Main | « April 2004 | June 2004 » | Archives
The law won
Looking out for the disadvantaged is a longstanding, if somewhat unevenly applied, veneer on the American legal tradition. Even our symbol of justice is a blind lady (I know she's only pretending - just go with it). While much of the time, this outlook is a welcome assurance that we live in a civilized society, sometimes it’s a bit too earnest and silly. While doing some research into European commercial office regulations (as a service to my readers, I will not provide the link), I was reminded of an interesting run-in with the corresponding U.S. rules.
About two years ago, when CoreStreet was just over a dozen people, our offices were two adjacent rooms in a (not very recently) renovated 19th century commercial horse stable. It was an inconvenient setup because even though the two rooms shared an interior wall, to walk from one to the other required going out one door, down the long hallway and in through the other door. This added a couple of hundred feet to the walk and required fumbling with keys two times per trip. Among our neighbors on the floor was some sort of “training” center. We never figured out what they taught, but judging by the condition of the single common bathroom, it may well have been toilet training. We kept our doors locked at all times.
When I finally got tired of the constant locking and unlocking, I asked the landlord if we could just punch an opening through the interior wall and connect the two rooms. We would even be willing to prolong our lease. The landlord agreed.
A few days later, we ran into a snag. The floor layout permitted only a single place where an opening could be constructed, and the space would be a tad too narrow to comply with ADA (Americans with Disabilities Act) standards. The landlord couldn’t put in the door because it would not be wheelchair accessible. I proposed that we leave off the door and just make it a hole. That wasn’t good enough. I pointed out that the new plan would actually improve wheelchair accessibility because it’s easier to drive a wheelchair though a narrow doorframe than through the current configuration which, I reminded the landlord, was a SOLID WALL. Plus, anyone who couldn’t get through the new opening could always use the existing hallway doors. The landlord agreed that this was plausible, but upon consulting with the experts decided that it was still not legal to punch a hole through an interior wall of his own building.
In the end, everything worked out for the best. We were forced to relocate to our current and much swankier digs. Now, in addition to wide open spaces, big doors and spotless bathrooms, we actually pay less rent per square foot due to the drop in prices from when we signed our first lease to when we signed our second.
Who says that government regulation hurts small business? Well, our first landlord does, but what does he know?
May 31, 2004 | Permalink | Comments (1)
The Phisher King
Proving the adage that the simple wheel get the worm (err, that’s not right), the past three days have seen SpoofStick featured in The New York Times, Business Week and The Boston Globe. The Times even included a nice screenshot in the print version. We’ve had to increase our server bandwidth to handle the demand – around 20,000 copies have been downloaded so far.
I’m running dangerously low on “Phish” puns. Do the tech-media community a favor and send some in. Thanks to everyone who’s tried SpoofStick.
May 27, 2004 | Permalink | Comments (3)
Deceptive Software ISLAND
Last week, the Google Blog started soliciting comments on Google’s “Proposal to help fight deceptive Internet software.” The proposal is directed against spyware, adware and other annoying and/or dangerous practices often found in “free” programs. Google’s recommendations consist of basic standards of notification and behavior that vendors ought to implement when distributing software over the internet. I wholeheartedly agree.
I’d like to propose a rating system to help users identify dirty software. It works like this:
Each program is given a score of “0” to “5” in six categories of annoying or deceptive practices. A score of “0” in any category means that the program does not engage in the practice at all, a score of “1” indicates fairly benign activity, while “5” connotes significant perfidy. To help you remember the six categories, I consulted the Internet Anagram Server and realized that they spell ISLAND. Here are the six categories along with what installers would say in an honest world:
In the Walls
This software installs uninvited guests which will scurry around your system's innards to be only occasionally glimpsed when a program crashes or you move a window suddenly out of the way.
(1 = Installs a discreet shortcut for a helpful utility or company catalog in the main software's program menu. 5 = Installs multiple, unrelated programs that hook into the registry, run in the background, and are difficult to uninstall.)
Spy
This program watches your actions and sends them back to the mother ship. It's just our way of looking out for you.
(1 = Actions directly related to software operations are anonymized, kept in aggregate form only and never shared with third parties. 5 = Wide ranging data, including personal information, is collected, linked to your identity and sold to third parties.)
Limited
We've removed some features from this free version of the software, so you won't get to where you want to go without buying the full version. Don't think about this until you've already put in half the driving time.
(1 = Some advanced features, which only power-users would need have been eliminated. 5 = Fundamental features, such as the ability to save your work, are missing.)
Advertising
This software will display advertisements on your screen. It may be "free", but you'll pay with your eyeballs and your attention span.
(1 = Displays a single, small, not-animated ad as part of the program UI.
