Wait a year. If, a year from now, it turns out this is real, then pay attention. More likely, there will be minimal compliance with EU competition regulations, just as there was in the last two Microsoft antitrust cases.
I'm afriad they already hot-swapped that out for another BIOS before the reboot...
Most BIOS parts are soldered in today, rather than being socketed. So you have to open the case, find the BIOS ROM, cut a few key pins, and get the correct test clip onto the device with a suitable BIOS part on a board attached to the test clip cable.
Before the DRAMs run down. This is possible but requires substantial preparation, tools, and skills.
Easy fix: install a BIOS/boot ROM with a non-bypassable memory test of all memory. This will clear all memory at power-up before reading the boot device.
I'm not sure that search technology matters all that much. For the first half of 2007, Yahoo search was probably better than Google search. Yahoo had all those special cases (weather, celebrities, stocks, etc.) working before Google did. Yet Yahoo's market share barely moved.
What matters for profitability is the effectiveness of the advertising-delivery system. In that, Google is way ahead of Yahoo, MSN, and the little guys (Ask, Mahalo, Wikia, etc.) Yahoo top management knew this in 2006 but couldn't catch up.
If Microsoft has some great idea, it's probably on the ad side, not the search side. They control a browser, so they can put in something intrusive if they want.
I've just received an e-mail from "press@wikileaks.be" saying that they copied their press release from my Slashdot posting:
Dear X
We'd like to thank you for your post to slashdot which we have used after fact checking and a little rewriting in one of our press releases. We would have liked to credit you directly, but the post was pseudononymous.
WL
The source is a DSL line in Sweden, so I can't confirm this is valid. I've tried calling Wikileaks, but their phone line is returning a fast busy.
There's a tinyurl on the list, but I don't see how that would serve any good. It should be the site the tinyurl points to, no?
"tinyurl.com" and "notlong.com" are phishing magnets, because phishing filters don't typically block their domain. So phishing sites use them to bypass filters. Those services try to keep up with phish reports and block those URLs, but they're falling behind. We encourage them to automate the process; as soon as a URL appears in any of the major phishing databases (PhishTank, APWG, McAfee) it should be blocked by those services. "notlong" seems to be doing something like that, but it's not quite fast enough yet. Phishing URL lifetimes are measured in hours; you have to do this in near real time.
On the topic of that url, it looks pretty strange: http://0x3d.0x13.0x36.0x89/
I had no idea browsers accepted IP addresses in hex.
Yes, the IP address can be in hex. Or in decimal as one big number. There are some other acceptable legacy formats, too.
There are things that can appear in a URL that are almost never used, but appear in phishing URLs.
We have a list of major sites being exploited by active phishing scams, which we update every three hours. There are 56 sites on the list right now. Most sites don't stay on the list too long, but we still have 14 that have been on the list since last year. Most of them are DSL service providers with compromised machines they haven't kicked off. Some providers are proactive about this, and some aren't. Then there are a few compromised sites that just have no clue about how to fix their problem. One such site is the teacher web space for a school district.
By, well, nagging, we've been able to get the big players to fix their problems. Google, Yahoo, MSN, and Dell were all on the list at one point, but they've all tightened up their systems.
The points we make with this list are that 1) the number of major sites involved is small, and 2) blacklisting at the second level domain level causes acceptable levels of collateral damage. So go ahead, blacklist the whole second level domain in your phishing filters. Think of it as a way to encourage sites to clean up their act. Or as a way to find out where to apply the clue stick.
This list is about "major" sites, ones in Open Directory (1.7 million sites.)
The issue there is with attackers trying to steal the credibility of the major site.
At the other end of the scale, any domain less than a few weeks old probably isn't worth connecting to. Or at least it should be read with all executable content disabled, including HTML email. Also, any link with more than one redirect probably shouldn't be followed.
It's easier to filter out the attackers if you're willing to filter out the bottom-feeders as well. But that's another story.
