Here is a great picture of Braden, our wonderful son who is now 18 months old! Obviously he's a sports fan and he knows how to be #1
Tuesday, November 09, 2004
Tuesday, October 05, 2004
How to fix Microsoft's security issues
While this may seem to be a very pompous title, I believe that what I am about to suggest is the best route to better (not perfect) security for Microsoft. We all know what scourge hackers and other malicious bots, worms, virus' and military operatives (yes, I'm serious) are to daily computer use. Face it, you are a target for a very wide gamut of attackers from script kiddies to 'information managers' of the communication divisions of your local military.
Microsoft no doubt cooperates with the American military, ensuring that America's information interests are not 'compromised' by too-good security and encryption. This is not the problem that we hear the mass media baaay on about. Rather, the issue is all about the annoyance and data loss problem, which ironically is also a problem for the military's surveillance, since what is lost can't be spied on.
So, how does one fix this problem? Well, Microsoft has chosen to stop all development work to train and upgrade the skills of its massive population of software developers and to make them aware of how to write code that is less prone to security holes like buffer overruns. So, as we develop new software this MIGHT help make new systems less susceptible to script kiddies and older attack methods, but it does nothing to secure the mound of code that is already out there in the wild. There is, apparently, a small group of developers in Redmond working away to tighten holes as they are reported to Microsoft by 'Whitehat hackers'. This is closing the barn door only after someone tells you that the horse is gone. It isn't a systemic search and repair of the barn. Worse, if someone doesn't tell you about the open gate, there is no assurance (to users of Microsoft's products) that the gaping hole will be shut.
The fix is simple; provide attackers, crackers, hackers and even the pimply-faced-fourteen-year-old-script-kiddies with a financial reward for being the first to document and report a security breech. By providing a generous reward (say $10,000) you could fund the discovery of 100,000 security holes in Microsoft products with just a billion dollars. This may sound like a lot of moolah, but when contrasted with the cost (lost revenue) from global business abandoning the Windows platform for something that is perceived as more secure, it is cheap insurance. The best benefit is that Microsoft would then be able to go to a world of users and declare that they are really serious about security and the elimination of vulnerabilities that exist in its products.
This is key to defeating the LINUX threat, as there is nobody dangling $10,000 for bug fixes to the LINUX kernel or various open-source products. One's name on a contributor's list pales in value when compared to cold, hard, cash. The goodness of one's heart and a passion for a faith (in this case, open source software) is almost always co-opted by money. Love doesn't feed one's children.
Of course this is not a perfect solution (is there ever one?), as not every hacker, cracker or script kiddie will want to help Microsoft. These people can't be had by money, which is the only thing that Microsoft can offer. They are akin to religious zealots who will die before dealing with the devil. The only way to battle against these zealots is to continue to promote the benefits (financial, and perhaps popularity via naming names of contributors if that is appealing) of working with Microsoft.
Microsoft must find a way to 1) secure its products from attack that erodes its perceived security 2) eliminate or decisively hobble its prime threat which is LINUX. Money and fame are the two tools that it has at its disposal and it is the best way to decimate the camps of the enemy open source movement. Unless this camp is defeated, the slow, steady march on Microsoft's territory will continue until Microsoft has little ground left.
Speaking of which, what about Military eavesdropping? How can this threat be eliminated? It can't, and won't be by an American corporation like Microsoft. This is the real new battle-front that will be hidden as long as possible by the mass media, as there is no security benefit to making the public aware of the spying that the government does. For those who want true freedom, those 'true believers' who hate Microsoft, America and all that our world is at this moment, there may appear to be two options; 1) abandon all high-tech and revert to a more primitive existence or 2) embrace alternatives, such as LINUX. Of course, this doesn't prevent contributions to the Open Source movement by military operatives, inserting surveillance capability in OSS software.
While this may seem to be a very pompous title, I believe that what I am about to suggest is the best route to better (not perfect) security for Microsoft. We all know what scourge hackers and other malicious bots, worms, virus' and military operatives (yes, I'm serious) are to daily computer use. Face it, you are a target for a very wide gamut of attackers from script kiddies to 'information managers' of the communication divisions of your local military.
