2006-12-25

(criminal) The irony of Sony DRM

Just over a year ago, the Sony rootkit DRM scandal broke, depicting how an arrogant Sony BMG had chosen to subvert the security of millions of PCs in order to protect their intellectual property through DRM. If an individual had done it, this would be considered a serious crime, but Sony got away with what amounts to little more than a slap on the wrist.

Like many like-minded people, I started a personal boycott of all Sony products from then on. I had never bought Sony stuff before anyway -- too little bang for the buck, if you ask me -- so this was only a symbolic gesture.

Recently, I wanted to buy a small, mains-operated, single-piece (no separate speakers) table-top stereo with a digital FM tuner. All other features were negotiable/optional.

After weeks of searching, literally the only brand that offered anything like this turned out to be a Sony. Since the boycott was over a year old, I gritted my teeth and bought it....

...and found the following text in the user manual:


Music discs encoded with copyright protection technologies

This product is designed to playback discs that conform to the Compact Disc (CD) standard. Recently, various music discs encoded with copyright protection technologies are marketed by some record companies. Please be aware that among those discs, there are some that do not confirm to the CD standard and may not be playable by this product.


Delicious!

2006-12-14

It is so cool...

...to have a son who's taller and handsomer than me :-) And I see his lanky figure, slightly stooped like many tall people are, and flashback to how he was when he was born, and at 2, and at 4, and all sorts of other memories...

Man, what a rush!




Note to myself: go see a psychiatrist. Second non-technical blog-post in as many weeks, Something seriously wrong...

2006-12-12

DNA - After Hrs - Tom Cruise tops least favourite poll - Daily News & Analysis

http://www.dnaindia.com/report.asp?NewsID=1068650

Hollywood superstar Tom Cruise is trying his best to change his image but most Americans still consider him too strange and have voted him the least favourite star in a recent poll.

Only 12 percent of respondents said they would make a big effort to watch any of his movies and 34 percent said they would not see one at all [emphasis mine - Sita]. They were creeped out by his passion for Scientology, reports pagesix.com.


Good to know there are people like me in the US too :-)

Now why can't Americans show the same good sense and intelligence when selecting presidents?

2006-12-08

(malware,DRM,quotes) CIO Blogs - Musings on Vista

http://blogs.cio.com/musings-on-vista

Another great article from my favourite CIO columnist. Again, nothing we haven't read in other places, but he brings it together very succinctly and clearly.

Some quotes [text in brackets is mine]:

Overall, Microsoft delivers client operating systems whose virtues make end users happy and whose vices cause problems for IT.

...

It's addressed some of the problems in XP in ways that end users are likely to see as intrusive and inconvenient. In other words, they've bandaged their vices in ways that will wound their virtues, which is a poor strategy.

...

There's only one problem with this situation [Trusted Computing] -- changing hardware will break the end-to-end chain of security and result in an inability to access the data (see here, particularly page 2, for an interesting discussion of the implications of Trusted Computing and hardware).

...

I would hate to be the IT help desk person who has to explain to an end user that because the motherboard of the computer went on the fritz and the backup encryption keys aren't available, all data on the machine is lost.

...

I know that no end user is going to see this functionality [DRM] as helpful in his or her daily life. This seems like functionality put into the system not to serve the actual user, but to appease a powerful constituency that, through money and legislation, can bring more pressure to bear than can individual users. I predict an uproar around DRM when Vista rolls out, and a widespread rejection of new-gen media on PCs due to the onerous requirements.

2006-12-04

Love and Marriage

The other day there was a toastmasters club meeting in the office, where one of the table topics was "Love before Marriage, or Marriage before Love?"

My first question, considering both my sense of humour and the fact that I'm an incorrigible flirt, was "does it have to be with the same person?"

Good joke. Or was it a joke? Maybe I was serious ;-)

But it got me thinking. A lot of my younger friends have just gotten married or are about to take the plunge, and -- while I will always behave like an immature, childish, almost juvenile, brat, and I will always be proud of it -- I can't really escape the fact that I am actually 44.

