We’re here…

For a lot of reasons we got distracted from the blog thing for a bit. Posts will still be sparse for a while but we’re working on a massive overhaul of the site, both in terms of “look and feel” as well as content.

We’re excited about the new approach but finding time to implement will be challenging…

See you soon!

Either my interest level in the web as a source of interesting recreational reading and interactivity has dropped dramatically, or the web has become a somewhat more boring place. (Sorry for the lack of posts over the past 3 weeks.)

Gaming still provides some news worth posting about, though (if not very much). First the downloads:

•Act of War Multiplayer Demo (RTS)
•Vampire: The Masquerade - Bloodlines v1.4 patch (listed as “unofficial” since Troika doesn’t really exist anymore)

Gaming news that’s worth reprinting:
•Ghost Recon 3 will be released for PC before the end of the year
•X-Men: Legends 2 will be released for PC in addition to game consoles, making for a much better co-op environment (in my opinion, anyway)
•A little company in Redmond unveiled their plans for an obscure piece of gaming hardware called the Xbox 360. You can check out the official site, and Boomtown’s Q&A with MS’ “Chief Xbox Officer”, Robbie Bach, is a good read for understanding where MS wants to take the whole Xbox thing.

Regarding the Xbox 360 - it’s got some great features and the minor improvements to Xbox Live are nice, but the extent to which it will be backwards compatible will determine whether or not I’m an early adopter or a wait-and-see pessimist.

The official Batman Begins trailer.

Between the unseasonably pleasant weather here in the Chicago suburbs (70-ish° F) and, of course, World of Warcraft, my desire to try out new games is at a pretty low point. However, I’ll provide links to a couple of demos which popped up while we were gone in case you all might enjoy them… and hey, I suppose I might change my mind at some point.

• Empire Earth 2 single/multiplayer demo for RTS fans
• Dungeon Lords single/multiplayer demo for multiplayer RPG fun from the creator of the Wizardry series

Well, Desiree and I are back from a well-deserved break… our first “real” vacation since our honeymoon. Almost all of our travel between then and our recent trip has been either for work or to visit relatives. As much as we love our families, travelling to see them is not really the same as leaving the country to go to tropical destinations. For the same reasons that ColdForged mentions, we weren’t inclined to announce our trip ahead of time, so I offer my apologies to our (semi-)regular readers.

Our vacation was a cruise, just like our honeymoon. I don’t think we’ll be doing it again. Don’t get me wrong - Desiree and I had a really great time and it was fairly relaxing. The time in the sun, the ocean, the pools, the hot tubs - all great stuff. But when it comes right down to it, Desiree and I have a very similar attitude toward people; let’s call it “hopeful misanthropy”. What I mean by this is that we strongly dislike other people in general, but we’ll give individual people the benefit of the doubt until they give us a reason to hate them, too.

Being in a confined space with so many passengers who were behaving so badly - both to the crew and each other - did not do a lot to enhance our dim view of humanity. The good times (which were thankfully the rule, not the exception) were punctuated by all sorts of infuriating behavior from people. We were on a European cruise line for which English is not the primary language and the dining and service customs are distinctly continental, so many of these cringe-worthy moments came from fellow Americans (the vast majority of the passengers). Our countrymen acted with such ignorance and were posessed with such an overwhelming sense of entitlement that Desiree and I exchanged the phrase “…and that is why the rest of the world thinks we’re obnoxious” several times a day. Add to that the sheer irritation of lines, crowds, and herd mentality in general, and pretty soon you’ve got Sartre’s “No Exit” on a boat. Don’t even get me started on the perplexingly high proportion of adult males hitting on girls that are clearly of middle-to-high school age; it’s creepy enough all by itself, but when it causes your SCUBA dive master to leave uncertified divers in the ocean - and by divers, I of course mean me - because they’re too busy trying to hook up with sixteen-year-olds, then it’s even more thoroughly unacceptable. Well, it could have been worse - there was a diver in our group who, due to lack of supervision and no fault of his own, drifted into the boating lane and nearly got his head taken off… just a few minutes before he ran out of air due to a leak in his gear. (He made it back ok, no thanks to the dive masters.)

So, in a nutshell - overall vacation: very good, close proximity to vast numbers of stupid people: very bad. I think next time we’ll go for the sun and surf minus the people… maybe rent a big beach house somewhere with some friends.

The Japanese retail bank Sumitomo Mitsui has disclosed that it has succesfully thwarted an attempt to steal US$424m through an unidentified “hacking” method that somehow involved the use of keystroke loggers on computers at its European sites. (No specific information has been disclosed due to the ongoing investigation.)

There are some fascinating implications to this news story. The concept of the “for profit” hacker (which has long been a reality, albeit much less glamorously than Hollywood and speculative fiction would have you believe) getting maintstream press is actually quite novel. If keystroke loggers were indeed used, then it’s somewhat inconceivable that they could have been of the software variety. This presents us with the upside-down reality that it was easier to install rogue hardware on the bank’s premise than to penetrate their network remotely. Even 5 years ago, to think that a bank’s physical security was a “softer” target than its information security would have been absurd - but in an age of contractors, outsourcing, and wide-reaching partnerships, faces come and go. In such an environment, it’s completely plausible that “social engineering” - the hacker’s euphemism for con-artistry augmented by technology - almost walked away with hundreds of millions of dollars.

