A friend pointed me to Raymond Chen's blog, which offers insights into Microsoft's software and business design process. (Apparently, Chen is a point person within Microsoft who deals with issues such as compatibility and legacy software.)

Recently, a customer asked Chen,

Does the Windows XP Add/Remove Programs control panel expose a scriptable object model? We want out program to open the Add/Remove Programs control panel and uninstall the programs of our competitors.

Interesting sentiments. The blog entry has garnered more than 49 comments so far, including, early on, this one, which is my favorite:

"Maybe they can uninstall their own program while they're at it."

Unfortunately, most of the answers provide rather technical information about how to do what the customer asked.

According to an article by David Leppard, Scotland Yard has uncovered evidence that Al Qaeda operatives were going to blow up Telehouse Europe, a large colocation facility in Britain that is the country's largest Internet hub. Suspects who were recently arrested had conducted reconnaissance against Telehouse and had planned to infiltrate the organization and blow it up from inside.

I've toured colocation and peering facilities in the past; I even had a tour of MAE West in 1996, back when it was still a major Internet exchange point. At the time I wrote that "security at MAE West is good, but not great ... Some luddite terrorist using my name could easily have called MFS, arranged the tour, and then blown up the gigaswitch with a pipe bomb."

In Leppard's article, representatives for Telehouse reassure that "strategically important organisations" such as Telehouse are well defended against terrorists. We're also told that the organization went to higher states of alarm when it was alerted.

But let's be honest here: Telehouse may have the greatest security in the world, but it's just insanity for the United Kingdom to have a single Internet hotel where all the bits flow in and out. A big truck bomb could drop the building. A dirty bomb or biological hazard could simply render the building uninhabitable. Sometimes even accidents can turn a building into a wasteland. Late last year, for example, a building in Cambridge, MA, a block from the Technology Review offices had to be evacuated when a transformer in the basement blew up. It wasn't terrorism, just an electrical accident. The building was closed and all the companies in it had to find new places to go. A lot of computer equipment was left behind--some of it running and still accessible by the network, but other equipment was turned off and irretrievable. I'm told that the building would have had to have been condemned as an environmental hazard if the transformer had contained PCBs. Fortunately, it didn't.

It's certainly nice and economical for England to put most of its external Internet connectivity in a single location. But it's in the country's long-term interests to have multiple peering points--each with a diversity of organizations. This protects against both terrorist threats and insider attacks from one of the companies.

Redundancy is a good idea, but it's expensive. One of the roles of government should be to enforce safety and reliability standards. We've all learned that the free market does a really bad job when it comes to planning for high-outcome, low-probability events.

According to a recent poll by Truste, 82 percent of Americans "support the use of
biometric identification on passports," 75 percent support adding biometrics to driver's licenses, and 73 percent support adding it to social-security cards.

The survey polled 1,025 American consumers between September 25 and September 29, 2006. The margin of error is plus or minus 3 percent.

The survey has some contradictions. For example, 68 percent of the respondents believe that biometrics added to identity documents will make it harder for thieves to engage in identity theft, but 67 percent think that "criminals will find a way around the technology."

Say what?

The real problem with adding biometrics to identity documents isn't that crooks will find a way around the technology, but that crooks will get identity documents that have your name but their biometrics. If you think identity theft is bad now, just imagine how bad it will be when the crook's fake identity is verified through the
use of fingerprints or iris scans:

"Yes, your honor, we know that Mary Johnson was there, because she presented her identity card and had her iris scanned. That's what the computer says, and the biometric backed it up."

"Is the woman in the defendant's chair the same woman who presented the ID card?"

"I don't know, your honor. I didn't look at her face. The computer did."