January 2008 Archives

Unionization of Graduate Students

A Student Senator here at Washington State University is working with the state legislature trying to lobby for the right for WSU Graduate Students to unionize.

The bill, which would require student workers be paid the maximum allowable by state law (which they already are, by and large), was discussed in committee by the House on the 25th, and is being discussed by the senate today. The problem is, that I know of no students whom this law is meant to benefit who are actually in favor of it.

As I said above, most students make what is allowable by the state anyway, and here at WSU, they have the Graduate and Professional Student Association, which already fulfills many of the roles that a union would without costing students a dime. The GPSA offers Grad Students discounted printing and copying, departmental delegates, and is working to bring child care for Grad Students.

While the law doesn’t prohibit the existence of groups like the GPSA, the collective bargaining agreement at the University of Washington does, and as WSU would be joining the same collective as the students on the UW campus, there is little reason to expect differently. Meaning, that all the work the GPSA has already done for our Graduate Students, will be thrown away.

And for what? A collective bargaining unit not as flexible as the GPSA, no monetary benefits, and being beholden to a collective that can not be nearly as responsive to their needs and has no incentive to be.

Unions were formed for a reason. When Unions were formed in this country, workers were being exploited heavily by their companies, and they needed to fight in order to gain the rights necessary to live good productive lives. These days, it’s very rare for an employer to try to take advantage of their workers, and Unions seem to exist to take advantage of businesses.

Some Unions still have a purpose. The IBEW, which serves to train it’s members in a professional, useful trade, are still valid organizations, resembling the trade guilds of antiquity. Where they overreach, is requiring people only use their members, and trying to stamp out non-union electricians.

So, Washington Residents, contact the legislature, oppose the Unionization of student workers. The students don’t want it. Make sure those deciding the student’s fate know.

Up-and-Coming: Eli Stone

ABC has a new show in the works that I’m looking forward to. Eli Stone stars Jonny Lee Miller (best known among my friends as from his role in Hackers), as a lawyer who begins having visions which cause him to change his outlook on life. He goes from being “that guy, you know, the guy who has everything,” to seeking a higher purpose in things. He’s either crazy or a Prophet, and Eli decides to take the direction that he’s supposed to change the world for the better.

The pilot, which airs on Thursday January 31, 2008, has been circulating on the Internet for a week or so for those people who know where to find these sorts of things, and I’ve had the opportunity to view the program ahead of time. I’m not going to say that Eli Stone is going to be one of the best shows ever made, but I think it has the potential to be one of the best new shows this year.

Sure, some of it’s hokey. It’s a show about a guy who starts seeing things which inspire him to change his life, to try to make the world a better place. Eli Stone is in his thirties, and he’s developed a good reputation in his firm for winning cases. Of course, he describes his firm as “if you’re not a big corporation screwing over the little guy, you probably haven’t heard of us.” Eli was always told by his father, an alcoholic that Eli holds little respect for, that he was destined to do great things, speak truths and lead men. Like most things that are told to us by people we don’t respect, Eli forgot about his Father’s vision, and was leading a very different life. Then the visions begin, most of which start as music only he can hear, and often require his acupuncturist to make clear. George Michael is going to appear on the show, and his songs will title each episode, and possibly serve as inspiration to some degree.

The Pilot, which was likely called “Faith” by the writers, chronicle’s Eli’s story as he comes to term with his condition, what it might mean, and with his father. Eli goes from hating his father, to beginning to understand the man, and recognizing things in himself that he always attributed to the drunken ramblings of an alcoholic. The show asks questions about issues of Faith, Destiny, and asks all of us to inspect our own impact on the world. The show isn’t going to be wholly revolutionary, and it’s impossible to say if it will actually press on hard issues, despite the deserved controversy caused by the pilot.

Still, it should be interesting, entertaining, and most of all fun, which is all I really expect out of TV anyway. I’m definitely going to be watching Eli Stone this season, and I suggest you try to make your Thursday evenings available as well. Who knows, maybe there really is a Prophet, even in this day and age.

Security and Privacy: Not a Zero-Sum Game

Bruce Schneier has an excellent article on how we shouldn’t have to give up Privacy in order to gain security. I’ve posted a fair amount of stuff from Mr. Schneier in the past, and I feel this is one of his best articles.

The government, and security companies, will work hard to convince us that trading security for privacy is worthwhile, but we don’t have to accept that. We’re in an election year this year. Listen closely to the candidates, and don’t spend your vote on anyone who would seek to violate our essential liberties, even in the name of security.

Scalpers Ruin Another Concert

Here in Pullman, Washington State University’s, Mom’s Weekend is practically around the corner. As part of the festivities, Elton John is going to be holding a concert for nearly 11,000 people. The problem is, it looks like maybe a thousand or so will be Cougars and their Mom’s.

That’s right, in just under 4 hours, 10,885 tickets were sold, with barely 700 being sold through the Beasley Colosseum Ticket Office. The rest, went through the TicketsWest website and telephone system. From the reports in the story above, students who were trying to call and go online were being denied. Busy signals and unresponsive websites were the order of the day.

Craigslist is full of people selling tickets, almost always as an auction. EBay is just as bad. But, I can hardly blame the scalpers.

Oh, sure, people are pissed about it. And understandably so. Ticket prices on the after market are going to end up nearly five times what the face value was. But the same thing happens for all the big shows, even Hannah Montana was impacted, and some states decided to try to do something about it.

