|
Rants: More stupid legislation.
There are a number of articles on spam, but this is representative of the latest. Congress apparently wants to start a national do not spam registry. At least in Fantasy Land this would work. There is a fundamental difference between the do not call list and the spam list.
For Telemarketing to be effective, you need a staff of people and a substantial capital investment for this to work. You need office space and a legal address for it to be profitable. This is a legitamate business with something to lose in the event of a lawsuit. That is the stick you are using with them in enforcing the do not call list.
A spammer on the other hand needs nothing but a network connection (available anywhere), a computer (cheap) and a list of email addresses. The source of the email is easily disguised and it's as easy to do this offshore as it is within the US borders. There is no leverage with them.
This would become nothing but a way to gather known good addresses to send email to. In order to enforce the list, you would need to provide access to the spammer. There are ways to do this so you don't provide the list to the spammer, but you need a way to indicate whether a given address has explicitly requested no unsolicited email. Well, if you pass a list of possible email addresses, and you get back responses indicating that the address is real, but asked not to be spammed, you could easily build a list of valid email addresses and ignore the request.
This is a clear example of people not understanding the implications of technology and creating legislation. Just because you ask people what they want in a poll, doesn't mean that you can actually provide it. If you asked me what I want legislated, I'd ask for all sorts of things that aren't possible.
Someone with a software/technical background needs to run for office and get elected. Unfortunately, the necessary skills for getting elected are orthogonal to being tech savy. :-)
This is an interesting way to solve the problem. Unfortunately, I don't have the staff to handle it this way.
posted at 22:10 [/rants]
#
A hacker group releases code designed to exploit a widespread Windows flaw, paving the way for a major worm attack as soon as this weekend, warn security researchers. [CNET News.com]
This is fairly amusing. Kind of scary, but amusing. My favorite quote in the whole thing:
"I don't like to see a broken exploit, so I fixed it."
Those of you not running Linux or Mac OS should take note. Do the right thing, and don't let your computer succumb to this.
posted at 22:10 [/rants]
#
Rants: How to fuck the RIAA
This is fucking brilliant. It'll never work, and would destroy the recording industry, but it's brilliant none the less.
I'd almost like to try to raise the $2million myself just to try it. I'd gladly give the guy shares in the company if it took off. If anyone hears of this type of thing starting up, let me know, I want to invest.
posted at 22:10 [/rants]
#
Rants: Insurance battle over Twin Towers. The leaseholder of the World Trade Center site is telling a New York appeals court that his insurers are trying to short-change him.
This is just fucking stupid. What are the towers worth? This should be a pretty straight forward answer. This seems like greed, plain and simple. Just to be clear, it seems like both the owner and the insurance companies are shitting themselves. This can't be this hard.
posted at 22:03 [/rants]
#
Rants: "Robotic" assistants.
This is the kind of stuff that software manufacturers should be concentrating on. I would love to have a program like this that would manage all the menial crap. Unfortunately, this is a really hard problem. It's hard enough to find a person that can competantly do this, let alone program a computer to do it. :-)
People have been working on AI for a really long time, and the more they work on it, the harder it seems to get. If they actually get this to work, with reasonable accuracy, in the near term (10 years) I'll be really surprised. It's hard enough to get a SPAM filter working properly. This type of system would need to handle SPAM in an appropriate manner to avoid automatically responding to the penis extender ads saying I don't need one.
This is probably more likely what we'll see in the near term. I know I could use a utility that would automatically categorize things. I take enough pictures that I'm having trouble keeping up with what I have, and where it is. I use a database program to catalogue them with a snapshot. The problem is, after the thumbnails are loaded, I still need to go through and indicate when/where the picture was taken, who/what is the subject, etc. A program that could tell a lot of this would be nice.
[Wired News]
posted at 22:01 [/rants]
#
Rants: Why Metallica sucks...
I promised a rant about Metallica, so here it is.
You know, I can almost support their stance on the whole file swapping thing. They own the rights to their music, and they can choose to uphold their copyright on their material. I don't agree with how they go about it, but that's their right. I personally think that in the scope of crimes, this is pretty trivial.
But they take them selves entirely too seriously on their latest bullshit. In case you haven't read it, here is a link to an article. Basically, they claim that allowing a consumer to download a single track off the album compromises the artistic value of the album. You know, I really think that 'Enter Sandman' really needs the support of the rest of the album to really get the feel for the artistic meaning of the song. NOT.