So here're some thoughts on the subject, and some free advice. Buddha had the great insight that desire is the root of all suffering. In terms of human relationships, I'm sure the specific desire is the desire for importance. Also called ego :-)

And everyone knows that ego comes from being insecure. [And no, I don't mean that type of "insecure"!]


It seems to me that, in terms of relationships, there are 4 types of people in this world.

  1. most insecure: no deep feelings at all, even if she seems very friendly and vivacious to a casual observer. Will never trust anyone enough to open up or appear vulnerable. Always on her guard.

    Love before marriage? No way! Just hope that there will be some love after marriage. And pray that she marries at least a type 3 or a type 4!

  2. somewhat insecure: has feelings and is capable of lots of love, but is very very guarded. Can morph temporarily into type 1 if there's a problem! Won't tell anyone when she's hurt -- swallows it all and burns up inside.

    Sounds like a stereo-typical girl? Believe me, I've seen guys like this too!

    Love before marriage only with a type 3 or a type 4.

  3. still a little insecure: enough that he can't admit it even to himself :-) Projects an overwhelming image of confidence and mastery over everything.

    Finds it very difficult to say "I need you" to anyone. In fact, anything sentimental is accompanied by a joke -- sort of like an escape clause!

    Even a type 2 may wonder if he has any feelings at all. But if you're a type 4, you will quite easily see that he needs you but just isn't saying it, and that he does have feelings deep down but will not show them, and so you'll probably be fine!

    Most definitely "love before marriage" material, but he won't push it if things don't work out, so he may well end up with an arranged marriage. Just hope it's not to a type 1 :-(

  4. hardly any insecurity: can happily, without an ounce of diffidence or reluctance, tell someone "I need you" :-) You always know where you are with him. Cannot hide his feelings if his life depended on it.

    Appears to be much more vulnerable than the others because he gets hurt easily, but that's only because his hurts are more visible, and he has no qualms about telling you he's hurt. In fact the other types are more vulnerable, because they can get hurt and not even realise it themselves :-(

    This type can't even think about "marriage before love" without breaking into a sweat :-) It has to be "love before marriage".


No prizes for guessing which combinations are better than others :-)

In fact, it is my theory that in every love marriage there is at least one type 4, or both type 3. Other combinations do not seem capable of leading to what is usually thought of as a love marriage.

And I'm not saying type 4 is the best or type 3 is better than type 2, etc., in the long run. One you get married there're all kinds of behavioural traits and attitudes that you don't see earlier, and that will drive you up the wall regardless of what "type" the person is -- carelessless, forgetfulness, attitudes towards money or work, family, importance of parents, religiousness, etc., etc., etc., ad infinitum.

Many of those aspects can be just as important as ego.

2006-12-01

(religion) The Dilbert Blog: Atheists: The New Gays

http://dilbertblog.typepad.com/the_dilbert_blog/2006/11/atheists_the_ne.html

Best quote:

Ask a deeply religious Christian if he’d rather live next to a bearded Muslim that may or may not be plotting a terror attack, or an atheist that may or may not show him how to set up a wireless network in his house. On the scale of prejudice, atheists don’t seem so bad lately.
And yes, he was joking about Bill Gates running for President. I'm sure of it...

2006-11-30

(process,funny) Six Sigma

Best stuff I've seen on Six Sigma in a long time:

http://slashdot.org/comments.pl?sid=208900&cid=17033026 says/asks:

Six Sigma -- I find it hilarious. Basically, they took the work of Walter Edward Demmings, widely regarded as the driving force behind Japan's industrial turnaround, repackaged it, and called it "new". Demmings cane up with "kaizen" or the process of continual improvement. Basically, no process is complete unless it has a feedback and improving mechanism

For anyone who is an expert: What has six sigma added to this paradigm?

Then http://slashdot.org/comments.pl?sid=208900&cid=17033512 replies:

Bureaucracy.

At least in GE's implementation of Six Sigma. They found a way to take what is essentially the engineering version of the scientific process, wrap it in so much red tape that it is unworkable (a 12-step process that really had 15 steps) , and put it in the hands of every worker in the company. Originally they gave bonuses for doing it, but eventually they took those away and declared "Thou shalt not get a raise without a Six Sigma Project." What ended up happening is that people refused to make any process or product improvements unless they were part of somebody's (preferably their own) Six Sigma project.

