WINDING DOWN
An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton
Remember: No Winding Down next week!
I've long suggested that the pontificating pundits in hock to the anti-virus program vendors are wrong when they claim that most compromised computers belong to ordinary people. Dead wrong. I think it's companies that have computers stuffed with malware, downloaded by bored employees with no stake in the company, and no future to look forward to.
I base this on the evidence of my e-mail. I'd guess that 99% of the mail I get (1,200-2,000 a day) is spam. But, on weekends I only get 400-500 emails. Furthermore, last Monday I sorted the spam that came in that day by time, and guess what? Something like 70 per cent of it came in between 9:30 and 10:00 am US Eastern time.
Now there are two possibilities here:
1. Spammers work a five day week
2. Business machines make up a large proportion of compromised machine.
I'll let you draw your own conclusions...
Roundup: Microsoft (again)
Microsoft and Yahoo are to start talking to one another again, it seems. This time Microsoft are making an offer not so much for the company, but for some sort of partnership which uses the bits of Yahoo it really wants. The details of the proposal still aren't that clear (Microsoft are probably still trying the fix the bugs in the proposal), but it would seem the suggestion is probably a joint search-related advertising partnership.
The idea is that this would let the pair stand a chance of taking on the Google evil empire. (Question: do two evil empires cancel out and make a nice empire?) From Microsoft's point of view this would stop Yahoo's current infatuation with Google dead in its tracks. What exactly Yahoo would get out of the deal is difficult to see...
Meanwhile, users of Windows Vista Media Centre discovered on Monday that they couldn't record two NBC Universal TV shows, American Gladiator and Medium on Monday night. This, it turns out, is because the Media Centre implements the FCC rules on broadcast flags, and the shows were broadcast with the 'don't record' flag set.
Once this news gets widely circulated, it may well prove to be the last nail in the coffin of the increasingly vilified Windows Vista.
Clearly, as far as Microsoft is concerned, NBC's wish is its command. Oh, and by the way, the FCC 'rules' that Microsoft implemented were struck down by the court in 2005, two years before Vista was released.
Meanwhile the European Commission (EC) is taking a look at Microsoft's decision to make the next version of Office support the Open Document Format (ODF). Microsoft's alternative 'open' format Office Open XML (OOXML) wont be available for that version of Office.
This is really interesting, since there was a lot of political shenanigans to get OOXML fast tracked through the International Standards Organisation (ISO) procedures for making it an international standard. I was impressed by the way it was done. I haven't seen such a well oiled political machine since the 'Militant' Trotskyite group took control of the Liverpool Labour Party in the 1980s. Clearly Microsoft is capable of learning the lessons of history!
http://www.news.com/8301-10784_3-9946780-7.html?tag=nefd.riv
http://update.techweb.com/cgi-bin4/DM/y/eBJGQ0HiOOq0G4S0F4cf0Ee
http://www.physorg.com/news130662427.html
Roundup Two: Phishing, Phlashing, Spamming and Hacking
I see that the Spanish police have arrested a bunch of hackers suspected of hacking and disabling a large number of web pages belonging to government agencies in the US, Latin America and Asia. What is significant about the case, though, is that the Spanish investigation didn't start until the hackers attacked the web site of a Spanish political party - Izquierda Unida. Clearly, the lessons are that it's OK to attack foreign web sites, but not those in your own country!
Infoworld reports that researchers have found a new way to obtain data by videoing reflections of what hands are doing on the keyboard. The system works with any reasonable reflection - shiny spherical teapots are best - and can pick up what is being typed. The system is currently about 40% accurate, but I have no doubt that this will improve with time! The solution? Always draw the curtains before using your computer :)
Other researchers have come up with a new way of wrecking Internet connected appliances. Most embedded appliances have their control software (usually called firmware) in flash memory. This is memory which is normally read only, but can be rewritten under certain circumstances. The idea is to allow the firmware to be updated over the Internet.
Nobody really though very much about the security of this feature - until now. The researchers from HP have now demonstrated that it is possible to disable the device beyond easy repair, simply by reprogramming the firmware, via the Internet, and replacing it with malware, which can make the appliance to do things that would cause physical damage. I wonder how long it will take for this technique to appear in the wild.
Over in Asia, Chinese and Taiwanese sites are being attacked by a highly effective SQL injection attack which has already compromised thousands of sites. The attack is being controlled by a server farm inside China, and since the authorities haven't closed the farm there is speculation that it's an 'official' attack. If that's the case, it seems to have got just a little out of control, and is something of an own goal...
More arrests. This time in the US, where two rings running related phishing scams have been rounded up. Seven people were arrested in New Haven and a further 33 people in Los Angeles faced 65 counts, including racketeering, bank fraud, and identity theft.
And finally, pity the poor sysadmin. An idiot programmer on the Debian project managed to change the code in the Debian OpenSSL package, used by, among others, Ubuntu. His change broke the code that deals with generating the keys that underpin secure web connections making them less secure than everyone thought they were.
A patch has, of course, been issued, but now sysadmins are going to have to track down all the keys and certificates generated by the flawed code and replace them with newly generated keys.