WTF? If this was another artist and they were releasing an album that told a story like 'The Wall' by Pink Floyd, or even 'Sgt. Peppers...' by the Beatles I could buy that. This seems more like an effort to put out 1 or 2 playable songs, and filling the rest of the album with crap. If you notice the list of artists that are protesting, most of them fall into this category. In my opinion, single song downloads will improve the quality of music produced by artists, not diminish the artistic value.
If the consumer agrees with need for the so-called artistic representation implied by the album as a whole, then they will buy the entire album. If they only like a couple of songs, then they should be allowed to purchase just those tunes. This will let the artists know explicitly why a consumer is buying their music. Personally, I have a problem buying many albums because most of it sucks. I really need to like a single song to put out the cash for a whole CD if the rest sucks. That has always been the idea behind singles. You can buy what they are playing on the radio.
They are within their rights to want to sell albums this way, but let's be honest. They don't want to release singles because they are greedy. Not because of some deep artistic need to have a comprehensive view of what they are producing at a point in time. That is a load of crap.
They need to realize that the only reason they have the ability to put out albums is because they sell. In order to do this, they need fans/customers. If the fans support the idea of single track downloads/purchases, then they should provide them that way. If they don't want to or can't put out 10 solid tracks, they could put out 1 or 2 really good ones instead of a bunch of mediocre crap. This would pull a lot of pressure off of them and allow for a steady stream of new quality music to the fans. There are a number of artists that support this method.
In the past, before the iTunes Music Store, I purchased a Metallica album. I have no plans to buy any more in the future. They've gone off the deep end, and I haven't heard anything from them that I really need to have anyway. Even if they came out with the greatest tune ever, if they continue on this path, I still won't buy from them.
How do you feel about this? Email me.
posted at 22:01 [/rants]
#
Rants: Microsoft messes up, again.
There are two stories, here and here regarding a new exploit in Windows for cracking user passwords. The simple explaination is based on the way that passwords are stored in their encrypted form, it is relatively simple to perform a "dictionary" attack on the file to recover passwords.
When a password is encrypted, the text of the password is passed through a one-way function that creates the cypher text. This function is very easy to compute one way, but very difficult, or impossible to reverse. So, when you type in your password, it is encrypted and compared against the stored version, which is also encrypted. If the two encrypted versions match, then you have typed in the correct password. This is pretty elementary computer security stuff.
The problem with this scheme is that given sufficient computing power, you can store a list of passwords and their encrypted versions. In order to find a password when you have access to only the encrypted version, you lookup the encrypted text, and enter the corresponding password from the list. This is called a dictionary attack. This technique is about 30 years old. (actually, it goes back further than that, but we are talking computer security in this context).
In order to get around this problem, several common techniques are used. The first one, which is mentioned in the article, is to add "salt" to the encryption. In order to do this, when the password is originally encrypted, a random string of a fixed length is added to the plaintext, and then encrypted. The encrypted version is then tagged with the salt value. When you want to see if the correct password is being typed later, you use the salt from the encrypted value (in the tag) encrypt the password, and then compare the result. The net effect is, in order for the dictionary attack to work, your dictionary needs to be 2^n times larger, where 'n' is the number of bits in the 'salt' value. This ideally makes it impracticle to perform the attack.
The second technique is more recent (15 years old). In a Unix system, the password file was readable by all users. Since you couldn't write to the file, and replace password values, it theoretically didn't matter if you could read it since the passwords are encrypted, right? Well, if you can read the encrypted value, then you can perform the dictionary attack. The second technique is to make the list of users publicly readable, but the encrypted values are stored in a separate, system only file. This eliminates the information necessary to perform the dictionary attack. Other, non-unix systems use similar methods. If you manage to compromise this private data store, then you can still perform the dictionary attack.
The issue here is that in typical form, Microsoft didn't use these simple, well known techniques to improve the security of their passwords. How fucked up is that? I find it rather humorous that this guy wasn't even trying to find an exploit in the system, and was just trying to show the tradeoffs between memory use and computing power. In the process, he can break into any system, given the password file, in 13.6 secs. That is too funny.
posted at 22:01 [/rants]
#
Rants: "You know that bill of rights thing. That's just a suggestion..."
A friend of mine forwarded this story to me.
This guy has a lot of balls. I agree with his points (for the most part). I just don't know if I'd have the will to actually go though with getting thrown off a plane because I chose to exercise my First Amendment rights. It will be interesting to see what the courts think of this.
