Tuesday, December 13, 2011

Something broke Outlooks meeting organizer, again.

As a public service, I pass along some info from today's work activities.

I have discovered that something has changed everyone's Outlook calendar settings (in our organization, at least, some recent update perhaps?), without permission.

If you organize meetings using Outlook, you need to check and/or correct your settings, here is how..
In the Main outlook window, go to
Tools | Options

Then click on Calendar Options, and uncheck "Allow attendees to propose new times for meetings you organize"

Once this is unchecked, you can OK your way back out, and all new meetings should be safe from proposed changes (which have the un-intended consequence of wiping out the original meeting request, and any attachments or history included with them).

I have not found the exact cause of this change, and will continue to investigate, to prevent its recurrence.


Thursday, November 24, 2011

Ramble of the day... Starting with Why we need general purpose computing


The end of general purpose computing has been written about before, but with the trend towards devices like the iPad and tablets running "apps" of all shades, we're rapidly moving away from running code of our choosing, and moving toward a word of walled gardens of curated choices for software as a service.

The underlying problem pushing us towards this unpalatable end is security. We're giving up our freedom for security, and it seems like a good trade for many. As long as there is a heavy counterweight of machines which can run anything, it's likely to remain a good trade, as you can always move back. However, this option will be closed off, just like the Borders bookstores that were no longer profitable because people chose to actually make their purchases at Amazon while browsing in their stores.

The fact that it's pretty much impossible to keep a computer virus free, and the DLL hell that people aren't even aware of (it manifests itself when you install a program and everything else stops working, and you can never get back to normal), combine to make general purpose computing a very unpalatable choice. Unfortunately, the only way we can maintain our civil liberties is to keep ownership of our information, communications, and privacy. This is not possible in a world where were everything is a closed up "app".

It doesn't have to be this way... really.  Computers can be secure, easy to use, and general purpose. The problem is the underlying design choices made a few decades ago that are baked into all of our operating system choices.

It's a more general problem that just our computers... we're in the middle of a long rush towards being a consumer of everything, with no effective means of production, which is like being a turkey on a farm. Lots of great food every day from the nice supplier, then a very unpleasant ending.

We need to be smarter than the turkey... really.

We need to be able to make everything we use, all the way up and down the supply chains, lets they become chains of bondage.

We need to be able to repair instead of replace for a larger percentage of cases.

It's looking to me like the "cold fusion" of the 1980s is actually close to fruition. If (90% odds) it works out to be true, there are some economies of scale which will fall apart, making new opportunities for their replacements.

If power can be supplied locally at a lower cost than the grid, there are lots of towers, cables, transformers, pipelines, generating stations, etc... that will need to be decommissioned. The amount of scrap metal will be immense. Of course, the supply requirements to build millions of generators may more than equal this...

If you had free electricity, by the megawatt, what could you do that is not currently feasible? Extracting metals from minerals comes to mind as one of the first things that would be far cheaper.

It's worth revisiting the natural abundance of elements to see what is really available if energy isn't an issue.

Facebook is another example of the trend towards a service, blogging used to be something done by those that had their own web sites, then blogger became popular, then RSS made it easier to keep up with many sources, and now Facebook is the biggest aggregator of them all, and blogging is fading away, a bit.

Wednesday, November 02, 2011

Google screws the pooch with Postini.

We've been trying out Google Apps for Business for a while, as a back burner project.... and now we've decided to look more closely at our options, and found a happy combination that we decided to go with...

Google Apps for Business and Google | Postini Email Continuity.

This would give us Google Docs, Groups, etc... and syncing of Contacts and Calendar along with Email between our Exchange Server and Gmail.

Everything on the web shows this scenario... a nice picture of a good platform to run our business on top of...

Except, Google doesn't understand platforms, even a Google insider has said so

After being forced into a reseller channel, and fighting to get an actual human on the phone, it turns out that you  CAN'T have Google Apps and Google | Postini Email Continuity together.

Why?  Nobody knows why, the salesman thinks it's nuts, and so do I.

I'm pissed off, and very disappointed. Now I'm worried that I look like an idiot for even proposing what turned out to be vaporware to the two layers of management above me. Google just burned through a lot of goodwill with this clusterfuck.

So, here I sit looking for a better way to do IT for a small business, while tolerating crappy internet connectivity from two different providers, and no easy way to sync it all up into the cloud in a non-home brew manner.

Google and Postini have really screwed the pooch on this one. I wonder who will fill this need and eat their customer base for lunch?

Sunday, October 30, 2011

Intertubes refreshed...

I've switched hosting plans at 1and1 from Windows to Linux, and in so doing I lost a lot of customization related to domains I have for various ideas.  Intertubes.org is back on the air, though there isn't much there right now...  here's the latest writeup which I posted in a comment to a story by Dave Winer over at Scripting News.

A while ago, I came up with the idea of a "tube" of stuff (at the time the internet was being described as a "set of tubes") and thus begat intertubes.org

The basic idea is to have a metadata file which keeps track of the files that belong to it, and synchronizes those changes to / from other copies of the tube. Example use cases include being able to share all of my photos (currently 336,637 files in 460 Gigabytes), in a sane manner... like this...

I give someone a copy of the tube containing all of my photos, it's basically just a metafile, taking a few k to hold the root information, and a revocable key which allows the holder of that copy to access some or all of the original tube. This gives them access via an api (hand waving here...) to get a list of all the files, and pointers to resources such as a thumbnail connector which can generate arbitrary sized thumbnails and send those instead of the originals.

Once the person I've given a copy of my tube has it, they can start to browse, at first they just see the list of folders, then they could start to dig (assuming an internet connection on both ends)... they would see thumbnails once they went into a folder (retrieved using their copy of the tube's key), which would then be stored locally, or however their policy decided to handle it.  If they liked a thumbnail, they could get larger sizes, or the original.

