Recently in Computing Category
Not long after my, and plenty of other people’s criticism of Google’s last six months of silence on the issue of Android. Google claimed that they didn’t want to take developer’s away from moving forward in order to prepare for release, but as I said last time, it was a concern because they were being more open with the few people who’d won the Android Developer’s Challenge I.
However, with the recent FCC approval of HTC’s Dream, and the impending release that this foretells, Google has finally started to move again on Android. Android 0.9 Beta was released yesterday, and having only had a brief chance to play around with the new emulator, it’s fairly exciting. The new UI is clean, and seems pretty intuitive. Even cooler, they released the source to the old dashboard UI, which goes a long way to show that truly, almost every piece of infrastructure on the phone can be easily replaced if you don’t like it. Awesome.
However, it’s not all chocolate and roses. Some Analysts are claiming the HTC Dream will come pre-installed with Google’s advertising software. Currently, I have to view these rumors as unsubstantiated, as Google, nor any Open Handset Alliance member, has said anything to that effect, and the SDK doesn’t contain anything to that effect. However, Google’s CEO has made it very, very clear that he feels that Mobile Advertising is the future of the company. And no doubt he’s right. He thinks advertising could eventually pay completely for the mobile phone.
But at what cost? The only reason this would work, is that Mobile Phones know basically everything about you. Where you go, how long you spend there, who you talk with (and again how long), where you go online, what you say, what you search for. More than enough information for Giants of Data Mining to target you pretty directly. The privacy invasion implicit in this sort of world is really quite disconcerting however.
Still, due to the current openness of Android, and the future openness once the source is fully released, any undesirable parts of the platform can be excised. Admittedly, I dislike that the default may well become insane tracking, but at least a way out will be availble. Mobile phones are expensive, far more expensive in the US than they need to be. As users we’ve allowed a service providing culture that thrives on double billing and price gouging to develop. That’s going to take a lot of work to rectify at this point, but I don’t think giving up privacy to advertisers is the way to do it.
Yesterday, I installed the SP1 of Visual Studio 2008, which included the .NET v3.5 SP1 as well. I was a bit surprised when the installer requested I close Firefox, but the Silverlight API installer wanted the same thing, so I just complied and let it go to work. Needless to say, when I finally got done installing the SP1 (about two hours later), I was awfully surprised to be greeted with this:
I was surprised, since I didn’t recall being asked to install any Firefox extensions, and I was pretty annoyed about it, so I just decided to tweet about it, telling the rest of twitter “VS 2008 SP1 installs a Firefox Extension without telling me about it. NOT COOL “. Surprisingly to me, about 4 hours later, I started to hear from the firefox_answers people on twitter, who hadn’t heard of this yet, and wanted more information. Once I told them about the extension, they were a bit annoyed, tweeting back “@foxxtrot Ugg. Not asking is really lame. I’ll forward that on to the Firefox add-ons team and let them follow up with Microsoft.”
So far, the primary annoyance has been that Microsoft never asked before installing this extension. Since I was a bit fuzzy about what it was for, I decided to go ahead and look it up as well. First problem I ran into, as that the extension wasn’t installed in either my Profile extension folder, or the Firefox install directory extension folder. Frankly, I didn’t even know that was possible, so I was a bit confused. Luckily, my extensions.cache file in my profile pointed me in the right direction. The extension had been hidden away at “C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension". The hunt, it was on.
But first, how did this install there in the first place? And how did it end up in my profile? Well, it turns out that Mozilla implemented a registry hack to make it easier for third-party developers to do exactly this. If you open up regedit, and go to “HKEYLOCALMACHINE\SOFTWARE\Mozilla\Firefox\Extensions”, programs can drop values in this registry key that will cause extensions to be automatically installed in every instance of Firefox on the system. Something similar exists for Thunderbird as well. But hey, at least the feature is documented. I’m not sure why this is allowed, but it is, and I think it’s best people know all the ways that extensions can be added to their browsers.
