(malware) how a 13-yr old kid made my day...

Around 8:30 this morning I went out looking for a place that will let me photocopy some documents I needed later in the day; I need not tell you that our government bureaucracy is solely responsible for the profit margins of most copier makers ;-)

Anyway I found a little internet cafe + photocopy shop in which a young boy was vigorously dusting the various bits of hardware lying around. Very hopefully, fearing the usual "abhi dus minit mein ho jayega", I approached him.

[Aside for people unfamiliar with Hyderabad: "dus minit" is measured on the Brahma scale (refer to Hindu mythology for that one...)]

To my intense surprise, he actually took my documents immediately, hit some buttons on the machine, and started the copy. Great -- I don't have to wait around.

While he was doing that, a young man of about perhaps 20-25 years walked in, and said "internet chal raha hai?"

Having seen more than my share of blank looks in the past, I resisted the urge to explain to him that multi-billion dollar corporations like Cisco and Sprint and BBN and God knows who else are hard at work trying to make sure of precisely that, and so, in all probability, the internet was not just "chal raha hai" but "doud raha hai".

Anyway the 13-year old lad running my photocopy said "hanh -- woh teesra cubicle mein jao. Aur internet explorer mat kholna; Mozilla firefox use karna".

[Don't forget -- this was a guy I mistook to be a cleaning boy, and worried if he'd be upto switching on the photocopy machine and doing the duplex copies I wanted...]

Middle-aged men with gray hair are not expected to suddenly break out in a joyous jig, so once again, I restrained myself and, with as much disinterest as I could feign, asked him "kyon"?

And he said "virus aa jaate saab". With one hand still operating the copy machine, he demonstrated what were clearly meant to be a series of nasty popups with the other hand -- I can't describe it in writing, you'll just have to imagine it.

--------------------

This is it guys. When kids who look like cleaning boys in internet cafe+xerox+STD/ISD shops start telling people to use Firefox instead of IE, MS is done for.

World domination can't be that far away... YEEEHAAAW!

(PHB) the stupidity of large corporations

Never underestimate the stupidity of people in large groups, a wise
man once said. I'd add, never underestimate the stupidity of lawyers
in large corporations.

http://torrentfreak.com/toyota-claims-ownership-081114/

So you are one of the most successful car companies in the world.
Your products have many proud owners, who are so proud of the cars
they bought from you that many of them make really cool desktop
wallpapers of their photographs, presumably to show off. And then
they post these wallpapers on to a site dedicated to desktop
wallpapers, presumably to help others (less artistic than themselves)
also show off their cars.

What should the car maker do? Treat this as a bunch of free
advertising and nod benevolently? Maybe even pass on the occasional
high-res shot for people with the twin passions of photographs and
Toyota cars to drool and ooh and aah over?

That's what *you* think. No wonder you never got a job as a lawyer at
Toyota! Toyota lawyers know better.

Toyota is demanding that a website dedicated to desktop wallpapers
remove all wallpapers featuring Toyota cars, **even if the photograph
is copyright someone else*** (like perhaps one of the users of the
website). They cite this as a DMCA violation, of all things. The
DMCA, as some of my readers will now, is the law that supposedly
attempts to protect music and videos from being put on the internet.

Despite the fact that the DMCA has been misused and abused far more
often than used, I can understand a music company losing revenue if I
post an MP3, but a car company losing revenue due to wallpapers
created by proud owners?

(economics) nice summary of the wall street crap

crisp, clear, and concise, especially the last line

http://it.slashdot.org/comments.pl?sid=1025715&cid=25725683

excellent review of my favourite distro, mandriva

...just ignore the grammar and the somewhat sloppy writing;
this guy's heart is in the right place as far as Mandriva is concerned! :D

http://the.linux-hardcore.com/node/10

(vaporware) cloud cuckoo land!

said it much better than I could have; might sound dramatic for people who don't grok the intricacies of the current security scenario, but then, did you predict the way the market would turn out like this today? I haven't heard any important decision-maker type person say "oh yeah I knew that, I saw that coming"!

from http://www.theregister.co.uk/2008/10/28/cloud_computing_means_storage_consolidation/comments/#c_351569 :

I think all that £1.8 trillion (and counting) lost by the World's financial institutions lived in the monetary equivalent of a cloud. The whole thing proved to be incredibly vulnerable to a "common mode" failure. That is there weren't lots of single, independent, resilient financial systems. There was one massive one connected by means that nobody understood.

