academia |
books |
computing |
dining |
film / tv |
gaming |
humor |
music |
news |
shopping |
travel |
personal |
|
academia |
books |
computing |
dining |
film / tv |
gaming |
|
humor |
music |
news |
shopping |
travel |
personal |
| Bad technology |
|
Bruce Sterling's take on 10 technologies that deserve to die.
Oddly, Bruce only wants three of the ten techs he lists - nuclear weapons, land mines, and lie detectors - to die utterly; the other seven he would merely like to see replaced with better alternatives.
I'm not sure that I agree with all of his notions - eliminating prisons in favor of just simply preventing people from doing anything interesting seems a bit absurd as a punishment for violent criminals - but it's an interesting read nonetheless.
| But does this mean less pop-ups? |
|
You know the ads - infuriating pop-ups or pop-unders for radio-controlled devices like cameras that had vaguely sexual overtones, not-so-subtly implying that you could secretly record yourself or others during "intimate" moments.
Well, the perpetrators of these annoyances, X10, has filed for bankruptcy protection... since they claim to be the world's largest online advertiser, maybe this will help make the Web a slightly nicer place to browse (but I doubt it).
| Detonator == Forceware |
|
The unified GeForce drivers from NVidia formerly known as Detonator are now called Forceware - go get version 52.16 now.
| HL2 source code stolen |
|
Wired has probably the best summary, but you can check out Gamers With Jobs to see the news as it broke, or any of the various Halflife2.net forum threads for bizzare conspiracy theories and just plain ignorance of the software development process and network security.
The scenario that's been confirmed by Valve's own Managing Director, Gabe Newell, is that the some or all of the Half-Life 2 source code was stolen from Valve's computing environment via the Internet, and that this theft was made possible by a total compromise of nearly all of Valve's systems. The likely initial vector of compromise was a Microsoft Outlook exploit, although Valve can't say for sure at this time.
Read more to get my thoughts on the whole mess.
In my opinion, the theft of the intellectual property from Valve exposes them in three main ways:
Especially potent, widespread exploits may hurt the game's residual sales, but (especially since no graphics or sound resources appear to be stolen and therefore the source can't be compiled into a working build of the game) the leak is unlikely to have an effect on initial sales.
Of course, there's the issue of how and why this happened in the first place. Through the course of my career, I've held various jobs that have put me in the position to see this problem occur over and over again - software development companies whose management believes in the myth of the "computer person". Simply put, this is the widely held misconception that all "computer people" are created equal; i.e. programmer == server admin == storage admin == network admin == deskside support == security expert. As a result, management ends up with programmers to maintain server/storage/network infrastructure as a way to limit operating costs.
This myth is sometimes perpetuated by the rare "computer person" who really is a jack of all trades and is good at several, but the real damage is done by programmers who don't know what they don't know and believe they can design and manage infrastructure implementations or they can figure it out on the fly because "it can't be harder than programming".
This problem is compounded by game programmers with legions of adoring fanboys who have rock star-sized egos. I don't know if this was a contributing factor to what must've been horrible host and network security at Valve, but it does seem to be an industry-wide trend - this op-ed piece at gamesindustry.biz states that:
"[M]any online games companies assume that [developing an infrastructure] can be done with a couple of cracker jack programmers and 3 weeks of effort... but it should occupy your attention for more than ten days and cost more than a thousand dollars."
I'll be interested to see how much more is publicly disclosed by Valve about the compromise, and even more interested to see if/to what extent this serves as a wake-up call to other developers, regardless of the type of software they're developing.
| BBC archives going online |
|
Now, when the general director of the BBC, Greg Dyke, says that this is for "everyone", I do hope he means it and isn't defining everyone as just those in the UK. If this does come to pass, then there is so much incredible content here that I can't imagine how we'd realistically be able to consume it all (and that's a good thing).
| "Hackers" made me do it |
|
The New York Times (free registration required) has a very interesting piece about a man in the UK who claims a trojan horse is to blame for introducing over 170 pieces of child pornography onto his home computer. The British legal system has accepted this defense and acquitted him. Was this a disgusting prank, or was he deliberately framed - or is there some other, altogether different explanation?
