Monday, February 26, 2007

Vigilante Hacker's Evidence Puts Judge Behind Bars - Technology News by InformationWeek

Read the story, but here's a short summary: A judge in Cali was sentenced for possession of child pornography.  The prime mover in this case was a hacker who let loose a Trojan on the judge's computers and found the evidence that was used to garner the guilty plea.

I'm not sure whether to be scared or not here.  Vigilantes with time on their hands, an axe to grind, and some coding skills rooting around in my machine for contraband?  While I agree that the hacker was not acting on behalf of the government and therefore did not violate the Fourth Amendment, that line can get really blurry really quick.  Let's say the evidence found pointed to a victimless crime (drug usage, prostitution, etc), something that is defined as illegal, but has no victim other than the amorphous "society".  At what point can any hacker-vigilante say he's not an agent of the government?  If you drink the government Kool-Aid, decide to be a vigilante P-I, and follow only your muse to the criminals that turn you on, the only thing missing from a Fourth Amendment violation is a prior government blessing.

And by not prosecuting the hacker (they've already found and ID'd him - Brian Willman in Canada), they're setting a very bad precedent.  As mentioned in the article, the tacit approval given opens the door for anyone to do the same thing for any reason as long as the evidence found leads to a conviction.  And while a U.S. Attorney has admonished people with a variation of "Don't try this at home, kids", that carries zero weight - we've already erased the old line and now have to figure out where to draw it again.  Until the new line is drawn, there will be people trying to push it further and further away from due process and privacy concerns, and closer to a Machiavellian "ends-justifies-the-means" interpretation of illegal activity.

Brad Willman, the hacker in this case, needs to be brought up on charges - let him argue and negotiate and plea-bargain, but he needs to be charged go through the process he set the judge up for.  We go after hackers and pirates in other countries all the time - why can't we go to Canada to get this guy?  And no, I don't care that he did us all a service (I agree he did, but that's no the point) - the next guy caught in this kind of net may be only a political subversive, or maybe just unpopular.  Why does Willman get to decide who has fingers pointed at them?

And in case you're still on the fence, pose the question differently - what if Willman had broken into your home, rummaged around while you weren't home looking for "contraband", and then setup hidden cameras so he could do so whenever he wanted to?  His Trojan did exactly that in the judge's computer.  Now ask yourself if you want your busy-body neighbor to be able to do the same, and it's all OK as long as they find something to charge you with.

OK, now I'm scared.

Link to Vigilante Hacker's Evidence Puts Judge Behind Bars - Technology News by InformationWeek

Thursday, February 22, 2007

Software patents

I hate software patents.

Ever since I read about some company owning a patent on XORing a cursor on and off the screen, I've been a software patent hater.  Software copyrighting - no problems, no issues.  Software patents - nothing but big paychecks for lawyers with more vocabulary than sense.

So, with a disdain for software patents in mind, head to Betanews to read the latest on Microsoft v. AT&T - apparently, lawyers are trying to get the Supreme Court to say that electrons are patentable.  The Supremes blaked at patenting photons, though...

Gut reaction?  MS got caught with their hands in the cookie jar, and is now trying to redefine "hands" and "cookie jar".  I wonder what the backlash will be - if MS wins, then sending copies of Vista CD's overseas won't be a license violation.  I'm not sure what MS is trying to win here, but they better be careful what they wish for.

My one wish is that the Supremes do tackle the issue of whether software in patentable.  Of course, given their track record the past few years, they may find patents are legal, and that the whole of the American population is in violation and owes fines to AT&T.

UPDATE: More on this case from ZDNet. tags: , ,

Wednesday, February 21, 2007

All good things...

...must come to an end.  And even some not so good things, to think about it.

Anyway, what's coming to an end?  Easy - support for old software, of course!  In this case, the old software is Windows XP Embedded with Service Pack 1, also called XPE SP1.  When is also easy - April 10, 2007 (that's Patch Tuesday in April, for those of you keeping score at home).  What this means is that the April Embedded Security Update Rollup CD will be the last one to contain any SP1 specific updates.

Full details can be found on the Embedded Team Blog, as well as the Mobile and Embedded Communications Extranet (also called the ECE).  Details on MS Lifecycle Policy can be found on, oddly enough, this Microsoft web page.

Thursday, February 08, 2007

Why I don't read newspapers

Especially the New York Times.