What’s really interesting to me, though, is Sumitomo’s choice to disclose the attempted crime. Sure, there were no financial losses whatsoever - the attempted theft was a complete failure - but why talk about a vulnerability even if it wasn’t exploited?

Some “experts” have suggested that the bank’s choice to go public is an attempt to draw out other conspirators, but that seems non-sensical to me. I am not a criminal, but I do know something of investigative technique and I would think that every news channel in the free world broadcasting news of my partner-in-crime’s arrest (yet no details about me personally) would probably drive me further underground, not out in to the light of day.

I would also disagree that the move is intended to intimidate the thieves at large from trying to collect their shares. Risk management in the financial sector - especially for retail banks, where individual consumers are likely to be more emotional than logical about the safety and privacy of their life savings - is generally not discussed in public, for fear of spooking the consumers. The dirty little secret here is that huge - staggeringly huge - sums of money are planned to be lost each year. From offering customers credit card fraud indemnity to the good old-fashioned knockoff of armored cars in eastern Europe by criminal organizations, money loss is an expectation, not a fear. Some money is protected (when the cost to secure that money compares favorably to the chance the money will be lost or when such protection is required to obtain reasonable insurance) and some is written off as a cost of doing business. That doesn’t mean anyone wants to lose money, of course - the more of the “planned loss” that’s safely in the coffers at the end of the fiscal period, the better the bottom line looks.

In other words, losing this kind of money for a bank of Sumitomo’s size would be vigorously pursued, but ultimately it’d be a matter of course - and who wants to have consumers associate their banking brand with “the guys who almost got hacked”? US$424m in extortion money seems like a small price to pay to avoid that stigma.

Sumitomo’s duty is to provide value to its stakeholders, so I also doubt their disclosure was out of some sense of social responsibility. In fact, better security/risk management can be a competitive advantage in the industry if you’re significantly better at keeping your money safe than your peers. Of course the security community is ecstatic that the disclosure was made, for reasons ranging from altruistic (i.e. people/institutions need to know that these kinds of threats exist and are almost omnipresent) to devious (i.e. childish glee from the paranoia and infamy). Either way, anyone peddling information security products or services stands to benefit.

So, after a great deal of pondering, I can’t figure out why this made it to the news… there must be more to the story than is being discussed publicly. An interesting item to watch, then…

Come on, cryptoarchaeology is fun! The tomb of St. Paul has been unearthed (possibly), and it’s right where everyone thought it would be. Australian researchers, however, found a hidden tomb by accident, discovering the best 26th Dynasty find to date off of the main chamber of another well-known tomb that they were investigating. (Which reminds me of a slew of Starbucks jokes, like The Onion article “New Starbucks opens in restroom of existing Starbucks” and the bit in Shrek 2 where a mob flees from one coffee store to another coffee store of the same name across the street, but I digress…)

Not all secret tombs are found by accident, however, so it’s good to know that someone had the good sense to try to use inexplicable cosmic rays to find hidden Mayan burial chambers.

Freedom Force was a great tactical superhero game - the reasons it didn’t get a lot more playing time on my computer were a couple of flaws that I felt were unforgivable; despite a FANTASTIC system for creating your own custom superheroes, you could not use those custom heroes as the main characters throughout the single-player campaign. As much as I loved the kitchy Golden Age plot, I just didn’t have fun with the game’s pre-fab heroes. The other thing that killed replayability for me was that multiplayer was very weak, consisting of a single, basic head-to-head mode.

I don’t know about using custom heroes as main characters in the single-player campaign yet, but multiplayer is reportedly an area of focus for the Freedom Force sequel, Freedom Force vs. The Third Reich - including a co-op mode which should be enormous fun.

Want to get an advance look at the game? Download the demo of Freedom Force vs. The Third Reich.

(No, seriously, go download it.)

Something about the ability to order pizza from within a massively multiplayer online role-playing game is just… wrong. However, that didn’t stop Sony’s marketing minds from hammering out a deal with Pizza Hut; when you’re playing a little EverQuest 2 and feeling hungry - for god’s sake, don’t stop playing, just type “/pizza” and order up a pie without logging off! (The picture alone is worth following the link.)

Maybe I’d feel better about it if it was actually good pizza…

What should have been the biggest tech story of yesterday - that a Chinese research team has “broken” the SHA-1 encryption scheme repeatedly and in far fewer attempts than brute force would require - was overshadowed by an announcement of another kind: that Microsoft will release Internet Explorer 7 for WinXP before the next version of Windows ships.

The IE7 announcement link above leads to the official Internet Explorer weblog, on which comments are enabled. As you might expect, the comments for the IE7 announcement are both numerous and, in most cases, inane.

Since no new specific features/capabilities have been announced other than a desire to make web browsing more secure, you’ll find the comment thread littered with begging, pleading, and cajoling to get IE to finally support the things that all other browsers support - the full CSS standard. Alpha PNG support. Support for the application/xhtml+xml MIME type. You know, the usual suspects.