Once they actually view the photo, they might wish to tag it, add notes, etc.... this new metadata would be synced back to the original tube, if they had the proper permissions. (why not, it can be revoked?)

Thus, I could share all my photos, and not have to give someone a 500GB drive and pray they were willing to wade through it.

This concept of a shared metadata pool extends the idea of RSS (as I understand it) to be a two way communicating container of objects AND their metadata. (The metadata is the valuable part that always gets lost when you have to push single files to people)

This could work for any number of types of files, video, music, documents, etc. It would just be some text files and API calls, it would be totally transport agnostic. Sneaker Net, TCP/IP, HTTP(S), FTP, BitTorrent, whatever works.

I think that you, Dave, have the wisdom to push something like this past the crazy idea stage towards something that people could actually implement and use... I'll keep the idea alive as much as I can as well.

What do you think?

Wednesday, October 26, 2011

1% above the law, NOT the top 1% pay grade

There seems to be a lot of (deliberate?) confusion in the media as to what the Occupy Wall Street movements around the world are about... here's a reply I posted to one person's story about it.

No, it’s not about money, it’s about CRIMINALITY…. the blatantly unequal application of the law for the use of state insiders against outsiders.
Trying to make this an income issue is an interesting propaganda tactic being pushed by higher levels of the media, etc… but doesn’t reflect the views of anyone who thinks about it for 2 seconds, as you so forcefully pointed out.
When Bankers sell investments they know are going to implode to their “clients” and then make big bets that the implosion will happen, nothing happens outside of a small fine that might be 1% of the profit they made, if it ever does happen to get investigated.
Corporations got a special law passed which makes it impossible to find out what they are using in industrial quantities when they hydro-fracture the bedrock under the water tables of our nation, yet when an Amish farmer tries to sell “raw milk”, which used to be commonplace, the get a swat raid.
It’s about 1% being above the law, not the top 1% pay grade.

A letter to the editor that I hope helps...

I just emailed this to 'triblet@bayareanewsgroup.com', and I hope it helps them relate to the internet better...

I have some friendly advice, and I hope this helps you make sense of some things you might not have expected...
It's now getting lots of inbound links from the internet, bypassing all of the navigational structure that your regular readers would use to find replies, updates, etc.
If the opinion of your paper hasn't changed.... say so in an update, if not, you really need to add it to this story... at the same URL, not a new one.
As it stands, everyone is going to assume you have no sympathy at all for those harmed last night.
Like I said, I hope this helps.

More censorship on the way

Well, the 0.1% are at it again, they've decided we need to pay for the White Album a few hundred more times, and are willing to destroy the internet to make it happen with a new "Protect IP" act.

I'm tired of worrying about this stuff, and I've come to realize that we are going to win in the end, as this will just take a few more bricks out of what is left of the "consent of the governed" they still have left as a foundation in Washington DC.

We're nearing a tipping point, it's going to be long and ugly, and you can't count on winning.... just worry about your survival, and helping your friends and family make it through... just like during the first Depression.

Wednesday, October 19, 2011

Waiting for a Lytro

Ever since I heard of Lightfield Photography, I've wanted IN. You can focus through objects, focus after the fact, and a lot more that I haven't discovered yet. While I've wanted my own microlens camera to do experiments, the cost was just too far out there for me.

So I did what any good hacker would do, I started experimenting with my single camera from multiple view points. At first the photos really sucked, but they've been getting better over the years.

You can see some my virtual focus images (which is the end result of all this) in this gallery at Flickr.

SO, The Lytro camera has finally been announced. I'm ordering one as soon as I can.

It's a consumer appliance version of a camera, far from what I expected, but also FAR cheaper than I expected, and much more user friendly.

The big feature of this camera is that it captures a "light field", which is to say that it takes multiple photographs of the same scene from slightly different angles, all at the same instant. The raw data is then stored for later processing (later being milliseconds or years)... to render it into a 2d image along a selected focal plane.

They chose a configuration which doesn't require any mechanical focus system, which means you can grab images as soon as the CPU in the camera is ready... no hunt and seek focus in the dark. This is a big time plus if you've been frustrated with the shortcomings of "contrast detect" focus used on almost every "point and shoot" compact digital camera.

There are a lot of design choices that I don't get, but I don't have one, and I haven't used one, so I'll have to wait and see how well it actually works.

It will be fun, even if we have to wait until version 2.0 of this technology.

Sunday, October 16, 2011

The Snitch who was a cover story

I don't believe the story about the Guy who Snitched on the Occupy Wall Street protests...I have a different theory...

I think there is a much simpler explanation, that we're not supposed to figure out, because if we do, we can route around the damage, which would tip the scales towards justice, and we can't have that now, can we?

Remember Echelon?
How about Carnivore?
How about the secret rooms at the Telephone Company offices?

The Onion (which is a satirical publication)... has the best illustration of this in their story about the CIA funding Facebook.

(Update) - I think they simply scan everyone's communication for keywords which indicate dissent, and then dig in closer... it's quicker and cheaper, and more effective than random human offers of information.

Total Information Awareness is what they used to call it...

If my thesis is correct, and this is the result of monitoring and not human factors, instead of just mis-trusting each other, we simply need to encrypt our communications, and prevent this system from working against us while maintaining its advantages of quicker communication.

It's a theory... and words are cheap...   take this with a grain of salt....

Thursday, October 06, 2011

Chicago Ban's cellphone use while bicycling

Chicago has banned the use of cell phones while actually riding a bicycle.. (not at rest).

Here is the source, which I include a copy of below. I'm a big believer in linking to the source documents, which nobody in the media is apparently willing to spend the time to find.

Committee on Pedestrian and Traffic Safety
September 8, 2011 City Council



SECTION 1. Chapter 9-52 ofthe Municipal Code of Chicago is hereby amended by adding
a new Section 9-52-110, as follows:

9-52-110 Use of communication devices while operating a bicycle.

