Monday, April 4, 2011
Video games: Also not the devil
In the wake of a tragedy, especially a self-inflicted one, every good American knows what to do. No, don't spend time consoling those hurt. Certainly don't look for ways to help. Assign blame. Have you neglected to help your child understand his homework so long that he's being held back a grade? The schools must need more funding. Are you so disinterested in your child that he spends eight hours a day playing video games alone? Evil games are destroying him! Thank God I live in a society that understands how to deal with these issues.
Wednesday, March 30, 2011
The Internet is not the devil
I once watched a man leave his wife and three school-aged children over his Everquest addiction. Our victimist society pities the man destroyed by such a vile influence. Yet somehow, the other two million players were spared from such consequences. Step back objectively for a moment, and ask yourself this: Is it more likely that two million unrelated people spread across the world simultaneously and independently survived a grave threat, or that one person negligently allowed his family relationships to slip away while distracted by a video game? Our age of technology should be respected, not feared. Take responsibility; absorb the good in it, and spew out the bad.
Monday, March 28, 2011
Why GitHub is taking over the universe
I use a lot of open source software. I use Linux, Apache, PHP, Firefox, Netbeans, Eclipse, and hundreds of less-notable software packages. And in some sense, I'm aware that those projects are run in a way that allows outside contributors to find and fix problems. Yet in the decade or so that I've enjoyed the benefits of the open source movement, I never contributed a single line of code. Until just a few weeks ago--thanks to GitHub.
Traditionally, open source projects are hosted either in private repositories or in read-only repositories on SourceForge. As a potential contributor, I'm intimidated by the prospect of getting hold of the latest source code, writing a fix, producing a patch, submitting it through the right channels, and then watching it disappear into the ether (as I'm the only one who cares about my fix).
The whole SourceForge mindset feels similar to the ill-fated Nupedia project. Nupedia was to be a carefully curated online encyclopedia, with only experts contributing. Of course, Nupedia hardly merits a glimmer of recognition these days; it was wholly crushed by its accidental offspring Wikipedia. The key was Wikipedia's openness about amateur edits.
GitHub has gotten it right in every way. I recently found a use for a few projects that happened to be hosted on GitHub. In most cases, if I want to make a minor fix or change to an open source library, it means cutting all ties with the upstream project to maintain my own slowly-obsolescing copy. With GitHub, I quickly saw that I could clone my own copy, make edits, and hit a big button to ask the upstream project to pull in my changes.
And just like that, I became a contributor to open source. The best part was yet to come, though. While my request was still outstanding, a whole thread of comments started to accumulate on my pull request, with other users affirming that my patch did in fact help. Each of those people had their own clone of the project, and they'd pulled in my change directly. That's right, they didn't have to wait for some approval from on high to start using my latest work, and its rapid spread through other users of the project helped push it through to the project's main contributor that much faster.
If GitHub keeps up its current momentum, it's poised to fulfill many of the original promises of open source: Rapid development among a large, loose network of users, each taking advantage of each other's work without waiting for The Project Owner to declare something ready. I'm excited, as I haven't been in a long while, about contributing to something great.
Traditionally, open source projects are hosted either in private repositories or in read-only repositories on SourceForge. As a potential contributor, I'm intimidated by the prospect of getting hold of the latest source code, writing a fix, producing a patch, submitting it through the right channels, and then watching it disappear into the ether (as I'm the only one who cares about my fix).
The whole SourceForge mindset feels similar to the ill-fated Nupedia project. Nupedia was to be a carefully curated online encyclopedia, with only experts contributing. Of course, Nupedia hardly merits a glimmer of recognition these days; it was wholly crushed by its accidental offspring Wikipedia. The key was Wikipedia's openness about amateur edits.
GitHub has gotten it right in every way. I recently found a use for a few projects that happened to be hosted on GitHub. In most cases, if I want to make a minor fix or change to an open source library, it means cutting all ties with the upstream project to maintain my own slowly-obsolescing copy. With GitHub, I quickly saw that I could clone my own copy, make edits, and hit a big button to ask the upstream project to pull in my changes.
And just like that, I became a contributor to open source. The best part was yet to come, though. While my request was still outstanding, a whole thread of comments started to accumulate on my pull request, with other users affirming that my patch did in fact help. Each of those people had their own clone of the project, and they'd pulled in my change directly. That's right, they didn't have to wait for some approval from on high to start using my latest work, and its rapid spread through other users of the project helped push it through to the project's main contributor that much faster.