In a weird development, someone copied my Slashdot posting above, changed the intro so it looks like a "Wikileaks press release", and sent it to some news outlets via e-mail. It was published by Global Integrity Commons and ZDnet as if from Wikileaks. Someone took out the first sentence about Cringely and put in "Wikileaks has discovered". After the second line, the supposed "Wikileaks press release" matches my text word for word.
I have no connection with Wikileaks, and have no idea who's behind this hoax.
At one time, when the issue of teaching religion in California schools was being discussed, I suggested that there be a "California Religion Book", put together like California ballot pamphlets.
Each religion with at least 1% market share in California would get a section.
Smaller religions could combine, if desired, to get above 1%. There'd be an introduction with neutral information (headquarters, leadership, number/percent of adherents in California/US/World, symbols, official texts, etc.) Each religion would provide text and images for its own section, with a maximum page count. Drafts of those sections would be circulated to all the players, and each could then provide rebuttal arguments, as in our ballot pamphlets. Sections would be in cyclic alphabetical order, like names on ballots.
An introductory section would contain comparison tables of features: monotheism/polytheism/other, central/distributed authority, core beliefs.
That would put teaching of religion on a sound basis.
"Cringley" missed a key element of the story. Bank Julius Baer was preparing to take their US operation public via an IPO for about a billion dollars. They filed the prospectus with the SEC a few weeks ago. "We are an asset management company that provides investment management services to institutional and mutual fund clients. We are best known for our International Equity strategies, which represented 92% of our assets under management as of September 30, 2007." They were going to call the business "Artio" (ticker symbol ART, to be listed on the NYSE). Goldman Sachs and Merrill Lynch were to underwrite the IPO.
So the last thing they needed was to be the subject of a New York Times story and all over the world press, associated with money laundering. Now the deal goes under a microscope. Their underwriters have to take a second look and the SEC may have questions. Julius Baer will probably have to file a "material event" 8-K report with the SEC. Newspaper and magazine reporters will be looking at Baer.
The question will be raised that the rather high returns Baer reports may be achieved via money laundering.
All this is happening in a down market, in which it's hard to do an IPO and in which investors are very sensitive to unexpected risk. The whole deal may evaporate, or be repriced downward.
That's not a picture of a real lamp. It's a "concept illustration" generated in some CG program.
There may be an actual prototype, but it's not as good looking. Although I have suspicions about that image; the shadows are inconsistent and the inside corners don't show a dark band.
It gets frustrating. Especially when something good is replaced by something worse. Misery is going back from Plan 9 to Unix/Linux, or from Modula 3 to C++, or from Ada to C, or QNX to real-time Linux, or LISP to XML, or BeOS to Windows.
Learning yet another API, with a thousand API calls and a few hundred undocumented bugs, is rarely fun. Especially with the trend to "ritual-taboo programming", where each new thing has a huge manual full of examples, rather than a small manual which accurately describes what each component does.
(A "ritual-taboo culture" in anthropology which refers to a culture where things are done or not done in certain ways, but the people doing them don't know why. Programming has moved in that direction.)
Press reaction is very favorable to Wikileaks. The New York Times even published the IP address of Wikileaks. There's favorable coverage in The Associated Press, the British press, the Australian press, etc. Since it's on the AP feed, it's going to be in papers across the US tomorrow. Not much TV coverage yet.
Modeling Surprise May shake up the derivatives industry, but probably won't be of general interest.
Probabilistic chips This idea goes back to the 1970s, and it comes around every time the semiconductor industry has a yield problem. But so far, the fab people have solved their yield problem before this became necessary, except for memory. Huge architectural headache for limited gain.
NanoRadio Too early to say.
Wireless power Cordless recharging, really. Good idea, but there are at least four competing schemes, and if they don't get their act together and settle on a standard, none of them will go anywhere.
Atomic magnetometers Magnetic sensors that can be built in arrays with wafer fab technology. Very useful.
Offline web applications 1997 called; it wants its Java applets back.
Graphene transistors Maybe. But so far, every alternative to silicon has been worse.
