Sunday, December 25, 2005

A Chanukah thought, Happy New Year, and thanks for reading my blog.

2 comments:
It's the afternoon of December 25th and I'm at home playing with the computer because this is not my religion's holiday, but all the stores are closed and my family's 180 miles away. No, this doesn't bother me - I'm visiting them in a few days anyway, but it does leave me with time to spend writing (as opposed to commenting on other people's articles), which I rarely have time to do.


First off, some comments on my holiday, Chanukah, which starts tonight. (Actually, it just started, since it's dark out now.) Contrary to what some members of the press (and their lackeys in Congress) would have you believe, Chanukah is not the Jewish version of Christmas. It does not celebrate anybody's birth, divine or otherwise, it is not a "season" for anything (although it is always a good idea to be nice to one another, regardless of the time of year.)

Chanukah is, in actuality, an annual commemoration of the conclusion of an historic war. A war where an invading nation (a group of Greek-influenced Syrians) had taken over the Jewish nation and a small rebellion was successful in driving them out and rededicating the Holy Temple to the worship of God.

The theme is quite appropriate for this day and age. Today, Jews are once again under attack from outside forces. Missionary organizations run extensive campaigns to try and convert Jews to the worship of other religions, atheist movements seek to obliterate all public expression of religion, and many groups seek to murder Jews worldwide, both in Israel and elsewhere.

What better symbol of hope can the Jewish people have than the celebration of Chanukah, where Jews remember how they were able to throw off the yoke of oppression and worship God properly and without fear. The Menorah is a symbol of the fact God helped us through our war then, and will help us through our (mostly spiritual, fortunately) war today.


But that's not the only purpose for my writing here. I also want to wish all of my readers a Happy New Year.

2005 has been a year of both good and bad news. The war against terrorism (including Iraq and Afghanistan) continues, and many good men have lost their lives fighting it, but we are closer to victory than we were at this time last year. Iraq has a new government, and terrorists seem to be attacking out of desperation instead of out of careful planning. With any luck, this trend will continue in 2006, as the governments of Afghanistan and Iraq get more stable and the terrorist are reduced even further.

On the personal front, 2005 has similarly been a bag of mixed blessings. I had a wonderful relationship for most of the year, but ended up choosing to break it off shortly after Thanksgiving (for reasons that I won't go into here.) My company was acquired by another, larger company, but I'm optimistic about my future with my new employer. There were some deaths among my friends' families, but also several births, in one case to the same family.

Finally, I'd just like to say "thank you" to everybody who reads this blog, whether I know who you are or not. I write these messages so that others may read them. Which brings me to my last point. If you are reading this message, please post a comment. Although it is generally considered bad form to post a comment when you have nothing to say, I'm asking you to post something here anyway, even if it is simply to say "I'm a reader". This will give me a feel for how many people actually read my words.

Once again, have a Happy Chanukah, a Merry Christmas, Smiling Solstice, and a Happy New Year. And may 2006 be better than 2005 was.

Monday, December 12, 2005

Encryption and security: an overview

No comments:
This is an article I wrote a while ago for my SlashDot journal. Cross-posted here and updated for your perusal.

Q:

I would really have loved a debate / educational description from the guru's / opportunity to learn something myself about silc over ssh vs. the "secure " setting in yahoo vs. outlook vs. pine security maybe some opinions about the "I don't get viruses because I'm opensource" vs. uSoft vs. apple, etc.

A:

OK. Here goes. You asked for it.

I'm unfamiliar with "silc", so I won't talk about it. (Gee, that was fast.)

Encryption

Encryption comes in two forms: symmetric and asymmetric.

Symmetric encryption is anything where the same key is used to encrypt and to decrypt. As a really trivial example, an encryption scheme where you add one to every byte in the file. In this "add" algorithm, 1 is the key. It is symmetric, because you can subtract that same key from an encrypted message to get the original back.

Of course, a simple "add" encryption scheme is pretty useless and is easily broken. But many more complicated schemes (like DES and AES) are also symmetric. Although the decryption algorithm may be different, the decryption key will still be symmetric.

Symmetric encryption can be very secure, but it has one big loophole. Both the sender and the receiver need to have the same key. Which means they have to trust each other. If you send me a file encrypted with a symmetric algorithm, you have to give me your key as well. If a third-party gets your key, he can intercept your document in transit, decrypt it, modify it, re-encrypt it, and send on the result. I have no way of knowing that the file was tampered with.

Asymmetric encryption solves this problem. With asymmetric encryption, the key you need to decrypt a message is different from the one you used to encrypt it. To be properly secure, it should not be possible to derive one key from the other (or at least not without a LOT of work.)

Most modern encryption systems use (at least partly) a thing called public key encryption. This is a variation on asymmetric where the key pairs are interchangeable. That is, if I have a pair of keys (A and B), I can encrypt with either one, and the result can be decrypted by the other. When you generate a pair of keys, you arbitrarily declare one to be your public key and the other to be your private key. You keep the private key to yourself and never give it out to anybody. You give the public key to anybody who wants it (posting on web pages is not unusual.)

Now, suppose you send out a document encrypted with your private key. Anybody in the world can read it (because you've made your public key available for the taking), but because they have to use your public key to decrypt it, they know that you were the originator of the message. If someone else tried to forge the message in your name, your public key wouldn't work on it. If a third party decrypts your document and alters it, he can't re-encrypt it, because he doesn't have your private key.

Similarly, suppose I send out a document and I encrypt it with your public key. Only your private key will be able to decrypt it. So I know that only you can read the message. But anybody could have sent it to you (since everybody can get your public key.)

Either of these scenarios is useful. But ideally, you want the advantages of both. You want to make sure that only I can read your message, and you want it to be impossible for anyone to forge your identity. The solution is simple. You encrypt the message twice. Once with your private key, and again with my public key. In order to read the message, I need to decrypt it twice - once with my private key and then again with your public key. I know the message came from you (because your public key worked) and you know nobody else read it (because my private key is needed to decrypt the message.)

Public key encryption is computationally expensive, so it generally isn't used for encrypting actual documents. Instead, it will be used as a part of a key-exchange algorithm. A symmetric key will be randomly generated, used for one session only, and will then be discarded. Public key encryption is used for one side of the connection to give the key to the other side, so that third parties can't intercept it.

SSH

SSH is primarily meant to be used as a replacement for telnet (and related utilities like rlogin, rsh and rexec). The reason for this is that the telnet protocol (and rlogin/rsh/rexec) have minimal security. They do not encrypt their connection in any way.

This means that anybody sharing a network with you, the remote host, or any network in between, can see everything you're doing. It's trivially easy to get a PC to intercept all the packets that flow through an Ethernet network, and it's often not too difficult for an administrator to do this on other kinds of networks.

Someone snooping on a telnet/rlogin/rsh/rexec session can easily mirror your session. He can see everything you type (including passwords) and everything you see/download.

This doesn't often happen, because most internet service providers are trustworthy. But there are still cases where people on corporate and campus LANs have stolen sensitive data this way.

This also happens over wireless networks, like those found at trade shows and internet cafe's. WEP (Wired Equivalency Privacy) provides some degree of security, but WEP can be cracked fairly easily these days, and it won't stop someone who knows the encryption key (like anyone that has paid for time on the wireless LAN.) Wireless Protected Access (WPA) is more secure, but if history is any guide, it will eventually be cracked (and replaced with something even more secure.)

ssh solves this problem by encrypting everything. It also provides some optional features that will only allow people with pre-assigned security credentials access. So someone snooping your packets will be unable to view the content. (More accurately, the amount of computer power needed to break the encryption will be greater than what most people will be willing to expend.)

Although I regularly use telnet/rlogin/rsh/rexec for local traffic (between two computers at home or two computers at work) I try to avoid using it over the internet.

Also as a part of the ssh distribution is "sftp" which is an encrypted version of the FTP protocol. FTP suffers from the same problem as telnet - passwords are sent without encryption, so a third party could intercept them.

Secure web pages

You can encrypt web connections, as long as the server supports it. Encrypted URLs usually begin with "https:". (The "s" stands for "secure".) The HTTPS protocol can use a wide variety of different encryption standards, some more secure than others.

Most web browsers will let you know when the page is secured. Typically with a padlock icon or other appropriate icon in some corner of the browser window. You can usually click on this to view the page's security information (including the kind of encryption, the certificate providing the encryption keys, and the identity of the authority that generated the certificate.)

Any kind of encryption will keep third parties from snooping your packets. Encryption protocols with more bits in the key will be harder for third parties to crack, although anything can be cracked by someone determined enough.

You still have to decide whether the server on the other end can be trusted, of course. This is where the certificate and certificate authority comes in. A site's certificate identifies the owner of the site (usually including name and address contact information.) The certificate's data includes some encryption/authentication data to keep a third party from tampering with it. Part of that information involves a certificate from a certificate-agency. This means that that agency is vouching for the content of the certificate.

The idea here is that a rogue web site may try to impersonate a real one. For instance, an identity theft ring may create a server that looks like Citibank's server. Citibank will, of course, have a certificate that identifies them, but the rogue site will probably also have a certificate. So that alone isn't enough to make things secure.

The certificate authority takes care of that. Citibank's real certificate will be signed by an authority (Citibank uses VeriSign, if you're curious). When you choose to view the certificate, you will see that it is signed by VeriSign. Your web browser can use VeriSign's well-known public-key (built-in to most browsers, and available for download from others) to validate that the certificate is, in fact, genuine.

If the rogue site tries to use the same certificate, it won't match the server and your web browser should alert you. If they try to alter the certificate, it will no longer validate against VeriSign's public key - only VeriSign can issue certificates that their public key can decode.