Microsoft no doubt cooperates with the American military, ensuring that America's information interests are not 'compromised' by too-good security and encryption. This is not the problem that we hear the mass media baaay on about. Rather, the issue is all about the annoyance and data loss problem, which ironically is also a problem for the military's surveillance, since what is lost can't be spied on.
So, how does one fix this problem? Well, Microsoft has chosen to stop all development work to train and upgrade the skills of its massive population of software developers and to make them aware of how to write code that is less prone to security holes like buffer overruns. So, as we develop new software this MIGHT help make new systems less susceptible to script kiddies and older attack methods, but it does nothing to secure the mound of code that is already out there in the wild. There is, apparently, a small group of developers in Redmond working away to tighten holes as they are reported to Microsoft by 'Whitehat hackers'. This is closing the barn door only after someone tells you that the horse is gone. It isn't a systemic search and repair of the barn. Worse, if someone doesn't tell you about the open gate, there is no assurance (to users of Microsoft's products) that the gaping hole will be shut.
The fix is simple; provide attackers, crackers, hackers and even the pimply-faced-fourteen-year-old-script-kiddies with a financial reward for being the first to document and report a security breech. By providing a generous reward (say $10,000) you could fund the discovery of 100,000 security holes in Microsoft products with just a billion dollars. This may sound like a lot of moolah, but when contrasted with the cost (lost revenue) from global business abandoning the Windows platform for something that is perceived as more secure, it is cheap insurance. The best benefit is that Microsoft would then be able to go to a world of users and declare that they are really serious about security and the elimination of vulnerabilities that exist in its products.
This is key to defeating the LINUX threat, as there is nobody dangling $10,000 for bug fixes to the LINUX kernel or various open-source products. One's name on a contributor's list pales in value when compared to cold, hard, cash. The goodness of one's heart and a passion for a faith (in this case, open source software) is almost always co-opted by money. Love doesn't feed one's children.
Of course this is not a perfect solution (is there ever one?), as not every hacker, cracker or script kiddie will want to help Microsoft. These people can't be had by money, which is the only thing that Microsoft can offer. They are akin to religious zealots who will die before dealing with the devil. The only way to battle against these zealots is to continue to promote the benefits (financial, and perhaps popularity via naming names of contributors if that is appealing) of working with Microsoft.
Microsoft must find a way to 1) secure its products from attack that erodes its perceived security 2) eliminate or decisively hobble its prime threat which is LINUX. Money and fame are the two tools that it has at its disposal and it is the best way to decimate the camps of the enemy open source movement. Unless this camp is defeated, the slow, steady march on Microsoft's territory will continue until Microsoft has little ground left.
Speaking of which, what about Military eavesdropping? How can this threat be eliminated? It can't, and won't be by an American corporation like Microsoft. This is the real new battle-front that will be hidden as long as possible by the mass media, as there is no security benefit to making the public aware of the spying that the government does. For those who want true freedom, those 'true believers' who hate Microsoft, America and all that our world is at this moment, there may appear to be two options; 1) abandon all high-tech and revert to a more primitive existence or 2) embrace alternatives, such as LINUX. Of course, this doesn't prevent contributions to the Open Source movement by military operatives, inserting surveillance capability in OSS software.
Thursday, August 19, 2004
You know, as a professional software developer it is very easy to see your code used by an international audience. My latest commercial effort GTS currently does not have any users outside of North America, but it is our intent to see this product in use around the globe. This morning I was reading an article on The Guardian Unlimited website that discusses the trials and tribulations that Microsoft has gone through when distributing software to a global audience.
If Microsoft, arguably the world's most powerful software company, struggles with getting internationalization right, then what hope is there for my company? Yes, we architect's GTS from the ground-up with an international audience in mind. As GTS is a VB product, this means that we built all of the content display (words, captions, etc.) to work from resource files which are a better-than-nothing solution. I say this because resource files are an imperfect solution, since the expectation is that all languages are generally about the same size when it comes to the verbosity of meaning. Resource files simply provide the same content in different languages, so one command button may say 'Exit' in English but 'Sortie' in French. Mind you, there is only a 2 character difference between the words, but this is a 50% larger size than the English version. It really hasn't caused us a problem with single words (yet), but when it comes to having more than a few words and bam you get slapped by the 'gotcha'.