Connectonomics Reverse engineer the nervous system. Eventually, someone will do that. But not too soon.
Reality mining Another Big Brother idea motivated by ad revenue.
Cellulolytic Enzymes This is the big one: cellulose to fuel, cheaply. Several groups are getting close to making it work. If this works, we have a permanent answer to the end of oil.
Google started doing that about six months ago. They used to just put up a warning message, "Did you mean 'exter'?" But now they just go ahead and search for the common misspelling.
For example, today try to search Google News for "Baer", which is in the news because Bank Junius Baer is trying to shut down Wikileaks. Google will search for "bar". You can search for 'baer -bar' to get the correct results, but that's not obvious.
The only person on this "social network" seems to be the above poster. The "about" page is mostly a discussion of the cryptosystem, and the paper is worse. This is social networking designed by a crypto dweeb.
Peer to peer social networking may be a good idea, but it needs far better marketing than this.
Are they talking about "real" nanotech (atomic-level assemblers), or "hype" nanotech (surface chemistry of finely ground powders)? Much of what's now being touted as "nanotech" is the latter.
Look, Linux doesn't get any traction on the desktop because the desktop apps just aren't very good. That's been the problem with Unix, and then Linux, for twenty years. The desktop apps (except for Interleaf, the word processor which was a decade ahead of its time) were painful on Sun workstations in the mid-1980s, and they're still worse than either the Windows or Mac world.
Incidentally, it's worthwhile to look at classic Mac apps to understand how to do a GUI properly. When you don't have a command line at all, you have to think harder about how things should work. (I'm speaking of the user appearance; the underlying mechanisms of
the classic MacOS were awful.) There's an annoying tendency in Linux apps to provide a half-baked GUI that does half the job. Too many GUI apps are "one-way"; that is, the GUI is really faking some kind of text parameter, but doesn't really understand what comes back from whatever it's talking to.
I don't see Linux going anywhere on the desktop. There was an opportunity around 2002, when XP was late, sucked, and had annoying DRM, but the window was missed.
The paper points out that most of the attacks involve redirection of some portion of page content. That's a useful piece of information, because, other than for advertising purposes, redirection of IFRAME items and images is quite rare. A useful blocking strategy would be to block all redirects below the top level page. Many ads will disappear; no great loss.
Checking for hostile full web pages is already being done. McAfee SiteAdvisor was the first to do that, then Google copied them. Our "bottom feeder filter", SiteTruth, does some of that too, although it throws out far more sites than McAfee or Google do, just by insisting that some identifiable business stand behind any page that looks commercial.
Google's revenue model depends, to some extent, on those "bottom feeder" sites: all those anonymous "landing pages", "directory pages", "made for AdWords pages", and similar junk. Those things bring in substantial AdWords revenue, although they don't usually generate much in the way of sales for advertisers. Throwing them out of the "Google Content Network" would cut Google's ad income. This is where "don't be evil" collides with Google's profitability.
This looks like a solveable problem, but the solution will come from the security companies, not the search companies. The search companies can't afford to fix it.
I think I remember reading an article on Tomshardwareguide where they tried running one dual core, and a single core CPU in the same system for 3 cores. While they got it to boot the OS, a lot of applications failed to run.
That was just some idiot overclockers plugging two mismatched CPUs they had lying around into a dual-socket motherboard and expecting the OS to figure out that they had different capabilities. One CPU lacked some feature (SSE3?) and some applications didn't handle that properly. An app would start on a CPU with the feature, sense it was present by testing the current CPU, then be switched to a CPU without it and fail.
That's not a setup worth supporting. Detecting it at boot time, maybe.
The number of real news reporters keeps dropping. Most stories today, other than those that involve some act of violence or a disaster, originated as a press release or staged media event. Very few reporters are out there digging. Digging takes time and money.
This is just a botched prosecution, not a decision with major implications. The attacker is a Ukrainian resident. He could have been prosecuted under some computer crime statute, but that would require investigative resources and cooperation from the State Department and the government of Ukraine.