Will this update of "the devil made me do it" excuse make it harder to prosecute computer-related crimes when this defense inevitably begins to pop up in the U.S.? The experts quoted in the Times article seem conflicted, but we can hope that digital forensics techniques (not to mention the law) will start to provide better tools with which to seek justice for these sorts of offenses.
| The ever-expanding blogosphere |
|
We don't add links very often, but (if you're reading this from our main page) you may notice that ReidWise.Net now sits up in the upper left hand corner as one of our favorite weblogs. Check it out - chances are that if you like what you read here, you'll like what you read there also.
| A weblog that's new (to us) |
|
Every once in a while, we go out looking for new weblogs to read. It happens from time to time.
We recently discovered a weblog that I found at the URL www.writteninsand.org, although the name and the permalinks seem to indicate ReidWise.Net. However you get to it, it seems to be just about the only weblog that posts about video games as much as we do (without actually being devoted to video games). Plusses - loves Neverwinter Nights, hated the Star Wars Galaxies beta. Minuses - none that we're aware of yet. Sounds just like the type of weblog Desiree and I like to read.
Reid, if you're out there, I regret to inform you that I'm not the "big 'splosions" reader. Although Desiree might have been.
| Jobs, Bezos, and Segway |
|
This is more of a general "tech" story than a computing story, and I really don't have any witty or insightful commentary to add - I just liked the article and wanted to post it (even though it's been making the rounds).
It's fascinating for its glimpse of some of the most storied personalities in the tech industry, and the business suggestions (and rationale behind them) made at the meeting described in this article are also worth thinking about. A good read, period.
| Bye Bye Synergy |
|
An awfully entertaining piece of freeware coming out of Deloitte Consulting is authoring in the demise of all that annoying buzz word crap that has flowed out of the IT industry since the 1990s.
| Microsoft sunsets IE for the Mac |
|
First, Microsoft bought itself legal protection by agreeing to provide Internet Explorer for the Macintosh (thereby propping Apple up as a competitor to weaken monopoly charges). Now that they don't have to invent competitors to stay out of anti-trust court (thanks to Linux), Microsoft will not continue to develop Internet Explorer for the Macintosh and instead recommends Safari for MacOS users.
Of course, the decision to stop development is just as helpful to Microsoft from a legal standpoint as the decision to start - their stated rationale for discontinuing Mac IE development is that web browsers are really part of OS software, a position they've argued when accused of leveraging their Windows market share to strengthen IE's position.
But the real clincher for Microsoft, I would suspect, is that continued support for a MacOS IE would require writing what is essentially a Unix-based version of the browser for the strongly BSD-influenced MacOS X. From a technical point of view, this might require the use of GPL'ed or otherwise open source libraries in order to develop browser code that's stable and performs well - and doing so, from a business perspective, would be immensely hypocritical (not to mention it could place IE's intellectual property at risk). Besides, if Microsoft could develop a browser for a BSD-based system, then why not Linux? MS can't risk legitimizing Unix as a desktop OS - although MacOS X's elegance in providing a consumer-class Unix (a goal it accomplishes even better than its spiritual predeccesor, NeXTStep) has already released that genie from its bottle.
| 'Hacker kingpin' arrested |
|
A Ukranian was arrested in Thailand under a US warrant (how's *that* for globalization) for allegedly masterminding a scheme to steal your data - pirating Microsoft and Adobe software, adding in a backdoor to harvest and transmit financial information, and then reselling the trojaned software via a bunch of websites (advertised via spam, no less).
While the backdoor was a clever idea, it probably wasn't a significant technical challenge (MS products are so bloated you could hide a small island nation in there), and the rest was just appealing to good ol' human weakness - specifically that part of people that wants something for nothing. Ironically, that same weakness is what got him caught - a true victim of his own success, if he managed to get on the US Secret Service's 10 most wanted list (as the article linked above claims, although I couldn't find him there).