The real problem here is the fact that resource files were meant to be a way to keep a SINGLE source code set to produce multiple language versions. The reality is that you sometimes HAVE to fork your code to accommodate layout changes necessitated by one language. Some of you may be saying that this isn't necessary, as we could simply make the whole app fit the largest common denominator, but this involves other pain - mostly with our established customer base.
When you go about making wholesale changes to any layout or interface, it takes people time to adjust to the new location of the presentation contents. This is change, and most people really don't like change, especially when it isn't really necessary (as far as they can see) . The question comes down to who should have to change, who is it that will bear the brunt of the work to change; me the small software development company owner, or the myriad of users of my product?
Well, the real power here exists not with the guy at the programming keyboard, but rather it exists with our customers. GTS is in a very competitive market, and while it is doing well and expanding its horizons, our customers and potential customers have other choices. If we abuse them or lead them to feel that we don't really consider them above all else, they can easily walk away from our relationship. Yes the programmer makes the content of the application, but it really is the user who controls what is there.
All this verbage is a way to help you understand the difficult decision that we face at SinglePOINT as we expand to wider audiences (even within Canada, we need to fully support French, as our Quebec and New Brunswick markets expect it). In the end, I vote that we do NOT fork our code base, as this can effectively double our effort (or quadruple++ it) with every forking. I know that to put our users through change isn't great, but I hope that when they do upgrade to the next version of GTS, that any changes to the user interface layout are delivered with a good balance of improved performance, features and usability.
In the end, if we can spend more time improving GTS while we also shuffle its look and feel to accomodate an international audience, I believe that our customers will accept the pain for the gain.
If Microsoft, arguably the world's most powerful software company, struggles with getting internationalization right, then what hope is there for my company? Yes, we architect's GTS from the ground-up with an international audience in mind. As GTS is a VB product, this means that we built all of the content display (words, captions, etc.) to work from resource files which are a better-than-nothing solution. I say this because resource files are an imperfect solution, since the expectation is that all languages are generally about the same size when it comes to the verbosity of meaning. Resource files simply provide the same content in different languages, so one command button may say 'Exit' in English but 'Sortie' in French. Mind you, there is only a 2 character difference between the words, but this is a 50% larger size than the English version. It really hasn't caused us a problem with single words (yet), but when it comes to having more than a few words and bam you get slapped by the 'gotcha'.
The real problem here is the fact that resource files were meant to be a way to keep a SINGLE source code set to produce multiple language versions. The reality is that you sometimes HAVE to fork your code to accommodate layout changes necessitated by one language. Some of you may be saying that this isn't necessary, as we could simply make the whole app fit the largest common denominator, but this involves other pain - mostly with our established customer base.
When you go about making wholesale changes to any layout or interface, it takes people time to adjust to the new location of the presentation contents. This is change, and most people really don't like change, especially when it isn't really necessary (as far as they can see) . The question comes down to who should have to change, who is it that will bear the brunt of the work to change; me the small software development company owner, or the myriad of users of my product?
Well, the real power here exists not with the guy at the programming keyboard, but rather it exists with our customers. GTS is in a very competitive market, and while it is doing well and expanding its horizons, our customers and potential customers have other choices. If we abuse them or lead them to feel that we don't really consider them above all else, they can easily walk away from our relationship. Yes the programmer makes the content of the application, but it really is the user who controls what is there.
All this verbage is a way to help you understand the difficult decision that we face at SinglePOINT as we expand to wider audiences (even within Canada, we need to fully support French, as our Quebec and New Brunswick markets expect it). In the end, I vote that we do NOT fork our code base, as this can effectively double our effort (or quadruple++ it) with every forking. I know that to put our users through change isn't great, but I hope that when they do upgrade to the next version of GTS, that any changes to the user interface layout are delivered with a good balance of improved performance, features and usability.
In the end, if we can spend more time improving GTS while we also shuffle its look and feel to accomodate an international audience, I believe that our customers will accept the pain for the gain.
