Tag: Technology

I Think I Can Answer This

A difficult question has been put forth in regards to Apple’s recently released iPad (you may have heard about it):

Doing a little coding, we’ve discovered that iPad apps only have access to 256MB of RAM and the processor thinks it is a single core (probably ARM Cortex A8) processor.

So how does Apple get applications to run so fast? Thanks Thomas!

Considering the device can only run one third party application at a time I’d say you have your answer. If developers have gotten so bad that they can’t get their small application aimed at mobile devices to run on an single core processor with 256MB or RAM then they have failed as a developer. Seriously my old Palm PDA opened and ran applications instantly and it has a paltry 16 Mhz processor and 512KB of RAM which was split between storage and application use.

Fuck You Too Sony

If there’s one thing I love it’s technology and gizmos. Because of my bizarre drive to have lots of electronic devices around I ended up buying a PlayStation 3 quite some time back. The feature list of this system is quite long although it’s been getting shorter as the system ages. This is really odd since most systems gain features as they get older. Well one feature I rather enjoyed was the ability to install Linux on the system. Sure it ran in a hypervisor and was gimped for the most part but it gave me the ability to write code for the cell processor and see what made it tick. Well Sony decided to take that away from me as well.

The latest firmware update released today removes the “Install Other OS” feature and removes any currently installed operating system. Of course I would put this off as some kind of April Fool’s prank but information regarding this has been out for a couple of days. And it’s truly bad form to pull an April Fool’s prank before the actual date.

This kind of shit really pisses me off. I realize this is a feature used by very few people but those few of us who used it really enjoyed it. The fact of the matter is one of the reasons I bought a PS3 was for this particular feature as I wanted to play with the cell processor which was all the rave at the time. Yes I paid for this feature and now Sony has decided to take it. Well I could always refuse to install the new firmware but then I can’t use the system for the other reason I own it, gaming. So no matter what Sony is ensuring I lose a feature I paid for.

Well it’s nice to see Sony has decided they no longer want my money. But this is only one piece of my two part rant. That’s right you’re getting two rants for the price of one! The other thing that’s pissing me off are the comments being made by people. For instance user HumanNature on Engadget had this to say:

Totally agreed. I blame Geohot for this mess. No one with a working common sense would not foresee Sony not fixing their security issue with OtherOs. I mean really, did Geohot really think Sony was going to congratulate him and let some other hacker make it easy to install like the PSP? Geohot releasing the exploit is the cause, Sony locking the OtherOs is the effect.

Do people really expect Sony to sit around and let the PS3 end up like the PSP? Like many things in life, it only takes one idiot to abuse something, and everyone will be force to pay the price.

That’s right people are blaming the well known hardware hacker who goes by the handle Geohot. What did Geohot do? Well you can go read his blog. More or less he found a convoluted way to accomplish nothing… yet. But as with all hacks it will eventually lead to bigger and better things.

Either way what he did was awesome. It should be seen as an accomplishment as it required ingenuity and understanding of the hypervisor. It was a good hack and he should be congratulated for figuring it out not blamed for Sony removing the “Install Other OS” capability on the PS3. The bottom line is Sony decided to take their ball and go home instead of fixing the flaw. This is akin to somebody finding an exploit in Windows Media Player and Microsoft reacting by removing Windows Media Player (granted not a horrible thing but I’m bias in my hatred of Windows Media Player).

Either way there seems to be a lot of blame and some hatred going towards Geohot for playing with hardware he owns. That’s the key thing. You don’t rent a PS3, you purchase it. Once you own it you can do anything you want with it. If I want to take mine to the range and blast the shit out of it I very well can because it’s my property. Geohot did what any good geek does, he developed an understanding of the device and decided to utilize that understanding to make the device to more. But the bottom line is this attempt to extend the capabilities of the device have nothing to do with game piracy as Sony claims.

Of course very few people really care about this exploit because few people use the “Install Other OS” feature. So I say the next exploit should focus on the Blu-ray player which people actually use. After all if that gets hacked it could allow the ability to play pirated games and therefore, using Sony’s logic, the Blu-ray drive would have to be disabled. Then people would actually be pissed.