(a) For purposes of this section only, the following definitions apply:

"Communication device" means a device, including but not limited to a wireless telephone,
personal digital assistant, or a portable or mobile computer, which is designed to transmit and
receive electronic messages.

"Electronic message" means a self-contained piece of digital communication that is
designed or intended to be transmitted between communication devices. An "electronic message"
includes, but is not limited to electronic mail, a text message, an instant message, a command or
request to access an internet site, or talking or listening to another person on the telephone.

"Using" means composing, reading, sending or listening to an electronic message.

(b) Except as otherwise provided in subsection (c) of this section, no person shall operate
a bicycle while using a communication device. Except as otherwise provided in subsection (d) of
this section, any person who violates this subsection shall be subject to the fine range set forth in
section 9-4-020.

(c) The provisions of this section shall not apply to a:

(1) law enforcement officer or other emergency responder, when on duty and acting
in his official capacity;

(2) person using a communication device with a "hands free" device or in a voice-
activated mode, which allows the person to talk into and listen to the other party
without the use of hands;

(3) person using a communication device for the sole purpose of reporting an
emergency situation and continued communication with emergency personnel
during the emergency situation; or

(4) person using a communication device while maintaining a bicycle in a stationary

(d) If a violation of subsection (b) of this section occurs at the time of a traffic accident, the
person operating the bicycle may be subject to a fine not to exceed $500.00 which shall be
assessed in addition to the fine provided by section 9-4-020.

SECTION 2.  This ordinance shall take effect after its passage and publication.

Margaret Laurino
Alderman, 39th Ward

Monday, September 12, 2011

Reflections on 9/11

A lot has been written with the passing of the 10th annivesary of 9/11/2001.

However, the best on 9/11 I’ve read to date in terms of matching my feelings about what’s happened was this post on SlashDot (warning, lots of righteous use of profanity)


My version of things is based on that, with some reflection and a different perspective.

9/11 CAN’T HAPPEN AGAIN… it couldn’t have happened on 9/12/2001 even with no changes other that the knowledge now carried by every passenger as to the real threat posed by hijackers.

The only really good money spent since 9/11 was on better cockpit doors.

We should have responded to the Crimes of 9/11 using the International Police, and the Intelligence agencies of the world.

ALL of the warfare in response to 9/11 was wasted and wrong.

We faced down the USSR, and didn’t give up our rights, why did we let 19 guys do to us what decades of cold war couldn’t?

Wednesday, September 07, 2011

Watching the fireworks for 30 seconds

I've been criticized for not fully understanding the power of a Nikon D40 and a tripod for taking night photos... here is one example of the photos you can take with it.
I bought the D40 instead of the D40x because of it's lower "resolution" and thus much better night photos, I've never regretted the decision.

Saturday, September 03, 2011

The post with the most important idea I have to tell you today - told very poorly - verbose version #1

I have an idea I need you to understand. It is the most important, deep, powerful, realization I've had in the last 24 hours. Please bear with me, and forgive my wandering...  here goes.

The internet changes nothing.... just like Dave Rogers always says....

So I go to look him up, because it's been a while, I've been drinking RSS fed Koolaid for a bit too long...and of course...

Holy shit, it seems that Dave Rogers did it again... writes about what I'm about to say, before I say it... here... take a look.

Now I'll read that... and get back in a minute..... (time passes)...

Ok... he was almost about to say the same thing, but he too was triggered by something else on the internet... in this case it was this post at Akma's random thought.

Dave's post points out that a lot of blogging and commenting and "content" on social media is just a need to vent, rant, and express a bit of hostility in a safe manner... a manner not harmful to others.

Akma points out that when you do express something positive, it gets nowhere near the coverage that something tuned to provoke emotion gets, and it's far too easy to miss getting "credit" for things. It's also easy to slip into the "see, I was right" mode of being a cranky old man (which so far we ALL claim to be vulnerable to).

My triggering realization that brings me here was in watching this 10 minutes worth of Max Keiser, who I follow regularly, get into a carefully orchestrated shouting match with some of the "mainstream" media. It occurred to me that not only did Max correctly counter every argument thrown at him, it is very likely that nobody will learn anything new from the time spent. All that will happen is that whatever the viewers world view, it will be confirmed. 

The problem is that when you have point - counterpoint, you eventually end up talking about Nazis.. (Godwin's law)...  

No... that's not quite it..

When you have a conversational style that is all about responding to someone, in order to prove them wrong, you never get anywhere...   that's a bit closer.

Conversation is too much like warfare these days. Yeah... that's the thread...

The 10 minutes of Max Keiser in a shouting match is like watching a boxing match, and the comments, links, etc.. are all about venting steam, with almost no exceptions (I'm hoping this is the rare one).

Sporting events are breads and circuses, at least in my mind.

Now blogging has devolved into the same thing, and I think RSS makes it worse.

I'd like to figure out why, and how to avoid it.  I do have a pet theory, and I'd like to know if it's right or wrong, but most of all I'd like to tweak it to make it a more accurate theory, and more useful in fighting the crude devolution of things.

Here's my pet theory, which is certainly way off the mark, and quite possibly wrong.

There is NO good way to mark up someone else's text on the internet. This forces us to reply to whole articles, posts, videos, etc.  We need better tools. HTML doesn't allow markup of hypertext.

Here's another pet theory, from long ago...

We've tuned the things we listen to incorrectly, instead of being informed by others who expand our views, we're feeding our own biases... we're in a positive feedback loop, like the squeal when a PA system feeds back into itself.

.... time passes...

If we had ways to link our documents like Ted Nelson wanted to in the 1960s, we'd automatically get informed of their usage when others used them and expanded on them. I think that this was a cool idea, but actually won't help much, because as we've seen, tons of links make things hard to sort through.

The need to be able to categorize things, tag them, mark them up, and write in a mode that doesn't emulate a teletype with good editing features is still unsatisfied. Our tools still such (oops... back to my pet theory, from a different angle).

