Category: it could be called work

Digital Vandalism Spurs a Call for Oversight

If I’m reading this correctly, public opinion might be moving toward MSFT becoming a government-regulated monopoly (perhaps with their long-prized source code in escrow?). It’s plain that market pressures aren’t having much of an effect . . . .

“There’s a reason this kind of thing doesn’t happen with automobiles,” says Bruce Schneier, chief technical officer at Counterpane Internet Security in Cupertino, Calif. “When Firestone produces a tire with a systemic flaw, they’re liable. When Microsoft produces an operating system with two systemic flaws per week, they’re not liable.”

And I think it’s safe to assume that the difference in the physical nature of the products has a lot to do with it. As far as I can tell, most people spend more time shopping for a car (that they spend a few hours a week in, in most cases) than for a computer (which they might work with 40-50 hours each week). And of course, while a computer’s problems might make your life hell, it’s unlikely you will lose your life while using it.

Most software licenses protect vendors from problems arising from vulnerabilities in their code. That leaves many computer users at the mercy of software makers, particularly Microsoft, whose ubiquitous Windows operating system and e-mail programs serve as the starting point for many demons in cyberspace.

This “ubiquity” is a big part of the problem, since the single decision point for computer shoppers is price, not reliability or quality.

Microsoft concedes that its software needs to be designed better, but it also points to the need for users to help ensure their own security.

“There are three major things every consumer and user of computers needs to do,” Scott Charney, the security chief for Microsoft, said. “One, get antivirus software and keep it up to date. Two, get a fire wall and turn it on. And three, patch your machines.”

All the cars I’ve owned came with seatbelts, turn signals, all basic safety equipment as standard equipment. Each year, some models are recalled for safety risks, but the cost to remedy them is borne by the manufacturer, not the purchaser.

That does not lend much comfort to many computer users.

“Heck, despite being libertarian in nature, I’m all for a government crackdown in this area,” one frustrated Web user wrote in an online discussion about the recent virus attacks. “Obviously most home users are not going to know how to install a fire wall.”

Actually, Zone Alarm is not that hard to install, and it’s free, but why should the average home user be condemned to become a system administrator/hobbyist?

Long Bets [ Predictions ]

“The purpose of the Long Bets Foundation is to improve long-term thinking. Long Bets is a public arena for enjoyably competitive predictions, of interest to society, with philanthropic money at stake. The foundation furnishes the continuity to see even the longest bets through to public resolution. This website provides a forum for discussion about what may be learned from the bets and their eventual outcomes.”

This is an interesting concept: smart people put their money where their mouth is.
Continue reading “long bets: accountable predictions”

The Atlantic | September 2002 | Homeland Insecurity | Mann

Unhappily, biometric measures are often implemented poorly. This past spring three reporters at c’t, a German digital-culture magazine, tested a face-recognition system, an iris scanner, and nine fingerprint readers. All proved easy to outsmart. Even at the highest security setting, Cognitec’s FaceVACS-Logon could be fooled by showing the sensor a short digital movie of someone known to the system—the president of a company, say—on a laptop screen. To beat Panasonic’s Authenticam iris scanner, the German journalists photographed an authorized user, took the photo and created a detailed, life-size image of his eyes, cut out the pupils, and held the image up before their faces like a mask. The scanner read the iris, detected the presence of a human pupil—and accepted the imposture. Many of the fingerprint readers could be tricked simply by breathing on them, reactivating the last user’s fingerprint. Beating the more sophisticated Identix Bio-Touch fingerprint reader required a trip to a hobby shop. The journalists used graphite powder to dust the latent fingerprint—the kind left on glass—of a previous, authorized user; picked up the image on adhesive tape; and pressed the tape on the reader. The Identix reader, too, was fooled. Not all biometric devices are so poorly put together, of course. But all of them fail badly.

This is a great article that shows how easy it is to do security badly. It’s not that hard to do it properly, but you have to understand that the job is never done, and that hard to sell. In these fallen times, we want results, not responsibilities.

In the end, people, paying even a modicum of attention, are what make a difference: people who will call the police if they see someone break into your car, who will notice a suspicious person at the ATM, who can override the inherently flawed system with his own judgment as needed.

See the link here for more.

I just verified that the recovered bike is indeed mine. And while I was there, I managed to learn the name of the “person of interest” who sold the bike to the shop. A couple of minutes of Googling and I learn that a person with that name lives just up the road in Bothell, where I have ridden that very bike many times (the Burke Gilman trail goes through Bothell).

Since the phone listing makes this “person of interest” look respectable — a real address and a spouse’s name suggests stability to me — makes me wonder if the thief didn’t just use someone else’s name.

Or is this otherwise ordinary person the kind of person who frequents bike racks with bolt cutters?

More details as they become available.

MacMerc.com: BuyMusic blocks Mac, but we have a hack

BuyMusic.com (the site that ripped off the apple store), just started to block all Mac users. I don’t know about you, but I can’t stand when I can’t see something (not that I want to, it’s just the concept). Here’s what you do if you want to be able to view the site in Safari.