Oh and I’m going to close out by saying fuck you Sony.

Apparently Communism Prevailed

So I just learned something that probably everybody else already knew. There is a Unicode character for the old Soviet hammer and sickle. Note for some of you it may show up as a question mark or a box with numbers in it. That’s just poor Unicode support in action.

U+262D prints (size increased to show detail). Apparently communism prevailed.

Large Hadron Collider Begins Experimentation

Good news for your science folks and bad news for your conspiracy folks, the Large Hadron Collider has experimentation. There isn’t much I can say about this thing since I don’t understand most of the principals behind it nor what it hopes to accomplish. But unlike most people who don’t understand a technology I don’t see this thing causing the end of the civilization/Earth/Sol System/Milky Way/Universe/Multiverse. I just think it’s cool that after all these years and failures the damned this is actually running.

LET THE SCIENCING BEGIN!

Interesting Windows Security Issue

Note that I didn’t say security hole nor security flaw, that was intentional. The nerd part of my brain has been working in overdrive as of late which means I’ve been looking into geeky things. One thing that always intrigues me is the field of security. Well I found the following story on Wired that talks about a security issue in SSL/TLS (The security mechanisms used prominently by web browsers to secure web pages). The article leads to a “no duh” paper that shows how government entities can use their power to subvert SSL/TLS security by cohering certificate authorities into issuing valid certificates (Anybody who knows how SSL/TLS work already knew this was a possibility).

The part that interested me most was an exert from one of the sited sources in the paper. See back in the day there was some kerfuffle over the fact that Microsoft included a couple hundred trusted root certificates in their operating system. Root certificates are what ultimately get used to validate a certificate issued to a website. Thus root certificates are the ultimate “authority” in determine if a website you are visiting is valid or not. The more root certificates you have the large the possibility of a malicious certificate being certified as trusted (Statistically speaking of course. This assumes that with more root certificates the possibility of one of those root certificate “authorities” being corruptible increases). Anyways Microsoft eventually trimmed down the number of root certificates included in their operating system. But they didn’t actually cut down the number of certificates because according to their own developer documentation:

Root certificates are updated on Windows Vista automatically. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate. If it finds it, it downloads it to the system. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

Microsoft just pulled a security theater here. They didn’t cut down the number of trusted certificates, they just moved them somewhere people wouldn’t see them. If you connect to a web page that has a certificate that can’t be validated against a root certificate Windows will automatically go out to Microsoft’s servers and see if a root certificate there will validate the web site’s certificate. If one of those root certificates will validate the web site certificate it is downloaded onto your machine automatically and the site is listed as trusted. In essence Windows trusts more root certificates than it lets on.

So what does this mean? Well it means the window for having corrupted root certificate authorities is larger. With the exception of Firefox all major web browsers depend on the underlying operating system’s root certificate store to validate web pages (Firefox actually ships with it’s trusted root certificates and uses it’s own store as opposed to the underlying operating system’s). This also gives two potential locations to place a malicious root certificate. If an attacker was able to gain access to Microsoft’s online root certificate store and upload their own root certificate any SSL/TLS page they created using that root certificate for validation would show as trusted in all versions of Windows (Firefox still would show the site as untrusted). Granted the window for this attack would be small as Microsoft would most likely find it almost immediately and remove it. Likewise the likelihood of such an attack occurring a very small considering the short time frame it would be valid for. But it’s interesting thing to ponder regardless. Additionally the same attack could create a binary of Firefox with the same malicious root certificate included and make it available for download causing the same problem for Firefox users.

No matter what operating system or browser you use the validity of SSL/TLS connections eventually requires that you trust somebody (Which goes against the trust no one security motto). The question here is who are you willing to trust. Only you can determine that but knowing how a security system works and how it’s implemented are important in making that decision. Anyways I just thought that was interesting.