It was ridiculous. You ended up with one person optimizing a part of a process, while the person in the next cubicle was eliminating the entire process in favor of a more unwieldy one. Then, six months later, somebody else would start a new project that essentially put the original process back in place. Of course the problem was that they were using a distinctly product-oriented procedure, and trying to use it to solve process problems.

Don't even get me started on the math. They would assume normal distributions for everything. Never mind that one of the steps was to prove normalcy. If that test proved it wasn't normal, you were instructed by your "Black Belt" to assume normalcy anyway -- even if a Weibull distribution was clearly the correct choice (like in timed exercises). Idiots, I say. And then they had PHB's (called "Black Belts" and "Master Black Belts") trying to tell engineers how to do math, when they didn't even know how to use a simple Q test. If they saw a data point that didn't support their theory, they just called it an outlier, and deleted it.

You'd think after nearly two years of not working at GE, I wouldn't get so wound up about it. I guess as an engineer, it really gets my goat when people use math improperly.

[I normally don't copy entire tracts of text, preferring to just give the URL and leave it at that, but in this case it seemed necessary and useful...]

2006-11-21

Schneier on Security: BT Acquires Counterpane

http://www.schneier.com/blog/archives/2006/10/bt_acquires_cou.html

Bruce Schneier's Counterpane Security has been acquired by British Telecom.  Read comments on this page.  In particular, I like Bruce's nomination of "Best blog comment ever", which shows the difference between security as theorised and security as practised :-)

Hilarious!


2006-11-17

(religion) The Church of the Non-Believers

http://wired.com/wired/archive/14.11/atheism.html

Thanks to a former colleague ( http://diviya.blogspot.com/2006/10/one-post-too-many.html ) for the link.

Nice article, worth a quick read. A bit long-winded, and there is much that even agnostics and atheists will disagree with, since it seems to explore all sides equally :-)

But it's too philosophical and too abstract for my taste.

I'd appeal more to personal experience with religious people, though I agree that would be difficult to convey in an article. Your parents, your friends, relatives, and colleagues at work affect you much more directly than Khomeini or Pat Robertson.

I've always maintained that it is not religion, but the overt display of religion, and organised religion, that are the problems. I don't know how far that's true, but it certainly seems that way to me.

Overtly religious (this is almost always the same as "overly religious", but there are exceptions here and there) people eventually acquire a selective humility. They are humble to their God, and pretty egotistical and nasty to the rest of the world.

Of course, they have no clue they are even egotistical, let alone nasty -- they'd be stunned if you told them, and probably die of a kernel panic if you managed to prove it to them! (Fortunately it's practically impossible to convince them, so we will never be guilty of murder!)

In most cases they have lost the capacity for self-introspection that is needed to realise what they are doing to the other person. They are so immersed in their God that they can never say to themselves "what if I'm wrong", because it automatically means the same as "what if God is wrong"!

In fact, they seem to really and truly believe that they have a direct line to God. It's essentially the same thing that makes "Muslims" like Khomeini issue fatwas against Rushdie or "Christians" like Pat Robertson call for the assassination of Hugo Chavez. Overtly religious people issue fatwas every day, whether they realise it or not, and whether they say them out loud or not.

On the other hand, my experience has been that atheists (and the very few covertly religious people I know) are pretty nice people!

That, to me, is the biggest reason for advocating, if not atheism outright, at least the suppression of religious exhibitionism.

PS: I think the author of the article must be a nice guy. His article ends: "...no matter how confident we are in our beliefs, there's always a chance we could turn out to be wrong." :-)

2006-11-13

finally, competition for George Lazenby

Daniel Craig!

Here's hoping he is also a 1-shot wonder like George :-)

2006-11-07

Schneier on Security: Perceived Risk vs. Actual Risk

http://www.schneier.com/blog/archives/2006/11/perceived_risk_1.html

Very serious article, but I was struck by the very humorous way he describes a natural human characteristic:

The brain is a beautifully engineered get-out-of-the-way machine that constantly scans the environment for things out of whose way it should right now get. That's what brains did for several hundred million years -- and then, just a few million years ago, the mammalian brain learned a new trick: to predict the timing and location of dangers before they actually happened.