I detest scalpers. But I have to acknowledge that we are the reason they exist. People are willing to pay exorbitant amounts of money for things that are in demand, be they concert tickets, video game systems, Tickle-me-Elmo’s, whatever is in high demand and short supply people are going to buy up a ton of them to resell at many times original retail price. But, they can only do it because people will pay it.

The web has made their job easier, especially when it comes to concert tickets. Sure, they all use Captchas, but when there is money to be made, people will learn to break them. Is it worth states trying to make scalping illegal? Maybe, but there are a lot of things that are illegal that people get away with every day.

The only real way to put a stop to scalping is for people to stop buying resold goods. To refuse to pay several times the face value of a good just to have it. Refusing the play the scalpers game is the only way to beat them. It’s too bad I lack the faith in people to refuse to play that game. No, here in America we have too much disposable income, and we always have to have. It doesn’t matter what it is, we always have to have it.

Maybe I’m just being a pessimist. But I’ve seen it all before. And I know I’m going to see it again. Scalping works because some people just have to have, and will pay any price for it. I just don’t expect people to change, so I don’t expect things to improve. I know how to stop it, but I can’t do it alone, and I’m not sure there are enough like minded people right now to do it. Here’s hoping.

Modern Day Indulgences

Centuries ago, the Catholic Church was willing to take money in exchange for Indulgences, buying oneself or a loved one out of Purgatory. Today, companies have begun to offer the same thing, except the sin of today is Pollution.

Shortly after Al Gore put out his movie, An Inconvenient Truth, and appeared in front of Congress to chide the world for it’s carbon usage (while refusing to pledge to reduce his own), governments started offering Carbon credits, functionally allowing companies or countries to trade the right to pollute for tax breaks. It’s an interesting idea, and perhaps it will help, though there shouldn’t be any trading if we want to have any hope of actually making things better.

Perhaps at the corporate level it will help. At the personal level, I’m not so sure. For one, I don’t think most people have enough of a carbon footprint (which is an asinine thing to call it, Carbon is in fucking everything, really it’s a carbon dioxide/monoxide footprint) to justify purchasing carbon offsets from organizations we have little reason to trust. The government has begun to pass new laws requiring better gas mileage and fewer emissions out of never cars. Car companies have been exploring non-gasoline cars for years, and Electric is finally starting to be feasible as a daily driver.

So, why on earth would we buy offsets from an organization like Green Life? They’ll calculate your energy costs so you can give them money, which they’ll turn right around and invest in renewable energy resources. While nice on the surface, the energy market is a good racket to be getting into. Generating electricity from renewable resources like manure and hydro (which may be carbon-neutral, but has far reaching environmental impact) is a business that is going to become more and more important as global energy demands increase.

And by selling you piece of mind in order to invest in these projects, the Green Life group stands to make a pretty penny when these generator’s go online and start selling their energy.

Think I’m wrong? Green Life is directly affiliated with venture capital firm RNK Capital LLC. This is a business venture. They’re selling you peace of mind, a path out of environmental purgatory, and they’ll benefit financially from it. Sure, some good might come from these investments, but you’re better off investing your money in these projects where you stand to get a return for it. The environmental offset of these projects isn’t going to be visible in your lifetime anyway, invest in the future, but do so responsibly. If you’re going to put out money to help the environment without a return on that investment, plant a tree, don’t give money to people who are clearly taking it so they can make a buck.

Academia and Paranoia Politics

The January 28th Issue of The Nation, a Left-wing political rag, is set to contain a story entitled Repress U. The article is about how Universities, once well known for being bastions of free-speech radicalism and fresh ideas are slowly giving into the culture of paranoia.

I believe that the article is tainted by strong bias against the war in Iraq and the current presidency. I feel that the bias present in the article tends to take a many things out of context, and over exaggerates other threats. Still, if one digs past the bias, there are several strong examples of the dangers of the Paranoia State in which we live.

All over the country police forces are operating at a higher level of tension than they did before 2001. College campus police forces are no exception. The article makes a large issue of police forces buying guns, though I’ve never known an officer who didn’t have access to a semi-automatic handgun at least. And the AR-15s? My understanding is that municipal police have had those in their arsenals for years. Should Campus police be armed differently? I don’t think so. College campuses are pretty much small cities, with the same potential for real problems. And these are real police officers. Like any officers though, they should use their weapons carefully.

Which is probably why tasers have become as common as they are among today’s police forces. As a less-lethal means of subduing a target they are nearly impossible to compete with the weapon. Have people died from being tased? Sure. But when you look at the number of people who have been subdued with tasers versus the numbers who have died, the number is inconsequential. And how many more of those people would have died or been seriously injured if tasers weren’t available? Even if the UN considers them a form of torture now, until something better can be proposed, I say we ignore the UN.

The problem isn’t Tasers. The problem is that tasers are occasionally misused. The [Iranian-American student who failed to immediately supply ID when requested[(http://abcnews.go.com/US/story?id=2662158&page=1) (a common rule at Universities), probably could have been dealt with without being tased. The student was in violation of university policy, but I’ve never seen or heard any evidence suggesting that he was enough of a threat to justify the use of such force. The same for the Florida student who was tased for asking a question of John Kerry (though honestly, the Florida situation was far more obscene).

Unfortunately, poor use of force isn’t the only scourge upon freedom within Academia. The idea of watching the students and faculty is becoming more and more common. Card access is becoming the norm for building access at campuses nationwide, providing convenient records of entry into buildings. More disturbing, are stories of camera-based monitoring. A University of Reno-Nevada professor was secretly being recorded by the University Police, probably at least partially because his name happened to be “Hussein.” At my alma-mater the Director of Residence Life authorized the placement of camera’s on a residence hall floor without telling anyone, not even the hall’s director. In that case, the camera was placed only to try to detect an arsonist that had been active for months, but I was never comfortable with the secret placement of those cameras within a student living environment.

