Tuesday, August 29, 2006

Christmas Decorations

Ok, I realize that the whole "Christmas is over-commercialized" thing is itself commercialized at this point, and that nobody cares anymore, but I just want to note it down somewhere, because I say I'm going to every year.

Last night, August 28, was the first time I saw Christmas stuff for sale in a store. Granted it was Big Lots, but they had a decent amount of it out, near the generic fall, and Halloween decorations. They also had the stocking instruction sheets that diagram hot to lay it out on the shelves, so it wasn't just a case of having happened upon some extras they were trying to unload.

So, that's what, only 4 months of shopping time now?

Saturday, July 01, 2006

EULA'S

I avoided bringing up the Sony/BMG rootkit fiasco back when it was big news The reasons were 1) it's a decently technical subject, and if you understand what I'm talking about, you probably also already knew what is going on, and 2) many people more technically proficient, knowledgeable, or eloquent than I have already said quite a bit about it. I do want to mention the issues inherent in the horrible EULA that accompanies these CDs, and other computer software. I dislike these one sided agreements where terms get dictated, and you have only a binary yes/no choice, usually after you've already paid for the item. Software isn't the only place these are found though, not by far. Admission tickets to almost anywhere are pretty bad, parking garage claim tickets, etc. Here is the exact text from the back of a ticket from our recent trip to the zoo.

"This ticket is issued to Holder as a revocable license which may be revoked at management's discretion for any reason including Holder's acting in a disorderly manner or otherwise violating the rules or regulations of the Zoo. The Zoo shall not be required to issue an exchange or refund for any reason including inclement weather. Holder voluntarily assumes all risk and danger of personal injury and all hazards, which are related in any way to Holder's visit. The zoo and its officers, directors, employees and agents are neither responsible nor liable for any injuries, expenses, claims, or liabilities resulting from or related to Holder's visit and Holder expressly releases each of those persons from any claims arising there from. Holder grants permission to the Zoo and its designees to utilize Holder's image, likeness, actions or statements in connection with any live or recorded video, photographic display or other transmission or reproduction without payment, inspection, or review by Holder. Holder agrees not to transmit, distribute or sell (or aid in transmitting, distributing or selling) any description, account, picture, video, audio or other form of reproduction of the visit for which this ticket is issued. Pets are not allowed inside the Zoo."

So, this license says that no matter what, they don't have to give me my money back. No matter what happens I've agreed not to hold them responsible. They can take as many photos/videos of me as they want and use them any way they want, and I don't get to see them first, or even be notified of it. Finally, I'm not allowed to even show my vacation photos, especially not on the Internet. I can't tell you what I saw, or what they have at the zoo, I can't give you my review of it, etc.

Typical all for me, none for you treatment. Do celebrities get special tickets? That can't afford (and don't allow) their likeness to be given away this freely. What if I don't agree to these terms? Am I out my money? These are the kind of things a lawyer somewhere thought up, and it gets shoved down your throat, and most people probably never even read the back of the ticket.

It's these kind of invisible, legally binding contracts we enter into so many times per day, usually without ever knowing it that bug me. America is already lawsuit crazy enough that the zoo feels the need (or the zoo's lawyers feel the need) to limit their liability, and while we are at it, let's throw some other things into the contract. Now if we get a bad review, we have legal grounds to sue. Not that we would, just in case, you know, we needed to.

Thursday, May 04, 2006

Smart Fasteners, Normal People

Ok, so I found the story on smart fasteners, as previously promised. Reading it requires free, mandatory registration, so use Bug Me Not. For the most part, the technology sounds interesting, although I'm not thrilled with the idea that my neighbor will be able to disassemble my car without touching it, but hey, that's the price of progress!

Actually, the thing I really dislike is a sub-current running beneath the article, but never actually stated. Not only might this type of technology prevent thieves from removing your airbag, but it might also prevent you from doing any maintenance on your own vehicle. Or you neighborhood mechanic. After all, these unlocking codes will be pretty valuable, so maybe we should only let the auto dealerships have them. They should have been the ones servicing your car all along anyway, right.

Ok, now for my favorite quotes from the article, starting with the worst statement of all.

A potential security breach threat apparently doesn't exist. "I wondered what's to prevent some nut using a garage door opener from pushing the right buttons to make your airplane fall apart," said Harrison. "But everything is locked down with codes, and the radio signals are scrambled, so this is fully secured against hackers."

Now, first, this statement appears to have been made by "Kirby Harrison, a senior editor at Aviation International News, who attended the debut of intelligent fasteners at a trade show in Hamburg, Germany, last year", and not the inventor. However, that doesn't make the statement any less laughable. WEP was locked down with codes and scrambled radio signals too, and it is considered next to useless nowadays. Different situations entirely, but the point stands. As crypto experts are fond of saying, anyone can invent a code that they themselves cannot crack.

