Categories
Uncategorized

Welcome to “Unfinished Business” Week!

From this Saturday to the next, I’ll try and take post things I’d been meaning to post earlier, continuations of series I got started on, and follow-ups. Hope you like them.

Unemployed? Sure. Unstoppable? Hell yeah!

The day after I got sacked, I made this little cartoon — I took some liberties and created my own comic strip in the style of My New Fighting Style is Unstoppable (check out their series Get Your War On and Get Your Enr On).

AccordionGuy and Photoshop in the house!

Categories
Uncategorized

Astute.

From Mighty Girl’s blog:

4.27.01 OBSERVATION

Raspberry bathroom air fresheners are unsettling. The area where one defecates should not smell edible.

She’s so right-on I may just have to ask her to marry me!

Categories
Uncategorized

Microsoft Gets Security Religion, Part 3

In his memo on Trustworthy Computing, Gates says that ideal computer systems should be as reliable as services such as electricity, water and telephones. Doc Searls made the very astute observation that these services are infrastructure, and has this to say:

Interesting. Those other services are infrastructural. Significantly, their workings are transparent. There is no secret to how any of them work. (Even digital telephony.) As de facto infrastructure, Windows is anomalous in its lack of transparency.

He has a point here. You can easily look up documents on electric generation plant, water pumping stations and telephone company switches; you can even take tours of these facilities. You can’t do that with Windows, because beyond a certain point, its inner workings are hidden to anyone not working at Microsoft. We programmers can only go as far as the API — the Application Program Interface, the thing that allows our programs to use the services provided by Windows. Even then, Microsoft supposedly doesn’t make their entire API known; it gives them an edge over everyone else when it comes to writing software for Windows.

With real-world infrastructural services like electricity and water, the inner workings are subject to scrutiny. You can hire an independent engineering firm to do an audit of a power plant to see that it’s being properly run and maintained. You can’t do that with Windows since it’s a black box. The underlying code has always been unavailable to the general public, and only recently has it been made available to select business partners through its “shared source” program.

Searls goes on by providing a contrasting example: Apple’s Mac OS X.

By choosing to develop OS X on a transparent base – Darwin, which is BSD on a Mach kernel. [It’s open source, which means that the source code — the “recipe”, if you will — is free available for any to read or modify — Joey]. Apple respected the essentially infrastructural nature of operating systems, and the need for transparency at that level. I was talking with an Apple guy who works on OS X last night, and he was going on about the synergy between the company and outside Darwin hackers who shared an interest in improving Darwin as base-level infrastructure. Also about what Apple is giving back to the world in its work on FireWire, for example.

I think, in the long run, Microsoft would be wise to do the same, at least if it wants to maintain Windows’ infrastructural role.

It sounds like a good idea, but will Microsoft do it?

More on infrastructure

Thinking of software as infrastructure led me to think of other properties of “real-world” infrastructure and whether or not software infrastructure has something comparable.

Real-world infrastructural services are accountable to the public and to the government. When blackouts like those that happened last year in Califonia happened, there was a public outcry and action on the part of the state and federal goverments. When operating systems fail, there’s some public outcry that gets a token response from the software company’s tech support and marketing departments and almost nothing the government can do. When you rip open the packaging of your operating system, you are “signing” a EULA (End User Licensing Agreenment) which pretty much absolves the software company of any blame for anything bad the software does. Certain EULAs go even father — the EULA for Microsoft SQL Server (it’s database software) expressly forbids you from publishing performance data comparing it to other database software, or even data comparing SQL Server on different versions of Windows!

Real world infrastructure often has to meet some kind of safety standard, There are building codes, standards for electrical and chemical safety, government bodies like the FCC (Federal Communications Commision) and NTSB (National Travel Safety Board) and independent organizations like Underwriter’s Laboratories that perform safety and standards tests on real-world products. With software, you’re relying on the diligence of your software vendor’s QA department.

Real-world infrastructural services are usually designed by accredited engineers who are members of professional societies (in the case of Ontario, Canada, where I live, it’s the PEO — Professional Engineers of Ontario). Programming isn’t a profession, and many programmers out there taught themselves rather than going to University and majoring in computer science. I’m not saying being self-taught is necessarily a bad thing; many great programmers out there didn’t major in computer science or even go to university. However, accreditation fosters accountability, which is a neccesity when making infrastructure.