I was most disturbed, however, by the creation on some campuses of “Free-Speech Zones”, illegal as that very idea may be. Free Speech is not something that should ever be delegated to specific areas. Either we have the right to speak our minds or we don’t. Thankfully our Nation’s Constitution guarantees that right, and it can not be revoked so easily. I have never attended an Activist campus. The demonstrations that occurred at Montana State were small in nature, even though the folks who attended held strong convictions. Still, their right and ability to demonstrate was always respected by the administration, even when their message was not likely to be popular with the majority of the student body.

The rest of the article, I’m less inclined to give much credence to. The government deporting illegal foreign nationals is never a bad thing, in my opinion. I think immigration is a great thing. I’m the distant child of immigrants on both sides of my family. I actually have my mother’s father’s father’s immigration record to prove it. However, I do think it’s important to know who is entering the country, and having some means of identifying them. That was part of the reason the government began requiring Social Security Numbers for all citizens when I was young, and I believe it’s reasonable that non-citizens should face more barriers than citizens.

And the claims that Homeland Security is trying to take over the research and teaching at Universities is humorous to say the least. The military and the government has always been the primary funder of research in this country. The military and the government has always worked hard to recruit out of the universities. These practices are nothing new, and the claim that they contribute significantly to the oppression of academia is laughable. The research that Homeland Security is working on today stands to introduce real security in the future, as we begin to make decisions based on real data and not just knee-jerk reactions to largely imagined threats. We should be encouraging more government spending into academia, not less.

I’m disturbed purely because, at many campuses nationwide, freedom is being assaulted. I don’t believe that academia can exist under such an attack. Science requires open communication, free flow of ideas. By beginning to censor communication, we are likely to greatly harm scientific advancement in this country, which could stand to further damage our nations success as a research powerhouse. Security is important, certainly, but we can be secure and free at the same time. I don’t think that Universities are in any more danger than the rest of our society from losing our freedom.

HTML 5 Impressions

The World Wide Web Consortium (W3C) began nine months ago to redesign HTML to fit in better with today’s Web Application world. Today, they published the first draft of HTML 5. While far too early to actually think about using, the draft shows that quite a bit of good consideration has gone into redefining the standard.

In fact, there is only one aspect that I’m a bit leery about. The new standard tries to combine HTML and XHTML by allowing the web developer to choose which syntax to use. While convenient, I can’t help but wonder if this is going to make parsers harder to build. I suppose that doesn’t really matter, as I’ve always preferred HTML4 over XHTML1, and at least with this new version of HTML I’m not being forced down any path.

That aside, almost all the changes are definitely for the better. The DOM API is being moved into the standard, new standard drawing APIs are being created, the last vestiges of formatting are being pulled out of HTML in favor of CSS, and several more elements to aide in data organization and layout. One of my favorite new features is the ability to put headers and footers in any block-level element. Actually, I can see a lot of things about HTML 5 that would make formatting my Blog far easier. Each entry would be an

which could have one or more within it, each Article would have it’s own
, allowing for easier formatting and organization.

Sure, all of this was possible before using

tags, but now we we’ll have something better. Document structure will be far cleaner than before. Plus, Forms have had major improvements. Form elements can now belong to more than one form, there are built-in inputs for Dates, Times, URLs, Emails, and so on, allowing for more consistent user experiences in the browser (no more Javascript calendars), and better data checking on the browser side. Input elements can be marked as required, causing the browser to not submit forms until you have all the data you’ve requested.

Of course, this potentially will open up security holes in web applications, as web developers continue to forget that all the data from the client must be verified, something web developers still have trouble with. Overall though, the benefits gained by client-side controls are great, and I’m looking forward to it.

Frames have been dropped (finally), and iFrames have better support for cross-document communication, allowing more interesting things to be done via them. Embedding media will become easier, and other aspects of embedding have been simplified. In all, I can’t think of anything that I prefer from HTML 4 over the draft for 5. I can only hope that it is implemented soon after the standard is complete, so we can begin to take advantage of it early.

OOXML vs ODF, revisited

It’s been an exciting week in the XML-based Open Documentation arena. The Burton Group released a report outlining a list of supposed ‘reasons’ why OOXML is a superior format than ODF.

I’ve written on this before, and I will make no qualms about the fact that I am firmly in the ODF camp. In fact, a number of the things that the Burton Group views as strengths of OOXML, I view as weaknesses. For instance, the Burton Group mentions that OOXML is more closely related to the old binary formats, which makes it superior for interoperability purposes.

As the ODF points out in their rebuttal, these sorts of arguments, which abound in the Burton report, completely fail to make a distinction between file formats, and the applications that use them. Open Office, the most well known of the office suites that use ODF, also supports the old binary Microsoft formats, not as well as Office, but they still support it. The Burton report reads like a Michael Moore book. It’s filled with partial facts and half truths, making broad jumps of logic with very little proof. The report even goes so far as to suggest several times that even attempting to compete with Microsoft was folly, and a waste of time.

There may be no direct evidence that Microsoft paid for this report to be generated, but the bias is still painfully evident.

The report does say a few things that are almost certainly true. OOXML is likely to win due purely to the fact that it is supported by Microsoft Office. Microsoft Office is incredibly prolific particularly in Business, and that position will be easily exploited by Microsoft to push OOXML into acceptance. But that does not make it a superior format. The ODF does an excellent job defending their format in the above link, so I’ll let them do it.