Our ability to duck that which is not yet coming is one of the brain's most stunning innovations, and we wouldn't have dental floss or 401(k) plans without it. But this innovation is in the early stages of development. The application that allows us to respond to visible baseballs is ancient and reliable, but the add-on utility that allows us to respond to threats that loom in an unseen future is still in beta testing.

The rest of the article is equally engrossing -- and it's a pretty short article so go read it.  (Don't be fooled by the size of the scrollbar in your browser window; this is because there are dozens of reader comments below the article)

2006-11-02

(funny,quotes) Why I (still) cant stand Emacs :-)

...and probably never will.

An old tagline comes to mind: Emacs is my operating system, Linux is my device driver!

Anyway, here's a very nice article from my favourite Linux site, with some quotes below. The author, Jon Corbet (editor of LWN) is well known for his dry humour as well as his objectivity. Few people who profess to use emacs as much as he does would make the kind of digs that he has taken in this article!

http://lwn.net/SubscriberLink/206916/8f7cb0a9f19cad56/

Some funny (and some not so funny) quotes, with occasional comments from me in square brackets:

The addition of an IRC client would have been useful, but this is Emacs, so they added two different ones.
...
The wrong key sequence can occasionally lead to hallucinogenic results, to the point that there is a special command ("view-lossage") to answer those "how the hell did I make it do that?" questions.
...
Even some relatively trivial customizations require typing in Lisp code, which, for some strange reason, not everybody wants to learn how to do. [well Duh!]
...
There is also an entire branch in the physical therapy field dedicated to the treatment of little-finger injuries caused by excessive Emacs use.
...
There is a new "calc" mode which is truly scary in the things it can do. [I don't even want to know what that means...]
...
There is a built-in spreadsheet with all the usual features and some unusual ones - like the ability to enter cell formulas in Lisp.
[A spreadsheet inside a text editor? What's next, a flight simulator?]
...
The current NEWS file gives a lengthy overview of the changes - though somehow it omits the important addition of a Tetris game.
...
And vi simply lacks a number of more advanced features; it was never meant to contain mail clients, RSS readers, calendars, or psychoanalysis programs.
[the last one I can answer: using vi will not drive you insane, so no psychoanalysis is needed!]
...
Emacs is an interactive user interface development environment which happens to be very good at editing text.
[aaah -- I get it. The Lotus Notes of text editors :-)]

2006-10-24

User Education and Security

http://news.com.com/Security+expert+User+education+is+pointless/2100-7350_3-6125213.html

"Might it be so that we use the term and concept of user education as a way to cover up our failure?" he asked a crowd of security professionals. "Is it not somewhat telling them to do our job? To make them be a part of the IT organization and do the things that we are bound to do as a specialized organization?"

I don't know how many of my readers think about security all the time! Heck I don't even know if I have any readers :-)

But this is an interesting topic. In a long-term way, I think I agree with Mr Gorling -- the need for user education is clearly a technical failure at some level.

I tend to compare things to the physical world a lot. In the physical world, we're used to different levels of security. Take "documents" for instance -- we keep important financial/property documents in an inner room, and probably under some sort of lock and key. Things that are less important (like receipts, warranty cards, bills, small amounts of cash) are kept in a slightly more accessible but still quite safe place. Finally, things like books, magazines, newspapers, etc., lay around pretty much anywhere (and cause fights with the wife if she is a cleanliness freak, but that is neither here not there ;-)

Don't you think the security problems we're seeing are mainly because on his computer, unlike in his house, we have not given the user enough "rooms", and he's essentially forced to put everything in one room or (worse) one "shelf"?

A small example: within my workgroup, we allow people to access random websites only through Firefox. If they use IE, they are restricted to a whitelist of URLs that we assume we can trust. This is one type of separation, and I am sure it has helped us tremendously over the past few years it's been implemented.

Personally, I have even toyed with the idea of running two copies of the firefox browser -- one with my normal userid where I do anything I please, and one under a very rarely used userid which I will use only to access my corporate intranet portals, my bank, etc. -- yet another form of separation (although, since I use Linux, maybe I'm being too paranoid).