Of course, you still have to decide whether to trust the remote server or not. No protocol will help you here. But HTTPS will let you be certain that the remote server really is who you think it is, and that no third party will intercept your session.

Microsoft Outlook

When people talk about Outlook's security, they are usually talking about something else. The problem there is how Outlook handles attachments.

People attach all kinds of files to all kinds of mail messages all the time. If I e-mail you a picture of somebody, it gets sent as an attachment. If I e-mail you a Word file I want you to read, it gets sent as an attachment. And if I e-mail you a program, it gets sent as an attachment. If I send you an HTML-formatted mail message with an image or background music or something, attachments will be used there as well.

All mail programs (well, all except the oldest and simplest ones) can deal with attachments. Either they make you save the attachment, or they may launch an external program for viewing it, or they may launch a plugin to view it, or they may be able to view it directly.

Outlook's problem comes from the way it launches attachments. There have been many bugs (most have been fixed by now, I believe) that will cause Outlook to automatically execute a program or a script that is sent in an e-mail attachment (usually with the message malformed in such a way as to trigger the bug.)

Once this happens, the program is running on your computer like any other program. As such, it can do anything. Worms (which are effectively viruses that spread to other computers on their own) often exploit this. They will e-mail themselves to others in a way that takes advantage of these kinds of bugs, so that the receiver will end up auto-launching the program, causing the worm to spread further.

The reason so many people hate Outlook is that these kinds of auto-launch bugs are extremely rare (and sometimes unheard of) in other mail programs, but Outlook has had tons of them over the years.

But the worms have been getting trickier. As Microsoft has fixed the various bugs that can cause executable attachments to auto-launch, the people developing the worms have gotten sneakier. Usually, they take advantage of human gullibility.

For instance, the worm may include (in the mail message's text) a message telling you that the attachment is a critical system patch from Microsoft, or an updater to some popular program, or a program needed to prevent your bank account from closing, or other similar gimmick. The user who trusts this message and runs the program gets infected with the virus/worm, and it spreads further on.

Antivirus programs routinely check e-mail for viruses and worms these days, so this works less often than it used to. So the viruses now often pack themselves into zip files for e-mailing. The idea is that virus scanners may avoid scanning a zip file. The message will direct the user to unpack the zip and run the contents - at which point the virus gets launched.

But virus scanners now scan the contents of zip files.

Which is where virusses like "Beagle/Bagle" come in. Zip files support built-in encryption. This way, only an authorized user can see the contents of the file. Obviously, if the zip file can't be opened, then a virus scanner can't scan the contents.

So the Beagle/Bagle virus sticks itself into an encrypted zip file. In the e-mail it sends itself through, it tells the recipient what the decryption key is. If someone is gullible enough to expand the zip, enter the decryption key, and run the contents, the virus will run.

The scary thing is that these viruses do spread. There are thousands of people who have been tricked into decrypting and executing the virus.

Macro viruses

In addition to these kinds of viruses, some popular tools that have macro languages (like the parts of Microsoft Office) can also be vectors for spreading viruses. A macro in a Word/Excel/PowerPoint document can spread to other documents and can even e-mail itself elsewhere.

Fortunately, today's virus scanners are smart enough to scan the contents of office documents. It's also easy to disable all macro capability in MS Office, which is usually a good idea, since very few people actually use them.

E-mail security

To be on the safe side, many people simply refuse to look at any attachments whatsoever. And with web-mail services and AOL (and possibly a few others) this is easy - you don't even have to download the attachment from your server if you want to delete it without opening it.

But IMO, this is overkill. And it's not an option for many people.

For instance, I often send and receive pictures with my friends and relatives. I also send and receive Microsoft Office documents all the time as a part of my job.

Fortunately, it is easy to spot executable attachments with most mail programs. Look for a MIME type like application/octet-stream (a generic binary file, usually used for program files), or application/vbs (Visual Basic Script), etc. And look for file extensions like .exe, .vbs, .com, .bat, .pif, etc. If you have Windows configured to hide extensions (the factory default setting), change that configuration so you can see them.

As a second line of defense, get a good virus scanner (most people I know use either NAI/McAfee or Symantec/Norton) and keep it up to date. Updates come out frequently - sometimes more than once per day. Antivirus packages all include an auto-update facility where they will periodically download updates from the publisher's web site. Home editions of these program require you to buy annual subscriptions to keep getting updates, while corporate editions typically do not.

Non-virus E-mail security

In addition to viruses, there are a few other potential security risks to e-mail that some programs make you vulnerable to.

For instance, HTML e-mail. HTML is useful and cool. It lets you send mail with nice formatting, colors, fonts, images, etc. You can also include links to remote sites, and have remote references to objects on web servers (like images, sounds, etc.)

The problem is that this can create a security problem. For instance, suppose I send you an e-mail with a reference to an image on my web server. You open the mail, and your mail program fetches the image from my sever. You see the image and all's well.

Now suppose I'm a spammer and do the same thing. You think "no big deal" and just delete the spam. But I own the web server. Suppose I send out a million spams, and that image-reference has a slightly different name in each one. I keep a list of which e-mail addresses got which image-references. I can look at my web server's log file and find out which of those image-references were used to download images, match them against my list, and bingo! I now know which people actually read the spam (as opposed to those that deleted it without opening, or those that never received it.) Since I know somebody's reading spam at that address, I'm going to start sending him lots more.

Some mail programs and web sites (like Thunderbirdand Yahoo) provide options to block all remote-image references that appear in mail. This keeps the spammers from knowing that you've read their spam.

Also, HTML e-mail can contain Java applets and JavaScript. These are normally not dangerous, but there have been bugs that allow them to be used for spreading viruses. But they can sometimes open network connections to a remote web server, where they can alert a spammer that his mail has been read.

Fortunately, good mail clients let you disable Java and JavaScript in e-mail as well.

Finally, e-mail may contain data for popular plugins, like Shockwave Flash files. Most plugins are reasonably safe, but some are not. And some of the safe ones can open up network connections, which can alert a spammer that the spam has been read. Again, good mail clients let you disable plugins from e-mail.

Of course, you do not want to have your mail client set to automatically generate return receipts, even if you receive mail that asks for them. Again, this will alert spammers that someone's reading the spam. If you want your e-mail client to generate receipts, configure it to ask for confirmation first, so you won't send it to spammers.

And NEVER send mail to a spammer's "unsubscribe" address. If you do, you'll give him concrete proof that someone at your address is reading the spam. You'll end up getting more spam, not less.

Mail client recommendations

WRT pine, I can't help here. I haven't used pine in a very long time, and I didn't bother to learn much about it back then.

FWIW, I run Thunderbird, from the Mozilla group. It has many good anti-spam features (disable Java, disable JavaScript, convert HTML to plain-text, don't load remote images, and self-learning spam filters) that I find very useful.

Microsoft has put some of this into the newest versions of Outlook, but existing copies leave a lot to be desired in this department.

People who just don't get viruses

In the "I don't get viruses" department, it's true. Some people don't get them. But if anyone says that they can't get them, they're just lying.

A savvy Windows user can almost always eliminate viruses. You can use a mail client with good security in its design. You can install a virus scanner set to scan all files and have it auto-update on a daily basis. You can turn off unused network services. You can use an intrusion detection package (like ZoneAlarm) and you can use a firewall on your network.

But even with all this, it is possible to get a virus. Everybody's human and it is always possible that someone may trick you into running an infected program.

There have even been cases where a software publisher has been infected, and the virus spread through CDs bought in stores. I, personally, have been infected by a virus that came in through Microsoft's "Windows Update" server. But if you stay alert and make sure your virus scanner is always running, you can reduce your risk to a minimum and minimize the damage when something hits.

People using other operating systems can afford to be a bit more cavalier. There is a certain amount of "security through obscurity". People don't bother making many viruses for Linux, Mac OS, OS/2, BeOS and other low-popularity operating systems. Not because it's impossible, but because such a virus won't spread very far. If I infect every Mac that exists, I only get 3-5% of the computers in the world. If I infect 10% of the Windows machines, that's 9.5% of the world. If I infect every OS/2 system that exists, I probably get only a fraction of a percent of the total amount of computers.

In other words, writing viruses for Windows gives the greatest bang for your buck.

10-15 years ago, when most computers on the internet were university mainframes, you found a lot more UNIX-based worms. But now the quantity of UNIX boxes on the internet are dwarfed by the number of Windows PCs attached to DSL lines and cable modems. And these PCs are every bit as connected as those university mainframes used to be.

It is definitely possible to write a virus that targets Mac OS, Linux, or anything else. And even though these viruses may require administrator access to do real damage, I'm sure that lots of users could be conned into typing in their administrative passwords, just like Beagle/Bagle got lots of people to manually decrypt a zip file in order to run the virus. And I'm sure lots of Mac/Linux home users run logged in as root or administrator accounts (just like most Windows NT/2000/XP users do their work from administrator accounts.)

If Linux or Mac OS or anything else should someday become really popular, and not just niche products, I have no doubt that we'll start seeing lots of viruses that target these platforms. These operating systems may have security features that make it harder for viruses to auto-install, but as long as we have gullible users that do whatever random e-mails tell them to do, viruses will remain a fact of life.

And, of course, this is ignoring viruses that are scripts carried in documents (like MS Office documents). These can execute on Macs, just like on Windows, since the Mac version of Office uses a compatible scripting language.

Ad blocking on the cheap

No comments:
This is an article I wrote a while ago in my SlashDot journal. But since I rarely visit SlashDot anymore, and the article is still just as relevant, I'm posting it here.

One way to block web-ads without buying any expensive software is to use the proxy-autoconfig file that most web browsers support. This file is a JavaScript script that every URL gets filtered through. The script returns the address of a proxy server for handling the URL or "DIRECT" if the URL should not be proxied.