If it were easy to watch every place that one of my blog posts got referenced, it would make it slightly more practical to use it as a conversational medium.

If it were easier to remix what other people said, without having to resort to tons of quotes, copy and paste, and paraphrasing, it might be a bit better as well.

The more things we can do to allow time for reflection, and bias AGAINST the need to quickly reply to a topic before it dies out, the better.


We need editors, I've known that I need one for a very, very long time. The tools we've built for ourselves are all about publishing our thoughts NOW...   we're all shouting without taking time to ponder, or at least that's what I do far, far to often.


We need ways to gather up the pro and con sides of commentary, not as a means of building up an argument, but as a way of finding out the odd comment that is neither, and might be valuable to a lot of people.

We need ways to curate

A lot of this isn't technical, but if we figure out the ways we want to do something, someone will eventually automate it if enough people find it valuable.

The tools we need are not technical, just as a haiku doesn't need a compiler... it's just a set of rules.

Rules are tools

automation saves time
but what about reflection?
I love Saturday

Taking apart a problem as a means of solving it is good,
but we have to avoid pointing fingers and skipping the learning part...

I propose that we should all go back and re-examine one of our old arguments, find references to it that have something to add, and merge all of it into a new post, with proper back links.

Wednesday, August 31, 2011

Quote De Jour

Looking for a safe asset class today, is like a Soviet bureaucrat in 1989, sensing trouble ahead, looking for the directorate with the safest job. - John Robb - 2011

Friday, August 26, 2011

Cloud Gate at Dawn

It's been a long time since I did some tripod photography, here's an HDR photo of "The Bean" at sunrise.

Please call it the "fair market" from now on...

The value of Government regulation in commerce and other in aspects of life in the USA has been greatly depreciated by careful propaganda, called "framing", this is doing great harm, and needs to be corrected.

You CAN help... and it's easy... just use a better frame, every chance you get.

When you're about the write or say the phrase "free market", please say "fair market" instead. It's a simple and subtle substitution which puts the need for laws back into their proper place in the mindset when discussing such things.

Markets are a balancing act, they require rules in order to give the confidence required to trade without fear, but also the ability to set prices optimally, without unnecessary rules. A fair market maintains that balance, whereas a "free" market as defined by the right is one more like the wild west.


Notes only vaguely related to the above call to action...

1) As you might already know, any idea you have, is already on the internet, if you can conjure up the right search terms and cast the spell into Google. Such is the case with my idea for a new term, fair market capitalism.

2) There are many other frames which need to be addressed, especially "intellectual property", it would be nice if we had a place on the internet to discuss them get distribution, to counter the right-wing machinery put in place over the last 30 years. It should be fair and open discussion, with an emphasis on the desired result of getting a better framing around conversations to help us all in the long run.

Sunday, August 21, 2011

Secure Little Application Project? - Saving an idea at 6 AM

wakin' up in the moning
Gotta write now
Gotta save that idea....

ok... enough of the Friday spoof

Here's an idea for implementing a secure space for applications to run in an otherwise insecure host environment, leveraging VMware, Zen, Citrix, QEMM, or a separate physical box to run applications cut off from reality, and restricted to a strange little world, where the default answer to "can I have this?" is NO.

--- copied from my WikidPad page on my laptop ---

++ Secure Little Application Project

Slap, Slip, SL?P

Write the smallest possible operating system that fits inside a virtual machine. It would make requests across the net (or some other API) for everything, thus not able to infect the host system.

Like Secnurse, the application would be in its own address space, cut off from all the normal API calls, and thus couldn't break the host.

In it's own little world, applications would run, and request resources from a host program written in something like Delpi, C++, or whatever is convinient.

It would then be somewhat easy to provide file and folder services, not being bound to the normal rules of things, and all the hidden holes that go with undocumented "features" in the host environment.

Separating the app from the host environment is a good step
Having multiple versions of the service host to chose from helps make sure the code is clean.
Everyone can implement their own, and compete for better models of things.

Host - the PC running the VM
Guest - the application
Concierge - the program that gets everything for the guest

Thursday, August 18, 2011

Yet another story about security

Recently, managed code was supposed to save computer security. I believe it solves the wrong problem, and I think this story will help explain why...imagine this bizarre scenario:

You wish to purchase a bottle of coke at the 7/11.

So you get to the check out counter, with the bottle of coke you wish to purchase.
You put yourself into suspension so that the clerk can...
  • Find your wallet, get money out, put all but $2.15 of it back in
  • Prepare your receipt
  • Wake you back up
  • Hand you the receipt

Imagine that you grew up in a world where this was normal behavior. Sure there were some dishonest clerks, but those were few and far between. Enough people eventually complained that they started a list of bad clerks, so you could check to see if the clerk was on the list before you decided to make a purchase.

Problem solved, right? WRONG...

  • What if someone tricks the clerk while you're in suspension?
  • What if they make a mistake?
  • What if they have an accident?
  • What if they just decided to turn evil, and aren't in the bad clerk list yet?

This bizzarro world is almost precisely how we do things with computers. Instead of ourselves, it's our computer account, and instead of the clerk, it's a program we're about to run.

Now... look at how we do things in the real world...

When you buy a coke at the 7-11, you hand take your coke to the register then you
  • Offer a form of payment, let's say $5.00
  • Get change and a receipt
Because you decide the form and amount of payment you offer, you decide the amount to risk. The worst that you can do is to get the wrong change back. 

The side effects are limited BEFORE you decide to make the payment.
It's immediately obvious if you have completed the transaction.
There is no possibility of bizarre side effects, like having your living room painted a Slurpee Blue because of 7/11 decided to offer a new feature.

Why not have the operating system do it's job and enforce a scenario like this...