An "insider trading" case probably looked easier to some lawyer at Justice,
even though this is clearly "outsider trading". They didn't expect that an admitted criminal would actively contest a seizure of the money.
Wait a year. If, a year from now, it turns out this is real, then pay attention. More likely, there will be minimal compliance with EU competition regulations, just as there was in the last two Microsoft antitrust cases.
I'm afriad they already hot-swapped that out for another BIOS before the reboot...
Most BIOS parts are soldered in today, rather than being socketed. So you have to open the case, find the BIOS ROM, cut a few key pins, and get the correct test clip onto the device with a suitable BIOS part on a board attached to the test clip cable. Before the DRAMs run down. This is possible but requires substantial preparation, tools, and skills.
Easy fix: install a BIOS/boot ROM with a non-bypassable memory test of all memory. This will clear all memory at power-up before reading the boot device.
I'm not sure that search technology matters all that much. For the first half of 2007, Yahoo search was probably better than Google search. Yahoo had all those special cases (weather, celebrities, stocks, etc.) working before Google did. Yet Yahoo's market share barely moved.
What matters for profitability is the effectiveness of the advertising-delivery system. In that, Google is way ahead of Yahoo, MSN, and the little guys (Ask, Mahalo, Wikia, etc.) Yahoo top management knew this in 2006 but couldn't catch up.
If Microsoft has some great idea, it's probably on the ad side, not the search side. They control a browser, so they can put in something intrusive if they want.
I've just received an e-mail from "press@wikileaks.be" saying that they copied their press release from my Slashdot posting:
Dear X
We'd like to thank you for your post to slashdot which we have used after fact checking and a little rewriting in one of our press releases. We would have liked to credit you directly, but the post was pseudononymous.
WL
The source is a DSL line in Sweden, so I can't confirm this is valid. I've tried calling Wikileaks, but their phone line is returning a fast busy.You can't rely on users not to do something stupid when the definition of 'stupid' gets wider and wider each year.
Of course it has to be automated. That's what we're working on. Our free browser plug-ins will be out shortly.
There's a tinyurl on the list, but I don't see how that would serve any good. It should be the site the tinyurl points to, no?
"tinyurl.com" and "notlong.com" are phishing magnets, because phishing filters don't typically block their domain. So phishing sites use them to bypass filters. Those services try to keep up with phish reports and block those URLs, but they're falling behind. We encourage them to automate the process; as soon as a URL appears in any of the major phishing databases (PhishTank, APWG, McAfee) it should be blocked by those services. "notlong" seems to be doing something like that, but it's not quite fast enough yet. Phishing URL lifetimes are measured in hours; you have to do this in near real time.
On the topic of that url, it looks pretty strange: http: //0x3d.0x13.0x36.0x89/
I had no idea browsers accepted IP addresses in hex.
Yes, the IP address can be in hex. Or in decimal as one big number. There are some other acceptable legacy formats, too. There are things that can appear in a URL that are almost never used, but appear in phishing URLs.
We have a list of major sites being exploited by active phishing scams, which we update every three hours. There are 56 sites on the list right now. Most sites don't stay on the list too long, but we still have 14 that have been on the list since last year. Most of them are DSL service providers with compromised machines they haven't kicked off. Some providers are proactive about this, and some aren't. Then there are a few compromised sites that just have no clue about how to fix their problem. One such site is the teacher web space for a school district.
By, well, nagging, we've been able to get the big players to fix their problems. Google, Yahoo, MSN, and Dell were all on the list at one point, but they've all tightened up their systems.
The points we make with this list are that 1) the number of major sites involved is small, and 2) blacklisting at the second level domain level causes acceptable levels of collateral damage. So go ahead, blacklist the whole second level domain in your phishing filters. Think of it as a way to encourage sites to clean up their act. Or as a way to find out where to apply the clue stick.
This list is about "major" sites, ones in Open Directory (1.7 million sites.) The issue there is with attackers trying to steal the credibility of the major site. At the other end of the scale, any domain less than a few weeks old probably isn't worth connecting to. Or at least it should be read with all executable content disabled, including HTML email. Also, any link with more than one redirect probably shouldn't be followed.