You can use this for ad blocking. Have the script check the domain (or the whole URL, if you feel the need to get that specific) for an ad server and send the hits to a local web server on your LAN. Send the rest directly to the internet.

The web server should not be configured to act as a proxy. When the ads come through, that web server will return "404 not found" errors for them all. The ad ends up displaying as a broken-image icon or some other kind of error. This will block all kinds of ads, including the really annoying Flash ads that are becoming so popular these days.

Name the script something with a ".pac" (for Proxy Auto-Config) extension and configure your web browser to use it as part of its proxy configuration.

My script (including a small subset of the blocked advertising domains) is:

function FindProxyForURL(url, host)
{
    // Blackhole these specific domains by sending
    // them to a web server that's not equipped to
    // proxy anything.
    //
    if (dnsDomainIs(host, ".247media.com") ||
        dnsDomainIs(host, ".accendo.com") ||
        dnsDomainIs(host, ".ad-flow.com") ||
        dnsDomainIs(host, ".adflight.com") ||
        dnsDomainIs(host, ".admonitor.net") ||
            // Insert as many of your own as you like.
            // I've got over 100 in my own script
        dnsDomainIs(host, "ads.x10.com") ||
        dnsDomainIs(host, "ads1.zdnet.com") ||
        dnsDomainIs(host, "ads2.zdnet.com") ||
        dnsDomainIs(host, "ads3.zdnet.com"))
    {
        // Replace the following with the address of
        // your own web server
        //
        return "PROXY 192.168.1.5";
    }

    return "DIRECT";
}

Wednesday, November 30, 2005

Lieberman: Our Troops Must Stay

No comments:
Writing for the Wall St. Journal, Senator Joe Lieberman summarizes the current state of affairs in Iraq.

A quick summary is:

  • The Iraqi people are better off than they were three years ago
  • The future of Iraq is likely to be better than it is now
  • The terrorists/insurgents are the minority, not the majority. 27 million Iraqis vs. 10,000 terrorists.
  • We have made some mistakes in the past
  • We have learned from those mistakes and are doing better now
  • Although Americans are increasingly pessimistic about the war, Iraqis are increasingly optimistic about their own nation
  • These events dovetail with several other positive events taking place in other Arab nations
  • The worst thing we could do now would be to prematurely withdraw from the region
Read the whole article for all the details.

Monday, November 28, 2005

Maxell to offer 300GB holographic discs 'late 2006'

No comments:
I love it when two warring giants both get trounced by an unseen upstart.

For years now, there has been a standards war going on regarding the successor to DVD. On the one hand, Blu-Ray, and on the other HD-DVD. Both products have been delayed, and there has been huge amounts of infighting and lack of cooperation between the camps.

But, while this fight has been going on, the next-generation (beyond HD-DVD and Blu-Ray) has been proceeding. The "Holographic Versatile Disc" (HVD) technology is nearing completion. Maxell is expecting to ship the first generation HVD drive by the end of next year.

The initial release from Maxell is expected to have a 300GB per-disc capacity with a data-transfer speed of 20MB/s. This is 3-times the capacity of a 4-layer Blu-Ray disc, 6.67 times the capacity of a 3-layer HD-DVD disc, and 33 times the capacity of a dual-layer DVD. The speed is as fast as an SATA interface (20MB/s is 160Mb/s) and as fast as all but the fastest tape storage devices.

Maxell believes the technology can eventually reach a capacity of 1.6TB per disc with a transfer speed of 120MB/s.

If this technology starts shipping before Blu-Ray and HD-DVD ship (which seems to be a distinct possibility), it could kill both of them off before they ever get started. Which would be poetic justice, given how much infighting and delaying has gone on so far.

In addition to its use for HD TV video distribution, the HVD technology has the potential to become the dominant standard for backup devices. If the 300G drive can ship for under $1000, with media for under $100, it will rival all but the largest tape storage systems. If the 1.6TB drive can ship for prices in the same range (say, under $2000 for the drive and under $150 for media) it can rival all other backup devices currently manufactured.

Similarly, if the price can drop even lower (say, under $300 for the drive and under $20 for media), it can effectively displace all other optical drive technology.

Here's to hoping this all works out. It's a good time to be a geek.

Tuesday, November 22, 2005

Tainted Sony CDs Used Open Source

No comments:
Sony's debacle gets more and more interesting.

Not only were they ruining people's Windows PC's with "security" software that leaves the computers open to attack, but they were doing it with stolen software!

Their malware uses code from at least two open source projects - LAME and FAAC. Under the terms of their open source licenses, anyone incorporating this code into a new product must release that product under the same open source terms. Meaning the original authors must be credited and source code must be made available.

Sony did neither. Making their software distribution an illegal act of copyright infringement.

Now we see the true hyprocrisy of the music industry. They scream bloody murder when you copy a CD for your personal use (which is legal in the US), but they have no qualms whatsoever about stealing other people's intellectual property when it suits their needs.

Sunday, November 20, 2005

Tiger Tips: How to enable BIND

No comments:
I just upgraded my Mac to Mac OS 10.4 (Tiger). The upgrade was mostly painless, but my DNS server configuration got disabled in the process. More specifically, Apple replaced my /etc/named.conf file with one that doesn't work.

Fortunately, they do preserve the original file as /etc/named.conf.applesaved. I merged the two files together (which resulted in my original file with two new lines.) These two new lines refer to a file /etc/rndc.key, which doesn't exist. Furthermore, without /etc/rndc.key, BIND won't even start up! So I commented off those lines.

As the article (see link, above) says, you should do this even for a clean installation. I assume this rndc.key file exists on Mac OS X server. Either way, if it doesn't exist, the named.conf file must not refer to it.

The Tiger installer also trashed my startup script (/System/Library/StartupItems/BIND), but as it turns out, this doesn't matter, since Tiger doesn't use it anymore. Instead, it uses plist files in /System/Library/LaunchDaemons. A plist for bind (org.isc.named.plist) is created by default. A default installation has this disabled (at least according to the above article), but in my case, it was enabled. I assume the installer saw that I had it enabled in my 10.3 installation and therefore enabled it for 10.4 as well.

Anyway, it was a relatively minor problem to deal with, once I realized what happened, and it was easy to fix. Hopefully, this message will help out anyone else that finds himself in this situation.

Friday, November 18, 2005

Colored Soap Bubbles

No comments:
Coming soon, brightly colored soap bubbles. Completely washable, and whose color fades in about 30 minutes.

Read the article for all the details. It's both an amusing and fascinating read.

Thursday, November 17, 2005

Orson Scott Card: The News vs. the Truth? - Or - McCarthy Is Dead, So Get Him Back Into His Grave Already!

No comments:
I'll let the article speak for itself and only add that none of this comes as any surprise to me.

I am no expert in world politics. I rely on what I hear from others to get an idea of what's going on around the world.

I am, however, an expert in other subjects - computer technology and a few other scientific areas. When the press reports on the subjects for which I have expertise, they almost always get all their facts wrong. Even the most basic facts that they could verify through a 5-second Google search. I can say with absolute certainty almost every single technology article they write is flat-out wrong, either because they don't know the facts, or because they deliberately choose to publish lies.

It is only logical to conclude that they get everything just as wrong.

So when Mr. Card publishes proof that the French media deliberately and knowingly published a work of fiction as a news story, and the rest of the world knowingly supported the lie, it doesn't surprise me one bit.

And to think that there are still people who wonder why I don't read newspapers anymore.

Tuesday, November 08, 2005

After Criticism, Sony Issues Fix for Hidden Rootkits

No comments:
Upping the ante yet again in the ongoing war of the recording industry vs. the rest of the world, Sony recently released several audio CDs that automatically (and secretly) install copy-protection software on any Windows PC they are inserted into.

After some very embarrassing reports, they quickly backpedaled and released a program to undo the damage. You can download it here.

Sony, and others, have a long history of experimenting with copy protection schemes. The most recent attempts involve distributing a "multi-session" CD, containing audio tracks and a data track. When inserted into a Windows PC, the "autorun" file in the data track installs a software wedge that hides the audio tracks. This forces you to play DRM-protected versions of the songs, contained as data files.

This is nothing new. Sony's latest version, however, takes steps to hide the existence of the wedge. And it installs itself in such a way that removal will permanently cripple Windows' ability to play any audio CDs. As far as I'm concerned, this is no different from a virus.

Fortunately, there are plenty of workarounds, if you're careful. The easiest way is to not use Windows. All other operating systems (Linux, Mac OS, etc.) will not auto-run the installer, and is incapable of being run manually. Without the software wedge, the same programs that play/rip normal audio CDs will work on the protected disc.

If you're forced to use Windows, the thing to do is make sure the auto-run facility doesn't run. Holding down the SHIFT key whenever you insert the disc will do it. You can also disable this permanently in several different ways, depending on what version of Windows you are using. This will have the side effect of preventing all your data discs from auto-running, but IMO, this is a good thing.

Thursday, November 03, 2005

An explanation of gas price fluctuation

1 comment:
This article is very informative. It explains, in simple language, why gas prices rise quickly, but fall slowly. At least as far as the retailers go. A superbrief summary is:
  • When oil prices go up, the manufacturers raise their price, and retailers must pass the increase along to customers.
  • When oil prices go down, retailers do not usually lower their prices until competition forces them to. Which means it will be some time after the oil company's price goes down. Depending on the local market, there may be a fairly large delay.

What the article doesn't discuss, however, is what the picture looks like from the point of view of the oil companies. They have the same problem (rising prices must be passed along, competition causes prices to go down), but they have an additional complication - futures trading.