This is less about 'hacking' (should be 'cracking', I assume) and more about social engineering, which of course plays a large part in any scam, online or offline. Calling someone a 'hacker' and a 'kingpin' sells more ads, I guess.
| Women in Technology |
|
I came across this commentary in the Chicago Tribune regarding the lack of women in technology.
This person maintains that with the prevalence of technology in our lives, we need more women involved in IT in order to balance out the aggressive influence of men. She used several examples of that which she witnessed at E3 (Con Girls, violent games, etc).
I'll agree that the gaming industry is heavily geared towards men...I'd be a fool not to. Games that are created to appeal to women are usually men's games with a Barbie face. But, really, who decides what appeals to women and what doesn't? Hell, I'm a woman and I love to play Unreal Tournament. Does that make me less of a woman? I don't think so.
But anyway, she claims that women may be interested in games but aren't interested in the IT industry. I can only speak for myself, who was interested in games and the IT industry and currently work in computer support. I do find her belief that women who get into IT do so in conjunction with another interest, personally true to form. I was an anthropology major who worked very hard at finding a medium between computers and anthropology, thereby merging my two loves.
So where's the problem? Maybe Computer Science isn't pushed towards females in school. Maybe there are so many stereotypes about being involved in Computer Science, during very formative and clique-ridden years, that being a part of it for a high school female would spell instant ostracism.
I dunno. When I was in high school I was lucky to have occasional access to an Apple IIe so that I could play Carmen Sandiego. College was small and all about liberal arts. No one who wanted a serious career in IT would go there. I didn't even know how to use a computer until I was looking for a job on campus.
But anyway, the reason I got started on this diatribe is because I was absolutely shocked by some of the responses to the above commentary. For example:
-My God, stay out of IT. Women know enough not to get into it.
Submitted by: Jay
12:27 PM CDT, May 22, 2003
-Girls just dont understand technology.
Submitted by: Tony
12:03 PM CDT, May 22, 2003
What a couple of assholes. Are they jealous? Scared for their jobs?
| Detonator 44.03 |
|
There are new WHQL'ed Detonator divers for NVidia graphics card owners, which can be found here.
| Convergence |
|
Convergence - which most people think of as the consolidation of home entertainment (tv, movies, music, games, etc.) and information (computing, Internet, etc.) technologies - is becoming more and more of a reality, regardless of whether or not it's a good idea.
Sony is leading the charge - they are building IM capabilities into the Playstation 2, and they're teaming with IBM and Toshiba on the "cell" processor, which may serve as the basis for the PS3 and seems to have the potential to serve as the basis for a wide array of internetworked consumer electronics. Only Sony has the breadth of hardware (computers, game consoles, home theater components, etc.) to really see this convergence thing through. This positions Sony very well not only for making a single device that acts as the "digital hub" for a household (to use a phrase coined by another major convergence player, Apple) but also the "spokes" to be attached to that hub.
And what about Apple? If you believe Steve Jobs, then their iLife strategy has put them "so far ahead of anybody, it's not funny." Clearly, they've done more tactically than Sony has - iPhoto, iMovie, iDVD, and of course iTunes at the bleeding edge of the portfolio - but Sony has a leg up on Apple in the strategy department. After all, an install base of 50 million PS2s (scroll down to the 15 Jan 03 press release) really sets Sony up for the long haul.
Microsoft won't go out with out a fight, though. Their moves into pervasive computing with WinCE and the palmtop PocketPC are clear (even if the mobile phone portion of the plan is a bit murky), but their acquisition of WebTV, development of the TiVo-esque UltimateTV, and even the Xbox itself shows that Microsoft is definitely interested in having their software appear on consumers' TVs. Adding DVR and other multimedia functionality to the Xbox, as has been widely rumored, is yet another step down this path.
As great as it all sounds, general purpose hardware/OSes/software have historically never fared as well as a system of purpose-built technologies that have a well-understood way to interact with each other. The fact that you're reading this post over the Internet is probably the best example of discrete technologies communicating via standard protocols to achieve the ever-elusive concept of synergy - a whole that's more than the sum of its parts. The true aim of convergence, in my humble opinion, should be to bring open protocols (either new or existing) to consumer electronics - not to try to build a single "set top box" that is all things to all applications.
