Tag: Technology

My Initial Thoughts on OS X Lion

I have successfully installed OS X Lion on both my Mac Pro and my MacBook Pro. I’m not ballsy enough to attempt the server upgrade until this weekend though so my initial thoughts are all going to be related to client software at this point.

The very first thing I want to point out is the fact having reversed scrolling enabled by default is the dumbest fucking thing I’ve ever encountered. Seriously! When I scroll up on a trackpad or mouse I expect the screen to move up, when I scroll down I expect my screen to move down. This is a pretty basic concept that’s been with us for a while now. An operating system isn’t a fucking flight simulator, we don’t need to reverse the controls for moving up or down. Thankfully this can easily be disabled in the preferences but it seems like such an idiotic thing to have enabled by default.

That was by far my biggest annoyance which is to say I haven’t ran into anything that annoying so far. OS X Lion seems pretty stable outside of the box which is a nice change as most initial releases of new OS X versions have been rather buggy, sometimes bordering on unusable. For Lion the installation went off without a hitch and everything seems to be running properly so far.

The whole full-screen mode for applications is a rather pointless gimmick in my book. I have no idea why Apple saw fit to include such a feature in a desktop operating system but it’s optional and thus easily ignored.

I’m not at all happy with the new way virtual desktops are laid out. Previously you could have a grid of virtual desktops which meant accessing one desktop from another could be done quickly. I usually run with six virtual desktops and in Snow Leopard I had them arranged in a grid consisting of two rows and three columns. In Lion virtual desktops are all laid out linearly meaning you only have one row. This makes traversing from desktop one to desktop six a pain in the ass if you’re using keyboard shortcuts. I’ve not found a way to revert the desktop arrangement to a grid yet, nor am I even sure you can. Either way I find this extremely annoying as it really fucks up my workflow.

I have no real opinion on the disappearing scroll bars. I seldom look at or use the scroll bars anymore so the fact that they vanish when you’re not actively scrolling is irrelevant to me.

The new Mail application is light years ahead of Snow Leopard’s version. The layout feels much better and everything seems to move smoother. I also like that the System Preferences has a central panel to add e-mail, calendar, and address book accounts. It was a bit annoying having to open each separate application to add the appropriate account.

The new “natural feel” iCal and Address Book applications are just fine by me. They look a bit out of place but I don’t think they’re as ugly as many have made them out to be. Honestly I rarely interact with either application on my desktop or laptop so this is another thing that doesn’t really affect me.

Launchpad is pretty worthless in my opinion. I’ve been running with a Application folder stack on my dock forever now to launch applications. It’s actually easier for me to click on the stack icon, scroll to the application I want, and launch it than it is for me to launch an application via Launchpad.

Some of the new trackpad and mouse gestures are pretty sweet. I really like the fact that I can now use my trackpad and mouse to scroll, flip between virtual desktops, show my running applications, and many other things. Apple has done a great job realizing the utility of a trackpad with multi-touch capabilities and I hope other computer manufacturers follow in step.

The new interface elements in Lion are pretty as well. It’s a pretty meaningless change but I like the new look.

I’ll keep you guys apprised of my findings but so far I’m liking Lion even though I find most of the new features to be rather pointless gimmicks. It seems solid from the start which is certainly better than previous OS X releases.

A Valuable Lesson For Those Upgrading Servers and Clients to OS X Lion

One purpose of this blog is so readers can learn from my mistakes. If you’re planning on upgrading both client and servers to OS X Lion you should be aware of something.

First you should know that OS X Lion is a separate download from OS X Lion Server. Instead of having two versions of their operating system available for download Apple has made the server utilities available as a separate installable package. I like this option honestly but I did make a mistake that ended up costing me $29.99.

Because I didn’t want to tie up my server with a major download I initially purchased and downloaded OS X Lion from the App Store on a client computer. I tried to also purchase OS X Lion Server at the same time but the App Store wouldn’t allow me to do so from a system not already running Lion. Later I decided to download OS X Lion on my server so it would be available for install when I was ready (as OS X Lion is a 3.47GB download, I thought getting on the system early was a smart move). When I went to download OS X Lion on my server the App Store reported that I needed to also purchase OS X Lion Server. The App Store did warn me that both would be purchased and that I would be charged $79.98 but being I was in a hurry I made an assumption. My assumption was that OS X Lion was already in my purchase history and thus only OS X Lion Server would be purchased at this point. That assumption, like most, was incorrect and I am now the owner of two OS X Lion purchases.