5 = Pops up ads disguised to look like error messages in new windows all over the place with no indication of what's causing them.)
Nag
This free software will periodically nag you to spend money on the full commercial version. If you were a good person, you'd send us money.
(1 = Discreet button in the UI that accepts a voluntary donation. 5 = Modal dialog box with an increasing delay that demands payment before you can continue with the program, eventually totally disabling all use.)
All Your Default Are Belong To Us
We know that you've been too busy to get around to changing your homepage, media player and download manager settings. We'll take care of that for you. You're welcome!
(1 = Program makes itself the default viewer for only the type of file its primarily meant to handle. 5 = Any settings that can be changed to make you see more of the vendor's products, will be changed.)
After scoring each category, the total points are added up, multiplied by three and subtracted from 100. So the best possible score is 100 and a program that commits egregious acts in all ISLAND categories will score a 10.
For example, SpoofStick, which doesn’t have any ISLAND misfeatures, scores 100.
I’d guess that a fairly clean piece of shareware would come in at 94, and scores below 82 are pretty lousy. Now all we need is for somebody to rate every single piece of Internet software and establish a trusted registry.
Who's got free time next weekend?
[My friend Igor Rivilis recently wrote about his experience with software annoyances here. I think there’s plenty of great free software out there, but the bad stuff seems to be getting out of hand.]
May 25, 2004 | Permalink | Comments (0)
I’ve been called strange things
In perhaps the most latitudinarian use of the word in recent memory, InfoWorld magazine has named me one of “This year’s heroes of IT.”
The award article, titled “CoreStreet targets massively scalable validation”, is a great description of our goals and work. Surprisingly, it has nothing to do with SpoofStick or this blog. The article points out the pioneering work done by Dr. Silvio Micali, but each member of the CoreStreet team has also made indivisible contributions to our accomplishments. In particular our CTO, Dave Engberg, should be singled out for doing the work of ten men - ten men not entirely unaccustomed to work, either.
The other eleven winners are extremely impressive and, while thankful for the recognition, I’m trying to find a reason why I’m included in their company. For example, Miguel de Icaza created Gnome; I once installed it.
Now if you’ll excuse me, I’m going to make a “Hero of IT” costume and maybe go wrestle a bear.
May 23, 2004 | Permalink | Comments (1)
I have an educated family
My brother Mark has just graduated from Columbia. My pride in his accomplishment is not at all lessened by the observation that the university seems to have merely cut-n-pasted his name into nonsense baby-talk stolen from a blogger.com template.
(Sigh, and the whole page in ALL CAPS to boot. What Would Tufte Say?)
May 20, 2004 | Permalink | Comments (1)
Word Blotto
Working at CoreStreet, I’ve developed a nose for simple and elegant cryptography, and a recent project by Claire Whelan and David Naccache of Dublin City University smells mmm, mmm clever. The researchers subjected declassified government documents with sensitive words blotted out to an obvious-in-retrospect process:
The first task is to identify the font, and font size the missing word was written in. Once that is done, the dictionary search begins for words that fit the space, plus or minus three pixels, Naccache explained.
After that, a bit of common-sense human intervention was sufficient to deduce the hidden words.
This is going to cause a lot of heartburn in the intelligence community. There are staggering quantities of word-blotted documents crammed into government archives and the “Dublin Technique” puts many of them at risk. I would be a bit surprised if word-blotting ever stood up to the type of serious cryptographic, linguistic and contextual analysis that important US documents are subjected to by rival governments, but Whelan and Naccache have put potentially sensitive information within the reach of the unwashed masses. Almost as bad as the exposure of compromising words is the confusion that’s likely to arise as media organizations mine ambiguous results from blotted documents and select whichever “hits” match the conspiracy theory du Jour. What’s good for public transparency is sometimes bad for public safety.
There’s talk of changing document censorship techniques, but no easy answer exists for files available primarily on paper. Perhaps this will add another incentive to move all government records into the electronic age. I have a feeling this little academic pebble will make some interesting ripples.
It’s a shame that instead of blotting, Nixon had the paranoid prescience to make sure that his more picturesque utterances were replaced with “[expletive deleted]” when his White House tapes were transcribed. A “Dublinized” version of those conversations would make for mighty good C-SPAN.
May 19, 2004 | Permalink | Comments (1)
I fear for my job
My social contract stipulates that I buy consumer robots, so I was particularly interested in seeing how Wow Wee’s much anticipated Robosapien lives up to its hype. The Robosapien is a $99 remote controlled toy robot aimed at eight year olds and their developmental equivalents. I picked one up at BestBuy and brought it in to torment the office.