You have a program you'd like to run
  • Make a list of resources the program should be able to access
  • Specify read, write, modify access to each those resources
  • Present the list, along with the program, to the operating system, for execution
  • Enjoy the results
Since the operating system is the ultimate provider of access to resources on the computer, it can fairly and reliably check to see if access is should be granted. If a resource isn't in the list, the program will NOT get access to it.

The difference is subtle... giving everything by default, or by denying everything by default. Windows, Linux, Mac OS, all give everything by default. Perhaps it's time to reverse that decision.

Wednesday, August 10, 2011

The truth about computer security, a military analogy

Imagine if you could only decide if you trusted a soldier or not, a binary decision, for each and every soldier in the military, at their time of enlistment.
    If you trusted him, he had full access to every weapon and resource at our countries command, until he decided to leave.
    If not, he wouldn't have access to anything.
Would it be possible to have a classification system in such a regime, when one spy could give away everything to the highest bidder?
Would it be possible to have an effective command and control system, when rank means nothing because there are no privileges that go with it?
Would it be possible to even have a country, if one loose cannon could launch Armageddon?
No, of course not... security decisions have to be much more fine grained than that... you don't trust any soldier absolutely, it would be insane to do so.
Even the tightest background checks in the world wouldn't help, because it only takes one mistake to lose everything.
Yet we have no problem with giving that soldier (or any user, for that matter) a computer and that same choice... either trust the program he's about to run with every resource at his command, or don't accomplish anything.
Until we remove this false choice, we can never have secure computing.

Friday, August 05, 2011

Today's rant against.... ATT

I spent wayyyyy to much time on the various ATT/SBC web sites (there isn't just one, and they are interlinked) trying to find a new phone plan that doesn't end up costing almost $1/minute to talk to someone 20 minutes away.

Somewhere in between various web servers going back and forth on every click, I must have crossed over the River Styx, and began a descent into HTML hell....

After my best shot at it, I bailed out and started looking for a phone number to a real person.

I eventually found someone to CALL, and got it all taken care of... whew...

At the end of the web experience, I answered a lengthy survey about the web site(s)... here's what I said to the "what do you suggest to make things better" question:

1. Unify all of the sites, eliminate artificial (sp?) separations between local and long distance, between DSL and Uverse, wired and wireless, etc.

2. Fix naviation so that the BACK button actuall works as intended.

3. Always have support links on the page, a number to call, an email address, and a place to chat.

4. Always show where in the naviation tree things are, and UNIFY that tree.

5. Make a nice grid for showing options on phone service, even if I have to scroll both directions, it's much better than trying to work around a broken back button...

This web site is like playing ZORK, except there's no place to type XYZZY to get back to a known location.

Friday, July 29, 2011

Why Social Security is NOT an entitlement

I hear Social Security called an entitlement, and I get VERY angry... here's why

Social security is NOT an entitlement.... we've been paying into it for our whole working lives, it's the big hit after taxes called FICA. It's got a HUGE surplus, which won't run out for more than 20 years.

However... they've been "borrowing" this surplus by "investing" it in government bonds... to keep the cash flow going, since the 1960s... only now that it's about time to start pulling out of the "surplus" do they want to cut it as an "entitlement"...

In other words, we paid money in... they were supposed to set it aside for us, and now they don't want to admit that they've already STOLEN it, and it won't be there when we need it.

All of the spending to bail out banks, corporations, etc... was all out of our retirement funds... don't forget it.

Thursday, May 26, 2011

Today's political act

I wrote to my Indiana State Representative today.... here's what I wrote:

  I ask that you consider introducing legislation similar to that of the recently pulled HB 1937 of the State of Texas.
  Here's the link to their web site about the bill:  http://www.legis.state.tx.us/BillLookup/Text.aspx?LegSess=82R&Bill=HB1937
  It would criminalize the types of searches the TSA has been doing, which are in violation of the 4th Amendment of the US Constitution.

  In introducing this, you would show that you stand for the rights of your fellow Hoosiers. We don't have as much air traffic to worry about, so their is less fallout. You would also show some distance between yourself and the DC beltway crowd, which will probably come in handy soon, as they keep debasing the dollar, leaving the States out to dry.
  Thanks for your time and attention.

Wednesday, May 11, 2011

Delphi Starter Edition sucks

So we went and got Delphi XE starter edition.

The feature matrix is confusing, to say the least... but if you look at the sales page, it makes it very clear that the difference between the Starter and Pro editions is in the licensing of applications. Check the link above, or read the description yourself (retrieved May 11, 2011):

Delphi XE Starter is a great way to get started building high-performance applications for Windows. Delphi Starter includes a streamlined IDE, code editor, ultra fast compiler, integrated debugger, two-way visual designers to speed development, hundreds of visual components, InterBase Express for connectivity with the InterBase database, and a limited commercial deployment license.
If you’re an individual you may use the Starter Edition to create apps for your own use and apps that you can sell until your revenues reach $1,000 per year. If you’re a small company or organization without revenue (or up to $1,000 per year in revenue), you can also use the Starter Edition. Once your company's total revenue reaches US $1,000, or your team expands to more than 5 developers, move up to the Professional edition with an unrestricted commercial license.

The REAL difference is in functionality, not licensing... the refactoring and other reasons for upgrading from Delphi 7 are MISSING in the "starter" edition.  This is NOT mentioned here... and definitely should be. I suspect this omission is deliberate. Starter edition should instead be renamed "bait".

Oh well... can't get a refund... don't want to pay $500 to see if the next level up is more crap.

Delphi XE sucks.

Sunday, March 13, 2011

Rackspace - Web Site Design... well, just a glitch

Today I decided to investigate Rackspace to see if their model of Virtual Server management was better or not than Amazon in terms of what happens when you shut down a Windows Server.

The Website kept pushing an offer to Live Chat sales in front of me, keeping me from reading what I wanted... eventually I gave in, and was then told that Live Chat isn't available now!

If you offer it, it MUST be available, otherwise turn it off!