It's easier to filter out the attackers if you're willing to filter out the bottom-feeders as well. But that's another story.
In a weird development, someone copied my Slashdot posting above, changed the intro so it looks like a "Wikileaks press release", and sent it to some news outlets via e-mail. It was published by Global Integrity Commons and ZDnet as if from Wikileaks. Someone took out the first sentence about Cringely and put in "Wikileaks has discovered". After the second line, the supposed "Wikileaks press release" matches my text word for word.
I have no connection with Wikileaks, and have no idea who's behind this hoax.
"All we ask is five hours a day" - slogan from an ABC-TV promotion to the industry in Hollywood around 2002.
Now that's addictive.
At one time, when the issue of teaching religion in California schools was being discussed, I suggested that there be a "California Religion Book", put together like California ballot pamphlets.
Each religion with at least 1% market share in California would get a section. Smaller religions could combine, if desired, to get above 1%. There'd be an introduction with neutral information (headquarters, leadership, number/percent of adherents in California/US/World, symbols, official texts, etc.) Each religion would provide text and images for its own section, with a maximum page count. Drafts of those sections would be circulated to all the players, and each could then provide rebuttal arguments, as in our ballot pamphlets. Sections would be in cyclic alphabetical order, like names on ballots.
An introductory section would contain comparison tables of features: monotheism/polytheism/other, central/distributed authority, core beliefs.
That would put teaching of religion on a sound basis.
"Cringley" missed a key element of the story. Bank Julius Baer was preparing to take their US operation public via an IPO for about a billion dollars. They filed the prospectus with the SEC a few weeks ago. "We are an asset management company that provides investment management services to institutional and mutual fund clients. We are best known for our International Equity strategies, which represented 92% of our assets under management as of September 30, 2007." They were going to call the business "Artio" (ticker symbol ART, to be listed on the NYSE). Goldman Sachs and Merrill Lynch were to underwrite the IPO.
So the last thing they needed was to be the subject of a New York Times story and all over the world press, associated with money laundering. Now the deal goes under a microscope. Their underwriters have to take a second look and the SEC may have questions. Julius Baer will probably have to file a "material event" 8-K report with the SEC. Newspaper and magazine reporters will be looking at Baer. The question will be raised that the rather high returns Baer reports may be achieved via money laundering.
All this is happening in a down market, in which it's hard to do an IPO and in which investors are very sensitive to unexpected risk. The whole deal may evaporate, or be repriced downward.
This was a very, very expensive mistake for Baer.
That's not a picture of a real lamp. It's a "concept illustration" generated in some CG program.
There may be an actual prototype, but it's not as good looking. Although I have suspicions about that image; the shadows are inconsistent and the inside corners don't show a dark band.
It gets frustrating. Especially when something good is replaced by something worse. Misery is going back from Plan 9 to Unix/Linux, or from Modula 3 to C++, or from Ada to C, or QNX to real-time Linux, or LISP to XML, or BeOS to Windows.
Learning yet another API, with a thousand API calls and a few hundred undocumented bugs, is rarely fun. Especially with the trend to "ritual-taboo programming", where each new thing has a huge manual full of examples, rather than a small manual which accurately describes what each component does.
(A "ritual-taboo culture" in anthropology which refers to a culture where things are done or not done in certain ways, but the people doing them don't know why. Programming has moved in that direction.)
This is not going well for Bank Julius Baer.
Press reaction is very favorable to Wikileaks. The New York Times even published the IP address of Wikileaks. There's favorable coverage in The Associated Press, the British press, the Australian press, etc. Since it's on the AP feed, it's going to be in papers across the US tomorrow. Not much TV coverage yet.
Bank Julius Baer is trying to take their US business public. Their proposed billion dollar IPO could be derailed by these disclosures.
As far as I know there in no way to make a coherent beam of RF energy.