Sunday, April 25, 2004
There is a curse out there that goes "May you live in interesting times." And I think that these are inded interesting times! Just look at what has been happening in the political realm here in Canada. We've had more political leadership swaps and changes in the last year than our country has experienced in the last decade.
Of course, these things have to happen to a party now and again, it is the normal path of political renewal and generation stepping of the leadership, but when it begins to happen in more than one party, or in all three leading political parties in the country, then they begin to approach the status of interesting. That is, approach, but not achieve.
What has caused us to tip over into the realm of interesting has been the trials and tribulations of the new leadership. These pains of prestiege and power have been visited upon the leadership of both the Liberal and the newly minted Conservative Party. What is the source of the pain, well it appears to be from the ghosts of the past, from those who used to hold the throne both of the party and of the nation. Mr. Martin has seen a clear road to re-election fogged over with the mist of scandal and corruption, none of which is of his doing, yet he is being set up to take the fall. It is clear what the source of this pain is, that would be the former leader of the same party, Mr. Cretien, who has been well quoted as wanting to prevent Mr. Martin from ever being Prime Minister.
While Mr. Cretien has failed to stop Mr. Martin from taking the throne, he has been greatly successful at making the throne be as prickly a seat as possible. He may still succeed at preventing his successor from having a legitimate seat on the throne through an election win.
This brings us to the other ghost, Mr. Clark, who might, believe it or not, be the one to put Mr. Martin in residence at 24 Sussex Dr. for the next four years. I could not believe what I heard today, but it is clear that Mr. Who intends on being a somebody, even if it is through working for his old political enemy, as it appears that his new political enemy is the successor to his old party. Mr. Clark wants us all to go out and vote Liberal in the coming national election, it is a great thing to hear coming from a former Prime Minister, and a wonderful endorsement from a political foe.
It would seem that the ghosts of Joe and Jean don't like living with the dead, they like the feeling of power coursing through their veins, and there is nothing more powerful than moving the events of history, even if the real outcome is negative to all that you may have sweat to build in the past. It would seem that it is the feeling and experience of power that matters to these ghosts, er men, not the consequences. The only problem is that they are ghosts, who we know can't really hurt us, but they sure can give us a good fright for a while.
Of course, these things have to happen to a party now and again, it is the normal path of political renewal and generation stepping of the leadership, but when it begins to happen in more than one party, or in all three leading political parties in the country, then they begin to approach the status of interesting. That is, approach, but not achieve.
What has caused us to tip over into the realm of interesting has been the trials and tribulations of the new leadership. These pains of prestiege and power have been visited upon the leadership of both the Liberal and the newly minted Conservative Party. What is the source of the pain, well it appears to be from the ghosts of the past, from those who used to hold the throne both of the party and of the nation. Mr. Martin has seen a clear road to re-election fogged over with the mist of scandal and corruption, none of which is of his doing, yet he is being set up to take the fall. It is clear what the source of this pain is, that would be the former leader of the same party, Mr. Cretien, who has been well quoted as wanting to prevent Mr. Martin from ever being Prime Minister.
While Mr. Cretien has failed to stop Mr. Martin from taking the throne, he has been greatly successful at making the throne be as prickly a seat as possible. He may still succeed at preventing his successor from having a legitimate seat on the throne through an election win.
This brings us to the other ghost, Mr. Clark, who might, believe it or not, be the one to put Mr. Martin in residence at 24 Sussex Dr. for the next four years. I could not believe what I heard today, but it is clear that Mr. Who intends on being a somebody, even if it is through working for his old political enemy, as it appears that his new political enemy is the successor to his old party. Mr. Clark wants us all to go out and vote Liberal in the coming national election, it is a great thing to hear coming from a former Prime Minister, and a wonderful endorsement from a political foe.
It would seem that the ghosts of Joe and Jean don't like living with the dead, they like the feeling of power coursing through their veins, and there is nothing more powerful than moving the events of history, even if the real outcome is negative to all that you may have sweat to build in the past. It would seem that it is the feeling and experience of power that matters to these ghosts, er men, not the consequences. The only problem is that they are ghosts, who we know can't really hurt us, but they sure can give us a good fright for a while.