There are three options available to those wanting to upgrade both server and client computers to OS X Lion. The first, and probably easiest option, is to purchase OS X Lion on a computer currently running OS X Snow Leopard Server. Doing this will require you purchase both OS X Lion and OS X Lion Server at the same time but they will appear as separate purchases in the App Store which will allow you to download just OS X Lion on client computers.

Option number two is to purchase OS X Lion on a client, format the server, install OS X Lion, purchase OS X Lion Server, and then restore your server specific settings. This is probably the most painful method of upgrade both server and client computers to Apple’s new operating system.

The third option is to install OS X Lion on a client, upgrade that client, and purchase OS X Lion Server after the upgrade is finished. This will put both OS X Lion and OS X Lion Server in your purchase history and you should be able to upgrade your server without having to purchase any additional downloads.

So the lesson I have for everybody reading this is making assumptions don’t make assumptions, they can be expensive.

EDIT: 2011-07-20 16:30: I contacted Apple through their App Store support page and they got back to me within a few hours and issued a refund. That’s pretty good support considering the mistake was ultimately mine for making the assumption that I wouldn’t get charged twice.

Data Retention Law Will Backfire

There is legislation being proposed that would require Internet Service Providers (ISPs) to retain data on what IP addresses have been assigned to whom for 18 months. Unfortunately for the government such data retention laws have been controversial so they’ve had to exploit the children loophole by naming the legislation, “The Protecting Children from Internet Pornographers Act of 2011.”

Ars Technica has a very good opinion piece posted about how this legislation will backfire. Instead of using home connections to download illicit data people will simply go elsewhere.

There is no shortage of open wireless access points. Instead of downloading illicit data from a home connection you can connect to your neighbor’s wireless network, a businesses wireless network, or through an anonymizing service such as the Tor network. The legislation is entirely pointless and only puts a data storage burdun on ISPs.

The government simply wants access to information the public doesn’t believe access should be granted to. Just like every other time this situation occurs the government simply abuses the children loophope and then looks at any opposing their bill and acuses them of supporting child pornography. It’s kind of like naming the PATRIOT Act what it is then accusing anybody who opposes it to not being a patriot.

The PATRIOT Act and Cloud Services

I’ve briefly described my attempt to get all of my “cloud” data moved to personal servers that I directly control. Part of my reasoning for doing this is the simple fact that I like having complete control over my property (and I consider my data personal property). The other reason is I don’t like the idea of federal agents being able to obtain my personal information without my knowledge. At the very least if the feds want to take my personal data now they will have to alert me when they come to take my server out of my dwelling (and since the data is all encrypted they’ll need my key to access anything… which will really frustrate them when I claim my fifth amendment right instead of giving over my encryption keys).

Some people have claimed another solution for this is to put your data in a foreign country. I never found that solution viable because the government of the country where your data is stored likely has access to it and will hand it over if the United States government puts in a request. Well Microsoft has confirmed that your data isn’t safe anywhere:

Organisations should be wary when entrusting their data to Cloud providers based in the U.S.

Microsoft, one of the first Cloud providers to come clean, have revealed that the U.S. authorities have the right to access any data stored by them, even if that data resides within the EU.

[…]

In addition, Gordon Frazer CEO of Microsoft admitted that customers would only be informed “whenever possible” with respect to authorities extracting data.

Such an example is where the FBI has the ability to issue a ‘National Security Letter’ demanding a company’s data. Frazer stated that in this case he wouldn’t even be able to admit he had received such an order.

Many people forget that those subject to “National Security Letters” are legally prohibited from even saying they received such a letter (note to the feds: if you hand me one of those letters I’m telling everybody, fuck you and your attempt to shit on the first amendment). This means if the feds to take your data you’ll never be notified because the company hosting said data will be legally muzzled.

I feel the best option in regards to your data is to maintain it all on systems that you have direct control over. Unless you have that direct control you can never be sure who is rummaging through your data (I’m not just talking about government agents at this point) or for what purposes. If you control the systems then you control who does and doesn’t have access to anything on that system.