Things have still been moving in a good direction, despite the obvious FUD. Microsoft has agreed to release the specs for the old binary Office formats as part of their Open Specification Promise. Furthermore, they’re going to begin an Open Source project (though whether it will meet the OSI definition remains to be seen), detailing how to convert from the old Office formats to OOXML.

People are excited, particularly the teams who’ve spent the last decade trying to decode those formats. This project should aide greatly in interoperability for both the old and new formats, making it far easier for non-Windows boxes to integrate into a primary Windows network. Interoperability is key at this point, and while ODF may lag behind OOXML in acceptance, that is going to be because people are already familiar with Microsoft’s products, not because of any technical superiority.

Rudolph Giuliani's Resilient Society

I’ve always liked Rudy Giuliani. If you look at his history, this is a man who resembles everything a civil servant should be. From his time as Mayor of New York City, when he made Manhattan a place where it’s safe to walk the streets at night, to his time in the 70s and 80s working for the Department of Justice attacking corruption in Government and taking on Organized Crime. This is a man who’s devotion to public service has shown through the last several decades of not only his work, but his tumultuous, and all to often highly publicized, personal relationships.

With that said, I don’t think that Giuliani will possibly earn a Republican nod for the presidency this year. A large part of this is the poor handling he’s received from his campaign managers, who have allowed him to be turned into a candidate who stands only on his electoral position during the September 11, 2001 attacks, and who is wholly unable to be a decent husband. Of course, the inability to be a decent husband shouldn’t be too much of a detriment after sitting through 8 years of Bill Clinton. To Giuliani’s campaign director, where is all the history of Giuliani’s fighting against organized crime and corruption? You want to win the Republican nomination, but you refuse to talk about the bribery conviction of Bertrand Podell? What about the famous Mafia Commission Trial? Giuliani certainly provided strong leadership in the wake of the 9/11 attacks, but his public service record is so much more, and so much more impressive than much of his competition.

All that aside, Giuliani recently wrote an Op-ed piece for the City Journal, entitled The Resilient Society. In it, he discusses America’s successes in combating terrorism both at home at abroad, and why we have so much more to do. The piece may seem sensationalist at first, latching on to the community of fear that exists in this country today, and that Giuliani almost seems to have been building his campaign on. Digging deeper into the article, while it seems Giuliani may be over emphasizing the risk of another terrorist attack on American soil, his key message is clear.

America should always hope for the best, but we will be safest if we prepare for the worst. A free and open society will never be able to eliminate risk entirely. But we can reduce it and manage it.

He proposes many things, some of which would take decades to fully implement, but in the end could make us all safer, without infringing further on personal liberty. In New York City, under his watch, the NYPD implemented CompStat, a combination of procedure and technology that has aided the NYPD in managing crime in their streets. It is a process which sits on top of existing data structures to make it easy for Police officials to map crime patterns, and determine how best to utilize resources. While Giuliani may not have been instrumental in the development and implementation of this system, he does have direct proof of it’s effectiveness, and it helped his job of cleaning up New York immensely.

By extending the ideas learned under the CompStat program to other disciplines, such as Border Control and Emergency Response, we can better analyze trends, and focus on how to respond to them far more efficiently. These analysis systems would allow officials to respond far faster to events which may not seem abnormal on first glance. If a city like Chicago begins to see a spike in Mercury poisining cases at the local hospitals, this could be automatically brought to someones attention faster than if it depended on a single institution or individual noticing and reporting the trend. Admittedly, an automated notification process will likely result in a fair number of false positives, but false positives will be reported early enough that they can be investigated without a panic being raised. It is unclear if such a program is as helpful as Giuliani claims, though in my mind better methods of analyzing patterns (which incident databases and GIS can provide), are never going to hurt.

CompStat style programs help to fulfill Giuliani’s first Homeland Security principle of Prevention, particularly when paired with improved communications between agencies at local, state, and federal levels. However, he does acknowledge that nothing is perfect, and that we need to be prepared in case of emergency. Unfortunately, not everyone is prepared enough. As Guiliani states, Hurricane Katrina proved that we are not always as prepared as we need to be, though I place that blame firmly on the shoulders of the City of New Orleans and the State of Louisiana, though their failure has forced FEMA to change their role to be more proactive. Giuliani attributes much of the City of New York’s success in responding to the 9/11 attacks to the emergency drills ran by civil servants throughout the city, which helped prepare everyone for the event, even though they’d never run a drill for that particular event.

Traditionally, American’s have always been quick to preparation, which is why it saddened me so much to see such an immense failure in the City of New Orleans. RACES holds regular drills for amateur radio operators to prepare for emergency conditions, the National Guard (as heavily utilized as they are in Iraq) trains regularly to be prepared to respond in defense of the homeland. All across the country citizens prepare in the event of a disaster.

Yet somehow, the city of New Orleans was caught completely unaware when Hurricane Katrina came barreling down on it. There was a complete failure to prepare from the local to state to federal levels. I believe it wasn’t the Federal Government’s responsibility to prepare, but perhaps they should have tried to step in when the incompetence of Louisiana and New Orleans became apparent.

Despite the lack of preparedness in that circumstance (which I believe to be a unique instance), the resilience of Americans was proven in the aftermath. Giuliani describes a charity organization being formed within 72 hours of the hurricane, that was able to move 75 times the number of supply trucks into the devastated city as FEMA within a week of creation.

