SHA-1 Weakens

Bruce Schneier reports that SHA-1 is broken.  While the supposed newly discovered weakness in SHA-1 algorithm reduces it's strength by about factor of 2000, SHA-1 is still strong enough for a few years at least in most applications.  However, if you are using SHA-1 to produce artifacts whose validity is irrefutable over a long time (i.e. digitally signed birth certificate) or is of high value (digitally signed deed to a 25-story building in downtown Tokyo), then you got a problem because they are basically sitting ducks waiting to be forged.

ET Phishing: Call Home

I just received an email from Juniper Bank, supposedly a bank, saying that I applied for a Juniper Credit Card.  They used my real first name which I rarely use so they must have some info about me and managed to associate it with my email address.

Alarmed, I sent off an email to Juniper Bank.  Then I noticed a phone number (1-888-232-0780) in the email.  Before calling, I checked to make sure it's not some paid service call and found that 888 is a toll free area code.  So far so good.  I made the call.  Guess what the first thing they ask for: social security number.  Time to press the eject button.

I suspect that this was an attempt to steal social security numbers.  They could have used any bank.  Just send out an alarming email and include a phone number prominently.  When people call the number, the scam is on.

Java Servlet API and HttpOnly Cookie

Odd.  Am I the only one who  wants to use HttpOnly cookies from servlets?  Looks like Jetty and Resin are adding HttpOnly support but what about others like Tomcat and WebSphere?  And why isn't Sun adding it to the Servlet API or at least open it up to allow custom cookie extensions?

iMac Experience

I spent the last two days using an iMac G5 at work because my laptop is now practically useless for development work.  I didn't want to rush into buying a PowerBook without trying out OS X so my interest was keen.

My trouble began from the start.  How do I turn it on?  While I might have noticed the power button in the back if I unboxed the iMac but it wasn't very obvious when I started by just sitting in front of it.  When I pushed the button, nothing happened.  Hmm.  Maybe it's booting.  iMac is very quiet so it's difficult to tell what was going on.  After waiting a minute, I tried the button again.  Finally, the client's CTO came over and pushed the power plug in deeper.  A white dot appeared and iMac started booting while I cursed the crazy designer who placed the power socket in the only difficult to reach area of the iMac.  It was in, dammit, but not deep enough to satisfy the designer.

Once iMac was up, I started missing the right mouse button similar to the way an amputee might with missing limbs.  With two button mouse, I often get to take my left hand off the keyboard.  With Mac, I had to leave a finger nestled on top of the control key.  Result was an endless loop of mouse-click…oops…control-key, mouse-click…ah ha.

Anyway, rest of my experience which involved installing, writing code, and debugging with Eclipse and Tomcat, was not positive either.  There weren't any serious problems, just unrelenting trickle of minor irritations.  Maybe OS X will grow on me.  Maybe not.  Performance of iMac G5 was also not great which makes me doubtful of PowerBooks which currently ships with G4.  When PowerBook G5 is released, I'll revisit, but I won't be buying a PowerBook until then.

As to raves by others about the Mac and OS X, I guess one has to fall in love.

North Korea

North Korea announced that it has nuclear weapons.  While this is hardly news, public announcement makes it important.  As I mentioned in a Dave Winer's morning coffee podcast (can't find the link just now but, fyi, it was recorded during a NDA-covered event at Microsoft ;-p), I don't think North Korean regime has any intentions to give up it's nuclear weapons nor shutdown it's nuclear programs.  I believe they see the six-nation talk only as a way to buy time and gain resources while the talk is going on.

Serious military and economic confrontations with China lie in the path to nuclear weapon free Korean peninsula.  The biggest ball in those confrontations, economy, will also be the best card to play in a game of who has more to lose: China or US.

IMHO, the best strategy is for Bush to not only talk about possibility of direct military actions but also sharply escalate war talks, enough to make economic losses seem as real as the sunrise tommorrow.  In simpler terms, Bush has to bluff seriously to force China to throw away the hand: North Korea.  Then he has to blockade North Korea, with China's cooperation, until North Korea implodes.  Lots of sacrifices will be needed, but I think this is the best although not the most wishful solution.

Next Generation of Mobile Platforms

I think the conditions are right for a new type of mobile application platforms to emerge in the near future.  What makes these platform unique is that they will run on anything with a small LCD screen and a handful of buttons such as MP3 players, cellphones, cameras, and maybe even the digital thermometer.  Some of these will have jacks, others will use one of many wireless capabilities.

A simplest of such platform is InfoStick, a simple pen-size devices with a single line of LCD, a button at one end, and application-specific I/O device at the other end.  All it does is correlate information collected from the 'business end' with information being emitted nearby (i.e. business card, price tag, or patient record with embedded RFID tag) when its button is pressed.  For example, a thermometer InfoStick allows temperature to be automatically associated with a patient being examined.  To download the collected info or upload new filters, you set it next to a universal charge and sync station overnight.

Carly Fiorina

I am happy to see that HP board finally came to their senses and booted Carly.  Many of her decisions and visions seemed wrong to me, driving forward recklessly and leaving the company unprepared for what was to come.  She wasn't happy driving a good old farm tractor so she smashed it against a rundown city bus and tried to drive what came of the mess like a K-mart sponsored race car.

CHKDSK and Maxtor OneTouch

I had a bad file on my Maxtor OneTouch drive so I ran XP's error correction tool on the drive.  But since then the laptop to which I usually connect the drive slowed down drastically to a point where the laptop was rendered useless and a source of noise as well (it's two fans were on all the time).

Typical solutions on XP slowdown didn't fix the problem but, when pulled the drive as well as the USB adapter (the laptop came with only USB 1.0 support) and rebooted, the problem disappeared.  Reconnecting the drive made the problem appear again.  Since there wasn't any process that was causing the CPU load, I think it was something related to the drive at the driver level.

Now the drive is connected to my desktop and seems to be working just fine.  I'll just have to remember not do check the drive for errors.  Backup storage you can't check for errors makes no sense but 250G is 250G.

Update:

It turns out XP on the laptop is still slowed down and useless.  It just starts up at the normal speed IF the Maxtor drive is not connected.  Looks like a torturous path of try-this and try-that and ultimately reinstall or reformat awaits me.  If I do have to reformat, I might turn it into a Linux laptop.  Getting too tired of Windows these days.

Micro-Content Business

What interests me about micro-content business is that the dynamics of micro-content business differs drastically between free contents versus paid contents.  Free contents are consumables.  Paid contents are properties.

Thinking of paid content as property is an emotional perspective.  I paid for it so I must own it even though it cost me only a quarter and its existance is tenuous.  Thus I think the best business models for paid content business must leverage this human weakness.