Moving on to what the extension actually does. It has two parts. First, it modified the User-Agent of the browser to add .NET Framework information to it. With the “Report all installed versions of the .NET Framework to web servers” option not checked, my User-Agent becomes this:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 \
Firefox/3.0.1 (.NET CLR 3.5.30729)
If I do check that box, I end up with this:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 \
Firefox/3.0.1 (.NET CLR 2.0.50727; .NET CLR 3.0.30618; .NET CLR 3.5.21022; .NET CLR 3.5.30729)
An amazing amount of information to be dumping across the wire to every single website I visit. This isn’t even fucking Silverlight related, and I that’s the only reason I can think of why a web server would ever need to know what versions of .NET I have installed. Ever. These values are coming out of the registry at “HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform”.
I can only assume it has something to do with this ClickOnce.aspx) stuff that Microsoft is pushing with the Windows Presentation Foundation.aspx). So, what is ClickOnce? In a nutshell, Microsoft is trying to change the way that software is installed on windows. Currently it relies on ‘setup.exe’ files, or .msi files. While those will never really go away (particularly .msi, which is great in the Enterprise), Microsoft has apparently decided that the better way to go is to tap into all that web hosting that everyone has access to these days.
Basically, a ClickOnce file is a special XML file with the ‘application’ extension, and Mime-Type: application/x-ms-application. Oh, and the Firefox Extension will ignore the Mime type is the file has the ‘application’ extension. Wouldn’t want to make people configure their web servers correctly, now would we? The application file contains basic information about the application, including a cryptographic signature to ensure…something. The keys aren’t required to be registered with anyone, so the key really just proves the app was built with ‘approved’ tools. .NET does this a lot actually. All assemblies must be signed, but that signature just means someone had the ability to sign something. It provides very little in additional security. I suppose you could probably opt to blacklist certain keys, but keys are easy to generate, so really it’s kind of a waste of time. My guess is that it’s the first step to cryptographic software registration, but that might just be the foil hat I’m wearing.
Once the file is downloaded, it’s immediately run through the PresentationHost application, which will likely download the necessary assemblies and immediately start to run the application. It’s pretty simple.
But what are the security implication? Absolutely anytime you download an application, it’s a potential security risk. Only download software from sites and developers you can trust. Ultimately, this doesn’t bother me too much for the idea of ClickOnce. It’s a more convenient way to download software, and frankly, Java has been doing this for years with Java Web Start. What does bother me is the fact that Microsoft will send anything to PresentationHost which has a .application extension. This makes it pretty easy to build faulty .application files and upload them, though that was never impossible, as the MIME-type could have been changed anyway.
So, ClickOnce is a security risk, but it’s not much more of a security risk than downloading anything off the Internet. If it’s riskier at all, it’s because the easier something is, the less people think about it. Though you can make people think too hard, making something easier should be balanced with security concerns. Ultimately, my biggest problem was that I didn’t sign up for a new Firefox extension to be installed. I was installing .NET. Plus, I don’t particularly want ClickOnce. For one thing, the only WPF app I am at all aware of is BabySmash, Scott Hanselman’s “Learning WPF Project”. For another, I would far prefer taking a few more steps to be sure of what I’m getting and from where, before I install it.
Summer is here and with it are a variety of hacker conferences. We’ve got Defcon, Black Hat, and my favorite The Last HOPE (Hackers on Planet Earth, run by 2600).
Defcon is the longest running of the conferences, having been in Vegas since 1993, and having long been an interesting mix of the Hacker community and Law Enforcement. It’s three days of intense learning, hacking contests, games, all sorts of hacking related stuff, and that’s just the advertised events. I’ve heard a lot of stories of people going to Def Con and seeing things like cell-phone scanning going on behind closed doors. And it’s only $120 for the conference. Cheap as shit. I’m going to have to try to go next year.
Black Hat bills itself at “The World’s Premiere Techincal Security Conference”, and I’ll be honest there are some pretty intense sessions. Like the FasTrak system I discussed last week. My big problem with Black Hat is that it’s gotten to be too damn commercial, or maybe it always sort of was. It costs a few thousand to go, and that’s before Vegas hotel rates. Plus, they actually kicked out reporters for allegedly hacking. At a hacking conference. This would never happen at a real hackers conference. Might as well go to RSA, if you’re looking for such a watered down hacker environment.