It's mentioned at the end of the article, but if you didn't know, this is the guy that refuses to fly in the US because of the requirement to show identification to get on the plane. I'm not so sure that I agree with that. There are a lot of things about National ID cards, etc that I don't agree with... being required to prove who you say you are is another thing. I try not to give out my SSN any more than required, but I don't see any harm in presenting identification.
It's what the airlines do with the information I am providing that presents a problem. The checks that they are doing are error prone and unlikely to actually catch real terrorists because of a high false positive rate. There are numerous articles on this so I won't go into all of the details.
posted at 22:01 [/rants]
#
Rants: "Do you have your savings card?"
Okay. Most of you know that I have a problem with store loyalty cards. Initially I didn't think they were a big deal, and then I started thinking about it, and reading a couple of books/articles that drove home the point of why these things are bad. Here is a good article that goes into some of the problems with loyalty cards, and RFID tags.
The corporations get lots of data out of this, so as a stock holder, I think this is a good thing for the companies to try to get more profit. Not a problem there. The issue I have is as a consumer. I am no longer in control of information about me. (yes, we could argue that control is an illusion, but that is a different rant) I'm not sure that as a customer, I'm comfortable with the idea that I am being watched as I'm walking through the store, picking up products, deciding I don't want them, etc. I don't want people inside my head. Or maybe that's the problem, they are only getting superficial information and trying to determine what's going on inside my head. There could be multiple reasons that I purchase products A, B & C. But they are going to make decisions based on their assumptions.
The other problem I see as a customer is that in theory, the store is doing this to reduce cost. Do you think any of that cost reduction will ever make it down to me? I wager that it won't. So the store is telling me what I want to hear, taking my information, and then not following through on giving me my due. Fuck that.
posted at 22:01 [/rants]
#
Rants: Finally, a MS Settlement that makes sense...
This is finally a settlement with Microsoft that I can agree with. I was a little worried from the initial reports I'd read, but according to this one, the vouchers supplied to the claimants can be used for software/hardware from any vendor. This is a new twist.
When I'd seen earlier reports, the vouchers could only be used towards the purchase of MS products. That's just ensuring them future sales, not punishing them for what they did. It would be like people in the tobacco lawsuits getting vouchers for free cigarettes!
I'm glad that a judge finally did the right thing.
[Computerworld News]
posted at 22:01 [/rants]
#
Movie Review: Cowboy Bebop - movie review
G & I watched the Cowboy Bebop movie last night. It was really good. It felt exactly like part of the series.
We were a bit worried that they wouldn't use the same voice actors for the English translation. They did. There was a lot more action and fight sequences, but the overall feel was like a long episode of the TV show.
If you like the rest of the series, I highly recommend the movie.
posted at 22:00 [/movies]
#
Rants: Only the French...
Check out this link. WTF? Why is it that they can't just use the established word?
Is it really that offensive to have a pseudo-English word for e-mail? And they wonder why people don't take them seriously.
posted at 22:00 [/rants]
#
Movie Review: Pirates of the Carribean
G & I went to see the aforementioned movie today. It rocked. The SFX were great. The movie over all was a little long, but it was still worth it. It's nice to see a movie with good sword fights as well.
I definitely recommend seeing this movie.
P.S. I need to come up with a rating system to indicate things. You know a 1-to-10 s scale. The problem is what the s should be. If you have any ideas, please email them to me.
posted at 22:00 [/movies]
#
Rants: The RIAA is made up of a bunch of morons...
The following link explains the title:
Music industry wins approval of 871 subpoenas [CNN: Technology]
You know, the music industry is really pissing me off. If they would spend the money that they waste on pursuing file-swappers on developing new technology, they would actually be putting themselves in a position to make money. The best they can do is stop these individuals from swapping files.
This is a blatant attempt to strong arm people that can't afford to litigate. You'd think these people were terrorists.
Okay, now I know what you're thinking. This seems to be a bit hippocritical when I am a big supporter of corporations in general. It's not though. The problem is there isn're really any profit in how they are approaching this. They are wasting money. There have been recent studies that show that the people they are suing are actually generating sales. The other option is, they wouldn't spend the money on the albums anyway. So worst case, there is no financial loss.
I'll rant about Metallica later.
posted at 22:00 [/rants]
#
You may notice some odd behavior in the blog over the next few days. I am importing historical posts and they are being assigned to the current day. So if you think you've read these already, you probably have. I'm going to work on updating them to reflect the original date, but that may be a problem since I no longer have shell access to the site.
posted at 01:00 [/misc] #
|