Oil, like all commodities, is deeply involved in futures trading. A future is like a stock option. You pay a premium up front and get a locked-in price (for a maximum amount, for a time limit, of course). You can exercise your future to buy (or sell) oil at that price, if you want to.

Futures are used by speculators to leverage investments. Instead of buying and selling oil (where you need to pay for it all and store it somewhere), you instead buy and sell futures. If you buy a future for buying oil, and the price later goes up, you can exercise the future and immediately sell the oil at market prices and take a profit. If the price later goes down, however, you've lost the premium you paid for that future. Similarly for futures for selling oil - if you buy one and the price goes down, you buy oil at the market price and exercise your future to sell it. If the price goes up, you've lost the premium.

As for the other side of the equation, people sell futures to buy and sell. When you do that, of course, you are bound to buy/sell oil at the future's price if the future is later exercised.

Oil companies use futures in order to make their finances more predictable. In addition to buying oil on the open market, they also buy futures for buying oil. If the price goes up, they can exercise these futures and buy at the price they've budgeted for. It doesn't keep the price down, because new futures will be at a higher exercise-price, but it does allow them to keep their budget predictable.

When the price of oil goes down, however, they abandon the futures and just buy on the open market - because that price will be lower. But they have to eat the cost of buying the now-abandoned futures - those premiums are not refundable. So their costs can't come down immediately, which is why the prices they charge won't come down immediately either. When prices stabilize, they will once again resume buying oil with their futures, and the prices they charge will lower to the new equilibrium point.

In brief: prices go up immediately because the price of futures goes up immediately. Although the prices of futures will come down immediately, the oil companies have to absorb the cost of the abandoned futures, which introduces a delay when prices come down.

Is there an alternative?

If using futures creates this problem, why do they do it? Why not just buy oil at market prices and avoid all this nonsense?

The answer is that oil prices fluctuate daily, and often unpredictably. If every shipment of oil is a different price, it creates a lot of uncertainty in the budget. Companies would have to compensate for this by either keeping a stockpile of oil (to buffer out supply fluctuations) or take a higher profit margin (to buffer out price fluctuations.) These would cause prices to go up (to pay for storage or to make the higher margin). And unlike what happens with futures trading, these price increases would be affecting consumers all the time, not just when commodity prices are on the downswing.

Wednesday, November 02, 2005

I've got an iBook!

No comments:
I finally decided it was about time to own a laptop computer of my own. And since I've been very happy with my Macintosh desktop system for more than the past three years, I decided that I will have to get a Macintosh laptop.

After careful consideration of the various available models, I chose the iBook. More specifically, the small model with the 12" screen.

The 12" model was a most important to me, because I want a laptop small enough and light enough to carry with me wherever I go. Small enough to be useful on my lap while a passenger in a car, bus or airplane. Although I'd prefer a higher resolution display, that is not available without moving up to a 15" or 17" PowerBook, which is both larger and more expensive than what I'd like.

I bought my iBook with a few upgrades. An 80G hard drive (for an extra $100) and 1.5GB of memory (for an extra $300). I could have upgraded the memory myself for $200, but I decided that $100 is not an unfair price to pay to have the memory installed and tested at the factory. And if there's ever a problem with the computer, Apple won't be able to tell me that it was because of third-party memory.

Anyway, I haven't had too much time to do too much with it yet, since it only arrived today, but so far everything has been working as expected. As expected, I was not able to copy my Emacs installation from my other computer, forcing me to download sources and compile it myself. This went smoothly, since I've had to do this several times before on my other Mac. Other applications (Thunderbird, Firefox, Microsoft Office, etc.) all installed without problem.

Friday, September 23, 2005

Researchers recover typed text using audio recording of keystrokes

2 comments:
Holy cow! This is a bit disturbing, even to someone like myself.

I'm sure the truly paranoid will never be able to sleep at night knowing this little tidbit.

Thursday, September 22, 2005

Freakonomics, abortions and crime

No comments:
Orson Scott Card discusses Freakonomics the discovery of correlations, causes and effects that completely disagree with what is usually considered common knowledge. He uses correlations between crime rates, abortion and promiscuity as a prime example.

Even if you disagree (and I'm sure most people will, because the conclusions are quite disturbing), it's extremely thought provoking and should be read by as many people as possible.

Tuesday, September 13, 2005

Common sense security

No comments:
This is based on a comment I made in the MacBytes forum. It was in response to an article about Mac OS security, but is equally valid for everybody.
All security for all operating systems must start and end with the user. If the user is knowledgeable and vigilant, then most security products are unnecessary. If he is not, then no amount of add-ons will protect him.

I use a wide variety of computers at home and at work, running a wide variety of operating systems, including Windows. I employ the following security measures for all of them:

  • The networks (home and work) are behind hardware firewalls. The home LAN is behind a Linksys router with NAT turned on and all but one inbound port (SSH) blocked. The corporate LAN has its own firewall, administered by the IT department.
  • Operating system software is kept up to date with all the latest patches. I use the auto-update facilities to inform me of updates, but not auto-install them. (I want to know what and when I'm installing these patches, even if I end up installing them all.
  • I keep my applications (especially internet-using ones) up to date with the latest patches from their respective vendors.
  • I only install software that I purchase or download from well-known sites. This is almost always the publisher's own site or a genuine not-pirated CD.
  • I do not trade "warez"
  • I do share my disk volumes over the LAN, but with some restrictions. At home, all volumes are exported as read-only (if I need to put a file on another computer, I log-in locally to that computer and use the network to fetch it from the file's source computer, which also exports its volumes as read-only.) At work, I use our network's domain-level security so that only my personal account can mount one of my volumes read-write - other domain users are read-only, and guest-access is blocked.
  • I disable auto-installation in all programs, including web browsers, games, and the OS itself. I will let apps notify me when updates are available, but I must always give approval before download or installation. When stuff has certificates (like Windows updates), I review them to make sure the files come from where they are supposed to be coming from.
  • I never run a program e-mailed to me. Never. Even if the message is expected and comes from someone I know, I won't trust it. If I want someone to give me a program (which happens very very infrequently), I'll have him put it on a known web server and send me a URL to it, or (even better) snail-mail me a CD or load it into a flash drive I always carry with me.
  • I don't use known-insecure programs (like Outlook)
  • I configure my e-mail program (Thunderbird) to disable plugins, Java and JavaScript. Remote images are blocked.
  • Whenever possible/practical, I work from non-administrator accounts. Unfortunately, this usually isn't practical for Windows systems, but it is no big deal on other systems (including Linux and Mac OS.)
Note that none of these procedures require the purchase of any special software and none require the overhead of background software.

I do keep a virus scanner (provided by my employer) running on the Windows PC's just in case something should slip by my procedures. (The scanner updates itself every day at 1:00am and scans the local hard drives every day at 2:00am.) To date, I have gotten exactly one virus over the entire time I've had computers attached to the internet (which is as long as the internet has existed.) And this virus arrived via Microsoft's own Office Update server.

I also run AdAware and SpyBot S&D to scan for spyware on the PC's. I run these scans infrequently, but they have never found anything more intrusive than tracking cookies in my web browsers. (Which I make no attempt to block - I don't consider cookies a serious threat.)

I run the Microsoft software firewall on my Windows XP boxes, but I do not normally run software firewalls on any other computers, preferring to rely on the LAN's hardware firewall. I do keep a copy of Zone Alarm installed, but disabled on Windows laptops - I enable it when traveling in case other networks don't have proper firewalls in place.

Sometimes people ask if I should run antivirus software on my Mac. I tell them what I just wrote above. With proper security procedures, a virus scanner should not be necessary. If the Mac should ever become a target of intense malware activity (like Windows is), I will probably invest in antivirus software "just in case" it should be needed, but I intend on waiting until then.

Monday, September 05, 2005

Pizza to prevent cancer?

No comments:
This weekend, I saw excerpts from this (July 2003) Reuters article posted in the window of a pizza parlor. I found it rather fascinating. There appears to be a link between regular consumption if Italian pizza and reduced cancer risk.

Follow the link for the details.

Thursday, September 01, 2005

Orson Scott Card: Gaza and the Israeli Settlers

No comments:
Card analyzes the current Israeli political situation. Specifically, Sharon's move to forcibly remove all Jewish settlers from Gaza.

His analysis (which I won't repeat, because it is somewhat involved - go read the article) seems solid, but it does not leave me with a good feeling about the man.

While Card's analysis may make perfect sense from a global-politics point of view, ultimately, this policy boils down to forcing people out of their homes in order to create a PR campaign. This is especially disgusting and hypocritical when you note that Sharon (who was not Prime Minister at the time) was one of those trying to convince as many Jews as possible to move into Gaza.

My prediction (which is far from mine alone) is that this policy is not going to change a thing. The terrorists will continue to use Gaza as a base of operations for attacks against Israel. They will now start demanding more land, including Jerusalem (and based on recent reports of attacks there, this may already have begun.) And what is Israel going to do? They're either going to have to wage an all-out war (destroying any sympathy from the press) or they'll sit back and let their people be murdered (which seems to have been their policy up until now.)

PR stunts may work fine for drumming up global sympathy, but they won't do squat for bringing about peace. When you're dealing with an enemy that sincerely believes in victory-or-death, and victory means your complete annihilation, you only have one option - to give them death. Until Israel (regardless of who is in charge) faces this reality, every action they take is just another euphemism for surrender and suicide.

Maybe I'm being far too pessimistic here. I certainly hope I am. But so far, those who disagree with me can only point to wishful thinking to back up their arguments.