Which brings me to HOPE. I talked about The Last HOPE a while back, expressing my dismay at possibly missing the last HOPE conference ever. Luckily, the owners of the Hotel Pennsylvania have been convinced not to raze the hotel, and The Next HOPE has been scheduled for 2010. My only complaint is that they didn’t make the obvious Star Wars joke.
Even better though, is that 2600 has made the audio of all the talks from The Last HOPE available for free download. I’m working my way through them, all 2.4 GiB (my ISP is going to be so pissed). But you can easily just pick and choose. When the video comes available, I’ll have to buy some of my favorite sessions.
This is why I love HOPE and Def Con. They’re more open than anything else, they exist to share knowledge, and they try to do it at as low a cost as possible. They’re about teaching and they’re about knowledge. I encourage everyone to download the talks from The Last HOPE. You’re bound to learn something, and that’s ultimately the whole point.
I’ll admit, I’m occasionally a bit of a Linux Apologist. I have been known to downplay faults in Free Software, and just deal with them most of the time. I haven’t paid for any Microsoft software in a decade, and though I’ve often taken the opportunity to get free (legitimate) licenses for Microsoft software, I’ve always been fine going without.
I think I’m better than most, in that I at least recognize that most users don’t want to put up with some of the problems that I encounter, and I don’t begrudge anyone their choice to use Windows. It’s not the choice I would make, but I’m not the one making it. I’m the same way with iPods. I won’t buy one, since they don’t support the formats that I want to use, and much of the platform is built on DRM (this applies greatly to the iPhone as well), but just because the technology doesn’t fit my requirements doesn’t mean that it doesn’t work for the vast majority of the population. I don’t like it, but there it is.
But like I said, Linux has problems. My system has some bizarre issues that either I lack the time, ability or inclination to fix. My wife’s laptop, which she’s been happy with the Ubuntu installation on, has other issues. Ubuntu is great in that it mostly just works, but sometimes mostly is pretty annoying. Like Jeffrey Stedfasts problems with PulseAudio. To date, I’ve mostly just dealt with it, submitting patches where my time and inclination allowed, but much of the philosophy around Free Software begins to have issues around commoditization.
Hence where the Linux Hater’s Blog comes into play. On the site, some anonymous blogger rants, raves, and curses his way through a variety of major problems both in the Linux and Free Software communities. And I’d clearly suggest reading it. Myself, and others, have taken to viewing the blog more as bug reports, as problems that need attention before Linux will ever see mainstream usage. My wife manages because she has me to help her. My parents wouldn’t, because they live too far away for me to offer significant aide to.
The Linux Hater, who posts simply as “me”, is clearly someone who is passionate about computing, and yes, even Linux. If he didn’t want Linux to succeed, I don’t see why he’d bother with such fervent bile. And I firmly believe that with the right support, Linux can be the premiere Desktop Unix. Or at least, one of the Linux distributions can. And we’re already starting to see Ubuntu falling into the place. Amazon’s MP3 music store offer’s their downloader client for Linux, for Ubuntu, Debian (which is very similar to Ubuntu), Fedora, and OpenSUSE, because these four distributions offer a stable environment in which to operate.
The Open Source community is made up of all types of users, and we all have different views and priorities. But we all want to see the platform succeed. The technology is cool, but the rest of the bits need to be put together. It’s that other stuff that the Linux Hater focuses on. It’s not enough to be cool, you’ve got to work, and you’ve got to be responsive to problems. That is where Linux has traditionally failed, and that is where people like Linux Hater need to call people out.
I’m going to work much harder myself to try to fix these failures, and I’m hoping to get a job soon which will allow me time to do this more. Linux could be the premiere Unix environment, it isn’t yet, but it could be, and that is what we need to work toward.
Google has always touted themselves as a company which will do no evil. It’s a part of their posted Corporate Philosophy. However, in light of the recent revelation that Google keeps months of user-identifiable YouTube logs, and their recent claim that complete privacy is an unreasonable expectation, some people (okay, Slashdot), seem to wonder how accurate that claim is.
