Tag: Geek Stuff

Large Hadron Collider Begins Experimentation

Good news for your science folks and bad news for your conspiracy folks, the Large Hadron Collider has experimentation. There isn’t much I can say about this thing since I don’t understand most of the principals behind it nor what it hopes to accomplish. But unlike most people who don’t understand a technology I don’t see this thing causing the end of the civilization/Earth/Sol System/Milky Way/Universe/Multiverse. I just think it’s cool that after all these years and failures the damned this is actually running.

LET THE SCIENCING BEGIN!

Interesting Windows Security Issue

Note that I didn’t say security hole nor security flaw, that was intentional. The nerd part of my brain has been working in overdrive as of late which means I’ve been looking into geeky things. One thing that always intrigues me is the field of security. Well I found the following story on Wired that talks about a security issue in SSL/TLS (The security mechanisms used prominently by web browsers to secure web pages). The article leads to a “no duh” paper that shows how government entities can use their power to subvert SSL/TLS security by cohering certificate authorities into issuing valid certificates (Anybody who knows how SSL/TLS work already knew this was a possibility).

The part that interested me most was an exert from one of the sited sources in the paper. See back in the day there was some kerfuffle over the fact that Microsoft included a couple hundred trusted root certificates in their operating system. Root certificates are what ultimately get used to validate a certificate issued to a website. Thus root certificates are the ultimate “authority” in determine if a website you are visiting is valid or not. The more root certificates you have the large the possibility of a malicious certificate being certified as trusted (Statistically speaking of course. This assumes that with more root certificates the possibility of one of those root certificate “authorities” being corruptible increases). Anyways Microsoft eventually trimmed down the number of root certificates included in their operating system. But they didn’t actually cut down the number of certificates because according to their own developer documentation:

Root certificates are updated on Windows Vista automatically. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate. If it finds it, it downloads it to the system. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

Microsoft just pulled a security theater here. They didn’t cut down the number of trusted certificates, they just moved them somewhere people wouldn’t see them. If you connect to a web page that has a certificate that can’t be validated against a root certificate Windows will automatically go out to Microsoft’s servers and see if a root certificate there will validate the web site’s certificate. If one of those root certificates will validate the web site certificate it is downloaded onto your machine automatically and the site is listed as trusted. In essence Windows trusts more root certificates than it lets on.

So what does this mean? Well it means the window for having corrupted root certificate authorities is larger. With the exception of Firefox all major web browsers depend on the underlying operating system’s root certificate store to validate web pages (Firefox actually ships with it’s trusted root certificates and uses it’s own store as opposed to the underlying operating system’s). This also gives two potential locations to place a malicious root certificate. If an attacker was able to gain access to Microsoft’s online root certificate store and upload their own root certificate any SSL/TLS page they created using that root certificate for validation would show as trusted in all versions of Windows (Firefox still would show the site as untrusted). Granted the window for this attack would be small as Microsoft would most likely find it almost immediately and remove it. Likewise the likelihood of such an attack occurring a very small considering the short time frame it would be valid for. But it’s interesting thing to ponder regardless. Additionally the same attack could create a binary of Firefox with the same malicious root certificate included and make it available for download causing the same problem for Firefox users.

No matter what operating system or browser you use the validity of SSL/TLS connections eventually requires that you trust somebody (Which goes against the trust no one security motto). The question here is who are you willing to trust. Only you can determine that but knowing how a security system works and how it’s implemented are important in making that decision. Anyways I just thought that was interesting.

The Weak Link in Computer Security

People often talk about the inherit lack of security in Microsoft Windows and Internet Explorer. Very seldom does anybody talk about the weakest link in computer security, the users. In the latest Pwn2Own contest, a contest where participants attempt to break into various computers to win them, 64-bit Windows 7, Mac OS X, and even the iPhone all fell. But there was a common theme running here, none of the systems feel to a direct attack.

All the hacked systems were broken into via exploits in their web browsers. Internet Explorer 8 and Firefox 3.6.2 were used to break into the 64-bit Windows 7 systems while Safari was used to break into both Mac OS X and the iPhone. Each browser was broken into by crafting a malicious web page and have the users of the system navigate to it.

But once again none of the systems at this contest were broken into without the need for human interaction. This brings up the fact that human beings are now the main component being attacked (Granted it’s been like this since the dawn of computers). The only way to protect yourself is through education. Do not click on random links that people send you regardless if you known them or not. It’s a simple thing to learn really but the motto in security is trust no one and you should follow that slogan when on a computer.