Open the terminal and copy/paste:

defaults write com.apple.Safari IncludeDebugMenu 1


If Safari is open, quit it and restart. Otherwise just open it up. Now look at the menu bar at the top right. It should read “debug”, and you’re right if you think it’s new. Click it and go down to “User Agent” and then hit Windows MSIE 6. That’s it. Go check out those crazy cats at BuyMusic!

I find I’m gradually shedding Movable Type plugins. I never got the Blogshares plugin to work properly, so I gave up on it. I had to remove the WayPath plugin: my machine is so underpowered it could never complete a rebuild of new pages, so publishing was blocked. I’m shopping for some RAM to alleviate that problem. And then the other day, the Technorati plugin started barfing on something, so out it came.

The Backlinks cgi is too simple *not* to work, so it wil stay for now.

Technology at Harvard Law: RSS 2.0 Specification moves to Berkman

On July 15, 2003, UserLand Software transferred ownership of its RSS 2.0 specification to the Berkman Center for Internet & Society at Harvard Law School. UserLand is a leading developer of tools that produce and consume RSS, and originator of the RSS 2.0 specification.

Sometimes the best way to ensure an idea survives is to stop controlling it . . . . will having Dave’s involvement limited to being on the advisory board make a difference? We’ll have to wait and see.

The recent loss of my bike has me thinking. What if there were a LoJack for bikes? The LoJack’s promise is that if your vehicle is stolen, a transmitter alerts police to the whereabouts of the stolen vehicle before it can be chopped up or damaged.

Given the size of electronic components today (there’s a GPS module for my cell phone, for example) here’s what I envision.

In the seat tube, a cylindrical case contains one of two options, perhaps both if they’re not too hard to do. One is a tamper or movement warning. When the bike is locked up, the owner uses a keyring transceiver to activate a motion sensor. The bike from that time cannot be moved without either sounding an alarm — useful if there are people about to deter a thief — or send an “I’ve been moved” signal to the owner.

The second option would be a LoJack-style tracking system that would send GPS coordinates to the authorities, to be monitored as soon as a bike is reported missing or stolen.

As I checked the LoJack website for a refresher on how their system works, I see they’re already working on this, but just for cars.

Introducing the LoJack Early Warning Recovery System. The auto security system that lets you know if your vehicle has been moved without your permission.

* It provides an added layer of protection on top of the LoJack Stolen Vehicle Recovery System to give you peace-of-mind.
* It enables the police to track and recover your stolen vehicle sooner.
* You carry a personal LoJack Early Warning Key Pass that sends a signal to the LoJack Early Warning Recovery System confirming that you are an authorized driver.
* It alerts you to check on your vehicle no matter where you are- at work or traveling.
* You choose how you want to be contacted – phone, e-mail or alpha pager.
* If you confirm your vehicle has been stolen, you contact the police and they will activate LoJack.

Given that the units for cars are the size of a deck of cards, it doesn’t seem impossible or unreasonable to think this would be useful for bikes, motorcycles, scooters, etc.

Update Oct 5, 2012: This is an excellent proof of concept. Interesting to see how primitive the technology was 9 years ago, to say nothing of my understanding of it. Now in the days of Raspberry Pi and BeagleBone and FitBit, I imagine a seat-tube mounted locating system would be simple. Sure, these things can be defeated but as with car prowling and pickpocketing, it’s all about getting away undetected. If that bike you just boosted lets out a howl 120 dB howl while it radios its location and course to the owner and the local PD (via Twitter, even), maybe you just drop it and exit the way you came in — on foot.

Update 2, April 8, 2013: this kickstarter project looks a lot what I wished for 10 years ago. I’m not saying they cribbed my idea, I’m more pleased that something like it is actually happening.

MacMegasite – More new Panther features

The address book now lets you customize which fields appear on the card. You can also define relationships between contacts such as friend, assistant, manager, etc.

This was a feature in the Newton OS that I always liked.You could define a contact as an affiliate of another, similar to this feature. Much as I mourn the Newton’s demise, I’m glad to see the best of it survive.

MacMegasite – AOL officially kills Netscape

AOL has cut or will cut the remaining team working on Mozilla in a mass firing and are dismantling what was left of Netscape (they’ve even pulled the logos off the buildings). Some will remain working on Mozilla during the transition, and will move to other jobs within AOL.

Wired News: Mozilla Wants to Rumble With IE

“AOL doesn’t really seem to have a motive for supporting Mozilla and Netscape anymore,” said Jeff Howden, a Web applications developer and founder of evolt.org, a group of Web developers who have followed the browser wars over the years.

Regardless of how many new features Mozilla offers, most consumers are unlikely to switch from Internet Explorer, noted Howden. “Users will use what is on their computer already,” he said. “If they want pop-up blocking, they’re more likely to download a program for it or a plug-in for IE that does it rather than download an entirely new browser.”

“Mozilla won’t win with the general public by having a superior feature set,” he added. “It won’t win by rendering faster or being more standards-compliant. Heck, IE didn’t do any of those things to get where it is today. It’s on top because it’s on every desktop.”

Despite such skepticism, Baker and the team at the Mozilla Foundation say they are ready for a fight. “We’ve got the better browser,” said Baker. “And that’s what really matters.”