Design fail - not as bad as throwing away 3 hours of work, but still pretty stupid.

Ok... I jumped the gun a bit... and got to chat.

I'm told that they don't delete Windows Servers until you tell them to.

I'll be testing that this week.

Thursday, March 10, 2011

Amazon EC2 design FAIL - What, Why, and How to fix it.

This is a rant, a screed, a diatribe, a scream in the wilderness hoping to call the adults in charge to notice a major design flaw in Amazon's otherwise excellent Elastic Cloud Computing service, know as EC2 for short.

However, unlike most rants, screeds, etc... I offer a reasonable and easy to implement solution which should work well for all concerned.

What EC2 is:
EC2 lets you create virtual servers based on their hardware and networks. It's fast, reliable, and pretty flexible when it comes to getting far more computing resources in short notice than would even be possible for a small company to arrange, let alone finance, because you can pay by the hour of computing time, and the megabyte of disk storage.

Amazon offers a wide variety of Linux and Microsoft operating systems to run within these virtual servers, and they make it easy to provision new machines, or "instances".

My story:
Yesterday, I was at work, and for whatever reason, I couldn't find the instance of Windows Media Streaming I had last used on Amazon EC2 about 6 months ago that I needed for a demo. With real servers, it's obvious when you have boxes to look at, hopefully all nicely labeled, but since virtual servers don't actually take up physical space in the office, they end up just like any other misplaced computer file.

I then proceeded to create a new one from scratch. The setup wasn't that long, but my work day because a long one while I got everything set. It got worse when I figured out that the Hardware Streaming Box we were going to use wasn't using the same protocol I had previously used. I got all that sorted out about midnight, but then found out something else was amiss.  I thought it could be either the streaming box, or the virtual server that was mis-configured, so I created a virtual server in our own local network (using VMware) to divide the problem and more accurately place blame. At about 6 AM I had proof that it was the streaming box, and it had a virus. It needed to be reset to factory standards... I waited for our supplier to call back to get the proper procedure for doing so, and got everything working by 10 AM today. (Now a 26 hour work day).

I then proceeded to help everyone else test out their parts of the demo, and showed them how everything worked with the box, Amazon, Windows, etc... I was done after lunch at about 1:30PM.  I was taking care of putting the hardware away, cleaning up my office, etc... when I shut down the Virtual Server. I was looking at the configuration of it, and it seemed to be stuck in the process of shutting down (terminating) far longer than expected.

Then I couldn't find it!  (Deja vue)

It was about 15 minutes later that I found out what had happened.... Amazon threw my newly configured virtual machine away, assuming I no longer wanted it, merely because I turned it off (using the Windows Shutdown command) to save the compute costs while I wasn't using it. My reaction was one of surprise and sadness, and resignation to an even longer work shift  that was now like to stretch from 8AM to 5 PM the next day.

I'm upset about this, I understand how someone on the product team might have justified using the word Terminate to signify deleting a server, and someone else defended the decision to delete them by default, but it's not the way people use computers.

How you can relate:
Imagine if the mere act of turning off your desktop machine resulted in its disappearance and the need to set up a new one, no matter how inexpensive. This is the problem I faced.  I invested hours of time getting everything working just right, and testing it.... I had to spend another 3 hours to do it all over again.

How to fix it:
Now... here's my message to the folks who control the design of this system...

You have added a "termination prevention" system, which helps to alleveiate the problem, if the user has a clear understanding of the NON-STANDARD use of the word termination in this context. This kludge of a fix tells me that the product managers don't quite have a good enough grasp of how things work.

A far better fix, one that fits with far less ambiguity, and far less pain for all involved, is to use the standard word DELETE when describing the act of removing a virtual machine from existence.

Deletion of a virtual machine, or set of files should NEVER happen merely because a virtual machine powered itself down. It should ALWAYS and ONLY be the result of a positive direct action at the request of a user, who then gets a message warning them of the full implications of their actions before giving their final confirmation of the action.

Please take this in the spirit with which it is intended, as CONSTRUCTIVE criticism, and a possible fix.

You'll save all of your new users having to go through this painful experience, and have a better product to boot.

Update: As you can see in the comments, this design fail is making a hole for others to fill.

Saturday, February 19, 2011

Instead of cyberwar, and all that mess, let's just FIX things

I strongly believe that it's possible to reduce the treat of "cyber war" by actually fixing the security problem at it's source, our computers and servers. Imagine if it were possible to greatly reduce the number of security holes on the average pc or server. If this were the case, we wouldn't need to have politically motivated filtering and other types of control to "save us" from our own systems.

The internet is just a big network, and while BGP seems to have it's issues, with some work they can be solved. The network itself is just a "series of tubes", as it's been described in the past, and you don't have to guard the tubes if the ends are secured.

There is a deep design flaw in the operating systems and applications we use on a regular basis. Historically it's been possible to tightly control the code we run, so it was reasonable to trust the code to do its job. This assumption no longer is valid.

  • We can no longer afford the luxury of trusting our applications.
  • We can't even afford to trust our drivers with kernel mode.
  • We can't afford to trust the system processes to stick to their designated roles.

At a practical level, we have to trust some code, why not trust as little of it as possible? Micro-kernels present the smallest amount of code required to manage the operating system. There has been much research in this area, and recently there have been "proven" micro-kernels which theoretically have no flaws in their implementation of their specifications.

Now, the kernel needs device drivers and other system processes to make a usable operating environment for the user and programs. A kernel which doesn't trust its drivers must use a new strategy. One way forward is to use the concept of capabilities. A "capability" is a token / key (really, just a big number) which allows access to a resource. Each device driver, system process, etc... is given the appropriate set of keys to the resources that are required to do the job. If the key isn't present, the access is not allowed.

Thus a disk driver wouldn't get access to the internet. A clock driver wouldn't need to either. The system time demon would get access to a log file, a specific set of internet ports and addresses, and the clock. Any bug or vulnerability in one of these drivers would only affect it, and the capabilities it happened to have at the time.