Admittedly, much of the commentary on the Slashdot article is standard Slashdot pants-wetting, but some of it is interesting. Ultimately, I’m not terribly sympathetic to the plaintiffs in the above lawsuit. Do I think that they should be able to have their private drive removed from Google’s Street View? Yes. However, they’re suing for $25,000 for reasons including ‘mental distress’. Admittedly, their suit isn’t too ridiculous as the sum of money is relatively low, and depending on how much they argue that their property value has dropped the amount may be sensible, but I very much doubt that there has been any drop in their property value relating to this photographing.
However, people are starting to notice and think about how much Google actually knows about us. Some people do all their web searching, keep all their e-mail in G-Mail, keep their calendars with Google Calendar, put their documents in Google Docs, and on and on. And Google uses all of this data to form as complete a picture about a user as they can. To date, it doesn’t appear that their using this data to target advertising directly at me, but that is related to it being more efficient to aggregate my behavior with people like me than to target me directly.
Google does a lot of good, I’m not trying to convince anyone to never use Google. I use Google for almost all of my web searching. Google Ads appear on this site. I have a GMail account. I’m interested in developing for and using Android. And I agree with Google’s sentiment that complete privacy is very, very difficult, maybe even impossible, to have in this day and age. But when there is a reasonable argument, such a a private drive, Google should be more receptive to removing such information from their cache. Plus, at my last job, some idiot programmer had, at some point, created an unprotected PHP page that would print out a ton of customer data, including names, addresses, and credit card numbers (if we still have them). Google found and indexed this, and I proceeded to immediately remove it once a customer discovered it while ego-searching. Highly embarrassing, and it took nearly 48 hours for this data to be removed from Google’s cache. More embarrassing from me and my company (I had only just recently took control of the website), but I think Google should hold some shame as well.
Due to Google’s success, and the realization of how much they know, some people are preparing to move forward with plans to take Google down. Cuil is the latest attempt, and their engine and layout is interesting. It’s not terribly accurate sometimes, but it’s interesting. Plus, Yahoo! has really improved their search over the last few years and I’ve noticed that they’ve really improved their relevancy over the last few years. In short, Google isn’t the end-all anymore, and there are privacy concerns with using their services, but those concerns exist everywhere you go on the Web. If you want to maintain any level of privacy, you may want to spread your online identity as much as possible. It’s less convenient, but convenience very rarely implies security or privacy. If you want privacy, you need to be willing to work at it.
I’ve neglected to talk about Microsoft’s well-known bid to buy Yahoo! early this year. People were excited by the news, since it may have vastly over-valued Yahoo! at the time, hell even with the immediate $10 jump in the stock-price after the announcement, the stock price was still lower than Microsoft’s buyout offer. However, Yahoo!’s Board of Directors managed to successfully resist the buyout offer. Of course, stockholders were pissed about this, since they were more concerned with getting Microsoft’s money than what was good for Yahoo! or the industry. The stock price dropped over the month of June back to almost it’s six-month low.
Carl Icahn, who had absolutely no association with Yahoo! until the Microsoft deal started going south, bought up a bunch of Yahoo! stock in mid-May and has proceeded to attempt to unseat the current Board of Directors for their ‘irrational’ reaction to Microsoft’s offer and the disservice that he feels that they did their shareholders by refusing it. Needless to say the ~50 million shares of Yahoo! stock that Icahn owns are going to net him a solid bit of cash if he can force Yahoo! to sell.
Now, news is starting to hit the street that Icahn has been in talks with Steve Ballmer, who has allegedly indicated that he might be interested in making another offer, if the Board is changed. Mind you, this is pretty much hearsay from Icahn, and it’s entirely possible he’s exaggerating comments that Ballmer has made (it’s very likely they’ve been talking) to drive Yahoo!’s price back up, though what he’s quoted Ballmer as saying are pretty vague already.
