The foxes are guarding the henhouse
Here is the quote of the day:
...we and other global firms have, for many years, urged the SEC to reform its net capital rule to allow for more efficient use of capital. This is the single most important factor in driving significant parts of our business offshore, so that our firms can remain competitive with our foreign competitors risk-based capital standards must become the norm. The SEC has made it clear that risk-based capital rules can be implemented only when the Commission is confident that firms employing value-at-risk models have robust credit and risk management policies in place.
Translated into English, this testimony from back in 2000 was from someone asking that major brokerage firms be permitted to increase leverage subject to oversight of their wondrous mathematical risk models. The request was agreed to four years later, in 2004, and it helped lead to the meltdown in independent brokers this year.The speaker? Some guy named Henry Paulson, the then-CEO of Goldman Sachs. I wonder what happened to him.
ISO is worth nothing
I don't know why I've waited to post this. For several months, it has been known that Microsoft has bribed several companies, country officials of several nations in order to push their idea of standard through the whole world.
There is an actual open standard on office-type documents (no royalties needed, full specs) that is implemented by at least one program and being implement by several others, which stops everyone from having to use the same software for eternity to access those documents. The moment this started becoming a reality, several countries were going to demand the use of programs that implemented a standard for office documents.
Microsoft got scared. Very scared. Office was treatened, and with it also a lot of the necessity of using Window. So they started lobying and bribing (legally, except as concerns to undue influence of the market, which is a subjective matter even to courts). ISO saw a lot of millions and disregarded their own process, and also got invaded by a ton of countries that stagnate it because they don't care to vote on anything else.
Libertarianism
Let's see...somebody, a libertarian propagandist no doubt, decided that the "social" and "economic" liberties were going to be orthogonal (ridiculous on its face) and equal in weight.
Then we're supposed to go stare at the macho quiz that has questions of the form, "do you eat babies, or are you a libertarian" for awhile, and then put ourselves on this magical chart, and lo and behold, most of us come out as libertarians.
This is some pretty crude propaganda, and if you're swindled by it, you need to wake up and smell the bullshit.
Why sex offenders are not always bad people
It was Rocio Palacios who first noticed the woman who appeared to need help.
It was 8 a.m. when she and her husband, Erasmo, dropped their 6-year-old daughter off at school and had picked up their 22-year-old daughter to go out for breakfast when they saw the woman waving her arms at 53rd Street and Kedzie Avenue last November.
The Palacioses, of Chicago, claim the woman approached their car, parked outside Manolo's restaurant, leaned in to the passenger side where Rocio was sitting and asked Erasmo if he wanted oral sex for $20 or sex for $25.
The couple laughed, realizing this wasn't a woman in distress after all.
But within seconds, Chicago police swarmed the family car, hauling Erasmo Palacios out in handcuffs. He was charged with solicitation of a prostitute.
[...]
'I'm so lucky I was with my wife -- imagine if I had to try to tell her and she wasn't with me,' he said, before laughing at the image. 'She'd never believe me. Never.'
[...]
Attorneys Lonny Ben Ogus and Joe Cavanaugh also want to know what happened to the family's 1983 Mercedes. It was impounded that November day and, Palacios said, his wife and daughter were even threatened with arrest as they tried to stop police from taking it, as they were left stranded that morning.
Bank Security
Not too long ago, my Halifax ATM card got deactivated because I misentered the PIN number three times in a row. So, the next day, I went into the main bank branch to get some cash from a teller.
I headed to the counter with my card in hand and some ID in my pocket. I explained the situation and asked to withdraw a few hundred pounds to carry me over until a new PIN number arrived. After taking my ATM card, she handed me a slip and asked me to sign. I did that, and she then counted out the money and gave it to me. No questions asked.
Let's count the WTF's:
- (Obvious) Me monging up my PIN three times
- The teller did not ask for ID, aside from the defunct card
- She did not compare the signature to anything, as I never signed the back of my ATM card
- I didn't actually use a signature, instead drawing a big circle with a cross through it
- She did not notice that the card wasn't signed, nor that my "signature" looked like the X-Men symbol
- I was given the cash with no security questions whatsoever
As my mind was boggling at these things, she said "I noticed that you didn't respond to our letter about changing your account to a higher rate. Would you like to speak to my co-worker about that?".