Oh don't get me wrong - not all papers are crap, and the NYT isn't completely crap.  But as anyone can tell you, even a little crap is very noticable, even if you pretty it up with flowers and perfume...

Case in point: Edward Rothstein's article on Windows Vista.  Rothstein comes across as an "important art critic", a title I define as being a pretentious fool without being cluttered with actual artistic talent - someone who's made a living of not knowing what they like, but knowing "art".  And when he set his sights on Windows Vista, he let loose with so much metaphor and purple prose that I needed a full gallon of insulin to prevent me from entering diabetic shock.  (in fact, the only useful biographical info I can find on him is at Wikipedia, and it appears, as a composer, he some artistic talent - I stand corrected)

Rothstein waxes on semi-poetically about the cultural history of Microsoft, the "nightmare" of building his own PC and the "primitiveness" of current technology, but then seems to recover to praise the magic of alpha blending and 3D graphics hardware.  All in all, his pretentiousness, the superiority of his chosen naivete, the sheer unadulterated smell of his well articulated, artistically educated bullshit was too much.

At one point, he likens the craft of building a PC to that of old hot rodders, which is actually a good analogy - I don't hot rod, but I build models, and appreciate the work that goes into a real hot rod.  But he loses touch with reality when he says how hot rodders could take apart an engine to find out how it works, but modern PC builders can't do the same with circuit boards.  What a crock - it's called "digital electronics", Edward, and if I can't pry open the chip to see the traces, I can certainly look up specs and pinouts on the web or in books and figure it out myself.

To add to this thought, just because the less-than-easy to find options for customizing a PC are in the realms of overclocking doesn't mean that's what you're limited to - not every computer runs or has to run Vista, or Linux, or even Mac OS.  Head to your local Radio Shack and pick up a breadboard, some components, wires, and a CPU (Motorola still makes them for hobbyists).  Given some time and some know how, you can build your own computer, no more or less valid than anything you can buy from Dell.  It won't run Vista, but neither does your automobile, and it's got a computer in it, with an OS and various programs.

The more I read of this article, the less I thought of Rothstein and the people who read him.  His comments and ideas and bullshit add as much to the science of computers as my dissertation on the construction techniques of a pipe organ would add to the appreciation of Bach's organ cantatas.  It's mental masturbation, and the fact that he gets paid to spin mental circles, and people buy into him and his self-serving ideas, just goes to show how pervasive the need for religion - any religion - is.

Wednesday, February 07, 2007

Security Problems - It's Not Just for Windows Anymore!

A recent study from the University of Maryland showed that four Linux boxes, left alone for 24 hours and sporting weak passwords, were the victims of some 270,000 compromise attempts, roughly one every 39 seconds.  There are some interesting stats in the article, like what accounts were tried the most (root won, duh), what passwords were tried the most (the account name won with 43% there), and what people did once they were in (check configs, change passwords, DL files, run apps, etc).

I reported on a similar study in June 2005, but the focus there was on Windows XP SP2.  That story reported an average 34 minutes to worm infection for a random machine on the internet - the 825 successful attacks reported above over a 24 hour period represent a successfult attack every 1.7 minutes, well below the average from 18 months ago, and well below the average lifespan (4 minutes) of a Windows XP box.

Tuesday, February 06, 2007

Where to find the info you need?

People who know me, and people who have read the past few entries, know that while I drink the Microsoft Kool-Aid, I also quench my thirst at other water fountains.  One of those, for quite a while, was Palm - I owned a Palm IIIc as well as a Handspring Visor.  In fact, with the VisorPhone add-on, my Visor was my cell-phone for a while - show me a Pocket PC (not a Windows Mobile smart phone, a Pocket PC) that has a single add-on piece of hardware that turns it into a smart phone.  Didn't think so...

Anyway, I had and used Palm devices, and wanted to code for them.  After some searching, I found the resources I needed to do it - all free, all open source, all tricky to configure.  Oh, sure, I could have forked over the big buck for Code Warrior, but as you may have figured out, I'm a fan of free software and open source - why pay for something when, with some study, know-how, research, and a little configurarion, I can get for free myself?

Of course, there is no end of information on the web on how to program - right now, I can put my hands on 3D gaming tutorials, data-driven web site development, source control concepts, even how to run GIMP.  So, I found some sites on programming for the Palm, downloaded the tools I needed, even found a 300+ page PDF file called the Palm OS Programmer's Companion.  But none of it was enough - I needed something that wasn't tied to the screen I was trying to code on - I needed a book.