Icahn’s reasons for his actions are simple. He is simply looking out for the money. Unfortunately, so are the majority of Yahoo! shareholders, but such is life with a publically traded company. And if you look at what would cause the best, short-term increase in value for the Yahoo! shareholders, taking the money is a great idea. But, is it good for those shareholders in the long term? Is it good for the Industry in the long term? As for the shareholders, it’s hard to say at this point if Yahoo! will ever be the powerhouse they once were. But then, it’s likely that this is largely an image problem. Yahoo! has an enormous number of users, who are incredibly loyal. Yahoo!’s Mail Service is still considered bigger than Hotmail and GMail. Yahoo! Buzz has users who have never (and likely never would) heard of Digg. Yahoo! has frankly done a lot to bring Web 2.0 services, including Flickr, to users who never would be exposed to them another way. Do we need a Digg clone? Probably not, but users who like Buzz are more likely to be attracted away to something more similar, or users will be attracted to Buzz due to the convenience of having it tied into Yahoo!’s user system.
It makes sense that Microsoft wants Yahoo!. Yahoo! is an understated company, largely because they don’t make news the way that Google and Microsoft do. Are they as well off as they used to be? No, but I feel it would be amazingly imprudent to call them a failing company. The AdSense deal with Google, in my opinion, was only made to improve the companies financial situation a tiny bit to make them look better to investors. Ultimately, it did look desperate, and probably won’t help their case in the long term.
However, I believe that this deal would be incredibly bad for Microsoft, Yahoo! and the industry in general. Microsoft and Yahoo! suffer some similar internal problems. There are lots of teams working on various projects, some of which are duplicating effort. Both have poor communication between teams to prevent such duplication. Money is often poured into several competing projects. These are not healthy things for any large company, though it’s not caused too many problems to date. However, the ways in which the companies are different are even more damaging. Yahoo!’s internal philosophy has usually been one in favor of openness. Yahoo! views themselves as a services company, so a fair amount of their source is Open, and they share their technologies in many cases. Microsoft is very, very slowly moving down this path, but a large number of their projects are still heavily based on proprietary data formats and protocols.
I really don’t see any way for these two companies to come together in anything resembling a healthy business. And trying could frankly lead to a really bad situation for Microsoft. Ignoring the problem of bringing the companies together, I think the bigger problem is that this would simply be bad for the industry. We’d end up with less competition. We’d end up with a lot of Yahoo!’s Projects (like YUI losing their corporate support. Who knows what would happen to services like Flickr, which aren’t based on Microsoft technologies? Admittedly, it took Hotmail years to switch from Unix servers to Windows, but it did happen. I suspect a lot of services, that a lot of people use, would be re-engineered onto Microsoft technologies for no reason than Microsoft would either recreate it, or destroy it. Microsoft wants the search part of Yahoo!’s business, but I don’t think they would shy away from the opportunity to destroy the competition that Yahoo! represents, and snatch up any engineers who might work for them.
Yahoo! Shareholders: Please resist the urge to take a quick payout, which frankly is far from a guarantee at this point, and try to make decisions good for Yahoo! in the long term. If Icahn gets his way, there is no guarantee that Microsoft will actually make an offer. Or that they’ll make an offer for as much as they did before. Even then, you may have made a bit of money today, but you’ve likely hurt the industry for a long time.
A set of researchers at the Universita degli Studi di Brescia in Italy recently published a paper detailing a method to fingerprint data being tunneled over SSH, this is a particularly relevant bit of research, as more and more organizations have been busily filtering the kind of traffic allowed through their border routers. In some cases, this has been to protect internal resources, in others to restrict unauthorized use. Whatever the reason, many of these systems can be overcome by the use of tunnels, which the paper begins by discussing.
A tunnel is basically wrapping one applications protocol in a different protocol. The practice serves basically two purposes: 1. to wrap an insecure protocol in a secure one (like when using SSH) and 2. to get an unauthorized protocol out disguised as an authorized one. Of course, method 2, of which the tunneling protocol is usually HTTP, is vulnerable to the increasingly common Deep Packet Inspection that is being done, which actually opens up packets to determine what is going on inside them, and thus they are easily thwarted. However, by wrapping the illicit traffic in an encrypted SSL tunnel, the average firewall configured to allow SSL will allow the data right through.
