Category: General

Woes of Big Holidays

Egad.  One down, one more to go.  I hate big holidays because the big ones are actually three in one: Blah Eve, Blah itself, and After-Blah Sales Day.

On Blah Eve, my wife expects me to pay attention to her.  That means lots of kisses and lip service.  I wonder if the word Eve being the name of the first gal had something to do with this.

On the Blah Day, my wife expects me to pay attention to the family.  In modern terms, this means doing far more TV watching than my usual 30 minutes a day.  The worst part is that TV programming really sucks on such days.  Radio is even worse.

On the After-Blah Sales Day, my wife expects me to be invisible.  Actually she is the one that does the disappearing act from dawn til dusk.  If I happen to get up too early, I get the deathray look.  This morning, I got up just as she was putting on her shoes to go out shopping.  Oops.

Scoble Hunt

Scoble is getting a lot of heat for his Hi Bill post.  I don't see why they think he is crazy or accuse him of insulting the Windows Media team.  The only part that rubbed me the wrong way was the firing part.  The rest is just a post written by an employee who cares enough about the company he works for to hang his balls out the window.

Who cares if his suggestions don't make sense?  That's his blog.  Should bloggers be restricted to writing posts that make sense to everyone?  Well, up your foobar if you think so.

As to what I think about his post, I think his suggestions are good.  Good, not in the sense of success or brilliance, but in the sense that such change will be good for Microsoft even if the project fails.  Like people, companies don't learn or evolve while doing the same things the same ways.

Pokey Man

In case you are wondering what happend at the final poker tournament, things were going very smoothly for me until only five players were left, including me.  I had a decent size stack by that time but I made the mistake of fainting and jabbing when there were four really good players looking to score a KO.  In short, I failed to shift gear in time.

Two half-hearted plays knocked my stack down low enough for the leading player to swoop in to finish the kill.  I did receive a decent prize earlier for knocking out a former champion so my ego is still in a pretty good shape though.  Most importantly, I can now get some sleep.

Hardworking Criminals and Poker

I attended a client's Christmas lunch yesterday.  Together we were a nice formiddable cluster of forces with lots of proven talents in our own fields — engineers, executives, lawyers, strategists, and investors.  At one point we talked about the current and near future security landscape and, frankly, the picture looks real good for security technology companies.

Most notable change was that the bad guys are focusing more on ways to attack at the infrastructure level, not only taking advantage of existing vulnerabilities but boldly creating their own.  For example, selling Cisco router clones with compromised firmware means they can gain full control over all the packets passing through those routers anytime they want.

With the world full of bad guys, working hard constantly to create new market opportunities for security companies, profit for those companies hangs in the balance between hope and despair.  With too much of either, disbelief kicks in.  While finding the right balance is difficult to do as a group, security technology market ecosystem is IMHO better than others such as open source market (create a useful jungle of a mess en masse, sell survival manuals and cleanup service), although not as good as the one defense companies have.

It's not just the criminals who are working hard.  Folks at Secunia have discovered another mind-wheeling IE vulnerability.  If you look at how it's implemented (view source on the page), you can see that it takes no more than a few minutes to mimick any website your want with minimal hassle.

If you are in the software business, you shouldn't despair.  The good news (?) is that highly critical vulnerabilities encourage users to update their software at unprecedented rate.  For example, this Acrobat Reader vulnerability, which allows hackers to run their code as soon as someone opens a compromised PDF file available over the web, means everyone with Acrobat Reader should update.

The added bonus for developers is that hassles of supporting legacy code can be easily blasted away with vulnerabilities (we really want to support legacy browsers, but we can't for security reasons) and creates new opportunities (Foo Explorer is full of bugs, get Foofox).

So are we winning the war against hackers?  You bet.  While the flow of vulnerabilities (hole flow?) will not stop until all of us are buried and stomped on for good measure, the good guys are making a lot more money than the bad guys.  Winning is easy if you are more flexible with the definition of 'we'.

Sorry guys.  I am feeling a little sarcastic (insanely optimistic?) today.  Maybe a nap will help.

Anyway, I have a big poker game tonight, a poker tournament finale with winners and runner ups from previous tournaments.  I attended only one tournament but managed to knockout enough players to secure my spot.  Odds are against me though.  Since I attended only one tournament, I don't know most of tonight's players and I haven't had any time to plan my strategy.  On top of that, I had only four hours of sleep last night.  So I'll have to wing it as I go and try to stay awake though the slugging fest.

Public yet Proprietary

News about Google Print raises some interesting questions.

If John has the only copy in existance of a physical book of which content not available anywhere, and its copyrights have expired, what rights does John have over the content of the book?

If Dave makes a deal with John to digitize the book's content, what rights does Dave have over the digitized content?

John owns the physical instance of the book, therefore he has full control over access to it even though he does not own the content.  Can John legally dictate terms of use over the content which he does not own in exchange for access?

Dave has a virtual instance of the book, so he also has full access control.  Can Dave provide online access to the book's content under whatever terms he dictates?

Now replace John with an public or government-funded institution.  What rights does the we have over the book and it's digitized contents?

Another twist.  Suppose Evan breaks into Dave's system, takes a copy of the digitized content, and posts it in newsgroups which Phil downloads.  Did Phil break any laws?  Can Phil use the content?

I am not a copyright lawyer so I don't know the answers to these questions.  Perhaps Professor Lessig can answer.

To me, ownerless doesn't mean community property.  It means free for the taking.  Google is doing exactly that, taking.  I have mixed feelings about what they are doing.  On one side, they are making new information readily available which is good.  On the other side, they seem to be claiming stewardship over orphaned information.

Ulcer and Cabbage

I woke up to a painful case of ulcer this morning.  Too much stress and spicy food I guess.  None of the usual over the counter medicine relieved the pain.  Thankfully, my wife found a home remedy: cabbage and carrot soup.  Whew.  I sure don't want to suffer like that again.  Ulcer turns your skull-shaped bowl upside down so you can't hold any thought in your head for more than a second.

Mobile Cheaters and SMS Privacy

Up to 1600 Korean students are suspected of cheating by sharing answers using mobile text messaging in the recent CSAT (equivalent of SAT in the US) exam.

The nationwide investigation started with uncovering of a highly organized ring of high school students.  The ring had been in operation for a few years and not all of the students were of exam-taking grade.  Older students directed the operation with possible monetary rewards as incentives and younger students helped out as answer distributors.

With high price for failure, cheating in exams is nothing new in Korea, with private sessions by teachers and impersonation by college students being more popular way to cheat.  It's ironic that Korean students ranked first in problem solving (Liechtenstein?) according to a recent survey.

The investigation widened when the police mined the archive of SMS messages sent during examination and found that a simple string search with sequence of numbers representing answers to multiple choice questions turned up hundreds of suspected text messages.  This sparked concerns for privacy as well, so Korean mobile providers say that SMS messages will no longer be archived.  I don't quite trust them to do that though.

 

AdSearch

I was talking to a client recently when a crazy idea hit me, AdSearch.  The idea is to build a Google-like service for ads: AdSearch.  Crazy indeed but with billions of dollars being spent on advertising, enough of us want things belatedly because each ad lays an egg in our mind that could hatch any moment.

Throw in discount coupons and sales into the mess and you got something desirable…I think.  AdSearch…a must destination for pre-purchase search.  Hmm.