Bought some new CD's today.  One of these days I really will get around to doing real reviews.  Really!

• I.A.O. - John Zorn
• Zorn...you love him or hate him.  I love him, and this album is no exception.
• Explorations: the Columbia Recordings - Lonnie Liston Smith
• An interesting compilation of 4 albums.  Not sure if I like it or not.  Some of you who are familiar with the following 2 cd's might have some idea of why I bought this CD (hint, it wasn't on purpose)
• The Worm - Jimmy McGriff
• I'm a sucker for good jazz organ, r&b or blues.  As such, I'm a sucker for Jimmy McGriff.  Haven't listened yet, but I've heard good things.
• Jimmy Smith's Finest Hour - Jimmy Smith
• As with Jimmy McGriff, I'm a sucker for Jimmy Smith.  I own just about every one of his original albums, so when I saw this compliation in the store, I had to pick it up.  In a 'small world' moment, I discovered on opening it up that it was compiled by Michael Ullman: my Dad's college roomate, a former professor of mine, and a Salon music reviewer from day's gone by.

What's galling here is not the pace so much as the denial. As our readers know, a purloined private key and a bit of ARP spoofing will permit any junior hacker to grab a third party's SSL session. Yet MS refuses to warn its customers, but instead lulls them into a false sense of security.

I really don't understand how this has slipped under the mainstream media's radar.  SSL has been completely comprimised for anyone using IE on Windows, and Microsoft is trying to get off by saying man-in-the-middle attacks are too hard to actually perform.  Well...they're wrong.  On a cable modem network, for example, its extremely simple.  

The reason for their stalling and for not providing an immediate patch is that the problem is in the OS, and not the browser, which presumably means either it takes a lot more work to fix it, or it takes a lot more work to find it.   Oh well, SSL always provided a false sense of security anyhow.

 Ahhh, Trustworthy Computing

On Monday, Network Associates sold its Pretty Good Privacy (PGP) encryption products to PGP Corp., a newly formed company.

There's hope for PGP yet.  Despite the best efforts of the Gnu Privacy Guard folks and their friends in the OpenPGP Alliance, the NAI products were the only real viable solution for windows desktop use.  Since NAI effectively abandoned them in the last few years, there's been serious concern over the future of PGP, and who would pick up the torch.   Enter PGP Corp, a collection of former Pretty Good Privacy, Inc and NAI executives and engineers.  Their Technical Advisory Board is star-studded and their CTO is one of the authors of the OpenPGP RFC. 

"At this writing, the American military response to 11 September has been confined to the war in Afghanistan. It may be too early to look at "lessons learned", but it is not too early for an assessment of whether or not we have been successful fighting Fourth Generation Warfare (4GW) as operations unfold in Afghanistan against the Taliban or Al Qaeda. Further, it is not too early to adjust our tactics, techniques, and even the â01CAmerican Way of Warâ01D to combat an illusive, determined, and deadly enemy that operates outside the framework of the nation-state."

An interesting writeup on Fourth Generation Warfare and how our Second Generation war infrastructure is adapting.  The conclusion is that while Special Operations seems to have the right idea, the leadership, and the defense infrastructure as a whole is not ready for this type of war.  In addition, it briefly touches on the need to convince the enemy of the immorality of terrorism, and to right some of the perceived wrongs the enemy holds against us.  The article is a few months old, but I thought it presented some interesting points, particulary when measuring the current Isreali/Palestinian conflict.  The current mess in the Holy Land would seem to demonstrate the inevitable folly of trying to fight a Fourth Generation opponent with Second Generation tools and tactics.