Happy Birthday Alan Turing

Today is June 23rd, 2011 which makes it the 99th birthday of the man usually called the father of computer science, Alan Turing. The article gives a good overview of his life, which ended up being quite tragic. Turing was a genius who’s research helped win World War II:

His work, however, was advanced enough to get him noticed by the powers that be and, in World War II, Turing became an integral part of the effort at Bletchley Park to break German ciphers and decode military transmissions.

The work carried out by Turing and his colleagues at Bletchley Park was of critical importance to the war effort. General Dwight D. Eisenhower stated at the time that intelligence received as a result of the codebreaking activities at the Park, “has been of priceless value. It has saved thousands of British and American lives and, in no small way, contributed to the speed with which the enemy was routed and eventually forced to surrender.”

Most people who were of value in winning that war were held up as heros and presented metals. Unfortunately for Turing he was also a homosexual which was not acceptable back in that era:

An inherently honest man, Turing reported a break-in at his home in 1952 and admitted to police that he had been engaged in a sexual relationship with one of the suspects, Arnold Murray. At the time, same-sex relationships between men were illegal in England and Turing was promptly arrested on charges of ‘gross indecency’.

Found guilty, Turing had his security clearance revoked – preventing him from continuing with his cryptographic consultancy work for the Government Communications Headquarters, or GCHQ – and was forced to undergo hormonal castration via oestrogen injections to curb his ‘unnatural’ urges, under threat of imprisonment.

“Hey man, thanks for helping us win the war against the Nazis but your sexual deviance is unacceptable so we’re going to use our monopoly on the initiation of force and subject you to experimental treatments that will most likely kill you.” At least that’s what I image the conversation ended up sounding like.

Although crucial to the war effort and a brilliant man in general being the subject of state aggression takes a toll on most people. After being the victim of state violence Turing was unable to cope with existence anymore and sadly ended his own life:

The strain of being excluded from his beloved work and branded a pervert proved too much for Turing, who was found on the 8th of June 1954 having taken a lethal dose of cyanide to end his own life.

Many soldiers owe their lives to the work this man performed and everybody in this era owes him for computers as we know them. Happy birthday Alan Turing!

IBM Turns 100

IBM is officially 100 years old now and to celebrate they’ve created a list of 100 innovations created by the company. Not surprisingly they forgot to mention their punch card system when used in relation to assiting in the Holocaust. Then again if I were IBM I’d try to cover that up as well.

No I’m not going to spend this entire post ragging on IBM for something they did long ago. What I will do though is use this situation to explain the dangers of census information. IBM didn’t help Nazi Germany with the Holocaust by supplying equipment to kill targeted individuals, they did it by supplying Germany with machines that more easily allowed for tabulating information such as ethnicity about the country’s population:

On April 12, 1933, the German government announced the plans to immediately conduct a long-delayed national census. The project was particularly important to the Nazis as a mechanism for the identification of Jews, Gypsies, and other ethnic groups deemed undesirable by the regime. Dehomag offered to actively assist the German government in its task of ethnic identification, concentrating first upon the 41 million residents of Prussia.

On top of that the same type of system was used by the United States for their concentration camps:

His grand design for 1943 was a locator file in which would appear a Hollerith alphabetic punch card for each evacuee. These cards were to include standard demographic information about age, gender, education, occupation, family size, medical history, criminal record, and RC location. However, additional data categories about links to Japan were also maintained, such as years of residence in Japan and the extent of education received there… The punch card project was so extensive and immediate that the WRA [War Relocation Authority] subcontracted the function to IBM.

IBM’s punch card systems allowed for the recording and easier sorting of additional information related to individuals. This information was then used to better target certain groups. When the 2010 United States census forms went around people noticed that the government was doing a Hell of a lot more than simply counting the population (the only thing they’re legally allowed to do according to the Constitution). The census form seemed to have a strong interest in Hispanic populations.

Data related to peoples’ race, religion, gender, native country, etc. have been collected by governments and used improperly for ages. The Holocaust was a prime example of how dangerous it is to let governments hold onto such information. Like all technological advancements punch card systems can be used for both good and evil and have been used for both. I’m not attempting to blame IBM or technological progress for anything, but I think it’s important to note the dangers of allowing governments to gather information on demographics. Once that information is obtained it will never be destroyed and thus can be used decades down the road by some crazy ass dictator who decides he doesn’t like one group or another.