For ordinary users, it ought to be possible to create something like this using Linux live CDs that is easily accessible/usable, and provides excellent security against all sorts of trojans and viruses (most of which cannot work when you use a live CD, because you're booting from a CD each time).

Example implementation: there are 3 icons on the desktop to switch between "rooms", and built-in intelligence (with a list of "important" URLs that is updated from the net) to prevent him from accessing, say, www.citibank.com if he is in a low-security room, or vice versa, prevent him from accessing unlisted sites when he has switched to a high-security room.

2006-10-09

(geek) KDE on the NBC Show "Heroes"

http://slashdot.org/comments.pl?sid=198073&cid=16228841

Hilarious comment :-)

For those of you who don't know, KDE is a desktop environment on Linux.
It is also the one I prefer, but that is not relevant to this joke :-)

2006-09-28

on trusting someone!

http://lwn.net/Articles/201440/

I think people can generally trust me, but they can trust me exactly
because they know they don't _have_ to.

Don't worry about the rest if the article if you're not into open source.

Just reflect on the statement itself...

2006-09-25

Nevermoto!

I've had it with Motorola. I was seduced by an A780, but the experience didn't live upto the seduction. 20,000 rupees down the drain in 1 year and 3 months :-(

And hell hath no fury like an evangelist who's seen the darkness, if you'll pardon the word play!


Lessons learned:

  • never, ever, buy a phone that is so badly supported! One month after the battery dies I'm still waiting for a new one. And using an old Nokia 3315 for now. [And hardly missing the A780, dammit!]
  • never buy a phone designed by an American company. Their networks are so behind the times they don't even know what features to include or test! Ever heard of location info coming up as an SMS?
  • the most often used features should use the least keystrokes. Redialling the last number shouldn't be FOUR key presses.
  • the most often used features should be the most tested. T9 (aka "predictive text input") sucks on this thing. In many ways (doesn't cycle the first 2-3 letters if you ask it to cycle the choices, doesn't allow a space before a special character, ...)
  • playing sudoku online during meetings is great, but not that important. Really!
  • ditto for a camera, web browser, mp3 player, voice recording, and T9 on the dialer.

What's my real gripe? No Linux support

The Motorola A780 does not support Linux. Yes, you heard it here first!

Here's my definition of "Linux support":

The device should not create yet another Windows dependency in order to be used as intended (which in this case includes backup/sync tasks).

Any device where the CD-ROM that comes with it assumes you run Windows has failed the test.

And please ignore the few geek pages that show how to synchronise the phone data with a Linux box -- if I can't recommend it to my non-techie brother, it isn't good enough to claim "we support Linux" whatever else you may want to claim!

[geek note:] It shouldn't be that difficult to create a statically linked Qt/GTK binary with minimal dependencies that can access the device from USB and get the stuff out and in. Sort of like jpilot; nothing fancy, but functional.

Yes, the A780 runs Linux inside, which is nice, but the warm fuzzy feeling wears off very quickly after a month of using the damn thing.

My next phone will likely be a lowly Nokia 1108. Hey, it's got a flashlight attached :-)

Zune won't play MS DRM infected files

http://www.theinquirer.net/default.aspx?article=34478

So, in general, the device that Microsoft is aiming to gut the iPod with does three things really well. It screws legal music customers, screws partners, and actively advocates breaking the law to use. What a wonderful world we live in, all brought to you by the letters D, R and M, and the term infection. Seriously, you can't make this stuff up.

2006-09-19

(security) Xavier Boyen - On the Impossibility of Efficiently Combining Collision Resistant Hash Functions

About a year ago, when the first collision attack against MD5 was made public, I asked my boss (who's a real scientist, unlike me!) why we couldn't simply use two different hashes and club them together, because the chances of finding a hash collision between two different strings, for two different hash functions, ought to be close to impossible.

Looks like I wasn't on crack after all... :-)

http://ai.stanford.edu/~xb/crypto06b/index.html

Let H1,H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1 and H2 clearly works, but at the cost of doubling the hash output size. We ask whether a better construction exists, namely, can we hedge our bets without doubling the size of the output? We take a step towards answering this question in the negative --- we show that any secure construction that evaluates each hash function once cannot output fewer bits than simply concatenating the given functions.