Real-world infrastructural services can be proven to work on paper. We have sufficient math to prove that a bridge or building design will work (and we also have thousands of years’ experience in making them, too), or that a chemical reaction will happen just a expected in a factory or that electricty will flow from point A to point B at the expected voltage and current. However, computer science is still a young field; the definition of what is computable didn’t come up until the 1930’s, and von Neumann didn’t come up with the guiding principle behind machines today until the 1940’s, and we didn’t have ENIAC until the 1950’s. We can’t prove that a piece of software will work without taking a ridiculously long time: for example, the math required to prove that a simple program adds two numbers correctly takes up two pages of legal foolscap (that was a question on one of my final exams).

Software is becoming infrastructure, but it doesn’t yet have the constraints that infrastructure needs. What we call “software engineering” is far from real engineering, in spite of the fact that we’re beginning to rely on it as much as other infrastructure that is engineered. As developers, we’re going to have to meet the challenge of turning computer science from its current hodge-podge state into a true engineering discipline; as consumers and citizens, we’re going to have to demand it from developers, software vendors and bodies like the ACM (Association for Computing Machinery).

Then, we may have a decent shot at Trustworthy Computing.

Categories
Uncategorized

T.G.I.F.

Silly online test of the week…

…goes to The Breakfast Club Personality Test, which is on this site. Here’s my result:

Home Alone and Baby’s Day Out, but I think part of the problem is that he stopped writing Molly Ringwald vehicles. All worship The Molly. And her very nice New York apartment.

Categories
Uncategorized

This is what the Internet’s all about

From The Official Ninja Webpage:

Hi, this site is all about ninjas, REAL NINJAS. This site is awesome. My name is Robert and I can’t stop thinking about ninjas. These guys are cool; and by cool, I mean totally sweet.

Facts:

1. Ninjas are mammals.

2. Ninjas fight ALL the time.

3. The purpose of the ninja is to flip out and kill people.

Damn, they’re mammals? On the Internet, you learn something new every day.

Warning: The Official Ninja webpage has some really annoying background music. Turn down the volume on your speakers.

Categories
Uncategorized

Speaking of trustworthy computing…

Here’s a great story about how AppleScript (a scripting language for Macs) helped keep sensitive data safe and helped recover a stolen iMac. The iMac’s owner managed to access his stolen machine remotely, wrote a script to set the AOL client to dial his home number, which gave him a caller ID trace. I think we have an early candidate for “Hack of the Year,” folks…

(Thanks to Leandro for the link.)

Categories
Uncategorized

Microsoft Gets Security Religion, Part 2

The Trustworthy Computing Initiative

On Janauary 15th, Bill Gates sent out a memo outlining an inititiative for something he calls Trustworthy Computing. The memo can be read in its entirety here.

Here are some snippets which should give you the gist of the initiative…

Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.

“Reliable and secure as electricity?” Obviously he didn’t live in California during the start of 2001.

Today, in the developed world, we do not worry about electricity and water services being available. With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about who we call or what we say will be compromised. Computing falls well short of this, ranging from the individual user who isn’t willing to add a new application because it might destabilize their system, to a corporation that moves slowly to embrace e-business because today’s platforms don’t make the grade.

Of course, what he doesn’t say is that a lot of the system destabilization that comes from installing new apps is Microsoft’s fault. I once had a customer call me with a problem where after installing an app I’d written, his printer was no longer working. And no, it wasn’t my fault.

That customer was a victim of what Windows developers call DLL Hell. The quickie explanation for non-technical people is that DLLs are software Lego blocks that are shared by many programs that perform functions that are common to many programs. For instance, the “Open” and “Save” dialog boxes you often see are services provided by the Windows Common Dialog DLL; by using this DLL, developers are saved from having to write, test and debug new “Open” and “Save” dialog boxes for each application and the users get a consistent experience every time they want to open or save. So far, so good. The problem is that DLLs are often upgraded, and sometimes the new version of a DLLs is not backwards-compatible with an old version. As a result, programs that relied on the old version of a DLL may suddenly stop working properly. A real-life analogy: imagine the kind of tragedy that would occur if someone changed all the coffee — a shared utility that many workers rely on — in your office from regular to decaf without telling anyone.

The events of last year — from September’s terrorist attacks to a number of malicious and highly publicized computer viruses — reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure, whether it’s the airlines or computer systems.

The attacks on the World Trade Center and Pentagon, being “low-tech, high concept” operations — had nothing to do with computers, but they do make a convenient bogeyman. As for the highly publicized computer viruses, most of them took advantage of Windows systems.

Our new design approaches need to dramatically reduce the number of such issues that come up in the software that Microsoft, its partners and its customers create. We need to make it automatic for customers to get the benefits of these fixes. Eventually, our software should be so fundamentally secure that customers never even worry about it.

Well, duh…

More in upcoming postings. Lots of work to do today.