As IBM celebrates their 100 years of being in business let us also take a moment to remember the dangers of demographic information in the hands of governments. IBM created a marvelous system that was put to terrible use and it’s important to learn from that lesson.

Lulz Security and Anonymous as Testers of Internet Anonymity

A hacker group called Lulz Security has been making news as of late, especially after Tuesday’s escapade. Before that Anonymous were making headlines. You’ll hear arguments both for and against the actions of these groups but what I find more interesting than their escapades is the fact that most members of these groups have avoided law enforcement.

I often talk about the importance of anonymity and groups like Lulz Security and Anonymous make great testers of the ability to remain anonymous on the Internet. People likely to be prosecuted by law enforcement would do well to watch the actions of these groups and determine how they are able to avoid law enforcement. If the tactics used by these groups allows them to avoid those who are seeking them out then the same tactics can be used by political dissidents in oppressive countries. Those wishing to release dirt on private or government entities would also be well served by such information.

iOS 5 Supports S/MIME Encrypted Email

Here is an interesting iOS 5 feature that Apple doesn’t seem to be advertising very much (since most people probably don’t care), the ability to use S/MIME to sign and/or encrypt e-mails sent from you iOS device. This is actually a pretty killer feature for me as I like to sign e-mails I send (of course I used a self-signed certificate so it shows up as invalid unless I send my public key to recipients).

HP/Palm TouchPad Goes on Sale July 1st

HP/Palm’s (I know the Palm name is dead but damn it I refuse to stop using it) iPad competitor, the TouchPad, is set to go on sale July 1st. I’m rather excited about this device because I think it’s one of the few new tablet devices that at last has something interesting to offer consumers beyond the capabilities of the iPad (namely WebOS).

It do foresee a problem with the price though as the 16GB model will cost $499.99 while the 32GB model will cost you $599.99. This is the exact same price range as Apple’s iPad which I believe to be a potential problem. I just believe it will be hard to justify the high costs of the TouchPad when the app ecosystem for WebOS is pretty poor (and most current apps being written using the Mojo API will run in a small window much like iPhone apps run on the iPad) and WebOS has very little penetration into the mobile market at the moment. At the price HP/Palm is asking it’s very unlikely I’ll buy one unless they offer a great developer discount.

It’s Time to Use Pass Phrases

As computers have become more powerful shorter passwords have become more useless. This story does a good job of driving home the fact that short passwords are becoming meaningless:

The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second.

Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU.

And it doesn’t stop there:

It gets worse. Throw in a nine-character, mixed-case random password, and while a CPU would take a mind-numbing 43 years to crack this, the GPU would be done in 48 days.

Surely throwing symbols in there keeps you safe, right? Wrong! Take a password consisting of seven characters, mixed-case/symbols random password like ‘F6&B is’ (note the space), that’s gotta be tough for a bruteforce attack. Right? A CPU will take some 75 days to churn through the possibilities, while a GPU is done with it in 7 hours.

Basically short passwords are worthless and offer little if any security. Of course this isn’t the end of the world as other patches have been added to password-based authentication systems. For instance most systems have a time delay tossed in if you enter the wrong password too many times and other devices like the IronKey self-destruct if the wrong password is entered too many times. The first technique can greatly hinder the rate at which an attacker can access your system unless they’re working directly from a file containing password hashes (as they wouldn’t be hindered by operating system behavior). Most systems also use a value known as a salt which is tossed in with a password to create a hash making it far more difficult to brute force (as you have to try every possible combination of salt values and passwords).

It’s finally come time to begin using more complex passwords. This is difficult for many people as few are going to remember a password like “8*7wFWE12@#$iwkf” or anything similar. This is where the idea of pass phrases comes into play. Instead of using a word you use a sentence. For instance it’s going to be far more difficult to brute force a pass phrase like “This is my pass phrase which should be hard to brute force” than a ten character password. On the other hand pass phrases are potentially susceptible to dictionary attacks if the phrase you use is common so throwing in random characters for good measure is still, well, a good measure.

I will be completely honest in saying that passwords and pass phrases are becoming less and less viable as means of authentication. Some day we will have to move beyond them but as of right now the easiest option is to make more difficult passwords.