I remembered the letter from a few months ago, and figured I might as well convert the account then and there. So, I went to a tiny office with her co-worker, who then lackadaisically explained why my current account sucked and how the higher rate one was miles better. He said this all while blankly staring into space; I looked over my shoulder to see if he was just reading the pitch off a cue sheet stuck to the wall. The higher rate account was a better deal, so I agreed to switch. And this is where the WTFs start with him.
The banker tapped my account number from my ATM card in, and then printed out a sheet that summarized my details: name, DOB, address, phone numbers, etc. He slid it across the table and asked me to double check that the details were correct. At this point, I could have been any mugger off the street who just withdrew several hundred pounds and had the full details of whoever I mugged. I'm fairly sure I could have closed the account and withdrawn the funds in full, without any security challenges.
Ironically, two days later I get a letter from Halifax telling me that I should stop using their phone banking service and switch to their ultra secure online service.
At least the teller was bright and cheerful whilst giving me the cash.
Why Apple is just like Microsoft: iTunes and Safari
Apple has decided to use it's monopoly on MP3 players to persuade everyone with the necessary layer on a computer, iTunes, to install their silly browser, Safari. They adopted tactics used by spyware companies and made an update to iTunes "recomend" the installation of Safari, forcing you to deselect the install on every update.
asa (of the mozilla foundation) said:
When *installers* bundle extra programs and install them by default (opt out rather than opt in) it's *annoying*. When *updaters* bundle extra programs and install them by default (opt out rather than opt in) it's damaging to the trust relationship that users and vendors have relied on to keep software safe and secure.
Not only do they force you iTunes when you download Quicktime, making you hunt deep in their site for the solo installer, now the iTunes update also throws crap at you. It also helps computer users learning to accept the installation of crap on an update and not demanding better behavior. It probably doesn't help people trust updated either.
On my totally personal experience, if any of those programs AND the iPod is indicative of a different "experience", I must be blind and dumb, because to me it's exactly the same shit, just with different issues.
To watch a Quicktime movie on my PC I have to:
* Install iTunes, have it hijack all my multimedia file types.
* Have all the mime types replaced in my browser (a new plugin to show jpg files, yay!)
* Install an "iPod sync tool" in my system tray
* Have Apple pester me the whole time to install updates to all of the above.
* Have Apple pester me the whole time to upgrade to a "professional" version of something or other.All that to see a dumb Quicktime movie? I think I'll pass...
Different. Somehow...
And what does Safari show the next day?
recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites."
Completely different.
Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs."
Again, completely different.
Do they remind you of Microsoft yet or are you just daft?
On words and actions
As president, I will order an immediate review of our overseas deployments - in dozens of countries. The longstanding commitments we have made to our allies are the strong foundation of our current peace. I will keep these pledges to defend friends from aggression. The problem comes with open-ended deployments and unclear military missions. In these cases we will ask, "What is our goal, can it be met, and when do we leave?" As I've said before, I will work hard to find political solutions that allow an orderly and timely withdrawal from places like Kosovo and Bosnia. We will encourage our allies to take a broader role. We will not be hasty. But we will not be permanent peacekeepers, dividing warring parties. This is not our strength or our calling.
- George W. Bush
Thursday, September 23, 1999
Let’s beat the dead horse again: MS Security
Another security study making the rounds today in which someone who purports to know a lot about analyzing security — whose blog tagline, in fact, cautions that “we should try not to simplify [security] to the point of uselessness” — has decided that a product becomes less secure when the developer fixes and discloses vulnerabilities that they find in-house. What Jeff Jones, a director of Security Strategy at Microsoft, has done is simply counted the number of fixed vulnerabilities reported by each of Microsoft and Mozilla, grouping by labelled severity.
What could be simpler? Perhaps nothing. What could be more useless? Again, perhaps nothing.
Is Microsoft Hijacking Open Source?
Well, yes, I hate MS. So, here we go again...