Tuesday, August 30, 2005

Why corporate IT is melting down

No comments:
This week, Winn Schwartau writes in his Security Awareness blog about why Windows is such a mess and why it has to fail:

http://securityawareness.blogspot.com/2005/08/mad-as-hell-xiii-reprise.html

In a comment on this article, I wrote about what happens when corporate idiocy is then combined with the WinTel problem of cheap PC's and bug-ridden software.

I think this comment is worthy of an article in its own right, so here it is, in an expanded form, since I can write more here than on a comment page.


It is human nature to not want to admit error. It is the nature of bureaucracies to flat out refuse to admit error, no matter what the cost. They would rather run the entire corporation into bankruptcy than do something that would be an admission of error. And this is with good reason. The one who admits a mistake gets blamed for everything that goes wrong, even if the mistake wasn't his decision and even if the things going wrong have nothing to do with the decision. People get fired from their jobs for admitting mistakes. People get blacklisted from whole industries if they admit mistakes in public.

This, in itself, is a disaster that affects most corporations. Now guess what happens when you get an IT department involved, an aging infrastructure, and a budget crunch.

Initially, everything is running smoothly. The corporation is using big iron for everything important. This is probably some combination of mainframes, minis, workstations, etc. PC's are used, but not for anything more critical than as terminals for accessing the equipment in the machine room. The equipment works well. Partly because very expensive equipment is designed better, partly because it is easier to design and test software when the hardware configuration is carefully controlled, and partly because the number of computers is small enough for the IT department to be able to support.

This all works great until the big iron starts costing too much money. Maybe the electric bills are too high (some old mainframes draw a LOT of power!) Maybe some parts have broken and need replacement. Maybe the annual maintenance contracts are getting too expensive. Maybe the manufacturer is dropping support for the old equipment. It could even be something as trivial as needing more hard drives.

At this point, the IT department is doomed. They would like to buy more of the same. Add more memory/disk to the mainframe. Replace one cluster of minis with the newest model. Move to the latest system software. Ideally, they want to keep everything exactly the way it is. But their bosses won't stand for this. They know an upgrade is needed, but they don't want to spend the money on new big-iron. They look through the latest Dell/Gateway/HP catalog and see that PC's cost $500 each, and PC servers cost $5000 each. They order the IT group to replace the mainframes with a network of PC's.

Sometimes, an IT manager can fight this. Most of the time, he doesn't dare. He can be fired and replaced with someone who will tow the corporate line. The decision has already been made, and made by people with absolutely no expertise.

So the PC's are installed everywhere. The IT managers get bonuses for saving money (if they can make their bosses believe the move to PC's was their idea), and the executives consider the case closed. Everybody pats themselves on the back for a job well done (except for the IT people who know exactly what's about to happen - usually the help desk staff.)

Soon, the PC's start failing, or other weird problems start happening. Users have random system crashes. Unwanted programs (spyware, viruses, worms, etc.) start installing themselves all over the place. Users bring programs in from home, even though there may be a policy forbidding it.

The IT help desk does their best to keep everything running smoothly. They patch, clean, upgrade, and reinstall the PC's as necessary. But the problem doesn't ever go away. This is partly because the hardware is cheap junk. Partly because individual (usually untrained) users are doing their own system maintenance (even possibly against corporate policy). Partly because hackers and script kiddies attack Windows far more often than any other system. Partly because the IT staff has not been properly trained to transition from mainframe maintenance to Windows maintenance. And partly because Windows really is very insecure and very expensive to maintain in a large networked environment.

So the users start complaining a lot. The IT help desk gets swamped with calls. There is never enough money in the budget to hire more help desk staff. Help desk staff burn out and quit and have to be replaced with new staff that don't have sufficient training. This forces the help desk to start using handbooks instead of analysis in order to keep up with the calls, degrading the quality of support and making users even more angry.

IT clamps down on security by installing draconian firewalls and proxies throughout the network. They lock users out of their own PC's in order to restrict who upgrades what. They download and test/review every patch from Microsoft and push the updates onto user's computers over the network.

But this isn't fast enough. Soon a virus arrives and trashes the network. It takes weeks to fully recover. Word gets around that Microsoft actually had a patch available to fix the security hole that the virus used, but it wasn't deployed across the corporate network. Because IT hadn't yet tested the patch against all the corporate software. Those users who had hacked their way around IT's restrictions and installed the update anyway, of course, weren't damaged by the virus.

In order to prevent this from happening again, IT turns on Windows' auto-update facility, where patches are automatically downloaded from Microsoft and installed. This prevents a recurrence of the problem, but it also eliminates any semblance of control over the network. IT no longer knows what system software is running on the PC's. Some patches will break applications, and IT won't find out until after users complain about the broken apps.

The situation spirals further and further out of control. Ultimately, the entire IT department is little more than a group of highly paid errand-boys. All of the real system maintenance is being done by the software vendors through automatic updates. The IT people will run cables and replace broken hardware, but they end up powerless to do anything else. The help desk tries valiantly to make the best of the situation, but ultimately, they are powerless to do anything more than chase down symptoms, read scripts, and apologize a lot.

Some people in IT see this happening and they know exactly why. They know that they need to get rid of the PCs and consolidate control back in the machine room. But the reasons for getting rid of the big iron (high cost) still exist, and executives refuse to include in-house support as part of the cost of running a PC-based network. And he who admits an error gets blamed for it. And users won't want to give up the freedom they were given, even if that freedom is clobbering their ability to do their jobs.

And, of course, the executives will say something like "Everybody else has switched over to PC's and they're doing fine, so the problem must be with you and your staff." Completely ignoring the fact that everybody else is also melting down and refusing to admit it.

Which is where we are today.

Monday, August 29, 2005

... and so it begins ...

No comments:
Remember the Rio? The first commercial MP3 player? Originally made by Diamond Multimedia, most recently made by D&M Holdings.

Well, D&M has decided to drop the Rio line of music players. Apparently they decided that they could not profitably compete against Apple's iPod.

Thursday, August 25, 2005

I got an iPod. Yippie!

No comments:
OK, so maybe this is of no importance to anybody else, but I'm thrilled over this newest arrival to my collection of tech-toys.

I've been wanting an iPod since they were first invented, but various factors prevented me from getting one. At first, it was the small capacity (my music collection is around 40GB. That's what happens when you've been buying CDs for over 15 years and rip them all into your computer.) Then it was the high price for the models large enough. Then (after figuring out how to load a random subset of music into it) it was indecision over what model to buy.

Well, fate made the decision for me this month. Earlier this year, Exabyte (makers of tape drives) ran a "VXA Saved The Day" promotion. You were asked to send in your stories about how their tape drive averted disaster. I told them about how an aberrant disk utility trashed my Mac's hard drive, and how I was able to recover in a few hours thanks to a full system backup on my Exabyte VXA-1 tape drive.

Well, they liked my story and I won an iPod mini (silver color). It arrived in the mail yesterday, and I'm enjoying it quite a bit. This is the previous generation mini, which means a shorter battery life (8 hours instead of 18), but with more bundled accessories. Mine came with both USB and FireWire cables, and an AC adapter. (The current model only includes a USB cable.)

I spent a few hours last night hand-picking songs to load into it (in the future, I'll set up iTunes to load stuff randomly, but right now, it's a new toy and I'm playing with it.) A simple audio cable to connect it to the car stereo, and I'm all set to take a road trip without bringing along a box of CDs.

I also noticed a feature in it that I requested from Apple a few years ago, and that hasn't gotten much publicity. The iPod supports a sleep timer. You can configure it to play for a fixed amount of time (15 minutes, 30 minutes, 1 hour, 1.5 hours, or 2 hours), after which it will turn itself off. Which means I can attach it to the stereo in my bedroom and have it play me to sleep.

At this point, the only question I have (which I'm sure will be answered soon) is how long the batteries will really last on a charge. Apple says that this model will run for up to 8 hours on a charge. Hopefully, they will be right.

Tuesday, August 23, 2005

C|Net: Info from Intel's Developer Forum

1 comment:
Intel showed off its roadmap for 2006 and 2007 at this year's Developer Forum.

Low power consumption is the big deal for all the new chips:

CurrentNew
Notebook chips
Pentium-M (22W)
Low-voltage Pentium-M (5.5W)

Merom (5W)
Low-voltage Merom (0.5W)
Desktop chips
Pentium 4 (95W)

Conroe (65W)
Server chips
Xeon (110W)

Woodcrest (80W)

Follow the link to the C|Net article for all the details.

Friday, August 19, 2005

Interview with John Gruber

No comments:
John Gruber, owner of the Daring Fireball blog, was recently interviewed by the GUIdebook Gallery. The discussion revolves around the good, the bad and the ugly regarding the Macintosh user interface.

A good read for anybody interested in UI issues.

Wednesday, August 17, 2005

Orson Scott Card on Weapons of Mass Destruction

No comments:
Orson Scott Card, along with several science fiction writers recently attended a convention in England to discuss weapons of mass destruction.

The result of the discussion is both reassuring and frightening. Follow the link for the whole story.

Friday, August 05, 2005

Indiana judge outlaws Wicca

No comments:
Recently, a Wiccan couple filed for divorce. Both parties are continuing their practice of Wicca (a non-mainstream religion that is gaining popularity in some parts of the country.) The judge presiding over the divorce, however, has ordered that their son be "sheltered from the involvement and observation of these non-mainstream religious beliefs and rituals."

In other words, the judge ordered the parents to not teach their own religion to their own child. This is clearly a violation of their First Ammendment rights.

This ruling was appealed and upheld. The family is continuing to appeal to a higher court. If they violate the judge's order, the child could be taken away and placed in a foster home.

Before you write this off as an isolated case, consider what precedents this might set. Suppose a judge in the future decides that your religion is not mainstream and should therefore be forbidden from your children? Texas has already decided that the Unitarian church is not enough of a religion to qualify for tax-exempt status. It's not a stretch to imagine a judge deciding to take away the children of Unitarian parents, based on this decision.