The Robosapien’s clever visual design gives the appearance of a lot more articulation than his seven motorized joints (two in each arm, one in the torso, one in each leg) actually permit. His loud motorized grunts make him poorly suited for “desk toy” duty, which seems to be a demographical oversight on the part of the developers. His programming mode is hokey – you can string together many actions but there’s no flow control of any kind. Still, I’ve seen people refer to HTML as a “programming language”, so I’m willing to give Wow Wee’s marketeers a pass. It’s no AIBO, but at 1/20th the price, it’s a fun and impressive diversion.
More disturbingly, the Robosapien can stumble around the room, pick up a coffee cup and respond to sudden noises. That’s pretty much my whole management style, so I’m starting to feel inadequate in front of the staff. Maybe I should look into enrolling in an executive MBA program to sharpen my leadership skills. Either that, or Robo is going to have a nasty accident on the front stairs.
May 18, 2004 | Permalink | Comments (10)
Thanks for the new look!
I've been bemoaning my lack of design skills for a while now, so when Allahpundit - arguably the blogoshpere's most celebrated image wrangler - offered to help spiffy up Vastly Important Notes, I didn't ask too many questions.
I'm very fond of the new design. How about you?
May 16, 2004 | Permalink | Comments (0)
Wireless Access Pointless
Mark Ayzenshtat has written about his adventures leeching wireless internet connectivity while driving through the pre-apocalyptic landscape of suburban California. I'm not sure if this is a good or bad thing.
Setting up Wireless Access Point (WAP) security is pretty cumbersome and the results are brittle. Wireless devices randomly stop working and need to have their encryption keys re-entered. What's worse, different manufacturers seem to use different passphrase hashing algorithms, so you pretty much always wind up manually typing in hex strings. To make the process extra-tragic, some confused product designers have tried to "add security" to the process by making the GUI key entry boxes display only blanks (like most password fields) and/or disabling cut-n-paste functionality. This guarantees that you'll have to type in a long string of numbers and letters several times, and still never be exactly sure of why your WiFi doodad isn't working. Whenever I see such design, I am tempted to violence.
Not only is securing a wireless LAN difficult for most mortals, but there's very little motivation to actually make the attempt. You probably won't notice the bandwidth drain of someone leeching from you, and virus and worms are best combated at the firewall and PC level. You and your neighbor might actually be better off sharing the same access point and not having two separately encrypted networks fighting for the radio spectrum.
When something is both difficult and unrewarding, the masses will eschew it. That’s why most people don't read the fine print on medical forms and why they don't secure their wireless networks. My own 802.11b access point recently gave up the ghost host, and I haven’t bothered to replace it because I can usually see three or four unprotected wireless networks just sitting in my living room.
Of course, if you keep your wireless network unsecured, you never know who might get on it. That’s a little disconcerting, but the physical network has always been a weak security link because it’s hard to know who’s listening in; and that goes double for wireless. You need to secure each computer and the important data regardless of whether you turn on encryption on your WAP or not.
Who suffers from this furtive air sharing? I suppose the WAP manufacturers would sell more hardware if everyone had to buy their own access point, but that doesn’t seem like a good enough reason. After all, the pump lobby doesn’t get to force all of us to dig our own water wells. Internet Service Providers (ISPs) suffer some economic damage, because they typically charge a flat monthly fee for unlimited data usage and freeloaders, err, cause more load. For free. ISPs can try switching to a metered rate, but that approach hasn’t worked well in the U.S. market. A couple of years ago most service providers solved this problem by restricting access to just one or two specific computers registered to each account. That cost too much money in tech support calls when stymied customers tried to hook up new computers, so the practice has been mostly dropped. Either way, economic damage to the ISPs is a business issue, not a security problem. The companies should figure out how to fairly charge for their services, not lecture consumers on sloppy prevention. There are enough real security issues vying for consumer attention as is.
I’m looking forward to the day where I can reliably get wireless data service everywhere, without having to build my own private piece of infrastructure. A crisper understanding of who we’re trying to protect, better adherence to standards and some smart new technology will get us there. A chicken in every pot, not a mini broadcast tower under every desk.
Mmmmmmm, potted chicken.
[Brant Chamberlain wins the impromptu, "Quick, i need a geeky euphemism for a piece of hardware dying" office contest. His first suggestion was even funnier but, alas, not suitable for general audiences.]
May 13, 2004 | Permalink | Comments (3)
Peek, Poke
If that title brings back squinty memories of typing in hex code from the back of a borrowed computer magazine, check out this little ditty. [Thanks Gizmodo.]
For the rest of you, move along. There’s nothing to see here.
May 11, 2004 | Permalink | Comments (0)