Smart money is on a redefinition of the home network - TiVo's Home Media Option upgrade has the right idea by adding TCP/IP capabilities to their DVRs via a USB ethernet interface - not the all-in-one approach that has tried and failed so many times. I'll take communication over consolidation any day.
| Neat weblog tool |
|
I'm impressed with Ryo Chijiiwa's BlogMatcher... it's helped us find several new weblogs that we'll be checking out (which is more than I can say for newdoor or any of the other "blogosphere" tools).
Probably the most interesting of the blogs that BlogMatcher referred us to is the one it gave the highest score to: Gravity Lens, which has done a much better job of keeping up with comic book news than we have. (Shame on us.)
| iTunes sales exceed 1 million? |
|
c|net is running a pretty interesting article about iTunes' success and its implications for digital music.
To me, $0.99/song is the right price for purchasing music online. I'm even ok with the digital rights management overhead. My chief complaint is the format - give me MP3 and I'd be all over this.
Alternatively, you can get me to accept a non-MP3 file format only if you can provide platform-independent software and a variety of hardware that can natively understand the new format.
Solving those problems would bring me into the fold for sure - but with all of my digital music in MP3 today, and with a couple of non-computer hardware devices (soon to include my car stereo) reliant on the format, it'd take a lot for me to convert. Some may call it consumer inertia, but I call it protecting the investment of my time and money into collecting and finding uses for the format of my choice.
| Go Apple Go! |
|
Stevie just announced Apple's version of file swapping....for .99 a song.
Not too bad, I suppose...but it is enough to get people to quit using Kazaa? Doubtful.
| Detonator 43.45 |
|
NVidia Detonator drivers for Win2K/XP can be obtained here. Update now for best DirectX 9 performance.
| Interesting platform shifts |
|
It's a great time to be a Unix.
He may not tell the story as colorfully as Ellen Feiss, but Steve Jobs himself is also a switcher - from Solaris to Linux (at least at Pixar).
Meanwhile, over at Steve's day job at Apple, they've gotten a nice lift from Microsoft, who has committed to providing a fully Exchange-compatible e-mail client for OSX. Soon you too can check free/busy time from your Mac! While this is all well and good for Apple, does Microsoft writing what's essentially an application for Unix (especially a very BSD-ish, Linux-y Unix) have implications for "the road ahead"?
| Patron Saint of the Internet |
|
Looks like some Bishops are lobbying for a Patron Saint of the Internet to be appointed by Easter. Interesting.
| For MS, security isn't exactly job #1 |
|
As much as I hate to refer to New York Times articles, this one (free registration required) about the recent Slammer worm is really too precious to pass up.
While many other articles have described the effects of the Slammer worm, this one focuses on its impact at Microsoft itself. Just a year and a day after Gates announced Microsoft's "Trustworthy Computing Initiative" (and subsequently shut down software development for 10 weeks of security training), Microsoft gets hit as hard (or harder) than anyone due to its huge amount of unpatched SQL servers.
When a server goes unpatched, it's not always about sysadmin neglect or ignorance or laziness. More often than not, patches aren't applied immediately because of the need to ensure that software will still run correctly after the patch is applied - and this can only be done through time/labor-consuming regression testing. Obviously, Microsoft is keenly aware of this as they themselves either failed or refused to invest the time and effort required to apply a 6-month-old patch to all of their internal SQL servers (despite its inclusion in the latest SQL Server service pack).
