Archive for December, 2009

Safe and secure

As the TSA pushes forward another round of absurd “security” measures, a notable quote from Bruce Schneier,

Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.

Enable debug and release builds in Visual Studio Express editions

I always forget how to do this:

  • Tools » Options » Show all settings (checkbox in lower-right)
  • Projects and Solutions » General » Show advanced build configurations (checkbox)

h/t: Ramon Smits

Terrorism is way too tedious

terrorism is way too tedious

The collapse of healthcare reform

How’d we get here? No public option, no medicare expansion, no changes to the healthcare market; the Senate has given us nothing more than the “option” to buy private insurance or be deemed a criminal. It’s our government at its worst: bound to corporatism and steadfast in its erosion of individual rights.

Keith Olbermann’s special comment is enlightening:

Visit msnbc.com for breaking news, world news, and news about the economy

The Hakka Tulou

I came across this great photo essay a while back regarding a unique and impressive form of housing found in rural China, the Tulou, used by the Hakka people.

hakka house courtyard

The Tulou is typically a large enclosed building, rectangular or circular in configuration, with a very thick weight supporting earth wall (up to 6 feet thick) and wooden skeletons, between three and five stories high, housing up to 80 families. These earth buildings usually have only one main gate, guarded by 4 to 5 inch thick wooden doors reinforced with an outer shell of iron plate. The top level of these earth buildings has gun holes for defense against bandits. They are a testament to the unique cultures that exist throughout China.

The S3 security gap and drop.io

Amazon S3 has emerged as a dominate player in providing a white box cloud storage solution for numerous organization. However, while S3 is great for outsourcing public web content, private, user-specific content is not something it handles quite as well. When storing private files, 3 solutions come into play:

  • Transfer the files back and forth between your servers and S3. This is cumbersome, as you incur a bandwidth toll on both your server and S3 and a performance penalty (the extra time to transfer to/from S3). However, it can be a valid solution based upon the specifics of your storage needs.
  • Add users to the access control list of S3 objects. This is usually not a feasible solution as it requires users to have an AWS account and authenticate with AWS.
  • User query string authentication on objects. This will allow public access to an object for a certain period of time. While this will allow access, this is also where the security gap is, as during the interval of time when the file is public, anyone can access it given the URL.

The security gap came into play as I was experimenting with the drop.io API and a drop with the guest password set. Once you pull the list of assets in a drop, you get a link with each asset to access the file (well, typically, a converted version of the file, as you can’t get original files back unless your a premium user – in any case, the data is visible). This URL redirects to a query string authenticated S3 object which can be accessed publicly.

drop.io converted file url

The problem here is that there is no encryption between drop.io and the client (it’s all plain old HTTP), so it’s not unreasonable to assume that a hacker using a packet sniffer could pick up the URL. Said hacker would then simply have to put the URL into a browser to download the asset. To verify this, I traced the HTTP request and response with Wireshark and, as I expected, was able to easily get the asset URL,

drop.io converted file url

The JooJoo

The hate for the joo joo (formerly the Crunchpad) has been palpable,

From Silicon Alley Insider,

At $500, this Web-only tablet is very expensive. And it doesn’t do much — just a Web device.

From ZDNet,

You can get a far better device for far less money. Who does Fusion Garage think it is, Apple? the price alone, makes this device a FAIL. Forget that it’s from a name you’ve never heard of. Forget that it’s Linux. Forget that it’s a really cut down Linux distro that’s totally hooked to the web. Forget that chances are not a single machine will ever see light of day because it’ll become a casualty of litigation.

From CNet,

it’s priced out of reach of most consumers, and functionally doesn’t offer much more than a $300 Netbook, although arguably it performs many of the same functions with a lot more style.

(Though it seems more recent, hands-on reviews of the tablet have been a lot more favorable)

the joojoo

Call me an optimist, but I think the joo joo has a lot going for it, and many of the negative comments directed towards it seem to be based on the fact that it will be competing against similarly priced netbooks, and that’s only a valid comparison if you think netbooks (or laptops for that matter) are comparable devices; in my view, they’re not, tablets are a new form of computing devices, one poised to become more powerful and user-friendly than the netbook/laptop form. My primary reason for this view, user input.

A while back I noticed something, I do very little typing when browsing the web, the majority of the time I’m reading, browsing, or scanning a page’s content or scrolling; when I do type, it’s typically in short bursts – long emails and blog posts are not frequent activities for me. I suspect the same behavior is true to a certain extent for others as well. Given this behavior, the mouse can be viewed as the primary input device, with the keyboard being secondary. Of course on a laptop or netbook you don’t have a mouse, but a touchpad, which is, in my opinion, a terrible input device. The touchpad tries to replicate the functionality of the mouse, but never really hits the mark; it does not provide the same level of fine-grained precision, it’s not as comfortable, and it feels fairly awkward to use. The nipple is only slightly better, and has the added disadvantage of bruising your index finger after extended usage. This is why I’m optimist for the joo joo, and tablets in general, it provides a form-factor and input device that eliminates the horrid touchpad, and provides a computer with a form of user input that matches or, in some cases, rival the mouse.

The joojoo is not a netbook or a laptop, and it shouldn’t try to be one. As for some of the other criticisms,

  • When did everyone become an expert on pricing?! $500 is steep, but not necessarily for early adopters. New graphics cards and CPUs can hit or exceed the $500 mark (note, that’s $500 for a single component, where there is typically no software out that can push it to the limit). The iPhone debuted at $600, and that was before the app store.
  • I don’t like that it’s a web-only device, but it seems to be a necessity here, as there isn’t a real hard drive, which makes sense; a conventional hard drive would kill a tablet (too heavy, too bulky, too much power consumption) as would an SSD (too expensive).
  • There is no problem with this device running Linux. Linux is a very capable operating system.
  • I have no comment on the litigation issue, I have no knowledge of what the relationship was between Arrington and Fusion Garage (and I doubt anyone else does either, beyond the parties involved). I was under the impression that Arrington was founder of the company making the device, that was obviously not the case.