Category: Geek

Posted on

Yr Bugged

What’s more frightening? The fact that the FBI can install software on your cell phone that will turn it into a microphone capable of picking up conversations in the vicinity even when it’s turned off, or that a journalist can be jailed for refusing to turn over videotapes to the FBI?

“Does a democracy allow me to be a journalist? . . . By engaging in such pursuits should I become indebted to the government and forced to act as a de facto agent for the FBI? Is this the cost of committing journalism in a democratic country? I certainly hope not.”

This is not conspiracy theory stuff. This is happening. Wake up, Alice!

via MiniMediaGuy

Music: Dead Meadow :: Dragonfly
Posted on

On Simplicity

“Simplicity” has been a popular buzzword this year. Everyone complains about bloatware, and points to the success of the iPod and web applications from 37signals as evidence of a backlash toward a “less is more” development style. The usual argument is that the 80/20 rule pertains — 80% of users only use 20% of the features. Trouble is, people don’t use the same 20%, which means that everyone still wants something different out of the same piece of software. Which is why feature sets look like this. Dylan Tweney has been searching for the perfect, slimmed down mailing list system for his Daily Haiku, and is face-to-face with the dilemma. Joel on Software says simplicity is a false idol, and that in the end, what people really want are the features they personally will use. And giving most users what they want means successful software includes a lot of features most users will never use. I think the real challenge for successful software is not to be simple, but to appear simple.

Music: Trifactor :: San San For Kasan
Posted on

SuperDuper!

All of my old rsync scripts still work fine, but have thinking lately about altering our home backup strategy. Backing up just user data is well and good, but restoring a fresh system and applications in the event of a total failure would take half a day.

Hearing good things about SuperDuper! for a while now — a system that puts OS X’s native disk imaging capabilities to full use. When backup starts, a “sparseimage” (a grow-able disk image) is mounted, and any changes to the filesystem since last backup are written into it. Make it a bootable sparseimage and you can move it anywhere and boot from it. A complete restore to any volume can be made from it with Apple’s Disk Utility. Or you can mount the image normally and drag files out of it to restore individual bits.

Creating the initial image took most of the day (which is fine – I was busy grouting and caulking and refinishing a door), but subsequent updates should be relatively quick. The biggest downside I can see is that I’ll lose my rolling 30-day incremental rotation system. But that’s also an upside in disguise, since tracking incrementals consumes gobs of space when a family member uses Entourage, which stores everything in one giant database. Receive a single new message in a week and rsync wants to create another copy of the whole gob. SuperDuper will put an end to that nonsense.

I’m liking this, but not 100% sold on the imaging approach just yet. What are your fave OS X backup solutions?

Music: Chris Webster & Anthony Costello :: Om Tara
Posted on

The Great Dutch Firewall

ComputerWorld reports that spam security firm Postini “spotted 7 billion spam e-mails in November, up from 2.5 billion in June.” And 80% of it is apparently being generated by 200 criminal gangs worldwide. But that’s not the part I found most interesting. Despite common wisdom that anti-spam legislation can’t work, evidence to the contrary:

She pointed to the Netherlands as an example of how the current legal regime can be used to cut spam. Holland’s spam-busting unit, known by the initials OPTA, has just five full-time staff and $747,000 worth of equipment, but it has succeeded in cutting spam by 85 percent … Finland was also singled out for praise. A filtering system there has cut the amount of spam to 30 percent of all e-mail, from 80 percent two years ago.

Of course there’s more to this than mere laws, which have no teeth against untrackable crime rings. To make that kind of dent, you basically need to firewall a country — to encircle it with spam filtering hardware. And that kind of government intervention in the “free” internet sounds spookily similar to the Great Firewall of China. Kind of the difference between a benevolent dictator and fascism, I suppose. I might be inclined to go with the benevolent dictator in this case.

Music: Beck :: Broken Drum

Technorati Tags:

Posted on

Auto-Save on the Read/Write Web

Just had what I thought was going to be a miserable experience: Had typed a lengthy response to a blog posting but was not quite finished. In the background, the Microsoft Office updater popped up, so I accepted its recommendation to update. Entered my password and it responded with “Looking for programs to update.” Spinning pinwheel of death. But not just for the updater — the entire system was locked. Could not force quit anything, could not even ssh in to kill the process. 10th Avenue Freeze-Out.

Finally accepted that my response-in-progress was lost for good and hard-booted the machine. When it came back up, Firefox asked whether I wanted to restore the previous session. Said yes, and up came all previously open tabs, including the site I had been typing the lengthy comment into, with — yow! — all of my unsaved words totally intact in the comment field, ready to resume. After a hard boot. Auto-save comes to the read/write web.

So here’s my Thanksgiving geek shout-out to everyone who has ever contributed to the Firefox codebase. You guys rock.

Music: The Beach Boys :: I Just Wasn’t Made For These Times

Technorati Tags: ,

Posted on

Interface of a Cheeseburger

Information Architects Japan: The Interface of a Cheeseburger, on how Interface = Brand. On how you can have a bad, ugly product and still be successful if you have a great UI. On why the iPod’s logo is on the back of the device, not the front.

The cheeseburger has the easiest food interface one could think of. No forks, no knives, no spoons, no plates, no chopsticks. Like a sandwich, but softer and sweeter and above all: Standardized. No alarms and no surprises when eating a cheeseburger. Almost as simple as “the only intuitive interface” – the nipple. Sandwiches can be complicated at times.

Music: Tom Waits :: Altar Boy
Posted on

Botnets on the Rampage

“There has been a 67 percent increase in overall spam volume and a 500 percent increase in image spam since Aug. 2006.”