And it gets worse.
The keys generated are, in many cases attached to web site security certificates which cost real cash to buy. The old certificates will now have to be revoked and new ones bought. And I'm not sure how well the browsers handle revoked certificates. I'm pretty sure some of the earlier Microsoft ones still in use don't deal correctly with revoked certificates. And given the sheer volume of work involved at the web site end, I suspect the problem is going to be with us for a while yet :(
http://www.physorg.com/news130269998.html
http://www.darkreading.com/document.asp?doc_id=154270&WT.svl=news1_1
http://www.theregister.co.uk/2008/05/21/massive_debian_openssl_hangover/
http://www.physorg.com/news130422349.html
http://cwflyris.computerworld.com/t/3241054/121542020/114869/0/
http://www.theregister.co.uk/2008/05/16/debian_openssl_flaw/
http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-
relay-server.html
http://cwflyris.computerworld.com/t/3241054/121542020/114871/0/
Shorts:
A report from analysts at Gartner indicates that most business launched Virtual Worlds fail - usually because they have no clear view of their own objectives, or of their customers' demographics, attitudes, and expectations. (So what's new?) While the report is really talking about internal business worlds set up for inter-company communications, its comments certainly apply to a large extent to the commercial virtual worlds, none of which, at least in the West, are making a profit. The phrase 'more money than sense' comes to mind...
http://www.informationweek.com/news/personal_tech/virtualworlds/showArticle.jhtml?
articleID=207800625
ZDNet has an amusing rogues gallery on display - the top ten most annoying pieces of software. All my 'favourites' are there - Adobe Reader, Windows Update, RealPlayer, Java, Norton Antivirus, Preinstalled software on new computers, Outlook, and Flash. There's also a couple I hadn't encountered myself, like Apple Safari. Take a look, you'll be amused/enraged/resigned.
http://reviews.zdnet.co.uk/software/0,1000001048,39419834,00.htm
And while we are on the subject of 'top tens' here are two others. First from the pages of popsci.com, a selection of the world's spookiest weapons, include incendiary flying bats, cyborg moths, ultra slippery gel that makes you fall over, mass drivers, and so called 'non-lethal' weapons, like the gas the Russians used against Chechen rebels holding 850 people hostage in a Moscow theatre. Over 100 hostages died from exposure to the gas.
The second list is probably not quite as lethal (or maybe it is). It's tech's top ten worst entry level jobs. The listed jobs include:
Support professional, product: Windows, Microsoft
Support engineer, Washington-Seattle, Amazon.com
Database administrator (temporary), Google, contracted through WorkforceLogic
As the blurb notes, all the jobs will eventually look good on your CV/Resume, but will be hell while you actually do them. Good luck if you are a new graduate job hunting in IT!
http://www.popsci.com/military-aviation-space/article/2008-05/worlds-spookiest-weapons
http://valleywag.com/389746/techs-10-worst-entry+level-jobs
Which leads me, with a little bit of judicious hammering and bending of subject lines, into a piece in report in Physorg pointing out that IT companies have again overtaken the financial sector as the largest sector in the Standard and Poors (S&P) 500 index. Last time the IT section achieved this was at the height of the dotcom boom. This time it's because of the slump in the share prices of the financials. While the financials slipped 29.11 percent, IT 'only' lost 8.74 percent. All I have to say is, 'Wait till the sub-prime software bubble bursts!'
http://www.physorg.com/news130613547.html
Incidentally, Moody's, one of the main financial rating agencies, revealed that a 'bug' in its computer system had resulted in some financial packages known as CPDOs being rated AAA - i.e. virtually risk free. When the sub-prime bubble burst CPDOs were among the first things to become worthless. Moody's is 'conducting a thorough review'. Whether this will appease its irate, and out of pocket, customers, remains to be seen!
http://www.theregister.co.uk/2008/05/21/moodys_investigates_ratings/
Something rather important happened this week in Seattle. A Federal court upheld the right of eBay seller Timothy S Vernor to sue Autodesk, based on the 'first sale' doctrine of copyright law, for relief from Autodesk's actions.
The case stems from attempts, by Autodesk, to stop Mr Vernor from selling legally owned copies of Autodesk's CAD program on eBay. 'First Sale' means that having bought an item, you are free to resell it as you see fit. Software vendors try to prevent this with licensing agreements, but the judge dismissed most of Autodesk's arguments legal arguments as being without standing.
Autodesk aren't going to be the only software house unhappy with this ruling. I'm sure there will be opposition from all the major software houses. In the meantime, savour the exquisite flavour of the big software houses getting their richly deserved just desserts!
http://aecnews.com/news/2008/05/21/3414.aspx
Chicago is following in the footsteps of New York State, by demanding that on-line businesses collect taxes for it. In the case of NY it was an Amazon tax, for Chicago it's an eBay tax. Chicago, it seems has a tax on the resale of all tickets to 'sporting events, cultural events, and other amusements taking place in the city'.
eBay has a subsidiary, called 'StubHub', (also fingered by Chicago) which specialises in second hand tickets. StubHub has an office in Chicago. The question at stake is whether this is enough to force it to collect taxes. Only time, and the US legal system, will tell! More as the case wends its way through the courts.
http://www.theregister.co.uk/2008/05/22/chicago_sues_ebay_and_stubhub/
It's not very often that a Brit gets a chance to boast to Americans about 'the biggest' anything. Thus I proudly present the biggest public sector IT screw up in the world - the UK's National Health Service (NHS) IT programme. Already four years late, massively over budget, with mega-sized suppliers bailing out - even -consultants- don't want to be involved. Never let it be said that the Brits can't conduct a public screw up in grand style!