This highlights the inherent weakness in Microsoft's process - they don't write secure software, necessitating dozens of patches per year, and they don't write the patches in a way that guarantees backward compatibility, necessitating untold thousands of man-hours of testing throughout the IT industry with each patch release (not to mention the required downtime, since nearly every Microsoft patch requires rebooting - something that has to be done during an off-hours maintenance window for most enterprises).
| 'Slammer' puts a hurt on the Internet |
|
PC World has a fairly thorough article about the effects of the 'Slammer' worm that more or less crippled the Internet briefly over the weekend. The article stays focused on the effect that the worm had on the end-users of the Internet, but believe me, the backbone providers had a pretty rough go of it. Advertised BGP routes were dropping like flies and peering got so snarled that it just up and disappeared in some places. The toll that the heavy saturation had on network infrastructure and the tools that manage/meter/monitor it was noticeable as well, as some new quirks and obscure old bugs popped up in a variety of network software/firmware/ASICs.
If you're more technically inclined, then the eEye advisory is one of the best, including dissassembled source (with eEye's comments added). Note also that they're referring to this as the "Sapphire" worm instead of the more common "Slammer" moniker, as it seems that they were rather peeved about being pulled away from their Bombay Sapphire-infused beverages in order to investigate. Remember, gents, in the words of Milk and Cheese, "gin makes a man mean!"
| Internet vigilantism |
|
The latest issue of Bruce Schneier's Crypto-gram has an interesting section entitled "Counterattack", in which he enumerates many reasons why automatic responses to attacks on information systems are a bad idea. He specifically calls out the MPAA's and RIAA's desire for legislation that would give them the legal right to hack into computers that they accuse of violating copyright law (without a trial or even a burden of proof, naturally). So, if someone's got digital security implemented on their computer to protect their own copyrighted material and they are suspected of sharing songs on a p2p network, the RIAA gets to combat a possible DMCA violation by... commiting a definite DMCA violation? Hmmm - that hardly seems equitable.
I am not a lawyer, but it seems to me that any law that would give law enforcement powers to a private individual or group without a trial is somewhat akin to anarchy. What's next - does Disney get an army to invade countries that pirate its intellectual property?
While Bruce focuses on the moral and legal reasons why he believes counterattacks are wrong, there are also some very solid technical reasons not to have autonomic security responses. He touches on this danger by succinctly stating, "Vigilantism is wrong because the vigilante could be wrong."
Spoofing prevents accurate identification of one-way attacks. Anything from a distributed denial-of-service (DDoS) attack to a spam e-mail message could be considered a "violation" of my system (depending on my conditions of use and security policies), but if that DDoS packet is crafted to look like it comes from one of AOL's proxy servers or that unsolicited e-mail is forged to look like it was sent by root@nsa.gov, I'm pretty sure that an automated counterattack is not in my best interest.
In fact, autonomic responses to threats are themselves fantastic weapons - imagine if Microsoft automatically collapsed routes (i.e. simply stopped routing traffic) or even severely rate-limited traffic to/from IP addresses that it felt was attacking it. Maliciously spoofing IP header information to make it look like attack traffic was being generated by a targetted IP address or address range and subsequently directing it at Microsoft would be disasterous for the target. Assuming the target was a Microsoft shop, it would seriously hinder that target's ability to get technical support (or, more deviously, to acquire patches for security holes that the spoofer plans to exploit). What about tricking two systems into counterattacking each other? Or what if a compromised system is used to launch an attack, thereby receiving the brunt of a counterattack without knowingly doing anything wrong? The possibilities for abuse are endless.
There are also real costs in addition to the indirect costs of attacking your users (and perhaps breaking the law in the process). Bandwidth, storage, processing power, and all of the other fixed computing resources that get consumed have to come from somewhere - either you've borne the up-front capital and on-going labor costs to have devices dedicated to counterattacking, or you're relying on your existing infrastructure to perform this counterattack, which in turn is diminishing your infrastructure's ability to do its "normal" work. It's a "pay me now or pay me later" scenario.
Autonomic computing is in its infancy, and it requires a great deal of trust and control over what is essentially a closed system to work properly. Emulating the human body's auto-immune system to fight off attacks - particularly in an open system like the Internet - is an autonomic computing challenge that will take more time, technology, and thoughtfulness (not to mention a sense of fairness akin to what Bruce suggests) to achieve.
| Apple Anniversary |
|
Today is a big day in the history of Apple. January 3rd marks the day Apple became incorporated.
| Making Flash games |
|
Having enjoyed some flash games recently, I decided to read a bit more about how to make them myself and game across Klas Kroon's OutsideOfSociety, where an excellent tutorial for making Flash games can be found. I read through this Monday night, getting inspired for a little gamecrafting myself until the reality of the work-week reared its ugly head. Now it's on an ever-growing "to do" list.