Yes, I'm a book junkie - even better, I'm a book collector.  I've got a modest library, say no more than 500-600 volumes, ranging from classics (Twain and Dickens) to sci-fi (Heinlein, Asimov, Dan Simmons, and Robert J. Sawyer) to history to technology.  Yes, I buy technology books, even though I know they're out of date the minute they're printed.  However, I have an out - I buy a lot of them, and sell the old ones at Half Price Books here in Seattle.

So, I not only found a few books on Palm programming at Half Price, but I sold them there last night (no, I don't do Palm programming anymore - I don't program Apple ][e computers anymore.  I've got my limits - go figure).  I threw in an old VC 6.0 book as well, and my wife had two older Atkin's books - five big heavy books.  They gave us <insert drum roll>: US$3.00 and a 10% off coupon.  That went towards buying O'Reilly's Learning GNU Emacs for only $8 (less with the coupon and tax).  Retail from O'Reilly?  US$39.95.  And before you say anything: yes, I know there are free web resources all a bout Emacs I can use.  What can I say?

I'm a book junkie.  What are you?

Friday, February 02, 2007

What's Interesting?

I was reading Slashdot today (actually, I have it on an RSS feed in Klipfolio, so I read only what looks interesting), when I noticed what appeared to be a duplicate headline:

Ocean Planets on the Brink of Detection

I perused the description, and noticed a reference to PhysOrg, another newsfeed I have in Klipfolio.  I had seen that same headline this morning when I was going over my feeds.

Now, for those of you out of the loop, Slashdot is a user-supported blog - you find interesting stuff, send to CowboyNeal, and if it's good, he'll post it for everyone else to comment on.  I had seen this same story this morning, so I could have forwarded it on the CowboyNeal, but didn't.  Why not?

I didn't think it was interesting.

I've sent stuff to Slashdot before - never had it published.  Apparently, no one else thinks my stuff is interesting.

So, why is some stuff interesting and other stuff not?  What makes for an interesting choice of subject matter?  Or to put more ego into it, perhaps the reason no one reads my blogs is because they're not interesting (the blog entries, not the people...)

Like it matters in a blog - there is no forced consumption here, so read if you want, but for me it's an interesting philosophical question...

Thursday, February 01, 2007

The App Compat War

You know, there's a bit of a scuffle going on about Vista needing a good graphics card - apparently, Intel doesn't like the fact that nVidia chips are now more important to Joe Average-Windows-User.  I personally don't mind - more memory and a better video card were in the works for me anyway (Blender bogged XP down something fierce, and I wanted better graphics for Dungeon Siege and Neverwinter Nights anyway).  Seriously, if you want to bitch, bitch about app compatibility.

I've got a box at home that runs a non-MS operating system on it - yes, it's Linux, specifically Fedora Core 6.  What can I say - I'm a Unix guy from way back in college, and I'm a computer hobbyist.  This machine sits in my office along with the main XP machine, my W2K3 server, cable modem, and wireless router - only the XP machine is headed.  I RDP into the W2K3 box, and the router has an HTML interface I can hit from anywhere on the homenet - that leaves my Linux box.  I use Cygwin/X and XDMCP to connect to it from the XP machine.  But, if my wife is using the XP machine, that means I have to use my Vista laptop instead.  And here's where the trouble is...

Cygwin doesn't like Vista - or is it the other way around?  Anyway, bash won't run on Vista under Cygwin, and XDMCP just hangs there - apparently, the X Server won't start under Vista.  And it's not just Cygwin - I tried Xming as well, which is a lighter version of the same X11 server, and it doesn't nothing either (at least it's more responsive to close requests.

On a more virtual level, I ran the Vista Upgrade Advisor on my home machine - the HW is all good, but I got a bunch of software compatibility warnings.  To be fair, I get many of the same warnings on my work machine, but it's still worrying - it took me a week or so to get my laptop setup with Vista, and that doesn't count all the HW issues (it's a Toshiba Tecra M4 Tablet - requires a new BIOS and I had to wait for updated drivers for a few things to work right).  The laptop works wonderfully now, but my wife will have a fit if it takes me a week to get everything setup so she can read email and play her games again.  I'll keep you posted on the results...

I guess the practical upshot is: Don't sweat the new hardware.  Sweat the multiple downloads and the long hunt for updated drivers and software you'll be doing.  Adding memory and a PCI/X video card are cake in comparison.