In December of 1941, once the Japanese attacked Pearl Harbor and President Roosevelt declared war, the American people banded together, turning over huge amounts of supplies to be recycled in support of the war effort. The sacrifices made by Americans at home to support the war abroad was significant, and in the end, the resiliency of the American people and their willingness to band together to help no doubt aided in ending the war.

Global Disasters, the American people always give far more than any other nation. Just because our government isn’t writing the check, doesn’t mean that the people aren’t giving. As a whole, the American people are concerned and generous when it comes to disasters either at home or abroad, and it is our preparation and resiliency that make us able to do that.

Giuliani’s writing helped to remind me why this country is so great. Why this country is the greatest nation on the planet. While I disagree with some of his points, particularly about the Patriot Act and the use of civilian informants, I believe that the systems he describes can be implemented in such a way that trends quickly become evident.

I don’t think Rudy Giuliani is going to win the Presidency. I just hope that whoever does takes into account some of what he’s had to say. By focusing on Prevention, Preparedness, and Resiliency, we can begin to restore some of the lustre to this country. Giuliani wants to make this country truly secure, and not the bizarre fear culture in which we live today.

Computer Science is not Software Engineering

Recently, Jeff Atwood over at Coding Horror, posted regarding how Computer Science is taught, and how he feels it should be taught. Apparently, Joel Spolsky of Joel on Software, has also recently weighed in on the issue. Spolsky, whom I don’t read regularly, began his post with a quote from CrossTalk

“It is our view that Computer Science (CS) education is neglecting basic skills, in particular in the areas of programming and formal methods. We consider that the general adoption of Java as a first programming language is in part responsible for this decline.”

This discussion isn’t anything new. A coworker I have today graduated ten or so years ago, had the same remarks regarding an institution which neighbored his alma mater. The neighboring institution was so theory based, that the students graduating from it were unable to work in Industry. The key logical fault being made by those arguments, is that Computer Science has different goals than Software Engineering. Certainly, Software Engineering is based heavily on the ideas of Computer Science, but while they may solve similar problems, their intent in solving those problems in greatly different.

Atwood laments how many fresh graduates know nothing of Source Control, and I share that view. Source Control should be more prevelant among researchers, as it provides a strong record of the work they’ve done. As it becomes more prevelant among researchers and professors, it will become more prevelant among students. In some respects, I was lucky. The education I received at Montana State University was targeted largely toward Software Engineering. Too much so, I’ve grown to believe. My theoretical background is weaker than I wish it was, and I know that partly my inability to appreciate Mathematics when I was taking pure math courses is largely responsible for that.

I agree with Spolsky’s conclusion. Programs in Software Engineering are necessary for what most people are trying to achieve with Computer Science degrees. Most software engineers don’t really need to know the theory of Turing Machines and Finite State Automata. Most Software Engineers don’t need experience writing code to prove theories and concepts, but need to write code that accomplish tasks.

The best courses I had in College were the ones where we actually produced a product. Where our program had to do something, be interactive and usable. But that wasn’t the focus of the program, because I was, in theory, being trained to be a Computer Scientist, not a Software Engineer. Aside from a single Professor, every last one of my instructors was bore within Academia. It’s what they knew. It’s what they cared about, and these days, I’m giving a lot of thought to returning to Academia, and working more with the theory.

Spolsky and I clearly aren’t the only one’s who thought that Computer Science embodies different goals than Software Engineering. Steve Yegge writes about Wizard Schools, an idea which talks about professional Boarding Schools modeled after JK Rowling’s Harry Potter universe. In this idea, students go to boarding school from 11 until 18, taking hard core software engineering curriculum for seven years. When they get out, they are all easily the top software engineers available to industry, they are fast typers, and they literally think in code. It’s an interesting read.

Will Universities ever be able to fulfill the needs of Software Engineering curricula? I’m not sure. I suspect not, and I suspect that more vocationally oriented programs, not quite “Wizard Schools” probably, as who wants to damn their 11-year old into a field they may not enjoy or be cut out for? Wait, maybe I’m thinking too much into people’s parenting ability. Anyway, even the existence of Vocational programs, which can exist alongside academic programs, but might not do so quickly enough to matter.

We require both kinds though. Theory still has a place. Academic Research still has a place. Sure, research can exist within industry, but it ends up so laden in Intellectual Property issues and patent problems that it can’t thrive. While we need to acknowledge that a degree in Software Engineering may be necessary for Industry, Academia should not give up on pure Computer Science, for those students who actually want to pursue that path. While a PhD is Computer Science may never mean much in Industry, perhaps a PhD in Software Engineering can be made to return prestige to the Academic process in our industry.

EA Frees a Classic: SimCity

Electronic Arts recently approved the porting of the original Sim City to the OLPC XO Laptop. As a kid who grew up playing Sim City, I think it’s fantastic that a new generation of children will be introduced to computing and gaming by this fantastic, simple economic simulation. Sim City has always held a special place in my heart. Hell, I used to refuse to restart cities until they either failed, or I was simply out of room to do anything.

I remember once, I experienced a nuclear meltdown in the very first year of a new city (always built Nuclear, why bother with Coal?). Rather than scrapping that city like a reasonable person, I rebuilt across the river, my city scrimping along on virtually no money and almost a quarter of my land unusable due to nuclear contamination.

I managed to turn that game into a successful city that one day reached Metropolis status. Sim City is one of the few game franchises that has managed to remain relevant and entertaining over all these years. Sure, the new features hasn’t always been fantastic, and often have taken a revision or two. Like water in Sim City 2000, worked alright, but you could run a surprisingly small number of mains. In Sim City 3000, a sector had to be a certain distance from a main in order to have water, which makes more sense when looking at water mains. Plus, as a player you had more control. I’m sure the traffic features introduced in Sim City 4 will be improved greatly in the next revision of the game.