Monday, February 02, 2004
You know, it is an odd political season here in Canada. We have an old government but a new Prime Minister. We just had a new Speech from the Throne (which was likened to a statement of purpose for a business, but that's another Blog topic) and much of the rhetoric in it seems nice and special, but so much of it also seems the same old thing again.
Maybe Speeches from the Throne are supposed to be like a wedding? 'Something old, something new, something bold, something blue...' (did I get that right?) Well if the quote is right, and I think that it is, well, there is certainly much old, some new, bold might be an overstatement but something blue....well when it comes to the political realm, something blue would be Tory, which is NOT supposed to be Liberal (here in Canada). But then tonight I read on the CBC News page (http://www.cbc.ca/stories/2004/02/02/herron_040202) about yet ANOTHER Tory (er - Conservative) who is seriously considering crossing the floor to join the Liberal party. This turncoat, Mr. John Herron (nameless and faceless until now and forthwith for sure) seems to be selling his soul and certainly his seat to the Liberals for the song of a 'strong commitment to post secondary education' Maybe he should have added apple pie?
I just wonder why the microphones didn't pick up on his 'pick me.....PLEASE' line...
Some things are so pathetic and scary all at the same moment. We have a Conservative party that is too blue for its own ELECTED members, and we have a Liberal party that is blue enough to attract Conservatives like flies to...well you know. The ironic thing is that there has yet to be a single defection from the Liberal party to any other party. Sure, many MANY of the 'old Guard' have declared that they will not run in the upcoming election, which echoes of Brian Mulroney's old guard jumping ship as it began to take on water. The main difference here is the fact that while Mulroney was reviled across the land by 1993, and nobody NOBODY could have saved that ship, we have no similar sinking happening to an equally-old Liberal administration that has just been re-captained and very potently re-floated to the utterances of Bono himself.
Everybody knows that the next election will be a Liberal cake-walk. It is a fait-accompli, similarly as the 'leadership race' was pre-scripted, yet the Tories keep jumping. Maybe it is an old habit, but they haven't learned that the other half of this old habit is the lack of re-election when a jump occurs.
So, a toast to Canada's Blue Liberals, the conservative party that Tories prefer 2-1.
Maybe Speeches from the Throne are supposed to be like a wedding? 'Something old, something new, something bold, something blue...' (did I get that right?) Well if the quote is right, and I think that it is, well, there is certainly much old, some new, bold might be an overstatement but something blue....well when it comes to the political realm, something blue would be Tory, which is NOT supposed to be Liberal (here in Canada). But then tonight I read on the CBC News page (http://www.cbc.ca/stories/2004/02/02/herron_040202) about yet ANOTHER Tory (er - Conservative) who is seriously considering crossing the floor to join the Liberal party. This turncoat, Mr. John Herron (nameless and faceless until now and forthwith for sure) seems to be selling his soul and certainly his seat to the Liberals for the song of a 'strong commitment to post secondary education' Maybe he should have added apple pie?
I just wonder why the microphones didn't pick up on his 'pick me.....PLEASE' line...
Some things are so pathetic and scary all at the same moment. We have a Conservative party that is too blue for its own ELECTED members, and we have a Liberal party that is blue enough to attract Conservatives like flies to...well you know. The ironic thing is that there has yet to be a single defection from the Liberal party to any other party. Sure, many MANY of the 'old Guard' have declared that they will not run in the upcoming election, which echoes of Brian Mulroney's old guard jumping ship as it began to take on water. The main difference here is the fact that while Mulroney was reviled across the land by 1993, and nobody NOBODY could have saved that ship, we have no similar sinking happening to an equally-old Liberal administration that has just been re-captained and very potently re-floated to the utterances of Bono himself.
Everybody knows that the next election will be a Liberal cake-walk. It is a fait-accompli, similarly as the 'leadership race' was pre-scripted, yet the Tories keep jumping. Maybe it is an old habit, but they haven't learned that the other half of this old habit is the lack of re-election when a jump occurs.
So, a toast to Canada's Blue Liberals, the conservative party that Tories prefer 2-1.