Enter this research. It turns out that most protocols can be identified with reasonable certainty based on metrics such as the size of the packets and the time interval between sent packets. It’s really quite clever, and the mechanism used (Bayesian Filtering), is increasingly finding uses in this sort of work. The basic theory is that you can analyze the deltas (size and time) for a small set of packets, disregarding the first few packets (which are the SSH authorization packets), and within a small handful of packets, you can have a pretty good idea of what people are doing. Particularly if the behavior is allowed or not.
The general assumption espoused by the article is that the only legitimate uses for SSH are terminal sessions and file transfers, which may be true for SSH, but it’s parent SSL is used for so much more. Luckily, if you implement their technology, you can filter whatever you want. In many ways, this idea will be an incredibly useful addition to your typical Intrusion Prevention System, which already seeks to do something similar, in that it takes the model you’ve defined for acceptable behavior, and disallows anything that doesn’t fit the model. These systems are finicky, and (particularly early on) require constant monitoring and correction, but they’re a far better solution for many networks than the existing methods of fingerprint based Intrusion Detection.
Unfortunately, this system isn’t yet perfect. It will tend to view mucked up passwords as unauthorized traffic.Not to mention, all they can currently tell us is if the SSL connection is a interactive session, a file transfer, or a tunnel. Still, the research is interesting, and no doubt a lot of people in the security appliance business. I really think that the best application for this technology is as a part of a IPS.
The research isn’t ready yet, but it’s interesting, and worth looking at. I suspect that by this time next year the mathematical models for analyzing encrypted traffic will have come a long way. Of course, it does just go to show that analyzing encrypted data, even data you can’t decrypt, is always worthwhile. Watching who is communicating with whom, how often, and how much, can tell a lot about the nature of the communication, whether you’re a general in a war zone, or trying to keep filesharing off your network. Encryption is a great tool, but it still tells much to those who know how to look.
There has been a debate ensuing on Debian Planet since last week about Firefox 3’s new behavior for what it views as invalid SSL certificates. Having upgraded to Ubuntu 8.04 back in February, I’ve been using Firefox 3 since it hit rc1, so I can definitely relate to the problems that people are having. I completely agree with the sentiment of those who view the new behavior as a necessary evil. Unsigned SSL Certificates are a potentially huge security risk. Unfortunately, they’re common as spit and most people just click right past them because they’re getting in the way of the user doing what they want.
Firefox’s new approach is pretty heavy handed. So much so, in fact, that it appears you can’t work around it without some non-trivial changes to Gekco. This probably wouldn’t be so bad, except that most users have absolutely no idea what to do when confronted with this:
I know that my wife didn’t when the wireless network of the hotel we stayed at following our wedding redirected us to a site with an Invalid SSL Certificate. Hell, it threw me for a loop the first time I saw it. Other people have, of course, reported similar experiences.
In reality, I blame the insane cost of SSL Certificates. Partially, this is due to the standard for SSL security in web browsers is an all-or-nothing deal. You’re either signed by a Certificate Authority (CA) in the browsers certificate file, or you’re not. Because of this, CA’s have no incentive to change the way that they offer Certificates, you pay through the nose for a ‘valid’ one, or your don’t and use a self-signed ‘invalid’ one. The absolute cheapest you can get a Web-enabled certificate from Thawte, is $150/year, and in that case they only identify the domain, not the user. Want your company identified for better security? That’ll be an extra $100/year. Not that most users will notice. Want the fancy Green Address bar (at least in newer browsers)? Be prepared to spend a whopping $800/year.
Actually, I fully support this sort of pricing model (though I think that $150/year for a domain-only SSL certificate is ridiculous), but we need better mechanisms to communicate how much the key should be trusted. The Extended Validation Certificate (EV) is a huge step forward in this, but it’s still not very fine-grained, especially when many sites who need, or require like Microsoft Office SharePoint Server, encryption simply can’t justify that sort of expenditure for a signed SSL certificate.
Admittedly, organizations can create their own CA’s for internal use, and sign certificates all they want. This becomes impractical at some point, however, because you need to make sure that every user in your organization has the CA certificate installed. Washington State University has a CA certificate, that I suspect is installed in almost every departmental computer on campus, but most organizations simply don’t use it. This is likely due, in part, to the number of off-campus users, and the freedom which we provide users to bring their own hardware. My Eee PC spends quite a bit of time on the WSU network, but I don’t have the WSU CA certificate. Still, I would prefer that a lot of these self-signed sites were using the WSU certificate, as then I could install that cert and have them just work. As it stands, I have no reason to really even consider that course of action.