From a great article on the Linux Journal:
Following this up, the FFII pointed me to a question in the EU's FAQ on the agreement:
Can open source software developers implement patented interoperability information?
Open source software developers use various “open source” licences to distribute their software. Some of these licences are incompatible with the patent licence offered by Microsoft. It is up to the commercial open source distributors to ensure that their software products do not infringe upon Microsoft’s patents. If they consider that one or more of Microsoft’s patents would apply to their software product, they can either design around these patents, challenge their validity or take a patent licence from Microsoft.
This, of course, was rather different from what Kroes had said. about giving “legal security to programmers who help to develop open source software and confine its patent disputes to commercial software distributors.”
So what is going on?
One issue seems to hinge on the phrase “Open source software developers use various “open source” licences to distribute their software. Some of these licences are incompatible with the patent licence offered by Microsoft.” Perhaps the EU assumed that this is not a problem: provided some open source licences work, so the thinking went, it will always be possible to offer an open source alternative. Of course, what this overlooks are the details: the fact that one of those licences that are “incompatible” with Microsoft's licence is the GNU GPLv3 – which also just happens to be the licence used by Samba, the only project that really cares about Microsoft's protocols.
And it's only real competition... Read up for more.
Jeremy Alison in 2005 about EU vs MS
This is old, so I'm just writing this to document this.
What the EU means by this is they want to see real competitors to Active Directory. Currently if you want to put your Windows clients and server into a "single-sign-on" environment (and let's face it, who wouldn't), your only real choice is Microsoft Active Directory. Why is this ? Well, the main obstacle is that Windows client won't log on in "Domain" mode without it, and Windows servers use information held in Active Directory to make authorization decisions for Windows clients. Enough of the protocols that the Windows clients and servers use to do this are not documented by Microsoft to make creating an inter-operable server a risky business for any commercial entity. Few have tried; Sun, with their "PC-Netlink" product was cut off from access to the Windows 2000 source code when their supplier AT&T abruptly had their contract to port the Windows source code terminated by Microsoft (thus instigating the EU case). Samba, as Free Software, is one of the few successes in this area. Sometimes not depending on a revenue stream is a distinct advantage !
The EU decision was designed to force Microsoft to unravel its undocumented web of protocol interdependence and allow third parties to create true alternative to Active Directory. On paper it looks perfect – all Server-to-server protocols must be documented, even down to the Active Directory replication methods. But Microsoft has learned much from the US Dept. of Justice settlement about sullen compliance with the letter of a court order, whilst subverting the spirit of it. Firstly, how to lock out Free Software ? This is easy to do; just require per-copy royalties on any product created from the specifications. In one simple stroke this eliminates their major competition. Now, how to make this as unattractive as possible to prohibit any commercial entities from making use of this ? Simple, limit the time allowed to use the information released to something rather less than the commercial life of a product, say five years and force any licensee to agree to acknowledge any existing Microsoft patents on the specifications. This has been so successful in the USA that a grand total of fourteen companies have signed up to the Microsoft Communication Protocol Licensing Program (MCPP); a grand success ! For Microsoft that is, not the US Dept. of Justice. None of these licensees dares to take on Active Directory. Few even have any competing products at all.
The one fading hope is that any licensing terms for the released information must be agreed to by the EU legal team. The Samba Team, via the Free Software Foundation Europe, is making our concerns known to them. However afore-mentioned devil is that the judge took the example of the USA MCPP licensing as his model for how Microsoft might be able to structure the European agreement. This is a hole big enough to drive Governor Schwarzenegger's personal fleet of Humvees through, and I fully expect Microsoft to take advantage of it.
It's been a grand ride, and I've learned much about courtroom drama, but in the long run it doesn't look like the EU case will have much effect on the Microsoft monopoly. No, it's still down to "we the people" to create our own Free Software alternatives; but then again, it always was.
I didn't blog about the end result at the time. What was it? A slap in the wrist (600 million $ is nothing to them) and having to supply documentation in a completly closed way that's unusable to their real competition, Samba. Big business wins again. Not even a fine for delaying.