pop-culture for the people

I’ve been following the TippingPoint Pwn2Own contest for the last couple of years.  Last year a researcher from ISE named Charlie Miller used an exploit in a Perl library included in WebKit, the base code for Apple’s Safari browser and won a cash price for his effort.  In the press it was claimed he “hacked Safari in mere seconds”.  In truth it took a lot more time than that to devise the exploit and only seconds to execute it.

This year he did it again with another preplanned exploit which he says he discovered while researching last years bug.  Again he won a cash prize of $10,000.  And again it was claimed that Safari is exploited in seconds.

In an interview with ZDNet he said: “I never give up free bugs. I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away,” Miller told ZDNet. “Apple pays people to do the same job so we know there’s value to this work.”

I have a major problem with his philosophy and feel this is a dangerous precedent to set and a bastardization of the goals of security in the fist place.  I feel he has an obligation to inform Apple and not dangle a dollar amount for the how-to.

Sure he should be paid for his time and effort which is why he works at a security firm.  This contest is basically bonus money and about bragging rights.  Sitting on a bug puts the safety of other users at risk.  But he is basically demanding bribe money for bugs. Who is to say he wouldn’t give up his research to the highest bidder? I’m sure there are blackhat groups like those in Russia and China that would pay handsomely for some juicy exploits like this.

Yes there is a long history of security firms hiring hackers and there have been many questions of whether that is a good idea.  But security firms should take notice of this philosophy and not employee those who engage in this kind of behavior. It’s bad form for his employer and makes the security industry as a whole look bad by proxy. Would you hire a security company that employees hackers who blackmail for bugs to work on your systems?  If we hired his firm while I was working IT at a large New York bank I would advised my boss to make sure he’s not on our project (and perhaps hire an entirely different firm altogether).

I’ve been in a discussion with other users about this.  There seems to be a split in viewpoint, one side saying he should let Apple and the WebKit developers know about this exploit for the betterment of everyone (for free).  The other side feels this is purely about capitalism and he has no moral or ethical obligation to tell anyone.

Some have likened it to seeing a crack in a bridge that might fail.  Are you obligated to inform someone of the problem?  What if Dan Kaminsky demanded $1 million (Dr. Evil laugh) to divulge details on the DNS BIND problem?  People would be after his head and his career would be over.  This isn’t about capitalism vs. communism as some have suggested.  It is about right and wrong.  Charlie Miller is on the wrong side of this equation.

-Hollywood

I’ve been a user of Twitter for some time now and I’ve come to an unfortunate conclusion.  Unless you are Britney Spears Twitter is mostly useless.

Twitter is currently the most popular of a series of micro-blogging and social networking services.  What you get when you sign up for your free account is the ability to send and receive short (140 character long) messages to and from your list of “friends”.  You can “follow” other people, meaning you will receive any messages they post.  In essence it is a web version of SMS text messaging on your cell phone (and in fact can direct messages to cell phones).

Twitter first gained a lot of popularity amongst tech-heads and has since gotten a lot of press from big name tech journalists who have touted its use.  Most of these tech journalists have used the service as a secondary method of drumming up interest in their stories.  Interestingly the service has seen a shift in interest to more mainstream media and even many big name celebrities from the initial technorati as it has grown.  Yes even Britney Spears has a Twitter account.  Many big name corporations like Comcast and Carls, Jr. are exploring the use of the Twitterverse as an alternative method of communicating with their customers.  Twitter is now so mainstream it is being mentioned on the evening news and as I write this very sentence Jon Stewart just mentioned “tweeting” on the Daily Show.  Big name Twitterers even compare their stats to see who has the most followers, a sort of nerdy pissing contest.

Those who think they are getting closer to celebrity Twitterer need to realize that, like television, it is a one way street, a cheap communication channel for them to reach (advertise) to their fans.  Just don’t expect much.  Most of the big name Twitter users simply aren’t listening to your tweets.  Unless you have a number of friends who use the service you are likely writing short messages into a black hole.

For most people there isn’t much of a reason for anyone else to read your tweets unless you are a content producer of some kind.  Face it, nobody but close family is interested in what you just ate or that you are at home petting your dog.  You would be better served by sending a text message on your phone to your friends or use a service like Facebook instead (which most of your friends probably are using anyway).

Currently there is a deluge of good blogging and social networking services.  Twitter, like Facebook, has discovered that the two often go hand in hand.  This is probably part of the reason why Facebook is currently interested in purchasing Twitter.  The problem with so many choices right now is that people are likely to pick one and stick with it unless a majority of their friends leave.  It is simply too much effort for most people to use more than one service at a time.  This is why you saw a mass exodus of Livejournal to Friendster to MySpace to Facebook and Twitter.  But Twitter is (currently) too limited in its capabilities when compared to Facebook.  Twitter is like Facebook in that it has all the same features except the useful ones like hosting photos and videos, and creating and being part of groups.  If sharing information is the point of social networks then Twitter is the stingiest of the bunch.  Perhaps thats why celebrities and corporations like it so much.

I have strong doubts about the long term future of Twitter in its current form.  Though it is still receiving rounds of venture capitol funding it hasn’t made a single dime making any money right now nor has it announced any business plans.  I fear that once the venture capitolists realize there isn’t a business plan at all they will pull their money out.  Twitter’s popularity will ultimately being its downfall as bandwidth and server costs will quickly swallow their remaining funds.

UPDATE: This cartoon perfectly sums up my feelings about Twitter.

-Hollywood

  As some of you know I’m a big vintage gaming fan.  I was recently revisiting The Oregon Trail on the Apple II, a game I often played in school.  In case you missed it back in the day it was a game that simulated the mid 1800’s trip West by pioneers...  and it was awesome.

Along the way you had to make some strategic decisions involving management of your resources (food, water, money, supplies), your parties health, your oxen, etc.  It didn’t burden you to the point of being tedium like RPGs like World of Warcraft.  It was simple enough for a kid to play but engaging enough for an adult, even today.  Perhaps the most rewarding part was hunting.  In later versions you could play with a mouse but back in the day you had to use the arrow keys (and you liked it that way damn it).

I always found the more frustrating element of the game was deciding what to do at a river.  Do you attempt to ford it, pay a ferry or float your wagon?  Or late in the game when you have to steer the wagon down the river without hanging it up on the rocks or drowning Grandpa.  The first 75% of the game goes by like a breeze and the tough stuff starts when you start getting near the West and are traveling through the passes in the mountains.  Decisions you made early on in the game can bite you in the ass later on.  If by Utah your oxen are almost all gone, your party is sick and you have no more money you’ll need a miracle to get to the finish.  Perhaps that’s how Salt Lake City happened?

The game has a surprising amount of replayability which I guess is why this classic game, first written to be played on a mainframe computer in 1971 is still being played today.

Over the years I’ve found that most educational games weren’t much fun to play nor were very educational either.  Oregon Trail was one of a few games that broke that trend (along with a few of the Carmen Sandiego games and perhaps Mavis Beacon Typing Tutor).  It’s lasting impact is proven by a new version of the game is coming out for mobile phones and the iPhone (iTunes App Store link).  Not bad for a game that is nearing 40 years old!  I mean, where else are you going to find a game that kills you with dysentery?

  If you want to relive this classic game or play it for the first time you don’t have to dust off your Apple II.  VirtualApple offers many games playable online in your browser.  You don’t have to download or configure anything.  There are a ton of other great games on there too so poke around.  Oh and BustedTees has a great t-shirt you might like if you are fan.