What we really need, is for the web to be tied into a true Web of Trust. I choose the Root CAs I want to honor, but signing their key with my own, and I can assign trust to other user’s signatures, so that I can opt to trust them simply because someone I trust trusts them. Since most Trust applications allow you to specify differing levels of trust, this is practically built into the encryption scheme. And I can explicitly set my trust on the Firefox key, so that I accept keys that Firefox trusts, and amazingly, my situation doesn’t really change much.
Of course, the above paragraph is a pipe-dream. The majority of encryption software is too difficult for the average user to use, and most users simply don’t care to learn. But as I’m a huge advocate for large-scale public-key encryption, I’m going to keep dreaming. In the meantime, we need a trusted Root CA who sells discounted certificates so that non-commercial entities who want (or need, which isn’t always the same thing), can have valid one’s without inconveniencing their users significantly.
There is the other side of this, that perhaps Firefox is trying to annoy users, to force web developers to do what they feel is right. Microsoft did the same thing with the UAC in Vista, after all. However, if this is the case, Mozilla has made an enormous mistake. For Windows Vista, redesigning the application just a little bit, can get rid of those annoying UAC boxes, and actually result in a net-increase in application security. Requiring signed certificates makes the web more secure, without a doubt, but the cost involved for many organizations seems prohibitive, especially for Open Source projects that feel that they’re doing their users a favor by encrypting logins to web-based systems.
I’m glad the Mozilla is trying to do something, but I agree with those who feel that they’ve gone too far. I’d be happy if, on the first alert screen, there was a button that allowed me to trivially accept the key on a temporary basis, while still requiring the full process to add the key permanently. And Ideally, I wouldn’t have to click on the “Or you can add an exception…” link to see the actualy options.
I hate Copy Protection. I hate it. It’s typically easy to bypass, and the only ways to make it hard to bypass, are such a pain in the ass of the users, that you end up just hating the entire process. In the early days, you had to keep the manual of the game handy so you could look up a certain word on a certain page. Easy to bypass, people just built up lists of the answers.
Then the CD revolution came, and the developers checked for the disc. Easily thwarted as CD Burners because more common, and the purposeful errors used a Copy Protection, such as SafeDisc, could be cracked with relative ease. And with the new world of Digital Distribution, CD-based copy protection schemes are unfeasible.
Enter the world of Internet-based copy-protection schemes. There is the question of how often you need to connect to the Internet, once or multiple times. XBox Live and Steam both use sort of a hybrid model. XBox Live saves it’s downloads with an encrypted signature for both the user who purchased it, and the ‘home’ system of the user. This encrypted signature is the key. If the signature of the user (or the XBox in question), doesn’t match, the user can’t play. Steam is basically the same, just minus the Host key. Incidentally, the Nintendo Wii is similar, except that it’s locked to the System.
The XBox, Wii, Steam can cache user Credentials, so that they don’t need to be always on the Internet in order to authenicate the games. Several on-line activated games (like On the Rainslick Precipice of Darkness or Defcon, only need to connect once, and cache a key which is delivered by the server to verify that the copy of the game is indeed legitimate. The nice part about Online verification, is that you can opt to check the codes periodically (Defcon does every time you go to play online), so if you have reason to believe that a serial number is being shared, you can kill it. The bad part is that if someone makes a Keygen for your game, you may end up killing legitimate users ability to use your software.
Ultimately, I’ve tended to believe that such things are a waste of time. People will still crack the games, and occasionally these systems are designed such to be more of a pain to legitimate users than illegitimate ones. When I heard of [Linux Game Publishing’s recent plans to integrate Copy Protection[(http://www.phoronix.com/scan.php?page=article&item=lgpcopyprotection&num=1) into their newest games, particularly a scheme that needs to validate on each load, I was concerned.