2006-09-11

(malware,DRM) Schneier on Security: Microsoft and FairUse4WM

http://www.schneier.com/blog/archives/2006/09/microsoft_and_f.html

Microsoft's priorities vis-a-vis security...! As you read this, remember that since 2003, MS's strategy for issuing patches for security holes has been that, regardless of how critical the hole is or how many computers are affected, patches come out only the second Tuesday of the following month.

Except, it seems, when someone hacks their DRM. Then the patch comes out in 3 days :-)

Quotes:

If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

[...]

Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

[...]

It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files.

That was Saturday. Any guess on how long it will take Microsoft to patch Media Player once again? And then how long before the FairUse4WM people update their own software?

Certainly much less time than it will take Microsoft and the recording industry to realize they're playing a losing game, and that trying to make digital files uncopyable is like trying to make water not wet.

2006-08-28

(security) Where magic lives: Analysis of HSBC Vulnerability

http://da.vidnicholson.com/2006/08/analysis-of-hsbc-vulnerability.html

Very nice article... simple, easy to read and understand.

Most crypt-analyses is very mathematical in nature, and I can hardly
understand the individual words in it, let alone whole sentences :-(

As a result, I've always had trouble explaining to people how proper
analysis can break a system, because to the untrained mind, even XOR
would seem unbreakable!

For me, therefore, the real value of this article is that I can probably
use it to give ordinary people exactly such an insight.

2006-08-18

(criminal,malware) Windows genuine disadvantage

Windows genuine disadvantage [printer-friendly] | The Register

What would you call a computer program that surreptitiously installed itself onto your computer, collected personal information about you without your knowledge or effective consent, was difficult or impossible to remove, installed pop-up banners that constantly harassed you, and presented significant security vulnerabilities?

(FOSS,malware) LWN: Free Software Sets the Computing Agenda

LWN: Free Software Sets the Computing Agenda

Taken on their own, each of these instances of Microsoft emulating or accommodating free software might seem fairly minor. Put together, they represent a consistent pattern of loss of control that is unprecedented in the company's recent history.

2006-08-13

(security) India takes on offshoring naysayers

It's not news if the fraud is "onsite", I guess :-( Or, as the article says, our reputation is less valuable than theirs...

India takes on offshoring naysayers | The Register

In June, an Indian worker was arrested for allegedly defrauding £233,000 from the accounts of about 20 HSBC customers. However, the Royal Bank of Scotland lost nearly 100 times that amount of money (£21m) to a man working for the bank in Edinburgh.

The story of his being jailed for 10 years broke almost simultaneously with that of the comparatively minor Indian fraud. But that was not all that was overlooked.

HSBC had insisted that its Indian centres suffered less fraud than those based in the UK. The Financial Services Authority (FSA) said British banks are more reluctant to report or prosecute their inhouse fraudsters, as doing so could tarnish their reputations.

(FOSS) Intellectual property in the era of open source

Note that all this is from a VC...!

Intellectual property in the era of open source

In fact, open source can lead inventors, engineers, architects and business strategists to focus on areas where software is not a commodity.

[...]

It's as if open source applies evolutionary pressure to business plans, in the Darwinian sense. Because open source eliminates whole categories of obvious commodity software plays, we in the investment community see fewer "better mousetrap" propositions that retool commodity categories and more focused and innovative plans for unserved markets.

(security) Phishers rip 2-factor authentication

Phishers rip into two-factor authentication | The Register

The attack confirms concerns from security expert Bruce Schneier that two-factor authentication schemes have been oversold as a silver-bullet solution to online identity fraud.

2006-08-12

(funny,geek) Driftnet

Hmmm, I wonder if I should run this on the proxy server at work :-) Driftnet

Inspired by EtherPEG (though, not owning an Apple Macintosh, I've never actually seen it in operation), Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

2006-08-11

(funny) Oooops! You Broke it

Oooops! You Broke it - PierceitShop 404 ERROR! KAAABOOOOOOOOOOOOOOOOOOOM!