Dear Microsoft Please Copy Good Features And Ignore Bad Ones

I mentioned earlier this week that Microsoft was eliminating multi-tasking from Windows Phone 7 Series Ultimate Extreme Wordy Name That Makes No Sense. Well the guys over at Engadget have audio recorded proof of no multi-tasking and better yet no copy and paste. It seems Microsoft’s whole idea behind their new phone operating system with a horrible name was to copy everything bad Apple did with the iPhone.

I know I’m a niche users in that I want a phone that allows me to listen to music, download a file from a website, have an open SSH connection to another system, and have an application monitoring wireless traffic but come on. Now Microsoft will allow their own software to multi-task on the device much like Apple allows their included software to multi-task. But lowly third party developers will not be granted such permission from Microsoft.

When did people decide that their smartphones need to be less powerful? Even my Palm Treo 755p can do some basic multi-tasking and Palm OS isn’t even officially capable of multi-tasking. But that’s fine with me since Palm OS was developed back in the day when multi-tasking wasn’t feasible due to the lack of power in handheld devices (The first Palm Pilot had a 16Mhz processor and 128 KB of RAM which was used to both run applications and store them). But phones today have plenty of power on board. WebOS shows multi-tasking on a phone isn’t difficult nor impossible. Android can multi-task as can a Blackberry. We should be looking for more power and functionality in our devices not less.

Also is copy and paste really that difficult? Seriously my Palm OS based PDAs could do that! Even the iPhone can do it now. There are plenty of times where I want to copy an exert from a web page and paste it into a document elsewhere.

Why is it these new fancy phones have less capabilities than my phone released almost three years ago that is based on an operating system (Palm OS 5) released almost eight years ago?

My View of The FCC National Broadband Plan

There has been a lot of talk in the tech community as of late about the FCC’s recent National Broadband Plan. People who don’t understand how government and taxes work are proclaiming this as a great idea since it means FREE INTERNETZ!!!!!!!!!111oneonetwo OMG!!. That’s now how things work. In fact the FCC’s plan also includes a plan for an additional tax.

No thanks. I’m more than happy to give the money that would go to paying even more taxes to a private entity who has a reason for keeping me happy (That being my money.). Economics 101 states you can’t get something for nothing (Unless you are challenge at math and actually believe in Keynesian economics.). When the government provides a service they pay for it with your tax money. Look at the breakdown of your pay check next time. Notice your gross pay is MUCH higher than your actual take home pay? Yeah that’s all tax money taken by your federal and state government to pay for fuck ups services like social security and medicare.

This situation is far more dangerous when it involves free and open communications that the Internet provides. Government is not benevolent, it does not have your best interests in mind. Government is made up by people with power and power corrupts. A private company can not compete with government programs because unlike a company a government doesn’t have to actually make money to continue existing (Look at our deficit.). The scary thing with government provided broadband (Which this National Broadband Plan would eventually turn into.) is it would most likely shut down broadband provided by private industry. At that point our Internet access, like China’s, becomes the whim of our government. This is where censorship and filtering start coming into play ladies and gentlemen.

People shouldn’t be clamoring for free* government provided Internet. Government can’t manage money. Show me a single government program that has succeeded monetarily. Instead people should be demanding the government stay as far away from Internet access as possible. We don’t need to deal with what China has and Australia is getting.

A private company has a reason to ensure its customers are happy, money. You can simply refuse to pay a company money if you don’t like their service. On the other hand you can not simply refuse to pay taxes if you don’t like the government’s service. I wish people would think about that part for a moment before trying to get free* Internet access (Which the FCC plan won’t even initially provide, they call it “affordable” so it’ll probably be a subsidized item.).

* Free until you notice your take home pay becomes even less.

Kindle Reader Software for Mac Available

For those of you with a Kindle Amazon just released their reader software for Mac OS. This software allows you to read books purchased on the Kindle store on your laptop. I find the reason to get a Kindle and thus purchase books on the Kindle store is because of the glorious e-ink display. But I have begun wanting the ability to read some technical books on my computer screen. This should solve that niche need pretty well.

Imitation is The Sincerest Form of Flattery

That’s always been Microsoft’s policy. Unfortunately the parts Microsoft usually imitate are the parts that suck. Take for instance Windows Series 7 Phone 7 Series Phone Phone Series 7 Phone 7 Series. Microsoft it taking some queues from Apple but they’re the bad ones.

Apparently Windows Phone 7 Series will not allow multi-tasking, installation of application not provided by Microsoft’s market place, and will not accept removable storage. These have always been the weak points of Apple’s iPhone in my opinion. I like being able to multi-task. Sure it can drain battery life but hey I’ll deal with that to gain added functionality. So it still looks like I’ll be moving to WebOS or Android when I decide to change out my phone.