Sigh. Will our IT ignorant politicians never learn? No one wanted this, except the government and the big IT companies, who can smell a public trough a hundred miles away. Actually we had IT in the NHS before this started. The real problem was that the different bits didn't talk to one another.
To me, as a computer professional, the obvious solution was a Service Oriented Architecture (SOA) project. SOA is a way of connecting heterogeneous computers, under the control of different groups, together with only minimal changes to the existing hardware and software. It's commonly used by big companies to sort out their IT in areas where the bits have been independently developed over time.
But no, that wasn't sexy enough for our New Labour government. We in the UK had to do it the hard way. An enormously expensive plan to junk everything and start from scratch was hatched. Billions of pounds worth of existing development was abandoned and new hardware was purchased to run the new, as yet unwritten, software. Some of the key bits are supposed to be written on systems - such as iSOFT's Lorenzo software - that haven't even been produced yet.
There are times when I despair that our government will ever get anything right.
http://www.theregister.co.uk/2008/05/16/nhs_it_delays/
For some years now the US company LifeLock has been placing ads for its ID theft and fraud prevention service. The ads include a mug shot of the owner, Todd Davis, and Davis's social security number. Now the Davis is being sued by a number of unhappy customers, whose evidence that they've been sold a pup is that Davis himself has been unable to prevent theft of his own identity.
A lawyer for the customers told the court that he found no less than 20 cases of other people applying for, or receiving driver's licenses using Davis' social security number. Davis himself admits to at least 87 instances of people trying to steal his identity. In at least one case they succeeded. Someone in Texas duped an online payday loan operation last year. He got $500 out of them using Davis's social security number.
Definitely a whiff of schadenfreude in the air...
http://www.physorg.com/news130662176.html
Home Work:
'Spiked' is an interesting, not to say controversial, politics site based in the UK. While I don't agree with all it says, it's rigorously argued pieces are always thought provoking and, surprisingly often, convincing. I was interested therefore to find a piece entitled 'To see the future of the Internet, look East'.
It argues that the advertising driven/funded model that the Internet in the West currently uses is likely to fail, as shown by the fact that all the current round of the 'new things', social sites like MySpace, Facebook, and YouTube, are losing money hand over fist.
The article contrasts this to the subscription driven models of their Asian equivalents QQ, Tudou, Mixi and CyWorld. QQ, based in China, has 300 million - yes, three hundred million - active accounts. That's bigger than the population of the United States! Social networking was actually invented in Korea. CyWorld was established there in 1999, long before any of its western equivalents.
The article deals with some uncomfortable subjects, like the latent racism towards Asians that caused this history to be virtually unknown in the west. It also looks at the factors that made the Asian sites so successful, and suggests that similar factors are at work over here - in particular the lack of unsupervised play for children that forces them on-line as the only place they can get away from adults.
Though provoking and informative - well worth reading.
http://www.spiked-online.com/index.php?/site/article/5166/
Recent Reading:
New Left Review #50 March/Apr 2008
Some excellent material in the latest issue. My old friend Tariq Ali looks at the stalemate in Afghanistan. That war has been rather overshadowed by events in Iraq recently, and the article is a timely recap of recent history, and an analysis of the current situation. There is also a fascinating piece on the history of Indonesia since the Second World War, and a piece by Robin Blackburn which a very clear explanation and analysis of the current financial crisis. Finally, there is a piece about the transformation of little known ex-Portuguese colony Macau into the Las Vegas of East Asia.
This is an issue stuffed with some real goodies for anyone interested in political history.
Scanner: Other Stories
US Senate asks for National Security Letter explanation
http://blog.wired.com/27bstroke6/2008/05/senators-ask-fb.html
Who owns the Moon? The case for Lunar property rights
http://www.popularmechanics.com/science/air_space/4264325.html?series=35
Print-on-demand crusader tags Amazon with anti-trust suit
http://www.theregister.co.uk/2008/05/22/amazon_sued_over_book_surge/
Sudy: 'Hyperconnected' users growing
http://cwflyris.computerworld.com/t/3242944/121542017/115116/0/
Auditor gets diminishing returns from data matching
http://www.theregister.co.uk/2008/05/19/audit_fraud_down/
World economy group gives IPv6 big push
http://www.theregister.co.uk/2008/05/16/oecd_ipv6_report/
Acknowledgements
Thanks to readers Barb, Fi and Slashdot's daily newsletter for drawing my attention to material used in this issue.
Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Spamato spam filter...
Alan Lenton
alan@ibgames.com
25 May 2008
Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan.
Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html
|