Back in the early days of Loki, it was a non-issue. None of the CD copy-protection schemes were ever going to be ported to Linux, so Loki couldn’t even consider it. Now that most people have always-on Internet connections, online verification is quickly becoming the norm. LGP, feeling that it they needed to explain themselves, posted their rebuttal](http://www.linuxgamepublishing.com/press_releases/200806241.txt).
I like Michael Simms, the owner of LGP, and my respect for the decisions that he’s made with LGP caused me to wait for his response on this Copy Protection debacle. Having read the press release, I must unfortunately accept LGPs decision. They performed a reasonable study, and I accept that Michael has good data backing this move.
I do want more information however. What exactly does “Contingencies are made so that if no internet connection is available, the game will never lock out legitimate customers” mean? Do I need to have an Internet connection available every so many times I start the game? What are the contingencies?
Overall, that’s really the only complaint I have with what I’ve seen so far. I like that I can install on multiple machines. I don’t believe that I should be required to buy two copies of a game so that my wife can play too. Incidentally, I do scan games’ EULAs for this these days. I like that if LGP ever goes out of business, contingencies are in place to remove the copy protection, even if LGP is not in a position to do so. I like that I always have the option to redownload a game that I’ve licensed, if my CD stops working. I wish I could tap into this now, as my copy of Majesty is scratched bad enough that I can’t install it anymore.
I hate copy protection. I hate any policy that treats legitimate customers like criminals. However, understanding the ease at which many people will copy software (particularly games), I don’t necessarily blame people for trying to protect it. My only requirement is that the method used be mostly transparent. I’ve had that with Defcon and the Penny Arcade Adventures. I’ll give LGP’s scheme a shot, as much as it saddens me that they’ve felt forced down this path.
We as consumers need to be willing to pay for entertainment. Software protection doesn’t bother me as much as media protection since the software inherently has limits on my use of it, so I’ve been more willing to accept it’s integration into my computing life. Ideally, we wouldn’t have to worry about Copy Protection, but until users decide to either pay the asking price or go without, I’m not sure it’s going anywhere. Just make sure that I don’t notice your copy protection after I activate it.
At the World Wide Developers Conference, Steve Jobs announced a new iPhone with 3G support and GPS. Neither of these were particularly surprising. After all, people have been upset about the lack of these technologies since day one. Not that that stopped a large number of people from shelling out $600 for the phone in the first few months, but everyone was upset about the missing technology.
No, what was surprising, was the announced pricing. An 8 GiB phone for a mere $199 (with a two-year contract through AT&T), or the 16 GiB for $299. This is a price point that has finally brought a few people who were still unwilling to take the iPhone leap seriously considering taking the plunge. Now, it’s no longer the price of the hardware, but the $70/month cell phone plan that has to go with it.
So, why the price drop? Well, in addition to the features that matter to the Enterprise, like Exchange Integration, the iPhone was still a little expensive. By allowing the providers to subsidize the cost, more people are likely to buy iPhones, further eating into the share of Blackberries and Palms. With the recent release of the SDK, and the launch of the iPhone Apps store, Apple stands to make ~30% off the sales of every application delivered to an iPhone. And developers seem to be excited about it. Not me, so much, since the only Mac I own is PowerPC, and there is a good chance Apple is preparing to give me the finger anyway.
No, I think the real reason is that Apple is trying to cement their position in the market before the Open Handset Alliance can get a single Android phone on the market. HTC has promised a few phones by the end of the year, but as it stands, Android needs some movement.
In my opinion, Android is the superior developer’s platform. It’s open, all applications are created equal, and unlike the iPhone it allows more than one application to be memory resident at a time. Plus, it doesn’t have the same restrictions on it as the iPhone. I fully believe that Android, despite it’s insistence on Java, is the more developer friendly platform. And the Java insistence is not so important in the mobile realm, which is mostly dominated by J2ME developers.
Apple may be the purveyors of all that is hip and modern in the modern realm, but without developers, a platform can’t really succeed. It was the adoption of a Unix core for Mac OS X, and a more advanced UI toolkit has been largely responsible for the growing success of the Mac platform. However, if you’ve got the majority share, people won’t have a choice but to target your platform.
