On the road…

By Chad July 10th, 2009, under On the road

The Busa just hit 8000 miles today…

Been a while…more to come :)

By Chad July 10th, 2009, under General

As my time starts to free up (and it has), I’ll be posting more. Thanks for hanging in there!

Digital Rights Management (DRM) – A theory on how it got started.

By Chad April 9th, 2009, under Music

DRM and all of the related problems to DRM really stemmed from the Compact Disk and CDs replacing the cassette and vinyl.

We all happily went out and rebought our existing music collection on CD as it was alot more convenient than LP’s or cassettes. In the process we generated a constant revenue stream as stuff was gradually re-issued. The problem is that this is now coming to an end for the record companies as they have re-released almost everything. They have certainly run out of the stuff with serious mass appeal.

So they now have to look for a new way of extracting similar revenues that they have grown used to over the last 15 years out of a back catalog which most of us already own, possibly in more than one format. The problem is that they have already made it about as convenient as it needs to be and the quality is mostly there as well.

So rather than try and go back to surviving off the revenues they get from new releases which would result in a huge drop in profits they need an alternative. Without an alternative the problems would be very far reaching. The stock market is used to constant revenue growth – if profits fall, it is far worse for a company than if they had never risen in the first place, expecially if the fall is not likely to be temporary. This is frequently what drives a company under if they are unable to downsize quickly enough.

So faced with this dilemma, the media publishing companies must find a way to keep the momentum of the CD years going, and being that they didn’t reinvest those record profits very wisely in new content production this is going to difficult. So they are choosing to try and keep the CD going by constantly selling us a new copy of stuff we already own.

If you contrast this with companies like BP (who sell oil) you see that they have invested their profits much more wisely. BP are now the world’s largest producer of solar panels and have started describing themselves as an energy company rather than an oil company.

In a single phrase, “Diversify to survive”. DRM does not stop piracy, just as gun laws don’t stop criminals from getting guns, just as airport security does not stop real terrorists.

The dreaded switch from Windows to Linux

By Chad March 16th, 2009, under Linux, Rants, Security, Windows

When I saw how bad XP really was as far as handling spyware/viruses no different than 2k, I decided to just move to Linux, kill my Windows partition completely, and have been happy ever since. That was exactly my reasoning for staying with Windows 2000 while Windows XP was being introduced.

Previously my attempts to move to Linux had been unsuccessful because I had problems getting certain hardware working (obscure sound card, video drivers) and was concerned about what software would be available (certain emulators I had grown fond of, video codecs, etc), which was what most people worry about. “Well does it have Nero?”. No, but it has 6 or more different types of burning programs to choose from – all for free and with a self-explanitory GUI. “But it won’t run Nero?”. Those are the people who simply don’t want to even give it a chance. Well fine and dandy. The spyware/adware/viruses/trojans/worms are worth putting up with so you can run Nero – that’s your choice (actually, the makers of Nero were kind enough to make a Linux port). Anyway, even Windows 2000 was giving me some problems, such as booting into a blue screen telling me my registry had become corrupt, and also getting infected by viruses/worms such as Blaster.

I had everything up to date, all patched up, antivirus installed, and I have enough common sense not to click on strange things, but still contracted the virus. All because of an exploited flaw in Windows that I could do nothing about except wait for Microsoft to issue a patch…when they felt like it. A few reinstalls later and I just figured it wasn’t worth it putting up with all the headaches.

When I started running Linux, I quickly saw the advantages. Installing software didn’t require the usual “Next, Next, uncheck every checkbox, delete desktop and quicklaunch icons, uninstall additional software installed along with the software I actually wanted, check for hidden startup items, make sure program doesn’t phone home”. When I started my PC I wasn’t greeted by millions of splash screens, applications that couldn’t make a connection popping up and letting me know, I didn’t have to readjust settings that kept resetting for some reason (volume levels, icon positions on the quicklaunch). Linux is about using your PC and not just working around problems to get what you want. Then I realized that upon discovering all this I didn’t even have to worry about viruses at all, and I had no problems with crashes. Even if programs didn’t behave in a way I expected I found it simple to find solutions since the error messages meant something (not the typical “FATAL EXCEPTION IN 0x011a43”) and I could see exceptions thrown if I launched an application from a terminal.

Microsoft needs to start shipping installs secured from the start. Require an admin/install user account for new system wide applications, sandbox user installed software in their home directory/profile. Users then don’t trash everything when they kill their profile or home directory. Windows has all the necessary features to do it. It’s had them since the first versions of NT.

Microsoft frankly can’t be bothered with it and there’s no profit in a secured system when they can instead continually be selling you upgrades as security fixes. It isn’t rocket science, it’s just segregation of responsibility. Unix has been doing it for 30 years.