Despite the improvements in the series over the years, the original game still has a lot of charm, that the other games haven’t quite managed to match. This new release of the source code and game files for Sim City (rebranded as Metropolis for this release), was welcome to see. Now, the game will live on for a good long while, being improved by the community.

The first thing I think the community should improve upon? Well, they went through and removed the Plane Crash disaster from the game, due to 9/11 they claim. Why are we not allowed to be reminded of 9/11? It was a tragedy, certainly. It was the greatest loss of innocence of my generation. But to try to remove and hide anything that might remind us of it, is ridiculous. Low on my pending project queue is to fix this stupid omission, and release it as a patch, unless someone beats me to it.

So, go grab Micropolis, and either relive the fun of our youth, or experience one of the pinnacles of gaming for the first time.

Happy Birthday Donald Knuth

Yesterday, Donald Knuth, the preeminent professor of Computer Science from Stanford, who is easily the most well known person in Computer Science today, at least from a Programming perspective. Over the years his papers and thoughtful letters on the science of programming have been a welcome change for those of us who actually write code.

Donald Knuth is not the father of anything in Computing. The theory of computing and programming had been dreamed up by Alonzo Church and Alan Turing, but for them it was only theory. The research of Knuth has taken the Art of Computer Programming, and through the course of the three volumes of this work, converted it into a craft.

Unfortunately, I haven’t read enough Knuth to do justice to the man’s work. I’ve read a few key papers, such as Goto Considered Harmful, passages from The Art of Computer Programming and his more recent letter regarding the shady racket that is Scientific Journals.

Knuth is easily the most influential person of modern computing. The paper’s he’s been writing since the early seventies have had an impact on everyone writing code since then. Jeffrey Shallit felt that Computer Science bloggers should all talk about their favorite Knuth writing in honor of his birthday, and how he’s influenced their own work.

I wish I could do this great man justice. However, while his work has no doubt affected me in a profound manner, so much of what he’s done has become part of the common knowledge of Computer Programming, that, having read as criminally small amount of Knuth as I have, I cannot fairly attribute my knowledge to him or not. [Luckily], there are a good number of bloggers who are more educated than I.

From extending Big-O notation for algorithmic analysis, to inventing LR-Processing, to providing the strongest argument for the establishment of procedural programming from linear programming of anyone at the time, Donald Knuth has impacted every programmer’s life in an innumerable amount of ways.

What impressed me most about this celebration of all things Knuth, was what Scott Aaronson had to write about Knuth. Not about Knuth the scientist, for that he mostly talked about TeX, but about Knuth the Man. A Man who is deeply religious (I’m really curious about his book analyzing verse 3:16 of every book of the bible), but who is rational enough to acknowledge that the circumstances of his upbringing made him into the man who he is today, belief in God and all.

The beauty of Knuth, is not that he said what he said. But that he said it because he believed it to be true. Donald Knuth is a man of well-thought conviction. Everything he’s written has been well thought out. Well researched. Well considered. His opinions have often been unpopular, but Knuth doesn’t form opinions to appease others, with his opinions come conviction. It is a testament to his intelligence and attention to detail, that he has so often been correct, even though the opinion wasn’t always popular.

Second Life Bans Unregistered Banking

Evidently, Second Life has been having problems with people stealing money using fake banks as fronts. In response, Linden Labs has decided that all banks must be properly, and provably, registered to operate as a financial institution within the jurisdiction in which the operator lives.

It’s really quite fascinating, because the reasons Linden Labs has implemented this policy very closely mimic the circumstances that led to the formation of the banking infrastructure we have in the US today. Banks were opening which were offering ‘too good to be true’ interest opportunities, which were unsustainable, and the investments backing these high rates collapsed, taking the bank, and all the depositor’s money with it.

Banking is an inherently dangerous business, as was shown in the depression when one-third of banks failed in only a few years. Holding money that can be taken at any time, but has been invested largely in loans is risky. Modern banks have mitigated this by offering far lower interest on standard, easily liquidated, accounts in favor of bank investments (CDs, and the like) which have steep early withdrawal penalties.

Linden Labs really wants Second Life to be a reasonable virtual counterpart to the real world. L$ as directly convertable to real world money, they’ve got systems in place to facilitate virtual ownership of goods, and everything is transferable. The economy is based on a real economy, and in theory Second Life is a great means to do business.

Of course, Second Life is likely going to fail in it’s grand experiment. The technology just hasn’t met up with the idea. It isn’t emotive enough for true interaction, and quite a lot is lost in having to communicate via typing (voice communication is in the works, though I know not how well it will operate). The world is filled with people who enjoy engaging in disruptive behavior, whether it be sexual in nature, or merely grief causing. Admittedly, some of the grief caused in Second Life is really funny, but a lot of it isn’t and is simply destructive.

D-Link GPL Violation, Continued

I got an e-mail back from the Software Freedom Law Center regarding my complaint of D-Link violating the GPL for busybox for the DIR-615 rev A1. It was nothing exciting, merely a note that they would look into it, but I felt I would further expound upon my findings.

As mentioned before, the firmware images available on D-Link’s website are merely jffs2 images which are uploaded directly to the device, which are then used to overwrite the root drive on the system. As autopsy can’t analyze these images just yet, and the MTD driver complains when I try to mount the image loopback, I’m left merely analyzing the filesystem dump from jffs2dump, a program available in the mtd-tools package in Ubuntu.