Wednesday, January 28, 2004
When you enter an elevator, I bet you walk in, and turn and face the door, right? I don't think that there is a rule in place here, or some sort of law that is impinged when you don't behave as everyone else does, but trust me, it is unnerving when someone DOESN'T turn and stare at a closed door for the next 30 floors. It is just so odd to stand there.....waiting.....and having to stare at this non-conformist who insists on standing backwards in an elevator.
Has anyone ever been attacked for standing backwards in an elevator, or worse - murdered? I suppose it may have happened, but most likely it is just one of those events in one's life that you just look forward to being over, kind of uncomfortable like a rectal exam or an annual physical. Odd to think that simply having someone standing, STARING at you or in your general direction in an elevator can be as equally uncomfortable as having a personally prodding physical examination, but it is!
In the building where I currently work, there are little television screens placed conviently above the door to stream news and advertising your way for the uncomfortable 30 seconds you spend in that metal cube twice a day. Perhaps it is a ploy to get all those backward standers to turn around.
I shouldn't complain, after all, I'm a reformed backward standerer. In decades past I have been known to stand backwards in an elevator, but it was always in the company of close friends and work associates, never total strangers (odd that this would be more difficult). I found it a rather interesting experiment and experience, but it had a profound and odd impact on the other people in the elevator, people I have known for years seem squeamish when this happens, averting their eyes from the spectacle of someone standing looking to the back instead of the front. It was amazing, not liberating or anything, but rather a totally unexpected experience for us all. And no, I wasn't attacked for doing it.
Has anyone ever been attacked for standing backwards in an elevator, or worse - murdered? I suppose it may have happened, but most likely it is just one of those events in one's life that you just look forward to being over, kind of uncomfortable like a rectal exam or an annual physical. Odd to think that simply having someone standing, STARING at you or in your general direction in an elevator can be as equally uncomfortable as having a personally prodding physical examination, but it is!
In the building where I currently work, there are little television screens placed conviently above the door to stream news and advertising your way for the uncomfortable 30 seconds you spend in that metal cube twice a day. Perhaps it is a ploy to get all those backward standers to turn around.
I shouldn't complain, after all, I'm a reformed backward standerer. In decades past I have been known to stand backwards in an elevator, but it was always in the company of close friends and work associates, never total strangers (odd that this would be more difficult). I found it a rather interesting experiment and experience, but it had a profound and odd impact on the other people in the elevator, people I have known for years seem squeamish when this happens, averting their eyes from the spectacle of someone standing looking to the back instead of the front. It was amazing, not liberating or anything, but rather a totally unexpected experience for us all. And no, I wasn't attacked for doing it.
Saturday, January 24, 2004
Hello cruel world. I guess that is an appropriate and realist opening for what I hope will be an enjoyable read (this blog spot). Being a computer programmer who has suffered what I consider to be an inordinate amount of slings and arrows in the course of my life (which is about half over by my 'average lifespan' calculation).
I'm sure we all have gripes, whines and complaints against others, God, our parents, society, Mother Nature, fate and ourselves. I certainly have that and more....but I guess I also have a great appreciation of my state in life, sure it sucks in many ways, but when I consider against how the other 9/10 of the world's population gets on, well, I have NOTHING to say against my state.
Even today, someone like myself in the wrong country would simply be euthanised at birth due to the body that God gave me. In most first world countries, I'd likely be done away with before birth, thanks to the 'miracle' of ultrasound testing. So, while I greatly appreciate living in the present rather than the past, I can't help but wonder if I'd actually be able to be born today, or was I simply rather luckly to have slipped into this world 37 years ago...
I'm sure we all have gripes, whines and complaints against others, God, our parents, society, Mother Nature, fate and ourselves. I certainly have that and more....but I guess I also have a great appreciation of my state in life, sure it sucks in many ways, but when I consider against how the other 9/10 of the world's population gets on, well, I have NOTHING to say against my state.
Even today, someone like myself in the wrong country would simply be euthanised at birth due to the body that God gave me. In most first world countries, I'd likely be done away with before birth, thanks to the 'miracle' of ultrasound testing. So, while I greatly appreciate living in the present rather than the past, I can't help but wonder if I'd actually be able to be born today, or was I simply rather luckly to have slipped into this world 37 years ago...
Subscribe to:
Posts (Atom)