Most RF emitters are coherent. A spark transmitter isn't, but anything driven by an oscillator is. That's how radio works.
Google started doing that about six months ago. They used to just put up a warning message, "Did you mean 'exter'?" But now they just go ahead and search for the common misspelling.
For example, today try to search Google News for "Baer", which is in the news because Bank Junius Baer is trying to shut down Wikileaks. Google will search for "bar". You can search for 'baer -bar' to get the correct results, but that's not obvious.
The only person on this "social network" seems to be the above poster. The "about" page is mostly a discussion of the cryptosystem, and the paper is worse. This is social networking designed by a crypto dweeb.
Peer to peer social networking may be a good idea, but it needs far better marketing than this.
Are they talking about "real" nanotech (atomic-level assemblers), or "hype" nanotech (surface chemistry of finely ground powders)? Much of what's now being touted as "nanotech" is the latter.
Mod parent up.
Look, Linux doesn't get any traction on the desktop because the desktop apps just aren't very good. That's been the problem with Unix, and then Linux, for twenty years. The desktop apps (except for Interleaf, the word processor which was a decade ahead of its time) were painful on Sun workstations in the mid-1980s, and they're still worse than either the Windows or Mac world.
Incidentally, it's worthwhile to look at classic Mac apps to understand how to do a GUI properly. When you don't have a command line at all, you have to think harder about how things should work. (I'm speaking of the user appearance; the underlying mechanisms of the classic MacOS were awful.) There's an annoying tendency in Linux apps to provide a half-baked GUI that does half the job. Too many GUI apps are "one-way"; that is, the GUI is really faking some kind of text parameter, but doesn't really understand what comes back from whatever it's talking to.
I don't see Linux going anywhere on the desktop. There was an opportunity around 2002, when XP was late, sucked, and had annoying DRM, but the window was missed.
The paper points out that most of the attacks involve redirection of some portion of page content. That's a useful piece of information, because, other than for advertising purposes, redirection of IFRAME items and images is quite rare. A useful blocking strategy would be to block all redirects below the top level page. Many ads will disappear; no great loss.
Checking for hostile full web pages is already being done. McAfee SiteAdvisor was the first to do that, then Google copied them. Our "bottom feeder filter", SiteTruth, does some of that too, although it throws out far more sites than McAfee or Google do, just by insisting that some identifiable business stand behind any page that looks commercial.
Google's revenue model depends, to some extent, on those "bottom feeder" sites: all those anonymous "landing pages", "directory pages", "made for AdWords pages", and similar junk. Those things bring in substantial AdWords revenue, although they don't usually generate much in the way of sales for advertisers. Throwing them out of the "Google Content Network" would cut Google's ad income. This is where "don't be evil" collides with Google's profitability.
This looks like a solveable problem, but the solution will come from the security companies, not the search companies. The search companies can't afford to fix it.
I think I remember reading an article on Tomshardwareguide where they tried running one dual core, and a single core CPU in the same system for 3 cores. While they got it to boot the OS, a lot of applications failed to run.
That was just some idiot overclockers plugging two mismatched CPUs they had lying around into a dual-socket motherboard and expecting the OS to figure out that they had different capabilities. One CPU lacked some feature (SSE3?) and some applications didn't handle that properly. An app would start on a CPU with the feature, sense it was present by testing the current CPU, then be switched to a CPU without it and fail.
That's not a setup worth supporting. Detecting it at boot time, maybe.
I hope this isn't the future of news.
The number of real news reporters keeps dropping. Most stories today, other than those that involve some act of violence or a disaster, originated as a press release or staged media event. Very few reporters are out there digging. Digging takes time and money.
This is just a botched prosecution, not a decision with major implications. The attacker is a Ukrainian resident. He could have been prosecuted under some computer crime statute, but that would require investigative resources and cooperation from the State Department and the government of Ukraine. An "insider trading" case probably looked easier to some lawyer at Justice, even though this is clearly "outsider trading". They didn't expect that an admitted criminal would actively contest a seizure of the money.