For instance, Vista’s new “People Near Me” feature, which searches over a Wi-Fi connection for other Vista users nearby and then sets up a peer-to-peer network with them. Yeah, that sounds pretty secure. When they have things like the WMF flaw in the designs, which ended up in Vista as well as XP and 2000 all the way down to 3.1, they are NOT about security. This has little to do with MS bashing – it’s just that MS doesn’t think much about security and most IT people know it whether they’re Windows fanboys or not.

Since “upgrade or keep crashing” was one of XP’s marketing points, it makes me wonder exactly what they’ll come up with to market Vista. Maybe something along these lines. The funniest thing is that Microsoft has no problem telling you how bad their past products are when they’re offering a new version of their software. It’s amazing how it was “the best thing ever” when it was first released and until it end-of-lifed. They never admit to making a bad product until it’s time to shell out some cash for an upgrade. Amazing how that works. Ah well, I guess it makes good business sense, right?

All in all, I’m glad I switched. My girlfriend, however, gets upset a lot when I mention how much more I like Linux than Windows – I mean downright pissed off on occasion. Yeah, I bash Windows a lot. I don’t mean to “rub it in” or whatever, but I find quite often that people are just so used to putting up with Windows problems, it becomes part of the norm and they don’t realize the problems any more because it’s an everyday thing when using Windows. For instance, spyware bogging down a Windows PC – the response is to immediately run Spybot or Adaware to clean things up. Ok, you’re running those for half an hour to fix a problem that you shouldn’t have to put up with to begin with. Some say Linux hasn’t been targetted because it holds such a small part of the market, but it comes down to security again. Internet Explorer is embedded so deep into the OS, you simply can’t uninstall MSIE. You just can’t. With this deep integration, it makes it very easy for spyware/adware/viruses/trojans/worms to do their thing – especially when, by default, you have admin rights given to you on the machine as well. All you need to do is visit a web site in order to get any of these ran on your Windows PC – all without user intervention…it’s all nice and automatic. This doesn’t happen on a PC running Linux because you’re forced to create a secondary user account during the install and run under that user (with most Linux distros). That and programs just don’t install without prompting you for your root password.

Perhaps Windows 7 will be better, but barring a complete re-write, I don’t believe things will change much in the spyware/adware/viruses/trojans/worms realm when Windows 7 is released. Vista only added a “are you sure you want to do this” popup that becomes incredibly annoying to assist in “security”. I hear that Windows 7 allows you to disable IE, but we’ll see what it looks like when released. But why listen to me, I’m just a Linux fanboy/zealot 😉

Windows security – there are no guarantees

By Chad February 20th, 2009, under Linux, Rants, Security, Windows

This isn’t some sort of pro-Linux rant, but rather a general security rant so take it as such.

With regards to security, Windows is provided “AS IS”. Show me one place where Microsoft even makes the slightest guarantee about security. The product was never engineered to be secure from the beginning, and barring a complete rewrite, it never will be. They’re not dumb, they know it’s not very secure, and they don’t advertise it as such. They don’t need to “disclaim liability”, the courts need to prove why it should be assigned to them in the first place.

Anyone who has an expectation of security in Windows is a sucker, plain and simple. Think about the common excuses: “99% of our customers use it so we have to also.” “We store all our data on it, it OUGHT to be secure.” “It’s too expensive to switch to something else.” You choose to use Windows, you get what you pay for. If you failed to do proper research and just created an assumption of security inside your head, it’s your own fault. Quit whining about it.

Everyone wants to sue Microsoft just because they exploit human stupidity, and they’re really good at it. Great use of the court system.

Unix security is generally not an issue because it was designed with security in mind from the very beginning. Windows was never set up with multiple user accounts in mind, nor was it set up with security in mind. This is not necessarily a bash on Windows, it’s just a fact of how it was designed. Multiple user accounts seperated from the root account and manditory secondary user account creation are definitely two very strong points that assist in Unix security. The Linux and BSD family were based off of Unix, so those two “variants” were also designed with security in mind from the beginning as well.

Now that Windows is, and has been, pretty much the most used operating system amongst home users and businesses, Microsoft has to backport their operating system to obtain the security that the internet demands. Since home users and businesses rely on Windows now and are pretty much locked in to requiring Windows and Microsoft software, Microsoft knows that they can just keep patching their shoddy software rather than doing what should be done – a complete rework from the ground up.

What’s worse is that even if a security flaw is found, Microsoft still only releases patches on “patch Tuesday”. That’s right, you have to wait for them to create the patch rather than having several agencies able to view their source code and create a patch for them or work with them toward creating a patch. If you think about that for a second, a virus writer could take advantage of a flaw and create a worm/virus and take over thousands and thousands of Windows machines in no time…all while waiting for Microsoft to create a patch. Yes, this has happened several times in the past and has had devistating effects on everyone using the internet. From “slowing down the internet” because of bandwidth-consuming worms (think Code Red, Blaster), to receiving tons of spam in your inbox every day (think Beagle, Sobig), to computers being rebooted every few minutes without user intervention (think Zotob). So while worms generally don’t directly affect Unix-based machines, they indirectly affect Unix-based machines by consuming resources by worms attempting to propogate and by receiving the payload (spam) of worm-infected machines.