Virusses, start your engines

No comments:
Microsoft's public beta for Vista (their next generation of Windows) has been out for only eight days when someone has already written a virus for it.

Does anybody seriously think Microsoft knows or cares anything about security when things like this can happen?

I do find it a bit amusing that most people haven't bothered reporting this. Apparently everybody just expects Windows to be full of virusses, so one more really means nothing.

Thursday, August 04, 2005

PS3 running Mac OS???

No comments:
This article is an interesting overview of Sony's new Playstation 3, which is expected to ship next spring.

Of particular interest, scroll down to the bottom line where it reads:

Sony is expected to offer optional hard drives for the PS3 with potential memory capacity of 80 or 120 GB. It remains to be decided whether the standard version of the PS3 will come complete with a hard drive. The operating system has also yet to be clarified. The integrated Cell processor will be able to support a variety of operating systems (such as Linux or Apple's Tiger).

I can understand Sony supporting Linux, but Mac OS (Tiger)????

While it may be true (and is likely) that the PowerPC-based Cell processor is compatible-enough with existing PowerPC G3/G4/G5 chips to make it compatible with Mac OS, it takes a lot more than a compatible CPU to make a compatible computer. And Mac OS is closed-source, so the system isn't going to be ported without Apple's say-so.

My guess is that this is Sony's marketing people not understanding what they are writing, but who knows. Maybe Apple will decide to team up with Sony to provide some kind of non-gaming system software for the PS3. I wouldn't expect it, but Apple (at least recently) seems to enjoy doing what the rest of the world doesn't expect.

Alternative creation theory: the Flying Spaghetti Monster

No comments:
Sounds good to me. Now if only we can force the Kansas schools to teach it.

Tuesday, August 02, 2005

Brain-dead hotel security violating your privacy

No comments:
Today, most hotels use the TV as an interactive computer terminal. The TV can be used to make purchases, check out, pay the bill, purchase movies, purchase video games, and a plethora of other services. They also provide a lot of administrative functionality that guests normally don't know about.

Any network engineer with even an ounce of sense would design such a system with encryption in the set-top boxes and a security server in the back-office.

But they're not designed that way. The network involves no encryption whatsoever, and the TV programming is not scrambled in any way. All of the security exists in the set-top box, and nowhere else.

Which means that any person that brings his own TV tuner (like a USB-based tuner attached to a laptop computer) can tune in on all of the TV programs, including the ones you're supposed to pay extra for. And with a little more work, you can access all of the administrative screens, allowing you to view the accounts for everybody in the hotel, set wakeup calls for anybody in the hotel, and even alter some billing records (like movie purchases and minibar usage.)

In the future, when hotels start adding cameras to the TVs (presumably for allowing video-chat features), you'll be able to tap into that as well if they don't wise up and implement a more effective security model.

Thursday, July 28, 2005

Tuesday, July 26, 2005

New Macs

No comments:
Apple just released updates for the Mac mini and iBook today.

Mac mini

The new mini comes in three stock configurations. The specs are:

Feature Small model Medium model Large model
Price $500 $600 $700
Processor 1.25GHz G4 1.42GHz G4
Disk 40G 80G
Optical drive Combo SuperDrive
AirPort Extreme Optional Standard
BlueTooth Optional Standard
Modem Standard Optional

All models include:

  • 512M RAM (upgradeable to 1G)
  • Radeon 9200 video with 32M
  • DVI or VGA output
  • One FireWire 400 port
  • Two USB 2.0 ports
  • 10/100 Ethernet

The changes from the previous Mac mini are extremely minor:

  • The bundled memory is larger (up from 256M)
  • BlueTooth and AirPort Extreme are now standard on the 1.42GHz model
  • Modem is now optional on the 1.42GHz model
  • You can now get a SuperDrive without ordering it from Apple's web site

iBook

The new iBook comes in two stock configurations. The specs are:

Feature 12" model 14" model
Price $1000 $1300
Processor 1.33GHz G4 1.42GHz G4
Disk 40G 60G
Optical drive Combo SuperDrive

All models include:

  • 512M memory (expandable to 1.5GB)
  • ATI Mobility Radeon 9550 (32M)
  • AirPort Extreme (WiFi)
  • BlueTooth
  • One FireWire-400 port
  • Two USB 2.0 ports
  • Modem

Compared with the previous generation iBook:

  • The processors are faster (up from 1.25 and 1.33GHz)
  • The default hard drive for the 12" is larger
  • The built-in memory is larger (up from 256M)
  • Improved video (up from Mobility Radeon 9200)
  • BlueTooth is now standard

My comments

The new models look good. The mini is a great deal now - the memory upgrade and bundled wireless (on the two higher-end models) means that the unit is now completely useful without any upgrades.

Unfortunately, it appears that none of today's upgrades include a video card that supports CoreImage, which is a shame. This is the one feature I'd been hoping Apple would release, especially in the iBook.

Monday, July 25, 2005

Register: Microsoft's Earth deletes Apple HQ

No comments:
This is amusing. Both Microsoft and Google now have on-line satellite photos integrated with their map services. But apparently, Microsoft's photos are hopelessly out of date.

As noted by The Register's article, the Apple corporate campus doesn't exist on Microsoft's system - it shows an empty field and a warehouse. And it still shows the World Trade Center in Manhattan (corner of Church St. and Vesey St., if you want to take a look)

Saturday, July 23, 2005

Reverse copy protection?

No comments:
I encountered something weird tonight. I bought a copy of Styx's newest album, Big Bang Theory.

The disc will not play on my good quality CD changer. It does play on my old boom box, and my computers. I was able to rip the disc to my Mac and burn a disc from the files, which does play fine on everything.

Has anyone else encountered this? Should I exchange the disc where I bought it or do you think that would be an act of futility?

Monday, July 18, 2005

Orson Scott Card: Brain Training

No comments:
Orson Scott Card discusses the fact that the human brain, like all other organs in the body, needs to be exercised for it to perform at its best. This means being actively engaged in activities that require thought and concentration.

Card starts out discussing possible beneficial aspects of video games and then expands upon this thesis and discusses other kinds of mental exercise, and how they can benefit people with mental handicaps, including those with Alzheimer's disease and ADHD.

Cringely's take on the Apple-Intel deal

No comments:
This article is mostly speculation, so it may not amount to very much, but it is logical.

A fun read, even if it turns out he's wrong.

Wednesday, July 13, 2005

Science News: Night of the Crusher

No comments:
This is a fascinating article about a psychological phenomenon known as sleep paralysis.

In this condition, a person partially wakes up from sleep to find himself paralyzed. (Paralysis while asleep is normal and is believed to prevent injuries while asleep.) Because he is not fully awake, however, his recognition of the paralysis often results in hallucinations of being restrained or abducted by a variety of nightmarish things produced by the subconscious.

After reading this article, it seems to me that a lot of superstitious/religious belief in things like demons, evil spirits, alien abductions, astral projection, etc. may be a manifestation of this condition.

Tuesday, July 12, 2005

Arizona School Will Not Use Textbooks

No comments:
A fascinating concept, and I truly hope it works out.

But I don't think it will. Even if we ignore the extra cost and the inevitable issues with the reliability of the laptops, there is still the simple fact that computers are not always more convenient than paper!

When I was in school, cramming before an exam, I often took textbooks to the bathroom with me, or I'd read them in the car (while my father drove me to school), or I'd read them outdoors. Now try doing this with a laptop. In the bathroom? Better not let any water from the sink (or elsewhere) splash onto the computer. In the car? Vibration isn't good for hard drives. Outdoors? Hope the battery doesn't go dead.

And, of course, without an internet connection, the computer will only be as useful as what is stored on the hard drive. Can we be certain that every student will have regular access to a broadband connection, in order to download texts? Can the school afford to pay for DSL lines to those households that can't afford them? Dial-up will be barely adequate, as anybody who has attempted to do research over a dial-up connection can testify.

All this assumes that the hardware will be completely reliable. But will it be? Hard drives fail. Laptops have all sorts of problems. If the computers are Windows based, we'll have to worry about virusses and spyware. And if the student's network connection is wireless, we'll have to contend with student breaking into each others' computers.

I'm waiting for the 21st century equivalents of "my dog ate my homework". Maybe "the e-mail got lost", or "my hard drive glitched", or "my finger slipped and I deleted the file by mistake".

Wednesday, July 06, 2005

Game review: Jewel Quest

No comments:
A few weeks ago, some family members showed me a PC game called Jewel Quest. This puzzle game can be played on-line for free here or may be purchased here. I bought my copy on CD at a local store for $20 (this appears to be the list price.)

The concept is very simple. There is a grid full of objects. When you click on two adjacent objects, they exchange places. If there are three or more of the same type of object in a row or column, the objects are removed, the objects above fall to fill in the gap, and new objects drop in at the top to fill in the gap.

So far, this is the same as Bejeweled, another very addictive game.

Jewel Quest, however, adds a twist. Whenever pieces are removed, the background underneath them turns gold. When all of the squares have become gold, the level is complete. You score a bonus for time remaining and a new level begins. And the levels are not simple rectangular grids. They come in a wide variety of shapes, making some levels extremely difficult to complete within the time limit.

As the levels progress, additional twists are added. Like "buried treasure" - objects that you have to match multiple times before they are removed. And objects that will penalize you if they are removed directly (but give you a large bonus if you can remove them indirectly). There are 180 different puzzles, so you won't be able to finish the game quickly.

Like many other puzzle games, Jewel Quest may be played full-screen or in a window. So you can choose to either pay attention to what the rest of the computer is doing or choose to get completely absorbed in the game.