The whole "cloud computing" and SOA idea has the same uncomfortable feeling. Which little common flaw, what single component might fail that trashes the whole thing. There's going to be a complx system of interdepencies, on security, on networks, on naming, on service, on versioning. What failure, benign or malicious, technical or commercial could bring the whole thing crashing down. What undetected security breach will mean that all our details end up in some gangster's hands. I don't think I want my personal or financial data held in this piece of doubly figuratively "vapourware", for what else is a cloud made of. The finance industry made a mess out of opaque and abstract services. This could be a way for the IT industry to go the same way.

So yes - for nice for consumer toys, for the little software luxuries and gadgets of computing, for stuff not emeshed in the working of the real economy than mash these things together. Just don't bet your life, or your finances on it. If you want guaranteed security, performance, robustness, accountability and reliability. Well that's a lot of trust to have - a systemic failure could bring down a country, not just a company.

(malware) used car salesmen and computer salesmen

quote: And, as I talked with him, once more I was reminded about the difference between a used car salesman and a computer salesman: the used car salesman knows when he's lying.

from http://blogs.computerworld.com/why_good_people_make_bad_os_choices

(funny,geeks) LOL, as they say

http://article.gmane.org/gmane.linux.kernel/744513

(malware) please guys, be careful out there...

[This is for all my friends and relations whose primary skills are not in the area of information security!]

A few months ago a young security researcher called Dan Kaminsky found a serious problem in the way most DNS servers handle requests. [DNS is analogous to the "telephone" directory of the internet, and a DNS server is your interface to this global "telephone" directory]. Dan Kaminsky showed how a bad guy could fool any DNS server into giving out wrong numbers to your queries, so that when you thought you were logging onto citibank.com you were actually going to some Russian hacker site that mimicked citibank well enough to fool you.

The interesting thing about Dan's discovery was that a medium-term fix was easy -- all it needed was for most major DNS server software to be updated. However, they all had to be updated simultaneously, otherwise, by looking at how the first one was patched, hackers might figure out how to attack the others which were not yet patched.

The wonderful and amazing thing is that he actually managed this feat of co-ordination: all the major vendors of DNS software went into a huddle for six months, fixed their software, and all of them simultaneously released a patch on July 8th, 2008.

Sadly, July 8th is old history in internet time scales.

Now there is a problem that we are being warned about, which says that all web browsers, as well as other software such as Flash (Adobe is involved, so this is a good guess) have a fundamental flaw which cannot be fixed easily. Details are not available, except that you are safe if you block JavaScript by default.

Guys and gals, ladies and gentlemen, if you ever do anything on your browser that requires a password, please do the following:

(1) install Firefox -- http://www.mozilla.com/en-US/firefox/
(2) install NoScript (this is a Firefox "addon") -- https://addons.mozilla.org/en-US/firefox/addon/722

Yes, websites that depend on a lot of Javascript will look different. Enable JavaScript only for sites that you trust. When you open such a site, and things don't look/work as you expect, just click on the NoScript icon in the statusbar (looks like an "S" in a circle) and tell NoScript that you trust this site. That's it.

NoScript has been keeping me immune from many smaller attacks and security holes for years now. This hole is merely the latest and the most frightening, judging by the secrecy and the dire warnings, but even this does not worry me. And it should not worry you too, if you do this.

References:
http://ha.ckers.org/blog/20080915/clickjacking/
http://www.theregister.co.uk/2008/09/16/critical_vulnerability_demo_pulled/

(ivory tower) General abstract nonsense...

Finally, an explanation of why, in attempting to learn Haskell, I couldn't grok monads!

http://en.wikipedia.org/wiki/General_abstract_nonsense

Yes, I know it's not meant to be insulting, but it's too funny to ignore the coincidence of "General Abstract Nonsense" being used to describe concepts in Category Theory, which is where monads come from. And yes, I know that the real explanation is that I'm too stupid (in math at least) to ever be able to manage the level of abstraction required to get it. But hey, I'm smart enough to know how stupid I am -- that's gotta count for something right?

[PS: On a related note, did you know there is something called Pointless Topology? I wonder if they get paid extra for coming up with this sort of stuff ;-)]

(PHB,funny) cleaning up the office...

You may need to read the whole article at http://thedailywtf.com/Articles/Office-Supply-Amnesty.aspx in order to understand the humour in the following comment that was posted in response, at http://thedailywtf.com/Comments/Office-Supply-Amnesty.aspx#217428
:

----- start quote -----

Dear all,

We spend a lot of money each year on managers - a lot of this is
unnecessary expenditure as they spend their time micromanaging
employees to no measurable savings.

Please check the office for any unused managers and dispose of them in
some appropriate way. This exercise should also help to tidy up the
offices which are starting to look trashy in some areas.

Hoping I will get you co-operation in this

Regards,

----- end quote -----