Why employers should have geeks hire geeks

By Chad January 30th, 2009, under Work

Step 1 – The Posting, as a job poster, are you looking for script developers, or application developers. In general, scripts are loosely types, and applications – being compiled and required a high degree of stability – are strongly typed.

Once you realize this, you will also realize that script languages PHP and Ruby and JavaScript [ Python, Perl, etc ] fall under a very specific easy to find umbrella.

Conversly, C#, Java, ASP… are also very similar and could be found under the same umbrella.

Find out what type of programming you ACTUALLY do. Procedural, Imperative, Event Drive, Prototype, OO…. FIND OUT.

Step 2 – The Interview (more important than step 1) – once you’ve found the candidate, get one of your true developers into the interview. Time and again a line has been drawn between a “career programmer” and a “developer” or “geek” and a geek should know another geek, because they will share information like mating rabbits, and your “career developers” will get lost in the discussion. It’s very possible that while they are catching up, the geeks will have already devised an approach to the company’s problem.

Geeks are curious, smart, and take pride in their work. It’s a matter of pride to know why, and if they don’t, to find out, and to make it work even if the prescribed methods fail.

In their spare time, geeks are geeking, and becoming better, smarter, stronger, faster. “Career programmers” use their time searching for the next highest salary, shmoozing for a cushy course to attend, and perhaps drinking beer (killing brain cells)

“Career programmers” are only in it for the money. Intelligent or not, I’ve always found inferior results from someone who doesn’t generally care about the problem / logic at hand.

Step 3 – Architecture. Now that you have the tool, apply it to the project. A persons’ preference and specialization is still a factor, but the manager hedging that “We do Ruby” is not an excuse.

I would agree that you can’t test every framework or library can be tested to fit, but I think you would agree that a framework with a strong, open, and well-documented API is better (aside from bugs). With a true geek, API is all he requires to start laying the foundation on your application, and it doesn’t require months.

Dept of Homeland Security believes blogs are for terrorists

By Chad December 25th, 2008, under Politics, Slashdot, WTF

Slashdot submission:

An article at USA Today shows The Department of Homeland Security believes that “Blogging and message boards have played a substantial role in allowing communication among those who would do the United States harm,” the department said in a recent notice. “I just can’t envision a scenario where somebody posts to a message board, ‘I’m getting ready to launch an IED at this location,’ and the government will find that,” said terrorism analyst Matt Devost. This combined with the U.S. preparing itself for massive civil disorder makes me wonder how much longer until we are completely a police state?

Holidays – Priorities of American Culture

By Chad December 25th, 2008, under General

I can look at the screwed-up priorities and materialism of this culture and I can either feel very bad about it because it’s sad or I can joke about it because it’s absurd. Having tried both, I choose the latter.

I don’t just think Christmas or other holidays that supposedly have a religious/spiritual/otherwise immaterial tradition have become over-commercialized. I think we’ve effectively elevated making money, maybe going to school, and getting a job so you can have kids who grow up to make money, maybe go to school, and get a job, ad infinitum, into something like the purpose of existence since most people cannot or will not either find their own reason for being here on Earth or accept that there may not be a purpose at all.

Some people say that you have to decide to prioritize money over family. I don’t believe it’s quite that simple. Most of the time, going against the crowd is just a simple matter of courage, but this is one of the few areas where It’s rather difficult to make other choices when almost no one else does. Let’s assume (to make a point) that the vast majority of people are giving highest priority to work/money. If you don’t, your employer may start to see you as unwilling, lazy, or “not a team player” when you don’t want to work as many hours during the holiday season as the other employees. It’s also hard to enjoy something like quality time with people who do not value it as much as you do and have decided to go make money instead. Any real change to this system would have to be a change to the culture itself; in the meantime, all you can do is lead by example.

Happy Holidays and may you have a Happy New Year.

Outsourcing and where the U.S. is heading

By Chad December 22nd, 2008, under Security, Work

I entirely agree that individually you need to be as valuable as possible. That’s why all the CCNPs I know are working to finish their CCIEs and the CCIEs are working on their Juniper/Avaya certs. All of this is on top of their technical degrees.

The problem is that you and your “invaluable” skills really aren’t being taken into account. It doesn’t matter if firing you would cripple the company because we’re typically thinking 90 days at a time. If you replace a $150K CCIE with a $20K wannabe, then you as a manager can claim a $130K dollar “savings.” Hooray for you, here’s your bonus. When that $20K wonder takes all of your customers down — and here’s the beauty part — you aren’t blamed for it. No one is currently drawing the line between your $130K savings and the customers that walked with their millions of dollars.