The page you are looking for might have been removed, had its name (or sex) changed, or badgers may have stolen it.

It's really funny -- you really must read the whole page!

(funny,security) booty call == replay attack

This is how security guys think... I don't know whether to laugh or cry!

Dean Wilson@UnixDaemon: In search of (a) life

Wikipedia's definition of Booty Call

"Booty calls can be used by one partner of an ended relationship to obtain sex from the ex-partner, due to lingering emotions and feelings of a need for continued physical connection."

Security guys analysis of the above:

"This one's pretty obvious, it's a replay attack. You've already gone through the authorisation and authentication processes and now you're reusing previously obtained credentials to obtain access to a resource."

(funny) Plagiarism Policy

Multiversity experience

Platothefish requested that it be formally minuted that the faculty's Plagiarism Policy appears to be remarkably similar to three other faculties within the university. Further that a search on google has disclosed policies with almost exactly the same wording from a number of other universities.

2006-08-03

(funny,FOSS,criminal) SCO and IBM and Linux

An excellent summary of this lawsuit that's been going on for years now. Plus it's funny too!

SCO Accuses IBM of Destruction of Evidence | Seen On Slash

2006-08-02

(funny) Linus Torvalds at his acerbic best!

Linux: Linus On The Extensible Firmware Interface

Of course, it's somewhat questionable whether people have actually gotten smarter or stupider in the last 30 years. It's not enough time for evolution to have increased our brain capacity, but it certainly is enough time for most people to no longer understand how hardware works any more.

2006-07-14

(funny) Crap website? Try feng shui

Crap website? Try feng shui | The Register

Is your website underperforming? Does it lack spiritual balance? Do you have the sneaking suspicion that an inauspicious alignment of html elements may be to blame?

Not funny enough? Here's more:

"Just as the world comprises of the five basic elements, each website has five elements and these need to be in balance with one another. Earth is the layout, fire is the colour, air is the HTML, space is name of the website, and water is the font and graphics."

2006-06-28

(criminal) That explains a lot...

Gates becomes a higher power [printer-friendly] | The Register

"People think of me as this technical guy," Bill Gates once told me. "In fact, the important point to remember about my background is the fact that I was brought up to be a lawyer. My family are all corporate lawyers, and the conversation at every breakfast was always over the latest legal developments in the business space. You might say it's in my blood."

And here's another great quote:

"It's important for a corporate leader to know the difference between what is actually illegal, and what people assume should be illegal."

2006-06-23

(life) Sir!

Circumstantial evidence that allowing people to call you "Sir" (assuming they are doing it in the first place!!) is bad for the group.

I have a peer in another organisation, someone I respect highly, and get along with very well both personally and (on the now rare occasions when we work together) professionally.

He recently told me that his team tends to take every suggestion he makes as a directive, instead of just a suggestion. That's pretty bad; indeed, the only thing worse could be if they also do not contradict him when they have a differing opinion.

Since I have never thought of him as the dictatorial type (in fact he is a very jolly, easy-going, friendly, guy!) I can only imagine this is because he has never actively tried to stop his team calling him "Sir", or perhaps even encouraged it subtly due to the 10+ year age gap that he has with his team.

Thankfully I will not have this problem. Maybe the opposite, since my team (even younger than his) has now actually started pulling my leg once in a while!

2006-06-14

(funny) the perils of aggressive spam blocking

First, if you're offended by stuff like this, my apologies. My first excuse is that I honestly doubt anyone actually visits my site. My second excuse is that this really is a technical issue :-)

Rochdale man fails to prevent neighbour's erection | The Register

A Rochdale man has failed to prevent his neighbour extending his property after the local council's email filtering system blocked two missives containing the word "erection", the BBC reports.

2006-06-08

(malware) Unbelievable...

Australian IT - Microsoft takes on net nasties (double click | David Frith, JUNE 06, 2006)

It seems Steve was at a friend's wedding reception when the bride's father complained that his PC had slowed to a crawl and would Steve mind taking a look.

Allchin says Ballmer, the world's 13th wealthiest man with a fortune of about $18 billion, spent almost two days trying to rid the PC of worms, viruses, spyware, malware and severe fragmentation without success.