Luckily, there are no shortage of damning dirents in the output:

Dirent node at 0x00000240, totlen 0x0000002f, #pino 1, version 11, #ino 7, nsize 7, name linuxrc

Dirent node at 0x00110a8c, totlen 0x0000002f, #pino 2, version 35, #ino 19, nsize 7, name busybox

Other entries for libc, the 2.4.27 lib directory, etc, make it clear the this is definitely running Linux, and D-Link is definitely distributing GPL software on their devices. With any luck, the SFLC will succeed in bringing D-Link into compliance.

As it stands, I’m still working on my analysis of the JFFS2 filesystem, a slight challenge as I currently have next to no filesystem experience. It does help that I have JFFS2 documentation, some experience reverse engineering file formats, and a good hex editor.

Unfortunately, all is not roses. The JFFS2 documentation suggests that a clean marker is placed on a node just after it’s been cleaned. These markers occur within the dlink image every 0x10000 bytes, which confuses me because they occur in blocks which I know are “dirty” because they contain data. It seems that, unlike what the documentation suggests, a sector is dirty if it contains a clean marker, and any other node, which would immediately follow the clean marker.

I’ve been busy lately, and I see that continuing, but hopefully I’ll be able to get a rough version of support into task by this weekend.

Apple Enlists in the Army

Not quite, but the Army’s recent decision to replace a large number of servers with Apple Mac OS X-based hardware is certainly interesting. More interesting, is that the Army has been working on this since 2005.

I don’t blame the Army for wanting to move away from Windows. Microsoft has had an embarrassing array of security vulnerabilities over the years. Including the fact that the Master Boot Record is still writable from user-space after all these years. The additional security that the Unix-based Mac OS X offers could be very interesting to the army, who is easily one of the highest profile targets of intrusion attempts in the world.

What’s interesting about this announcement is what it means for the future of Mac OS X security. Mac OS X is a reasonably secure OS. It’s based on BSD Unix, which provides better process and memory management, which in many ways leads to better security. There is a lot of Open Source software in Mac OS X (the Darwin kernel, WebKit, etc), which Apple has leveraged to keep a lot of eyes on their code.

However, Mac OS X has only rarely been the target of any attacks. By throwing their support toward the Apple camp, it’s inevitable that we’re going to see a sharp rise in the number of attacks targeting Mac OS X. While Mac OS X is a more secure kernel than Windows, it will be interesting to see how it holds up against a more powerful onslaught.

In the end, I’m surprised that the Army chose to go with Macintoshes. The cost of Apple hardware has always been high, and the Forbes article suggest that the Mac program in the Army is proving to be more secure because it’s “not Windows” more than anything in particular that the army is doing to secure the boxes.

Our military needs more secure systems, and the migration away from Microsoft is a great step in that direction, but the reasoning presented in this article is cumbersome at best. The readers at Bruce Schneier’s Blog are want to agree.

While Mac OS X is fairly secure, it is still designed first and foremost to be an easy to use and administer commercial platform. For similar reasons, I’m unlikely to choose Ubuntu as my server linux of choice, it wasn’t designed to fill that role. In addition, you can’t run Mac OS X on hardware that isn’t Apple made, you can’t even virtualize it for testing purposes.

The Army’s money probably would have been better spent on Linux boxes. The hardware would have been cheaper, support contracts are available through a variety of houses, and the NSA sponsors SELinux, a security enhanced version of the Linux kernel which gives a user far more control over the fine-grained security concerns than anything I’ve seen on Mac OS X.

Finer grained security with far less financial outlay. I can’t call the Army cash-strapped by any means, but I firmly believe the Army could have met it’s Information Assurance needs more efficiently, and more effectively. I fear that Apple made allowances within Mac OS X which will make it less suitable for such operations, but no matter what, this is going to be a huge financial boon to Apple, for their sakes, let’s hope they can weather the coming storm.

D-Link violates GPL, Again

I recently purchased a D-Link DIR-615 Wireless-N Router. It’s proved to be a capable, powerful router, and I’ve been happy with it. Of course, I’m a tinkerer, always interested in knowing how a thing works, so shortly after I got the device working, I started testing it. nmap scans and p0f fingerprinting suggested the device was running a Linux-2.4 kernel, a fact corraberated by the logging mechanism within the logging mechanism within the router.

As if the fact that there was strong evidence in the network traffic and the log that the system was running Linux, the most damning evidence of all didn’t hit me until a few days ago, when a power outage forced a reboot of the router, and I checked the Router log to see when the power came back. In the log’s bootup messages, it clearly indicated that it was running BusyBox 1.1. Further curious, I grabbed the firmware update I had on my computer, and ran

against it, sure enough, it’s a basic JFFS2 file system.

Regrettably, my preferred forensic analysis software, autopsy and task, do not yet support jffs2 images, though I’m working to rectify that situation. If nothing else, this will be a good opportunity to further my knowledge of file system internals (the only other file system I’ve studied in detail was FAT). So, for the moment, my analysis of the software on the DIR-615 revA is at an empasse.

Of course, I knew that this meant that D-Link was distributing GPLv2 software without complying with the terms of the license (making the source available). BusyBox has had quite a few problems with this in the past, and has taken to simply informing their legal benefactors, the Software Freedom Law Center of these such transgressions. I’ve already sent them an e-mail providing proof of this GPL violation. The version of BusyBox that D-Link is pirating for this router, could potentially also be licensed under the GPLv3, which contains specific anti-TiVoization clauses to prevent this sort of activity.