If GitHub keeps up its current momentum, it's poised to fulfill many of the original promises of open source: Rapid development among a large, loose network of users, each taking advantage of each other's work without waiting for The Project Owner to declare something ready. I'm excited, as I haven't been in a long while, about contributing to something great.
Thursday, March 24, 2011
Monday, March 21, 2011
Offer what I want, and I will buy it
I love great TV shows. I loathe their delivery mechanism. There is no technical reason why I should not be able to watch all the episodes I want, when I want, with interruptions only for advertisements within my interests. If such a service were available, I would happily cancel Netflix and Dish Network the very next day and pay the provider of such a service $100+/mo for the privilege, even with advertisements. Unfortunately, the only people interested in providing such a service do so without allowing me to pass along any revenue to the shows' creators. Please, Big Media, let me pay you for what I want to watch!
Wednesday, March 16, 2011
If you hate computers, they probably hate you back
Some people just don't like the idea of tinkering with code. According to Paul De Palma, those people are women. Paul's argument is that we should arrange the presentation of computer science in a more self-contained, mathematical manner in order to attract more women to the trade. I've worked with people who think computer science is neat and tidy and manageable, and they all share one common flaw: They're wrong. Don't make computer science what it's not. If women as a demographic prefer biology to computer science, let them continue to categorize Siberian worms. They don't really want computer science; don't force it on them.
Monday, March 14, 2011
How much do computers really need us?
Just 10 years ago, the Church of Jesus Christ of Latter-day Saints launched FamilySearch, a marvel of technology meant to unify all the genealogical records available in one central, searchable database. And just a few months ago, the Church launched its replacement, now capable of allowing millions of people a day to instantly find and associate data about their ancestors--even if they start with little more than a misspelled name and a decade the deceased might have been born in. At what point do we humans become unnecessary in the entire endeavor of the organization of knowledge? Google seems to have already perfected their psychic search, nearly always returning what I wanted, rather than what I'd asked for. Is that degree of inference possible in the field of genealogy?
[note: This post comes almost a week late, due to some unforeseen circumstances, shown below]
[note: This post comes almost a week late, due to some unforeseen circumstances, shown below]
Monday, March 7, 2011
Computers: No respecter of persons
I recently started working with the engineer formerly responsible for architecting the LDS Church's new FamilySearch.org site, a free service helping millions connect with their ancestors. And just a year ago, I worked with an engineer from a company that performed so many fraudulent credit card transactions that they opened a new merchant account nearly every week--that is, until they were entirely shut down by federal investigators. I'm fascinated that the rise of high technology so efficiently allows the benevolent to rise, while simultaneously allowing the leeches to burrow deeper. I suppose the Internet causes bits to flow to the evil and to the good, and lets users fall on the righteous and the unrighteous.
Monday, February 28, 2011
Answering the right question
The most common cause of software startup death is building something nobody wants. The lone-wolf developer who hides his project's nature (and even existence) from the outside world until its glorious 1.0 release often finds that there is a reason nobody had built the product before. The right approach is to tell as many people about your idea as possible, as quickly as possible. If you rapidly discover that your idea is something nobody cares about--and it probably is--then pat yourself on the back! You've saved yourself many months of labor on a project doomed to failure.
Wednesday, February 16, 2011
Hacking in a world that's used to hackers
In the early days of networked computers, security protocols were pitifully underdeveloped and underanalyzed. Worse, they were implemented ad-hoc for each system separately. This means that a lot of early hacks were successfully executed directly against machines: Lines were tapped for passwords being sent in plain text, system executables were trivially overwritten, and son on. The only real security was physical isolation.
It wasn't long after networking became popular that it also became much more secure. In fact, SSL was first invented by Netscape in an effort to convince consumers that they could trust sensitive data, like credit card information, to the nebulous ether of the Internet. Remote access to important servers is now routinely restricted to access by a 2048-bit or larger private key rather than a password that can be guessed or accidentally divulged. File-system security has similarly advanced, along with distributed authentication (Kerberos), mechanical protection against automated password attacks (CAPTCHAs), and any number of other areas.
The net result is that a server now comes with secure software pre-installed. Each component has been peer-reviewed by thousands or tens of thousands of experts to ensure it is immune against known mechanical attacks.
Yet somehow, we keep hearing of embarrassing and costly hacks. HBGary Federal recently had their entire website trashed, full email logs published, backups erased, and their CEO's iPad remotely wiped. Just a couple months ago, Gawker Media (who runs many of the world's most-visited blogs) was manhandled by hackers who walked away with hundreds of thousands of user names and passwords. Not just hashed passwords to be cracked later, but the actual plain-text passwords, which most of those users probably used just about everywhere else.