The Weak Link in Computer Security

People often talk about the inherit lack of security in Microsoft Windows and Internet Explorer. Very seldom does anybody talk about the weakest link in computer security, the users. In the latest Pwn2Own contest, a contest where participants attempt to break into various computers to win them, 64-bit Windows 7, Mac OS X, and even the iPhone all fell. But there was a common theme running here, none of the systems feel to a direct attack.

All the hacked systems were broken into via exploits in their web browsers. Internet Explorer 8 and Firefox 3.6.2 were used to break into the 64-bit Windows 7 systems while Safari was used to break into both Mac OS X and the iPhone. Each browser was broken into by crafting a malicious web page and have the users of the system navigate to it.

But once again none of the systems at this contest were broken into without the need for human interaction. This brings up the fact that human beings are now the main component being attacked (Granted it’s been like this since the dawn of computers). The only way to protect yourself is through education. Do not click on random links that people send you regardless if you known them or not. It’s a simple thing to learn really but the motto in security is trust no one and you should follow that slogan when on a computer.

Nice VPN Service

Since I travel once in a while for my job I find myself in locations where a secure network can’t be ensured. My phone does have tethering software on it so I often use it but it’s slow and has issues getting disconnected at random intervals.

Thankfully this day and age wireless networks are everywhere. Hotels, Starbucks, airports, etc. But these networks are not secure and should be considered hostile at all time. This was the reason I looked into the previously mentioned Wi-Fi device that could connect to 3G cellular data networks. Of course as I previously stated they wanted a contract and honestly the devices are far more expensive than I could justify since I only really need such a device a few times a year.

That meant either continue using my unreliable phone tethering or use hostile wireless networks. Hostile wireless networks can be used securely though through a protocol called Virtual Private Networking (VPN). VPN is a mechanism where you connect to a remote VPN server. The VPN server acts as a proxy which all your traffic is sent to and from there is sent to its actual destination on the Internet. The key here is all VPN traffic is encrypted so other people on the same network can’t see what you’re doing. So even if you’re connected to an insecure wireless network you can encrypt all your traffic by sending it through a VPN connection.

Most companies that send people around the country provide a VPN connection for their employees. Mine is no exception but I thought I’d try an experiment and see what solutions I could find for those traveling and not having a company provided VPN service available to them.

The easiest, cheapest, and most secure (In the form of privacy of your traffic) method of using a VPN is to set a server up at your home. This way you can remotely connect to your home network through the VPN. Unfortunately for me this is impossible since I live in an apartment complex that also provides me service as an ISP (It’s free so I don’t argue). The downside is this ISP also routes all my traffic through their firewall meaning I can’t actually connect to any of my computers there remotely. Due to this fact I decided to look at using Amazon’s EC2 service to setup a VPN server. Overall it would be a good idea but it’s kind of pricey since Amazon charges you for the number of hours your EC2 instance is running.

Finally I looked into a service mentioned by Leo Laporte on This Week in Tech quite a few times call HotSpot VPN. HotSpot VPN is simply a service that sells VPN connections. It’s not a secure as using a server setup at your home since all your traffic does get routed through their VPN server. But it’s a damned side better than being on an insecure network since HotSpot VPN as a reason to maintain your privacy, money (Granted that’s absolutely no guarantee and in the security business the phrase is trust no one. But security is also a balance between having secure systems and convince.).

What I like about HotSpot VPN is you can but a yearly subscription, monthly subscription, or a few days worth if you only travel sporadically like me. For this test I bought a three day pass for something around $5.88. That’s pretty cheap and well worth it in my book. Setup in Mac OS is simple (I’m not sure about other operating systems since I’ve not done much with VPNs in them) and requires you only enter your e-mail address for the user name and the password they e-mail you. It’s working great on this hotel wireless network and isn’t dropping my connection constantly like my phone does. I tested it on my home network before taking it out into a hostile environment and the data is encrypted so other people listening on the network aren’t going to be able to see what you’re doing it. Speed is so-so since all your data has to go to their servers and then to its destination but tethering my phone always yields even slower connections.