The system requirements are very small by today's standards (Windows 98, 32M RAM, Direct X 7), so it should run on anything that is even remotely modern. It installed and ran without any problems on my gaming PC (Athlon 64/3200+, Windows XP, 512M RAM).

The only downside to this game is that nobody has (yet?) ported it to the Macintosh platform. I prefer to play games like this on my Mac so they can share a desktop with the other things I work on. But I recognize the fact that it takes a while for people to port games to the Mac, which is why I have a gaming PC in the first place.

iPod Shuffle RAID

No comments:
What do you do if you come into posession of several iPod shuffles? That's right, make a RAID array from them!

Tuesday, July 05, 2005

And in the "You gotta be kidding" department:

No comments:
A Moscow woman is suing the US and Russian governments to try and stop them from firing a probe into a comet because it will disrupt her mystical forces.

Thursday, June 30, 2005

IBM to Apple: Watt Me Worry?

No comments:
When they announced Intel-based Macs a few weeks ago, Steve Jobs said that IBM was unable to supply PowerPC chips at sufficient speed and power consumption. More specifically, he referred to an abstract performance-per-watt ratio and showed a chart where Intel's future chips did much better than IBM's.

Now, IBM says "we can make all the chips Apple needs".

Maybe. But this doesn't mean they actually will. Remember, two years ago, IBM told Apple that a 3GHz PowerPC 970 would be no big deal. Jobs promised a Mac based on that chip. Two years ago, the chip still doesn't exist.

IBM's word, at least when it comes to future chip production, isn't worth very much in Cupertino these days.

Apple, and Mac users, have been demanding 3GHz PowerMacs and G5-based laptops for over a year. IBM would have to be both blind and stupid to not see the demand for the chips that these products require. So why haven't they shipped them? Either they can't, or they don't want to.

Jobs said they can't. If IBM is now saying they can, it means that the other conclusion is the truth. Now why would Apple try to maintain their relationship with IBM if IBM doesn't want to develop the chips they need?

Wednesday, June 29, 2005

Fujitsu is developing new HD technology

No comments:
Fujitsu is working in some new tech that, when fully developed, promises bit-densities on the order of 1Tb per square inch.

According to the article, current high-end drives have densities at around 120-140Gb per square inch. This would make the new tech about 7-8 times as dense.

If we assume that a modern 400G drive has platters at the 120-140Gb density (a reasonable assumption, although I don't know for sure), then this new tech would produce a 2.8-3.3TB drive.

And if we want to be silly about it, an XServe RAID chassis loaded with these hypothetical drives would have a 40-46TB capacity. Of course, that's just silly-talk. For now.

For centuries, man has yearned to destroy the sun

No comments:
This has got to be one of the dumbest ideas ever imagined.

Although the scientific community has no consensus over whether global warming exists, if it was caused by humans, or even if it's a bad thing, one group here is proposing that we create a permanent structure in orbit to block sunlight and cool the planet down.

Of course, if the warming trend we're believed to be in is part of a natural cycle, this ring will ensure that the next natural cooling-cycle (meaning ice age) will end up being much more severe, because we won't have all that sunlight anymore. And without this light, we might not be able to emerge from this ice age.

You think it's a natural disaster when we have a few hot summers in a row? How about when most of the planet dies off due to a few hundred years of freezing?

And all this disaster can be yours for only $200 trillion of your tax dollars.

Tuesday, June 28, 2005

Internet crashes in Pakistan

No comments:
Wow! This piece of news really surprises me.

Not that an undersea network cable failed. That does happen from time to time.

What surprises me is that Pakistan doesn't seem to have any other connectivity to the rest of the world. At least no other connectivity with sufficient bandwidth to cover the loss. (The article does say that they have satellite backup, but it doesn't appear to have enough bandwidth.) No other undersea cables, no satellite uplinks of sufficient capacity, and no land-lines to other countries (like India).

I realize that this region of the world is far from safe, and that Pakistan has security problems with all of its neighbors, but I would have thought that the telecommunications companies involved (even if they are government-owned) would have found a way to cut through the politics and run the cables necessary to prevent this kind of problem from occurring.

I obviously assumed incorrectly.

Apple Merges iPod & iPod photo Lines

No comments:
I was wondering when this was going to happen.

Apple has finally brought color screens (and photo capabilities) to all of their full-sized iPods, including the U2 edition.

Pricing is now 20G for $300, and 60G for $400. The 20G U2 edition is $330.

Now all we need is an 80G model to assume the now-empty $500 price point.

Monday, June 27, 2005

The Supreme Court's ruling against P2P

No comments:
Superbrief summary of a recent Supreme Court ruling:

Peer-to-peer companies such as Grokster and Morpheus parent StreamCast Networks can be sued and held legally liable for the copyright infringement of the people using their software, if the companies actively encourage that infringement.

Some are saying that this may kill peer-to-peer file sharing technologies.

Personally, I disagree.

While it is true that some of these programs (like the original Napster) were designed for the specific purpose of trading music (most of which was distributed in violation of copyright), it is also true that most of the modern programs (like Bit Torrent and various Gnutella clients) are promoted as general purpose file-sharing utilities, not simply music-swapping facilities.

When combined with the fact that these are often used for non-infringing purposes (e.g. several Linux distributions are released via Bit Torrent), I don't think the courts will be able to conclude that the companies actively encourage copyright infringement.

Friday, June 24, 2005

Inside Apple's Intel-based Dev Transition Kit

No comments:
AppleInsider has posted the specs for Apple's Intel-based developer transition kit. This is a prototype Intel-based Macintosh system, Intel version of Mac OS X 10.4, developer tools and documentation. (The tools and documentation are also available as a free download.)

I won't repeat the article's description of the specs, but it is worth noting that this system looks and feels very much like a generic PC.

This should come as no surprise, however. Jobs had already said that Apple was developing Intel versions of Mac OS X for five years. They were obviously doing it on generic PC hardware, since it would be prohibitively expensive to design (and keep current) new systems that never get sold to the public.

This, however, does not mean that the Intel Macs that will be sold next year will be generic PC's. As a matter of fact, I would expect that they will not be. At least the ROM code will be different enough to fool non-engineers. Over the past 5 years, Apple has introduced many features in their Macs that Mac users have come to expect, including:

  • Target disk mode
  • FireWire (400-speed on all systems, 000-speed on high-end systems)
  • The ability to boot the system from FireWire (and USB) drives
  • SuperDrives available on all systems, standard on some
  • AirPort (WiFi) available on all systems, standard on some
  • BlueTooth available on all systems, standard on some
  • Unique cooling systems that are (usually) very quiet
Apple will have to provide all of these on any new Macs, whether Intel or PPC based. The fact that the developer transition kit systems do not have many of these features is a clear sign that these systems will not be what is eventually sold to customers.

Now, it is certainly possible to provide all these features using more-or-less generic PC motherboards, but I suspect that Apple will prefer to use a completely custom board, instead of a generic board that they tweak to add necessary features.

A custom motherboard also makes it easier to prevent Mac OS from booting on generic PC's. Apple can include a unique chip (maybe an I/O controller for the FireWire/AirPort/BlueTooth devices, or a specialized DRM chip) that the OS requires in order to run. This is a lot better than looking for ID strings in the ROM (which can be faked) or specific board configurations (which would require a tweak to MacOS every time a new system is introduced or updated.)

Tuesday, June 21, 2005

Future of DVD mired in confusion - but does it matter?

No comments:
This is definitely bad news for people waiting for high definition DVD movies. After all, Hollywood is not going to start selling many movies until they're certain that there will be enough customers with compatible drives.

On the other hand, it may not matter. Regardless of whether HD-DVD or Blu-Ray becomes the dominant standard, it has already been decided that both will use H.264 as their high-definition CODEC. So the encoding work (the biggest change from existing DVD production) will be the same for both. Given this, and the fact that mass-production of the physical media will probably be very inexpensive, there is no technical reason why studios couldn't ship movies in both formats until a clear winner is decided.

Remember back to the days when VCRs were the new toys on the block. There was a huge standards war going on between VHS and Beta. VHS ultimately won, but the studios didn't wait for a winner before releasing movies. They issued movies in both formats

One could probably argue that the cost of manufacturing video tape in two formats is equal to, if not more than, the cost of manufacturing video discs in two formats. Especially when both formats are using the same H.264 CODEC for the video content.

But it's not just about movies

All that being said, there is more to these high-capacity DVD standards than just selling movies. Both are going to be sold for use as data storage devices.

Right now, the theoretical maximum capacity for an HD-DVD disc is 45GB (using a 3-layer disc) and the theoretical maximum capacity for a Blu-Ray disc is 100GB (using a 4-layer disc.) Either one of these is much higher than the maximum capacity for recordable DVD media (about 9G for a 2-layer disc.)

For me, a 4-layer Blu-Ray drive makes the ideal backup device.

Currently, people who want to make full system backups have no good choice for the output medium. They can use tape drives, which are very expensive if you get one large enough to be useful (I paid $800 for a VXA-1 drive, which can record 33GB on tapes that cost about $60 each. Higher capacity drives can cost much more than this.) Or they can back-up to other hard drives, which cost less, but have other problems. (Like taking damage when dropped on the floor.) Any other backup solution (like DVDs) suffers from the problem that the media is much smaller than hard drive sizes, so you have to insert new media several times during the backup - making it so inconvenient that most people won't bother making backups at all.