Applications would have to be re-designed as well, for example, if you want to open a file in OpenOffice, the program opens a system dialog box to get the name and path to a file, it then opens the files as required. The new version would instead call a slightly different dialog box, which would them return the file handle (a capability) to only that file. The save dialog would also be modified in a similar fashion. If there are libraries required, etc... they can be included in the applications home folder. A capabilities based version of OpenOffice would thus work the same way, but be far more secure.

With this approach, we end up with secure systems that are still usable.

I think I've shown fairly well that we must re-design things from the ground, a decidedly non-trivial task, but it is the only way to avoid having government overlords telling us what code we can and can't use. If we wish to own our own systems as free men, we need to get our act together and fix things now, before it's too late and we loose the freedom to write our own code.

The path we are on ends with computers we merely have license to use, secured by the government, censored by the government, rented from big corporations, running applications we rent or buy from app stores. This is a future we need to avoid.

Thank you for your time, attention, and comments.

Friday, February 18, 2011

A tale of rules and their makers

Management had made the choice, there was no disputing it without risking his job, he had heard bad things about the new system, but resigned himself to making it work. So he started reading the documentation and signed up for the support forums. The tutorials showed how rules worked, how to make new ones, the configuration of the auto-update feature, and how to submit a rule to the pool. The system worked by freely sharing rules which helped, so at least he could get the help of his peers.

Soon he was making rules that worked, and after that he learned how to make them simple and elegant. He could make a rule that had very few side effects, and stopped the threat without much cost. The system was getting slower, but thanks to advances in technology, a new system would soon be installed which was more than twice as fast as the old one. The users were fairly happy with things, as it kept disruptions to a minimum.

Over time, he learned about the pros and cons of the other rule systems, and how they worked. He wasn't a big fan of his system, but felt the users of the others were a bit too smug in their claims that there systems were somehow much better. He knew the basics were the same, that it was just a matter of time before theirs had similar problems, and that they mistook temporary conditions as a permanent condition.

One day it occurred to him that there might be a better way to do things. A friend had joked that instead of making rules to stop threats, perhaps it would be better to have a list of things that were not threats. It stuck in the back of his mind, and the more he thought about it, the more sense it made. He tried to explain his new idea to his friends, but they thought it was silly, and it would make it way too difficult to manage things, and would make the users complain too much about things they couldn't do because they weren't in the list.

Eventually he convinced some friends to build a prototype system, it would watch what the user did, and build rules to allow those things, and had a new feature which denied everything else. The idea of denying everything was crazy, but it worked in this case. The prototype system was interesting, but he thought it should go further. He had an even bigger idea, the thought the prototype should become the standard way of doing things.

His friends and peers thought he was nuts! How could you possibly list all the things the user wanted to do? Why would the users, who were the source of profit, possibly allow his group do such an absurd thing. If the list of allowed things didn't have something they needed, they would have to stop work and tell his group and get it added to the list. Such a presumption of power was surely a foolish thing to do.

He was sure his idea was right, but it wouldn't work because of the politics of it. He then wondered what would happen if the users could add things to the list themselves? This would leave the users with a system that would allow them to do what they needed, but without the need to have his group always blocking threats. Such a system would leave his group with a lot more time to work on the other tasks they had to keep interrupting, he was sure it would be worth it, but how to convince his peers?

Well.... by writing this very story. The above is a description of an imaginary world in which firewalls lack the ability to include a default deny rule. This makes it necessary to enumerate every threat and create a rule to stop it, and to share the list of rules. In our world, firewalls do have this ability, and we (network administrators) make rules explicitly allowing each protocol and port connection from the internet to our servers.

The above is also a description of this world. This is the way we currently handle computer viruses. We subscribe to services which list rules to identify bad code fragments, and we have systems which block those fragments when they are found. The point of this story is to get you to consider the opposite... a system which trusts nothing, and lets the users explicitly choose what connections and resources a program should get.

It's called capability based security, CabSec for short.

Thank you for your time and attention.

Monday, February 14, 2011

Small miracles

I'm very thankful for the random appearance of a piece of red paper in my life this morning.

God works in mysterious ways.

Sunday, February 13, 2011

A case against arbitrary field size limits in Medical Records

Here's my IT perspective on The Doctor vs. the Computer, which appeared in today's New York Times.

The doctor in question hit an arbitrarily sized text field for inputing the evaluation of a patient, and was arbitrarily stopped at 1000 characters. The help desk confirmed the limit, and was snarky about it.

I can see how this may have been an acceptable design decision when systems had a total of 5 megabytes of space in the 1960s, but it is clearly not acceptable by any means in our current era.

I found the article via Quora, and here's the comment I wrote there:

Wow... I can see how such things happen... and that is a truly stupid situation. Hours of lost medical care to save a few megabyte of disk space across a year. 
A single photograph, let alone some MRI or CT scan data could wipe this savings out in an instant. 
The savings in this case, assuming the doctor had 5000 characters of text, would be 4000 bytes... and at today's prices of about 10 Gigabytes / $US, that works out to 0.00004 cents. Let's say it took 2 minutes to do the edit. 
Done 10,000 times per year, that's 13.8 days of medical staff time, to save a whopping 0.04 cents! 

Now... I'm cross posting it here to reach a wider audience. If you're in IT, and considering the size limits of a text field, be very sure you don't just want a memo field instead.

Thanks for your time and attention.

Sunday, January 23, 2011

UFO over Chicago???

DSC_0641_UFO Crop
Originally uploaded by --Mike--
I went and took photos Friday on my way to work. It was cold, the kind of bitter cold that makes for frozen fingers but GREAT photos.

I found this (which is a crop to show detail) while reviewing things. I'm wondering what it is. It's a UFO, right in the middle of a panorama sequence. I'll clone it out in the final output, but I am curious to what could make this kind of image.

