot of it favourable) has been said about these devices, but one key issue has been missed by the commentators. General-purpose computers can load programs like Front Page, Hot Metal and Cold Fusion and be used to create web sites. Access Devices can only browse the web. It is this that will create a much more profound digital divide - one between those who can create and publish web content, and those who can only look at the content published by others.

Hmm... Only two issues dealt with and I am already running out of space, so I guess I will have to call it a day at this stage. I was going to talk about Borland C++ Builder 5, which I installed a month or so ago, but perhaps it is better to leave that till the next issue, when I will have got over the irritation of the minor changes to the way I work and will be able to concentrate on the bigger issues.

Have fun with your programming.