There’s also a great deal of Firefox/Apache/Apple/Open Source vs. Microsoft bickering. There’s plenty of stupidity on both sides of the fence and I’ve been around the block enough to know not to get sucked in by trolls. However, one argument is made by the pro-MS camp with such sincerity that I believe it to be the genuine thinking of Redmond’s loyalists. Unfortunately, it’s so utterly backward, it’s motivated me to write this inordinately long post.

The thinking, to the best of my understanding, goes like this - “standards are for the weak - Microsoft is out front innovating and pioneering the web experience with IE and .Net and if a few standards get mangled or ignored along the way, so be it. I’d rather see ‘gee whiz’ technology coming from MS than every standard from slow, irrelevant standards bodies catered to.”

The problem with this line of thinking (other than the fact that anyone who thinks .Net is a compelling technology compared to Java is mentally ill) is that it has to be motivated by a very, very narrow worldview - I’m thinking the “technology experts” who hold these beliefs do not have any practical experience with large companies and the way that global commerce takes place on a meaningful level. In a small-to-medium sized company, you’re more than likely focused on doing your thing and doing it well - trying to establish yourself as a player. You’ve got to be very focused, because if you don’t develop your differentiators then you can’t get your foot in the door, and if you don’t build relationships based on high-quality interactions with customers and partners, you can’t stay there. In this mode, buying in to low-cost, proprietary software that can be supported by an abundant, cheap labor supply could not only work, it might even make sense - temporarily.

Once you’re in the game, though, there’s only two ways to increase profits - by growing revenue and by decreasing cost. Growing revenue can mean diversifying your product/service line and selling to your existing customer base, doing more of what you’re already doing, getting more customers, or some combination. Revenue growth isn’t easy, but reducing cost can be even harder - it requires innovation. It means finding ways to do the same thing faster and cheaper while maintaining a level of quality that doesn’t sink your relationships. This could be anything from automating tasks with technology to finding more efficient ways to interact with the people you buy from and sell to.

When you’re using technology to reduce cost and implement newer, better, faster business processes, you don’t want one hand tied behind your back. Maybe there’s an open-source piece of software that would be perfect for a new process you want to implement, or there’s a great piece of communications software that’s only available on a commercial Unix. Gosh, it’d be great if you could use the best tool for the job on a process-by-process basis and have all of those tools interoperate. If you’re using standards-based software, then you could… but no, you locked in to a proprietary system way back when - and now you either have to engineer your business processes around your software’s capability (the tail wagging the dog, to be sure, but you’d be stunned to learn how much time/money Microsoft spends on trying to convince companies to do just this), spend a lot of money creating custom interfaces between your tools, or re-engineer everything to phase out your proprietary systems and bring in open standards. None of those options sound particularly nice when the whole point was to think of newer, less expensive ways to do business.

Standards allow business leaders to use the best, most cost-effective tools available to support their business processes while minimizing the cost of integration. Standards are therefore essential within an enterprise for maximum cost efficiency.

Now let’s go one step further. Let’s say that there’s a very large company who wants to become your new biggest customer, and would like you to log in to their supplier extranet that’s powered by an xhtml+xml application. Oh wait, you’re using IE… never mind. Let me re-iterate: Buyers. Sellers. Relationships. There’s a whole commerce ecosystem out there, and the realities of 21st century business require you to acknowledge it. If you run your business in a vacuum, then it will begin to take on vacuum-like qualities - specifically, it will suck.

There are a whole web of partnerships and complex business arrangements among companies today, even more subtle than the Japanese keiretsu (think of it as a corporate street gang - imagine if General Electric, General Motors, IBM, Disney, and Coca-Cola got together and agreed not to compete with each other, cut each other sweetheart deals, and actively undermine each other’s competition - and you’ll get the idea). As loathe as I am to use stupid buzzwords, today’s climate is more like “co-opetition”, where two companies may be close partners (or have a supplier/client relationship) in some areas yet be fierce competitors in others. These seemingly non-sensical relationships are all a part of the constant refinement which fuels global economic growth - the never-ending quest for lower cost and higher benefit. With all of these companies going through the IT and business process optimization mentioned above, global business is itself a system of heterogeneous systems that need to communicate with each other. Throw in governments (which outside the US are increasingly distrustful of proprietary systems) and industries like retail where direct customer interactions are important too, and you have a mind boggling set of different technologies all trying to talk to each other, and the number of technologies that could benefit from interoperability is growing exponentially.

As a result, standards are the only sustainable way to facilitate the most cost-effective technology interactions between the greatest number of enterprises/individuals.

So to all you posters on the IE blog saying, “Just make neat stuff! Screw standards!”, be careful what you wish for. The further Microsoft arrogantly pursues a one-size-fits-all “lock-in” strategy (which not only denies the current or future possibility of business processes that aren’t well-supported by MS software but also turns a blind eye to potential business partners/customers that don’t use MS products), the more their customers will find themselves locked out… and then what would your MCSE be good for?