On a related note, one game I'd earlier identified as being a Flash game is actually a Java game, but who cares - at least it's back.
| Go Macintosh Users Go! |
|
Ahh..the solidarity of Macintosh users. It never fails to amaze.
Anyway, here's (free registration required) a story about a brave group of Macintosh users who banded together to fight the evil of an eBay fraud artist named Christmas.
Do I smell a feature film in the making? :)
*Remember..."it does not pay to mess around with Mac people"*
Enjoy!
| nVidia's GeForce FX |
|
Just when ATI was getting some traction with the Radeon 9700 Pro 128mb as the best consumer video card, along comes nVidia with the GeForce FX, with 25%-50% higher performance than the 9700 Pro (although the conditions under which it outperformed the 9700 Pro at those levels were unspecified).
The GeForce FX 5800 and 5800 Ultra start shipping in January '03.
| Quantum encryption |
|
Researchers claim to have discovered an encryption technique exploiting the quantum properties of light that's "unbreakable" - a claim that's credible because the act of eavesdropping on the encrypted transmission destroys the transmission itself.
This encryption technique relies on the use of a shared secret. In a simple practical application, this would mean that both the sender and receiver of the encrypted data use the same password. One-time pads, a system where a unique shared secret is used to encrypt each message, are already provably unbreakable if applied correctly, but they have logistical limitations that make them difficult to apply correctly (except by the most determined parties).
The fact that this technique appears to be unbreakable despite the re-use of a non-unique shared secret between two parties would be a major step forward in encryption technology.
| The legal side of "cybersecurity" |
|
The US House of Representatives tacked on the Cybersecurity Enhancement Act (CSEA) to the homeland defense bill and passed it yesterday. Among the highlights - life imprisonment for "hackers" whose activities endanger human life, surveillance without a warrant to investigate computers or systems that are "under attack", and mandatory information disclosure by ISPs on their users' activities when there's an "emergency". After reviewing the document, it also seems like the CSEA could also make things like publicly describing or advocating the use of cryptosystems a crime. Let's hope this gets modified - or better yet, deleted - in the Senate before the homeland security bill passes. Otherwise, it's going to take a lot of time, taxpayer money, and superior court rulings to get this overly-broad, vague, and politically-motivated law overturned.
On the other side of the spectrum, a federal judge ruled that a child pornographer's 4th Amendment rights were violated. Apparently, the FBI and other law-enforcement agencies obtained information from a vigilante who had used the SubSeven virus to infect kiddie-pr0n in newsgroups and then collect information on the people downloading it. It's unclear whether or not this constituted an illegal search as defined by the 4th Amendment when the vigilante offered this information of his/her own free will, but when the FBI started actively soliciting more info from the vigilante, it definitely crossed the line (in the court's opinion).
I certainly don't want a precedent set whereby the FBI can surveil anyone without a warrant just by asking someone else to do it for them, so I agree with the legality of the ruling. Still, it's somewhat depressing when justice and the law end up at odds - I hate to see this guy go free.
| Purchase of AT&T Broadband approved by FCC |
|
Comcast's purchase of AT&T Broadband has cleared all regulatory hurdles, meaning the deal could be finalized by the end of the year.
What this means for our cable modem service remains to be seen...
| Wireless monitors |
|
ViewSonic has adopted Microsoft's wireless display technology, code-named Mira, into a line of actual products.
While I like the idea of having a wireless touchscreen monitor in the kitchen for web browsing - getting recipe information, say - what is it about the idea of Microsoft software sending display information over-the-air that makes me cringe with security fears?
| New Detonator drivers |
|
nVidia has released version 40.72 of their "Detonator" unified driver, which works with all video cards based on nVidia GPUs. You can download this new version here.