End Of An Era

Well I knew this day would come eventually but alas it’s still rather sad. I received the following e-mail today:

Dear Developers,

For more than a year, Palm’s primary focus has been on webOS devices and
development. As development for legacy Palm devices has transitioned to new
development under webOS, we have made the decision to put all of our
resources into webOS development support. To this end, the Palm Developer
Network site (https://pdnet.palm.com), which supported legacy PalmOS and
Windows Mobile development for past-generation Palm devices, will be taken
offline effective April 30th. The PDN developer forums will be taken offline on
March 31st.

If you would like to continue development on a platform similar to PalmOS and
would like assistance, we suggest that you contact ACCESS CO., LTD. at
http://www.access-company.com. ACCESS currently supports its own proprietary
Garnet OS platform, which is a variant of PalmOS 5. ACCESS may be able to
provide you with assistance under one of ACCESS’ own support or developer
programs. Please note, that ACCESS CO., LTD and Palm, Inc. are not related or
affiliated companies, and any assistance you may receive from ACCESS shall be
subject solely to ACCESS’ own terms and conditions.

If you have development support issues for Windows Mobile applications, please
visit the Microsoft Developer Network for Windows Mobile at
http://msdn.microsoft.com/en-us/windowsmobile/default.aspx.

We thank all of you for your support of PalmOS devices over the years, and hope
that you are all enjoying developing for webOS. If you haven’t started developing
for webOS, please visit http://developer.palm.com to learn more! We think you’ll
love the new platform.

Best regards,

The Palm Developer Team.

It appears as though Palm OS is officially dead (No longer supported). I’m glad I already have copies of everything I’ve used while developing on Palm OS. I really wish Access (The owners of Palm OS) would open source the aging system but I doubt that will ever happen.

On the upside they are also dropping support for Windows Mobile. Good riddance!

Poroposed Assembler Opcodes

Obviously this is only going to apply to the truly geeky watching this and most of those people have already seen this but it’s still funny. Some of the opcodes I really like and would find useful:

BAC – BRANCH TO ALPHA CENTAURI

You never know when you’ll have to branch to data on Alpha Centauri. Heck I’d use this all the time.

CH – CREATE HAVOC

Regardless of what some people believe this instruction doesn’t actually exist in your computer.

CMD – COMPARE MEANINGLESS DATA

Hey look it’s Al Gore’s opcode!

DBZ – DIVIDE BY ZERO

This would solve a lot of crashes created by new programmers.

ECO – ELECTROCUTE COMPUTER OPERATOR

Oh if only I had this instruction available when people called me for computer help.

HCF – HALT AND CATCH FIRE

Good instruction for the truly paranoid out there.

MWAG – MAKE WILD-ASSED GUESS

Al Gore’s other beloved instruction.

UP – UNDERSTAND PROGRAM

If only that existed.

For those of you who aren’t computer geeks realize this is the type of humor that some of use laugh at. Yet I know it’s sad.

Broadband For Free*

Tam at View From the Porch brings up an article dealing with the recent decision by the United States government to provide broadband for everybody. The article is about a whiny ninny web developer who is crying because she doesn’t have broadband:

Like a photographer without a camera, or a mechanic who doesn’t own a car, Kelli Fields is a webmaster without high-speed Internet access.

By day, the 42-year-old uses a broadband connection at work to update a university’s Web site, which she built and codes from scratch.

But when she goes home at night, the rural Oklahoman struggles with a dial-up Internet connection so slow, she does chores to pass the time while Web sites load. Her high school-age son is so fed up with the glacial pace of their Internet connection that he asks his mom to update his Facebook page from the office.

Let’s look at this shall we. My father is a mechanic and he owns his own shop. I can tell you one thing the government never provided him with a car, tools, hoist, alignment rack, or even a front desk. Likewise I don’t know a single photographer who has a camera purchased for them by the government. But using these examples this story tries to convince you that the government should be providing Ms. Prissy with boradband for her work? Why does a web developer get special treatment?

Oh because she’s in a rural area where she only has dial-up. Let me check if the government will provide tools to an auto shop that’s in a rural area away from any tool shop. Nope. Will the government provide cameras to photographers in locations far away from a camera store? Nope. Hm I guess those situations still remain irrelevant.

Stop running to the government every time you need something. Oh and I love this part:

She could install a satellite and connect to the high-speed Internet, but the installation fee is $300, and she said she can’t afford that right now. She’s been waiting for wired broadband to come to her home for five years, and she holds out some hope that the network will get to her eventually.

She can’t afford $300.00 but wants broadband Internet? How much money does she think it’ll cost to run wired broadband out to her rural house? Here’s a hint, a fucking lot. Of course I’m sure she’s fine with it so long as every tax payer in America is footing the bill and not just her. God this entitlement society pisses me off. And I haven’t even touched on the subject of government provided and therefore controlled Internet access.

* And by free I mean you’re paying for it through your tax dollars.