Botnet Illuminating (but seriously depressing) series of articles at eWEEK on botnets — arrays of 0wnz0r3d Windows computers assembled under the control of sophisticated “bot herders,” silently pumping every orifice of the interweb full of spam in all its forms. The virus that makes a machine part of a botnet does not cause harm to its host – like all successful viruses, it wants to assure its own survival. Amazingly, the latest generation of botnet software even installs antivirus software (a pirated copy of Kaspersky Anti-Virus, to be specific) to eradicate competing malware, so it can have the full resources of the infected host to itself.

For a while, it looked like botnet activity was shrinking, but lately it’s seen a huge uptick. vnunet reports that a million-bot botnet is quietly being assembled around the world, and that we’ll soon see an even more massive onslaught of phishing and spam attacks.

The sophistication of these systems is amazing — the botnets even come with their own self-contained DNS system. “This allows a bot herder to dynamically change IP addresses without changing a DNS record or the hosting—and constant moving around—of phishing Web sites on bot computers.”

So can’t botnet hunters just focus on nailing the central command and control machines? Nope – that’s the “beauty” of using a peer-to-peer model:

Control is still maintained by a central server, but in case the control server is shut down, the spammer can update the rest of the peers with the location of a new control server, as long as he/she controls at least one peer.

One of the many factors that makes fighting back so hard is that infected bots expect incoming commands to be digitally signed. Commands from the bot herders to members of the botnet are securely encrypted, and virtually impossible to decipher or reverse-engineer.

The sophistication of modern spammers is impressive on so many levels. Image spam (e.g. Viagra ads that appear as graphics rather than text) has been especially vexing lately, as it seems to elude all filters. Since almost all anti-spam mechanisms — even collaborative ones like Akismet — rely to some extent on the ability to deduce unique “signatures” from a message, every single image sent by machines on a botnet has slightly different dimensions and characteristics, making it nearly impossible to nail down. I’ve even noticed random graphical noise splattered in the background of image spam lately – which prevents any two images from producing identical signatures.

I think I was wrong when I said recently that my IP firewalling script was becoming less effective because spammers had learned to spoof IPs. I believe now that the problem is that the botnets are so widely distributed that the same IPs don’t come up with enough repetition to be useful. Rather than spam spewing from a volcano somewhere in the Ukraine for a few days, it’s now more like a steady mist that suffuses the atmosphere – an endless acid rain emanating from everywhere at once.

What amazes me is that articles like this never seem to point out the obvious: The botnets are comprised entirely of Windows machines. There are currently approximately 5.7 million infected Windows computers out there, ready and able to join a botnet at any time. If I were the sysadmin of a Windows network, this would be significant information to me. It’s not that OS X or Linux are theoretically incapable of this kind of takeover, but the plain reality is that it doesn’t happen. And yet, articles like this never make a recommendation that admins consider a platform shift. Why?

Sadly, experts are starting to feel hopeless about their prospects of staying in front of the game.

We’ve known about [the threat from] botnets for a few years, but we’re only now figuring out how they really work, and I’m afraid we might be two to three years behind in terms of response mechanisms,” said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va.

Amazon is having serious issues with spam, as is del.icio.us. Of course one would expect large services to be constantly hammered with spam, but if the largest and best-funded commercial entities on the web can’t keep spam off their public doorsteps, you know things are getting serious out there.

It’s becoming increasingly popular for admins to block entire nations, either at the apache or at the firewall level. I’ve been tempted to do the same myself, but haven’t. Yet.

All of this applies to the interactive aspect of the web as much as it does to email. I deal with it on wikis, discussion boards, blogs, and apache logs (referrer spam). In recent months, I’ve seen them stuffing personal contact forms, and even the public jobs database at the j-school (which is absurd, since no job ever gets published without human review, but that doesn’t stop them from trying). Amidst all the Web 2.0 talk of participatory journalism, the wisdom of crowds, the read/write web, and two-way communication, it’s those very features that are being exploited by spammers and the massive botnets.

I worry that the openness that made the internet possible will ultimately become the sword upon which it impales itself. I see a future where everything is so locked down that all of the fun participatory stuff becomes impossibly difficult. I worry that someday email will only be feasible with whitelisting, that registration with identity verification will be required for all participatory web features, and that the concept of anonymity will ultimately become untenable.

Compare the atmosphere of the internet to the ecology of the earth. It took us millions of years to get to industrial civilization, then just a few decades to pollute our environment to the brink of sustainability. I worry that the internet is following a similar course – 30 years to become mainstream and five years to become so polluted it’s unusable.

Thanks Mal

Technorati Tags: ,

Posted on

Web OS

The process of getting images out of your camera and onto Flickr is completely different from the process of getting your videos onto YouTube. How do you decide what to store at MySpace or Friendster and what to store on the personal web space provided by your ISP? For many users, these are difficult decisions and even harder tasks – huge barriers to entry for big chunks of the population. David Kushner for Spectrum: “The mess of the Web, in other words, leaves you trapped in one big tangle of actions, service providers, and applications.”

IEEE Spectrum profiles Firefox creator Blake Ross, and describes his latest project, an open source, web-based, personal and/or shared desktop called Parakey, which aims to provide a unified desktop on the web — one that other people can visit, and one that lets you decide what content to share and what to keep private. Parakey will communicate with your home computer, keeping all the right stuff in sync. One step closer to that holy grail of an entire Web-based OS.

Right now, the Parakey front door is devoid of content or clues. But if Parakey take-up turns out to be anything like Firefox adoption (“People are switching to Firefox at the rate of 7 million per month”) things are going to get interesting.

Music: Culture :: Two Sevens Clash