Unfortunately, to my knowledge, the GPL has never successfully been tested in this way in US courts. The lack of precedent is disturbing, but the work of the Software Freedom Law Center should help that soon. D-Link has actually been found guilty of GPL violations before, except that it was in Germany, on a different device.

I was ecstatic when I learned that my hardware was running Linux, as my original plan was the build my own router, though that was cost prohibitive. Even if I could only get SSH access into the box, I’d be a lot happier with it. Ultimately, D-Link needs to do the right thing here, and release the GPL’d source that they’re using on this device. If they wrote the code correctly, this doesn’t mean they’ll have to give up any of their precious IP. While their at it, I’d really appreciate native Linux driver for my DWA-130 USB Adapter, though I’ll settle for Vista 64 ones to use via ndiswrapper.

Music to Look for: Jeffrey Luck Lucas

A while back, I was playing around with Rhythmbox, my GNOME music-player of choice, and I came across the plugin for Magnatune, a new kind of internet-based record label, which sells an artist’s music online splitting profits with them 50/50. Not only that, but they also make Ogg Vorbis and FLAC versions of recordings available, and you get to name your own price, between $5 and $18 US. Not a bad deal, especially since you can preview the music before you buy it, and decide how much you think it’s worth.

This isn’t about Magnatune though, this is about an San Francisco-based artist I discovered via Magnatune named Jeffrey Luck Lucas, a Country/Folk artist. Lucas cites 40s and 50s Country music and Mexican Folk as his muses for his unique brand of music, and is able to produce hauntingly beautiful music. I think the BBC review of Hell Then Devine says it best.

Rather than the usual collection of songs, Hell Then Divine is like listening to a drunken man mumbling through his life story. Sometimes banal, occasionally bizarre, the story is somehow gripping as you strain to listen.

The music is dark and moody, but not depressing. It bends and sways like a leisurely stroll down a deserted city street. Lucas’ own deep voice calls out slowly and deliberately, telling stories he’s yearned to tell since his punk rock days in Morlock.

I began listening to Lucas because he reminded me of Tom Waits, and his sound is similar, though he stays to the haunting stories. As haunting and miserable as the lyrics are, the songs don’t leave you depressed, as Lucas’ voice contains a comfortable acceptance, a sense of peace with the world, and a general feeling of contentment.

The world Lucas’ began to paint in 2004’s Hell Then Devine, contined in 2006’s What We Whisper, and hopefully continues in 2008’s upcoming The Lion’s Jaw is not a happy world. But it’s real. The realness and honesty in Lucas’ voice will draw you in and you’ll lay happily wrapped in a cocoon of his bluesy country drawl.

Check him out on Magnatune, you’ll be able to check his music out, before deciding to buy it. And if you live in San Francisco, try to check out one of his shows. I’d be there if I could.

2008 Predictions

So, I may be a little late for my 2008 Predictions, seeing as how we’re almost 72 hours into the new year, and I may be basing some of my predictions on news from the last several days, but I still feel it’s important.

Privacy is going to be compromised more and more readily this year. And companies will stoop to more and more despicable acts to violate our privacy to make a buck. If the Facebook and the existing hacker economy have shown nothing to us, it’s that there is a ton of money to be made by harvesting and selling people’s private information, and the trend will continue. Sure, it’s nearly impossible to function these days without leaving some sort of a digital footprint, but we should have more say in how our footprints are used. Of course, to do that, we need to be more careful how big a footprint we leave.

Not that this is going to become any easier. Data is money, and as long as people are willing to pay, others are going to figure out how to harvest this data. The Storm botnet will be remembered as a pleasure memory as larger and more insidious botnets replace it. I suspect that by the end of the year, even Nugache will be viewed as quaint.

Despite being declared an utter failure this year, Microsoft’s Vista Operating System will take on a new life in Corporate America this year as Windows Server 2008 is released, which will finally make Vista worthwhile for industry. While Business will be the early adopters of Vista, I suspect home use will become the norm by the end of 2008. Vista performance will not improve appreciably, but hardware will improve, and the major vendors (Dell, HP, etc) will drop XP in their consumer lines once the business sales pick up.

Apple will continue to grow in the laptop and mobile device markets, though desktop sales will continue to flounder. The iPhone SDK will be a joke, and it will be nearly impossible for a developer to get approval from Apple to run their code on the iPhone. The AppleTV and iTunes’ video store will take off this year (along with competitors), as the media houses begin to tap into this market. However, we will not see DRM-free video on a large scale this year, though DRM—free music will continue to thrive.

Google’s Android will flounder this year, particularly in the US. They lack hardware support from any major cell phone producers, and while the GSM network has greatly improved, it’s still not as common as the CDMA network. People will leave their CDMA service vendors for the iPhone, but Android, despite it’s capabilities and developer support will enter the market this year with a whimper.

Mono’s recently added support for Windows.Forms will begin to draw more attention from developers (who will be more interested in the Mac support, than Linux). This will be a huge year for the Mono project, as many more companies take interest in the fairly trivial porting of their applications. Most people are still developing .Net 2.0 or 3.0 applications, both of which have strong support in Mono, making it a reasonable target.

Linux will maintain very slow growth on the desktop, but the server market will pick up considerably this year, particularly with the Samba project’s new access to Active Directory/SMB/CIFS documentation. Mono’s ability to run ASP.NET applications will aide greatly in once again widening the gap between Windows and Linux on the webserver market. The ability for companies to save thousands of dollars on licensing fees by going with a Linux-based solution will be the impetus for this migration.

I don’t foresee any game changing events this year, but it should prove very interesting nonetheless.