Overall I think it’s a good service for those who travel, don’t have a company provided VPN connection, and are unable to setup a VPN server at their home. There isn’t much else to say about it since it’s a pretty straight forward service that performs and straight forward feature.

Also since this is a review I need to give the FCC required disclaimer. The FCC can go sodomize itself with a retractable baton. That is all.

Dear Microsoft Please Copy Good Features And Ignore Bad Ones

I mentioned earlier this week that Microsoft was eliminating multi-tasking from Windows Phone 7 Series Ultimate Extreme Wordy Name That Makes No Sense. Well the guys over at Engadget have audio recorded proof of no multi-tasking and better yet no copy and paste. It seems Microsoft’s whole idea behind their new phone operating system with a horrible name was to copy everything bad Apple did with the iPhone.

I know I’m a niche users in that I want a phone that allows me to listen to music, download a file from a website, have an open SSH connection to another system, and have an application monitoring wireless traffic but come on. Now Microsoft will allow their own software to multi-task on the device much like Apple allows their included software to multi-task. But lowly third party developers will not be granted such permission from Microsoft.

When did people decide that their smartphones need to be less powerful? Even my Palm Treo 755p can do some basic multi-tasking and Palm OS isn’t even officially capable of multi-tasking. But that’s fine with me since Palm OS was developed back in the day when multi-tasking wasn’t feasible due to the lack of power in handheld devices (The first Palm Pilot had a 16Mhz processor and 128 KB of RAM which was used to both run applications and store them). But phones today have plenty of power on board. WebOS shows multi-tasking on a phone isn’t difficult nor impossible. Android can multi-task as can a Blackberry. We should be looking for more power and functionality in our devices not less.

Also is copy and paste really that difficult? Seriously my Palm OS based PDAs could do that! Even the iPhone can do it now. There are plenty of times where I want to copy an exert from a web page and paste it into a document elsewhere.

Why is it these new fancy phones have less capabilities than my phone released almost three years ago that is based on an operating system (Palm OS 5) released almost eight years ago?

My View of The FCC National Broadband Plan

There has been a lot of talk in the tech community as of late about the FCC’s recent National Broadband Plan. People who don’t understand how government and taxes work are proclaiming this as a great idea since it means FREE INTERNETZ!!!!!!!!!111oneonetwo OMG!!. That’s now how things work. In fact the FCC’s plan also includes a plan for an additional tax.

No thanks. I’m more than happy to give the money that would go to paying even more taxes to a private entity who has a reason for keeping me happy (That being my money.). Economics 101 states you can’t get something for nothing (Unless you are challenge at math and actually believe in Keynesian economics.). When the government provides a service they pay for it with your tax money. Look at the breakdown of your pay check next time. Notice your gross pay is MUCH higher than your actual take home pay? Yeah that’s all tax money taken by your federal and state government to pay for fuck ups services like social security and medicare.

This situation is far more dangerous when it involves free and open communications that the Internet provides. Government is not benevolent, it does not have your best interests in mind. Government is made up by people with power and power corrupts. A private company can not compete with government programs because unlike a company a government doesn’t have to actually make money to continue existing (Look at our deficit.). The scary thing with government provided broadband (Which this National Broadband Plan would eventually turn into.) is it would most likely shut down broadband provided by private industry. At that point our Internet access, like China’s, becomes the whim of our government. This is where censorship and filtering start coming into play ladies and gentlemen.

People shouldn’t be clamoring for free* government provided Internet. Government can’t manage money. Show me a single government program that has succeeded monetarily. Instead people should be demanding the government stay as far away from Internet access as possible. We don’t need to deal with what China has and Australia is getting.

A private company has a reason to ensure its customers are happy, money. You can simply refuse to pay a company money if you don’t like their service. On the other hand you can not simply refuse to pay taxes if you don’t like the government’s service. I wish people would think about that part for a moment before trying to get free* Internet access (Which the FCC plan won’t even initially provide, they call it “affordable” so it’ll probably be a subsidized item.).

* Free until you notice your take home pay becomes even less.