If it was summertime, I'd say some a finch or oriel happend into the frame... but it was well below freezing, in the middle of winter.

Comments, suggestions?

Thursday, January 20, 2011

On the importance of having an editor

My last two blog posts had some points which I think are very important, but it has been pointed out, quite correctly, that they are not very coherent, and need a good re-write, which I will do.

Thank you, Noran!

Wednesday, January 19, 2011

25 years of insecurity

It's been 25 years since the first computer virus, and we still haven't learned our lesson.

It's possible to build an operating system which is both secure and usable, by changing one fundamental assumption underlying everything. It's one of the most frustrating aspects of computing, but most people don't understand the problem, and thus can't properly evaluate the quality of the solutions offered to date.

How we got here

Windows, Linux, Mac OS-X, all are based on a security model called "Default Permit". This means that unless something is blocked (by a virus scanner, for example), it is allowed to run.

Now, on the face of it, this is the obvious way that computers should work. Who would want to make it harder to run a program, after all it is our computer, and should do what we want, right?

It's when you consider what that program is allowed to do, that the situation starts to get interesting. A computer program can do anything you are allowed to do, on your behalf. If you can access your passwords, so can the program you just launched... if you can send an email, so can the program you just launched, etc.

Adding complexity to the situation further is the fact that there are a number of system services running at any given time which are supposed to have privileges beyond that normally allowed by the user, and these programs can be mislead into mischief.

Any running program runs unbelievably quickly, and it can try to do all sorts of things in the blink of the eye... so if there are any holes in security, it can exploit them without you noticing. This forces you to have to trust any program you run to do exactly what it says it will do.

In response for the past 25 years, we've grown accustomed to virus scanners, spyware scanners, firewalls, and any number of filters to try to stop bad programs, but they don't work perfectly, and in fact, they never will.

Now there are literally billions of computers all networked together, each with their own set of imperfectly protected exploitable resources, a vast ecosystem, if you will, waiting to be exploited, and it is being exploited. On the global level, there are entire socioeconomic systems which have grown to exploit the weaknesses in our computers for financial gain.

The fact that our filters and firewalls are imperfect leave us with a choice.... security or usability.

I strongly believe this is a false choice, and there is a better way.

CABsec - A better way

If the security model is flipped 180 degrees, to a default deny... security becomes a problem which can be solved. I call it CABsec (CApability Based SECurity), so Google can find it in the future.

The basis of CABsec is that at the time a program or process is to be run, a list of capabilities is supplied to the operating system with it. Just like we have icons on our desktops which are shortcuts to programs, this list could be similarly supplied and default to a reasonable range of actions. The typical user wouldn't even need to be aware of it, in most cases. Usability is not affected.

Every system process can be similarly equipped with a list of privileges. It's not necessary for a file-system to access the internet, for example... which means the there is no possibility of file system driver process being mislead into leaking information to the internet. In a similar manner, properly configured system processes can each be locked down to provide bulletproof security.

This leaves the user with a system which can actually enforce it's rules in a secure manner, without the possibility of being broken by a rogue application. The user is provided with a system which could then allow them to specify that their accounting program access one specific folder. The program would never be able to access anything else (like the internet for example)... so it would be self contained and secure.

Such a system would never need a virus scanner, because it would never trust a program, and thus a program couldn't go rogue.

A virus would find itself like the Greeks inside the Trojan horse finding that the horse had been sealed inside a layer of bulletproof glass... they could never escape to do their mischief.

It's a big project to get a cabsec system built... I thought it would have already happened, there have been hints of if with things like Midori at Microsoft, but they never pan out. I'm doing my own little bits of work promoting capabilities and least privilege. I'm hoping that this leaves you with a better understanding of what can be done, and a better way forward.

Taking back our computers.

Apparently the US and Israel hired some hackers and managed to set back the Iranian nuclear program a few years. I'm pissed that it's even possible for this type of subversion to take place, but not because I believe in the freedom to enrich uranium.

I believe that we should own our computers, and not have them subject to the whim of others. The only practical way of achieving this that I'm aware of is by using something I call CABsec,  which is least privilege, CApability Based Security.

Our current systems are based on the opposite concept... which is to allow everything, and add roadblocks in the appropriate places to prevent mischief.  It's this way for lots of reasons, including that it matches up with the way we view the world in general.

The cost of checking everything against a list of privileges is small, but non-zero, likely on the order of 1% of the computers time for a typical user, if that.  Compare that to the at least 50% speed loss caused by our current crop of antivirus and anti-spyware... and that will seem like a bargain.

It's a matter of replacing a lot of things in order to build a CABsec based system... in computer programming circles its a "Boil the Ocean" type of solution, so it's not likely to arise unless someone gets out and pushes... and keeps pushing.

I'm pushing... will anyone else help?


You can read up on the concepts, starting with the Principle of least privilege.

Saturday, January 08, 2011

Why I'm worried, and you should be too, part 1... 9/11/2001 changed nothing

A few years ago, you might have called the author of a post like this paranoid... but now you're not so sure.

9/11 Changed everything, and yet changed nothing.

9/11 was an excuse to shove the American people towards a set of goals, most of which are still not clear to me.

The economy was in the tank before 9/11 happened. People who weren't yet affected by it will likely view 9/11 as the cause of everything after that point, it wasn't.  9/11 changed nothing.

Many people believe that 9/11 provided justification for starting the wars, but they were being planned before it, just waiting for an excuse.  9/11 changed nothing.

Many people forget that the World Trade Center was almost destroyed 8 years earlier, but that there was a mistake in the placement of the charges.  9/11 wasn't the first attack.

9/11 was used as leverage to get us to do something... it's not the first time something like this has happened in our history, it won't be the last.   There is always an element in government making plans like this, for example here's one from 1962.

The point here is that government actions are consistent across time, and administrations. It doesn't matter who is elected, the direction is clear, one of growth and more control over the people.