The really scary part? I know a couple of people who work on municipal, hospital, and 911 systems. Infrastructure disasters there can cost lives. They’ve watched the cheap guys take down emergency systems, and tried not to think about the calls that were getting dropped as they fought to get them back online. They push the frantic calls for help out of their mind because if they let their imagination run with what an unanswered 911 call could mean…

The cheap guy’s response as they berated him for putting lives at risk? Basically, what do I care? It’s not my country.

Every one of the guys I know are putting in 60-hours weeks routinely. Hours like that mean divorces. They mean early heart attacks. They mean neglected children left to raise themselves. They mean broken homes with the societal carnage that goes with it. It’s the classic tragedy of the commons. The people who lead our country are insulated from the carnage associated with gutting our workforce. In the meantime, my country is falling apart. I’ve got a CS degree from a good University, a couple of certifications, and a decade of experience and even I am feeling the heat. I weep for those not as lucky as I.

We’re gutting our middle class. We just are, and if you don’t see it, it’s probably because you’re young. I hear your “Well, it’s not a problem if you’re the best of the best” bravado, and I wonder what you propose to do with the other 99% percent of the population, because they’re not just going to just disappear.

During the LA Riots of ’92 Rodney King and Daryl Gates might have been the spark that set it off, but that riot burned on the fuel of unemployed people. Anyone who has been to LA, more than a decade later, has seen that the damage still hads’t been repaired. I’d really prefer not to see that happen on a country-wide scale. But me and the other people around my age are worried. We’re getting that “vibe” again.

Things are stretched beyond breaking. Our teachers have flat-out given up. Our cops are showing the sort of violent and unstable behavior you would expect from PTSD. The wave of earnest enlistees that flooded the military after 9/11 have become the sort of weary jaded bastards that could put the most burned-out Vietnam Vet to shame. We are, for the first time in history, routinely using mercenaries in almost every level of our military and law enforcement. I’m seeing military families, families with generations of service, hang up their uniforms and forbid their children from serving.

Our hospitals are literally allowing people to die from neglect in the ER. Our bridges are falling down. Our electrical grid is one snapped breaker from going dark. Katrina should have been our moment of clarity. The fact that it so clearly wasn’t scares me to death.

But you go ahead, and keep humming that “I’m the best, I’m the best, I’m the best” mantra. Keep closing your eyes as tight as you can and shut your ears tighter. Find a good teddy bear, because the old man, the old man has seen all this before.

I’m terrified of where this train is going.

When I get tired of phone solicitation…this is what happens…

By Chad November 19th, 2008, under General

I used to get calls all the time from “cardholder services”. From what I gathered, it’s basically a scam where they charge you and then call up your credit card company to ask for a lower rate. Apparently, people who went in for this had their cards billed for thousands. I’ve asked them repeatedly to remove me from their list to no avail. Here’s how I finally got them to stop calling.

First I pressed “1” for a live operator. Now to fuck with them and remain consistent, I made up a cheat sheet in advance. On it I wrote a fake credit card number, an expiration date, a fake “card not present” number, a fake SSN, fake balance, etc. They require you to have at least $3000 in debt and at least $2500 in available credit on at least one card to cover their fees.

One thing they ask for is the customer service number for the card so they can call your bank, which they do while you are on hold. So, I used this page of bank ID numbers when making my fake credit card number, and I also googled my chosen bank’s customer service number (I picked Wachovia). Also I rigged the number to validate by the Luhn algorithm in case their systems check for that. This way we have a very plausible but totally fake credit card number which will hopefully pass any initial consistency checking they may do.

So I put this cheat sheet by the phone and waited for the call. Within a few hours, they called.

I answer their questions. First they ask about my debt. I tell them $9000 across two cards. I mention my “Wachovia Mastercard”. They acknowledge knowingly and ask me to “verify” the card number “starting with the 5” thus suggesting they already know the card number. All Mastercards start with 5. I give them the fake number. They ask me to “verify” the expiration date. I give them the fake date. They ask for the customer service number on the back of the card. I give them Wahovia’s number. They put me on hold for five minutes to call up Wachovia and negotiate me a lower rate.

“Wachovia says it’s an invalid number. Can you re-read your card number?” I re-read the same number. They put me on hold again for several minutes. This repeats again. I reassure them that card is valid, that I just used it an hour or so ago, etc. They try again. They get a supervisor. He tries. It keeps coming back invalid. I waste forty five minutes of at least two people’s time. Finally, as they apologize for not being able to help me, I calmly explain my ruse. What followed was a string of obscenities that even made my dog gag, followed by them abruptly hanging up.

And they haven’t called me since.