With the decades of cryptography research and development we now have behind us, how is this still possible? In almost every case, it's a combination of administrator ignorance and at least one helpful clerical worker. The years of research that go into an algorithm like SHA-1 don't help Gawker if they don't salt and thoroughly hash their passwords. And Anonymous might not have destroyed HBGary so thoroughly if their secretary hadn't been willing to hand over credentials to a 16-year-old who asked nicely.
Welcome to the new world, same as the old world. If you really want prying eyes out, it seems the only real security is physical isolation.
It wasn't long after networking became popular that it also became much more secure. In fact, SSL was first invented by Netscape in an effort to convince consumers that they could trust sensitive data, like credit card information, to the nebulous ether of the Internet. Remote access to important servers is now routinely restricted to access by a 2048-bit or larger private key rather than a password that can be guessed or accidentally divulged. File-system security has similarly advanced, along with distributed authentication (Kerberos), mechanical protection against automated password attacks (CAPTCHAs), and any number of other areas.
The net result is that a server now comes with secure software pre-installed. Each component has been peer-reviewed by thousands or tens of thousands of experts to ensure it is immune against known mechanical attacks.
Yet somehow, we keep hearing of embarrassing and costly hacks. HBGary Federal recently had their entire website trashed, full email logs published, backups erased, and their CEO's iPad remotely wiped. Just a couple months ago, Gawker Media (who runs many of the world's most-visited blogs) was manhandled by hackers who walked away with hundreds of thousands of user names and passwords. Not just hashed passwords to be cracked later, but the actual plain-text passwords, which most of those users probably used just about everywhere else.
With the decades of cryptography research and development we now have behind us, how is this still possible? In almost every case, it's a combination of administrator ignorance and at least one helpful clerical worker. The years of research that go into an algorithm like SHA-1 don't help Gawker if they don't salt and thoroughly hash their passwords. And Anonymous might not have destroyed HBGary so thoroughly if their secretary hadn't been willing to hand over credentials to a 16-year-old who asked nicely.
Welcome to the new world, same as the old world. If you really want prying eyes out, it seems the only real security is physical isolation.
Monday, February 7, 2011
How not to gain respect for your cause
Wikileaks provides a rare infusion of actual facts into political debate, though many would rather they just shut up. One group has come to Wikileaks' defense over the last few months, in spite of actual arrests being made against its members: Anonymous. While I applaud their enthusiasm for a just cause, they're just embarrassing themselves and their cause. Petty vandalism against the opposition does not look noble. It's juvenile, and it distracts from the real issues just as much as the mainstream media's perverse obsession with Julian Assange's personality.
Wednesday, January 26, 2011
The only good lawsuit is an indiscriminate lawsuit
At least, that's the message of P2P lawyering group DGW. DGW's business plan is to spam thousands of households with misleading letters threatening lawsuits based on flimsy evidence. When a victim filed countersuit on charges of racketeering, extortion, and fraud, DGW asserted that their only ethical duty was to their client, and that they were free to mislead and bully as they pleased. Their tactics reek of mafia protection schemes, designed to intimidate even innocents into capitulating. DGW should be fined all of its assets and disbanded, and its proprietors personally fined and imprisoned.
Wednesday, January 19, 2011
WikiLeaks vs. the privacy of criminals
Wikileaks' release of dozens of private diplomatic cables provoked many to publicly call for Julian Assange's assassination without any due process. Its latest revelations may see that order carried out by private parties: He is now on the verge of releasing evidence that many of the richest people in the world colluded with a Swiss bank to escape income taxes (shocking, I know). The press should be cheerleading this exposition of the secrets of politicians and social elites--after all, that's supposedly the purpose of journalism. But wary to bite the hand that feeds them, they prefer to designate fellow journalists as enemy combatants. It appears that freedom of the press extends only to the polite, the docile, and the acquiescent.
Wednesday, January 12, 2011
Forgiveness in a world that never forgets
Google has created a world where every idle thought, misguided action, and misspoken word will haunt us for the rest of our lives. Just two decades ago, only politicians and captains of industry merited the effort required to unearth their sordid past. Today, prospective employers can (and do) find excuses to pass over a candidate in a matter of moments, often with photographic evidence. Many misdeeds so uncovered are long-forgotten to the misdoer, and should be long-forgotten to the world. Unfortunately, I'm too stoned right now to even think about possible solutions to this totally bogus situation.
Subscribe to:
Comments (Atom)