Blu-Ray (or to a lesser extent, HD-DVD) solves this problem. The media capacities rival those of tape drives, and the prices will probably be much lower. Although nobody today is talking about pricing for these new DVD standards, I think we can expect them to follow the same trend that recordable DVD drives took - high prices at first, following by much lower prices in a few years. My prediction is that we should see the drives selling for around $300 after two years, and under $100 after five years. I think we can expect blank media to cost $20-40 at first, $5-15 after two years, and $2-6 after five years. Even at its most expensive point, I think this format will still cost less than what tape systems of comparable capacity cost right now.

Friday, June 17, 2005

Microsoft's "Blue Hat" security conference

No comments:
Microsoft recently ran their "Blue Hat" security conference, where hackers and MS employees were able to meet and discuss security issues.

During the conference, some of the guests successfully hacked some of Microsoft's demo computers, much to MS's embarrassment.

But to MS's credit, they appear to be willing to work with the security experts to get these problems fixed.

If we're lucky, this event will be the kick in the pants Microsoft needs to start really securing their software.

Wednesday, June 15, 2005

My take on Apple's decision to use Intel processors

2 comments:
There's an old saying. Opinions are like behinds - everybody has one. (OK, that's not the exact quote, but I am trying to keep it clean.) And the recent news about Apple using Intel processors in new Macs is no exception. Some are saying "What took you so long?" and some are saying it is the end of the world (or at least the end of Apple.)

And like all the rest, I've got my own set of opinions here. Everything here is speculation, but I like to think it has a good chance of being correct, given what I know about Apple and their history of doing business.

  • This is going to hurt Apple's sales in the short term

    Any time you announce a major change well in advance of that change, it hurts sales. Nobody wants to buy a computer that they think will become obsolete in short order. The fact that it won't really be obsolete (see below) won't change people's perceptions. But this is a short-term problem. People tend to delay, not cancel their purchases over this. So when the new systems ship in 2006, most of these customers will start purchasing new Macs again.

  • Existing Macs have not suddenly become obsolete

    At least for any reasonable definition of the word. A computer becomes obsolete when you can no longer perform useful work with it, when it can not run your software (which is really the same thing) or when the manufacturer drops support for it. None of these have happened yet - heck, the new Intel-based Macs won't even be available for at least a year!

    When the new Macs do ship, will your current software stop running on PowerPC-based Macs? Of course not. Will software vendors stop shipping PowerPC versions in favor of Intel versions? Eventually, yes, but not immediately. There are millions of Mac users with PowerPC based systems, it is going to take many years before the majority of them replace those systems with Intel boxes. Any software vendor that stops producing PowerPC software before their customers have Intel hardware will be signing its own death sentence, and they all know it.

    And will Apple stop supporting the PowerPC hardware? Eventually, but my prediction is that this won't happen any sooner than when they've dropped support for other systems. There are plenty of PowerPC-based Macs (based on the 601, 603 and 604 chips) that can't boot OS X, and some more recent G3-based models that can't boot Mac OS 10.4. Apple supported these systems for a long time before dropping them. I don't think they'll do anything different for today's G4 and G5 systems.

  • You will have to upgrade your apps when you buy an Intel Mac

    Well, you won't have to for most apps, but you will want to. Apple is providing a translation layer (Rosetta) which will allow PPC-based OS X application to run on Intel Macs, but there is a performance hit. Some informal tests show performance levels at around 25% of "full speed". This is actually very good, given the extreme challenge of emulating a high-end processor on another platform. But you will notice.

    For some applications (like word processors), you probably won't care. After all, these apps spend most of their time waiting for user input. But for some applications (like Photoshop, Final Cut or DVD Studio), you will definitely notice.

    Some vendors may offer free "upgrades" to an Intel port of the same version you have. But I suspect most will not. They will tell you that the next version will be compatible with both platforms and that you should upgrade to it when they release it. If you planned on upgrading anyway, this won't be a big deal. If you didn't, this will be an extra expense.

    One workaround to this is to not buy an Intel Mac when it is first released. Instead, wait for your apps to be upgraded to "universal binaries" (Apple's name for programs that will run on both PPC and Intel). Upgrade then while you're using your existing PPC Macs. Once you've got all the important apps upgraded, then you can buy the Intel Mac and not have to worry about the performance hit of Rosetta.

  • Mac OS is not going to run on your Dell

    It is fairly certain that Mac OS can run on ordinary PC's. After all, Apple has had a working Intel version of Mac OS X for over five years and they wouldn't be developing new hardware boxes for purely internal development purposes. But this doesn't mean it will remain this way.

    Apple has publicly stated that they will not permit non-Apple computers to boot Mac OS X. We don't know how they plan on accomplishing this, but it will probably be more substantial than simply looking for a copyright string in the ROM chips. (This has been attempted by other systems in the past, and it is easily defeated.) The best way to do this is to make Macs with some feature (however minor it may be) and make sure that a key part of the OS relies on this feature. Some form of DRM, with decryption keys hidden in the ROM is also a possibility.

  • We don't know what kind of Intel chip these Macs will have

    I think we can be certain that the chips will be x86-compatible. After all, that's what the prototype Intel-Mac systems are. It would be counterproductive to give an x86-based system to developers and then tell them that the commercial systems aren't going to be compatible with it. But this still leaves a lot of options.

    My prediction is that the 32-bit Macs (those that currently use G4 processors) will be transitioned to 32-bit x86 chips, like the Pentium-4 and maybe Celeron chips. The 64-bit Macs (those that currently use G5 processors) will be transitioned to 64-bit x86 chips, like the new Pentium-D and other chips on Intel's roadmap.

    As much as I might like to see a pure 64-bit chip (like some of the chips on the Itanium roadmap), it's not going to happen unless Intel makes a version that supports the 32-bit x86 instruction set.

    That being said, such a chip might eventually be made. Unlike PC makers, Apple doesn't require any support for any pre-Pentium (or even pre-P4) operating mode, like 8088, 286, 386 or 486. Which means Intel can ditch these legacy features in any chip they sell to Apple. Of course, the fact that they can do this doesn't mean they will, so this is mostly speculation and wishful thinking on my part.

  • You are not going to be able to just boot a Windows CD on an Intel Mac

    Apple has said that they won't take steps to prevent Windows from being run on a Mac. Some have interpreted this to mean "we're getting dual-boot Windows/Mac computers". This is quite a stretch, and, IMO, unlikely. It is quite likely that Apple will design their Macs with different (or at least customized) chipsets on the motherboard. At the very least, special device drivers are going to be required to get Windows to run. It might require much more.

    Sure, Microsoft may decide to release a Mac compatible version of Windows, but that will be in the future. I don't think existing Windows XP install CDs will do anything useful on a Mac.

  • Macs are not going to become overrun with virusses

    It is well known that Windows is overrun with virusses, and most Windows systems run on Intel (or Intel-compatible) processors. But people must remember that Virus-compatibility depends as much on the operating system as it does the processor. And in the case of script-based virusses, it depends entirely on the OS and nothing on the processor. Mac OS will still have all of its security features, even when running on an Intel chip.

    An Intel processor running Mac OS will not be vulnerable to Windows virusses any more than an Intel processor running Linux is - meaning not at all.

  • Lack of AltiVec is not the end of the world

    Apple has touted the AltiVec (vector math) unit of the PowerPC G4 and G5 as the one thing that make PowerPC boxes superior to everything else. And in many ways, they are right. AltiVec is a great subsystem. But PowerPC isn't the only platform to support vector math. Intel's chips have had it for years in the form of MMX (integer-only, introduced in the Pentium), SSE (introduced in the Pentium-3) and SSE2 (introduced in the Pentium-4). SSE3 is also in the workd (to be introduced in the Yonah chip).

    While SSE and SSE2 (don't know about SSE3) may not perform as well as AltiVec, they do provide similar functionality and perform good enough for most purposes. Software written for AltiVec should be portable to SSE. Apple has even provided sample code to help out those developers that need to be shown how. I am certain that the parts of MacOS that use AltiVec on the PowerPC have already been ported over to SSE on Intel.

    Furthermore, a lot of what AltiVec has traditionally been used for (3D graphics) has been offloaded into video cards these days. Apple's CoreImage facility offloads tons of high-end graphics functionality onto the GPU of a high-end video card. Since Intel Macs will use the same (ATI and NVidia) GPUs as PPC Macs, it is safe to assume that this kind of performance will not change much.

  • Your favorite product-level features are not going to go away

    Things like target-disk mode, booting from FireWire drives, pressing "C" to force a CD-ROM boot, etc. Although PC's don't generally support these, and the prototype Intel Macs may not support them all, I think the production Intel Macs will. Apple has spent too much time teaching their customers about these great features to just throw them away now.

    Mind you, this doesn't mean Open Firmware will be what boots these Macs. Product level features can be grafted on to anything (even legacy PC BIOS ROMs). We don't know what kind of ROM Apple will use in the Intel Macs, and I'm not going to speculate on that, but I am confident that the key features that today's users depend on will be present in the new ROM, whatever it is.

  • Your HFS-formatted disks will still be readable

    Although Apple has said that you shouldn't assume anything about the disk partition scheme, I am confident that Mac OS on Intel will be able to mount and use disks that were formatted on PowerPC-based Macs, even if it does not give you the ability to boot from disks using the legacy partitioning scheme. To do anything else would break compatibility in a way that would hurt the entire customer base (just think of all those portable hard drives, including iPods, that will be used to transport files between Intel Macs and PowerPC Macs).

    This will, IMO, be similar to how the HFS+ disk format was rolled out. It was introduced in Mac OS version 8. 68K-based Macs running system 8 (and 8.1 - the last 68K-compatible version) could read, write and format HFS+ volumes, but they could only boot off of HFS volumes, due limitations of the boot ROMs. It is possible that the Intel Macs will be able to boot from the legacy disk partitioning scheme, but even if it can't, Mac OS will be able to use the disks after the system has finished booting.