The mechanism that holds auto airbags in place is a natural for intelligent fasteners, said Steve Brown, product development director at Textron. Installing airbags with conventional screws is tedious and expensive, and it doesn't provide security. An estimated 50,000 airbags are stolen each year for resale, he said. Intelligent fasteners only respond to radio signals that use appropriate codes. This would prevent removal of airbags by unauthorized people, Brown said.

Ok, as if the first statement wasn't sufficient cause for a cracker/hacker somewhere to decide that the system would be broken (and trust me, a direct challenge like that is more than sufficient), this provides us with a financial incentive. Once the system is broken, stealing airbags just got easier. Instead of breaking in with tools, and risking leaving fingerprints and the like everywhere, walk up with your laptop, and watch the airbag disconnect from the car so you can grab it and take off, no other tools needed. Or, just steal the whole car (perhaps using this method, then disassemble the whole thing easily & at your leisure.

Wednesday, May 03, 2006

Gone in 20 Minutes: using laptops to steal cars

From Digg

A look at how thieves are using laptops to steal the most expensive luxury cars. Many of these cars have completely keyless ignitions and door locks, meaning it can all be done wirelessly. Thieves often follow a car until it gets left in a quiet area, and they can steal it in about 20 minutes. Scary stuff.

You'd think someone, somewhere would have learned by now that software can and will be broken, especially when it is protecting something of value. There was a report a while back on "smart fasteners", basically bolts & screws that can be unlocked by computer. The uses mentioned sounded interesting, but the article had the same "it can't be broken because we know what we are doing" tone that is just evident of a lack of touch with reality. I'll look for the link to post later.

read more | digg story

Wednesday, March 08, 2006

Desktop Defaults

Ran across this article on /. a while back: http://www.eweek.com/article2/0,1895,1923402,00.asp

The author makes the somewhat controversial statement that what ends up on users desktops isn't what's best, but what came there to begin with. I tend to agree, based on my experiences with "end users".

The average end user still doesn't understand exactly what a browser is, or why they would want to try a different one. To many home users especially, Internet Explorer is the internet. They do not mentally separate the program from the activity. (The tool from the task.) This is normal for first time PC users. You want to do task XYZ, well you click here on program ABC. Mentally ABC == XYZ. It's only over time and with experience that they may learn they can do the same task XYZ with program DEF as well! For some people, this is like the dawning of the day, and they begin exploring what alternate programs they can use for the other tasks they do on a regular basis. They soon learn that different programs do the same task better, or just differently, have different features, etc., and find the programs that best fit how they want to perform their tasks.

For others, this situation presents overwhelming choices, and is a very bad thing. These are the people who get frustrated with the computer when they have to choose what program to use. It's like ordering coffee at Starbucks. (Or any food from a replicator on Star Trek.) Sometimes you just want coffee, without having to add 15 modifiers to identify a specific drink. They want the computer to just do certain tasks, and do them well, without asking technical questions about how to do them. Layers of obscurity into how things work are not always a bad thing, at least, not if they can be gotten around easily if the user so desires. After all, this same principle lets you drive a car without understanding how a fuel-injection system works. Do you really care what brand spark plugs are in your car, or know if they are gapped properly? Some people do, most don't. If you had to know to drive a car, would you be finding another way to get to work tomorrow?

Usually, single task devices seem to come first, and are extended into multi-function devices, like a cell phone that can check my e-mail, browse the web, play music and movies, and let me instant message people, plus, oh yeah, call someone. However, the argument can easily be made that this is often at the expense of whatever the primary function of the device was originally, and almost always at a price of a steeper learning curve and more complex user interfaces.

However, some people just want a device that does one thing, and does it very well. Do you want your checkbook to play music and have net access built in? Do you really need a TV built in to your fridge? It is my opinion that at some point the idea of computers as specific machines we sit down at to do things will have to fade away, and be replaced with a type of distributed processing. The processing will all be done in the background out of sight, and we will simply perform our activities where they are most natural for us to do so. If I sit down at my desk at home, I can access my bank accounts and pay my bills. I can also do it from the couch or outside if I want to, but it will be what the system assumes I want to do when I sit down at my desk, based on my normal routine. The same system will display recipes for me in the kitchen, if I want, and will have my music follow me as I move around the house, but not into the kid's rooms when I peek in to pull their covers up after they are asleep.

If a system becomes this pervasive and integrated, most people won't want to know what recipe program they are running, or if their lawn maintenance software version is compatible with their new robotic lawn mower they just bought. Yes, some people will know, care, and love every minute detail. They will have custom interfaces for everything, and their houses will literally respond to their every whim. I will probably be one of these people. However, this will be the exception, because everyone else will just want it to work, and won't care if they are using Blinds 3.0 from Windows Corporation, OpenMyBlinds 4.27 from AOL/Time Warner, or GBlinds 2.7 (Beta) from Google World Domination, Inc.