He lumped the thing back to Microsoft's headquarters and turned it over to a team of top engineers, who spent several days on the machine, finding it infected with more than 100 pieces of malware, some of which were nearly impossible to eradicate.

[...]

If the man at the top and a team of Microsoft's best engineers faced defeat, what chance do ordinary punters have of keeping their Windows PCs virus-free?

I think this story is a complete fabrication. I can't believe Ballmer has friends ;-)

2006-06-02

(malware) Vista's endless security warnings

Priceless...

Schneier on Security: Microsoft Vista's Endless Security Warnings

It sounds like a good system. But this is Microsoft, we're talking about here. They completely botched UAP.

The bad news, then, is that UAP is a sad, sad joke. It's the most annoying feature that Microsoft has ever added to any software product, and yes, that includes that ridiculous Clippy character from older Office versions.

2006-05-16

(criminal) Microsoft at its shoddy and arrogant worst

This is from Don Tennant, editor in chief of Computerworld.

Rotten Effort

Last week, Dale Frantz, CIO at Auto Warehousing Co., brought to my attention an alarming business practice that shows Microsoft at its shoddy and arrogant worst.

2006-05-05

(criminal) Everyone wants to "own" your PC

Bruce Schneier is always on the ball!

Wired News: Everyone Wants to 'Own' Your PC

It used to be that only malicious hackers were trying to own your computers. [...]

Now, things are not so simple. There are all sorts of interests vying for control of your computer. [...] All these companies want to own your computer.

2006-04-05

(malware) MS says recovery impossible in severe infections

This is a great article, with an unusual amount of frankness from a Microsoft employee talking about how bad things really are now.

Microsoft Says Recovery from Malware Becoming Impossible

"At Microsoft, we are fielding 2,000 attacks per hour. We are a constant target, and you have to assume your Internet-facing service is also a big target," Danseglio said.

So what are we doing running Windows on our internet facing servers? Waiting for a wake-up call?

[There are other quotes in that article that merit replay and/or serious discussion. No time now -- but sometime later today I will expand this blog entry.]

2006-04-03

Brainwashing your kids

The Sleeping Giant Goes on the Offensive - April 3, 2006

Do you have an iPod?

No, I do not. Nor do my children. My children--in many dimensions they're as poorly behaved as many other children, but at least on this dimension I've got my kids brainwashed: You don't use Google, and you don't use an iPod.

Hopefully he can't brainwash anyone else, children or otherwise :-)

2006-03-08

(WTF) what madness!

Capitol Hill Blue - Warning! Financial responsibility can lead to terrorism

They were told, as they moved up the managerial ladder at the call center, that the amount they had sent in was much larger than their normal monthly payment. And if the increase hits a certain percentage higher than that normal payment, Homeland Security has to be notified. And the money doesn't move until the threat alert is lifted.

2006-03-01

(FOSS) Stratus using Linux -- the missed story

Stratus Using Linux: the Missed Story OP/ED - www.reallylinux.com

When such a company, fixated on true fault tolerant hardware, having spent years developing their own OS, begins integrating Linux into its server line, that's saying something significant.

2006-01-16

WMF: a backdoor intentionally placed by Microsoft

Update. Apparently Steve Gibson was a bit rash in his conclusions, so this is not true after all!

Compelling article on why the recent WMF exploit was very likely intentionally placed by Microsoft.

Slashdot says:

In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor.

(criminal) CD Copy Protection: The Road to Spyware

Freedom to Tinker » Blog Archive » CD Copy Protection: The Road to Spyware

So if you're designing a CD DRM system based on active protection, you face two main technical problems:

  1. You have to get your software installed, even though the user doesn't want it.
  2. Once your software is installed, you have to keep it from being uninstalled, even though the user wants it gone.

These are the same two technical problems that spyware designers face.

[For those who don't know, Ed Felten is a Professor of Computer Science and Public Affairs at Princeton University]

(criminal) DRM reduces security

GROKLAW

We are entering the era of ubiquitous and safety critical computing, but the developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers. This belief is convenient, because creating DRM mechanisms that respect security, safety, and reliability concerns is going to be an expensive and complex engineering task.