Wednesday, November 28, 2012

Microsoft is toast, here's why

According to the logs (screenshots below), slightly less than half the visitors to this blog used Windows. Moreover, only 4% used Internet Explorer, less than the 11% using Mobile Safari (iPhone/iPad). While readers of this blog don't represent the whole market (of course), they do represent where the market is going. Where Microsoft's market is going is down the toilet.
This is why Microsoft is panicing with the iPad-focused Windows 8 and it's Surface pad. While these moves seem radical, they are in fact not radical enough. Microsoft's monopolistic control over the pixels in front of your eyes is at an end. It's now Apple and Android who are in control of the future. Microsoft has no hope of dominating the future of mobile devices like they did with the desktop. Their best hope is to be among the top three, and there is a good chance they won't even reach that.

It's not that there is anything wrong with Windows 8. I'd even call it a "great" system according to many metrics. It's problem is that it's too late. It doesn't have the app support of Apple or Android, so it doesn't get penetration in the market. And, because it doesn't have market penetration, few write apps for it.

What I find funny is that Microsoft knows this. Steve Balmer (and Bill Gates) acutely remember how they took the computing crown away from IBM in the 1980s, nearly bankrupting IBM in the process. Back then, IBM failed to appreciate how the microprocessor was an existential threat to its entire business. This time around, Microsoft's leaders know it's in deep trouble, but knowing still doesn't help.

By the way, the thing that Microsoft failed at (and what Apple succeeded at) was predicting Moore's Law. Moore's Law meant that at some point, handheld devices would be able to run a full operating system -- the full versions of Linux, Mac OS X, and Windows. According to Moore's Law, Vista should've been running on ARM processors as Windows 8 RT does today on Surface. That way, when Apple announced a handheld device running Mac OS X, Microsoft could've pivoted as fast as Google did with their handheld Linux (Android). Instead, Microsoft was caught with WindowsCE/WindowsMobile -- a completely separate operating system that shared only a few APIs with the full Windows. This cut-down operating system optimized for handhelds was created a decade early, and was great in many ways, but it couldn't do basic tasks like surf the web with a real browser.

Microsoft has responded well. They may only be a year late. But a year is forever in technological revolutions. Once the market leaders become established, it becomes nearly impossible to enter the market. The only real option is to change the market. There are ways Microsoft can still do this. Maybe "cloud" is the way. Maybe the XBox home connection is the way. Maybe corporate BYOB security integration is the way. I doubt, however, that college students dancing and clicking to dubstep is the way. I kid, because Microsoft is going to have to invest in a lot of risky things that in retrospect will turn out to be stupid in simply to stay alive in the mobile future.

So here's my prediction: the share of Windows (on all platforms) and Internet Explorer in my logs will continue to decline. Next year I'll probably blog showing stats confirming this. I like Microsoft. I spend most of my time using Microsoft. VisualStudio and Word are awesome. It's just that I don't see a rosy future for them.


Update: another path to victory is if Intel succeeds in bailing them out. Intel's Atom processor is excellent competition with the ARM, and Haswell/Broadwell may eventually become even better competition. The wealth of x86 apps can then compensate for the lack of ARM apps.


Tuesday, November 20, 2012

You are committing a crime right now


Are you reading this blog? If so, you are committing a crime under 18 USC 1030(a) (better known as the “Computer Fraud & Abuse Act” or “CFAA”). That’s because I did not explicitly authorize you to access this site, but you accessed it anyway. Your screen has a resolution of . I know this, because (with malice aforethought) I clearly violated 18 USC 1030(a)(5)(A) by knowingly causing the transmission of JavaScript code to your browser to discover this information.

So we are all going to jail together.

Monday, November 19, 2012

SOPA: let's not let Republicans weasel out of this one


The recent Republican gaffe on “copyright-reform” demonstrates the conflict between ideology and politics. Ideologically, Republicans should oppose the current copyright regime as anti-capitalistic rent-seeking behavior. Politically, though, rent-seekers donate money, and 99% of voters don’t care or understand.

Savvy politicians saw an opportunity to exploit the anti-SOPA blackout protest. By delaying and modifying SOPA, politicians could both appease protesters while also maintaining donations from copyright holders.

An example of this is Republican Congressman Darrell Issa’s “Digital Citizen Bill of Rights”. It appears to give the protesters everything they ask for. But it doesn’t. It is an Orwellian list, similar to the one described in Animal Farm (“everyone is created equal, but some are more equal than others”).

Item #1 on the Issa list is that we have a right to an uncensored Internet, the top concern of protesters. But, like existing rights, that only stops laws whose primary purpose is censorship. The problem with SOPA is that censorship is a secondary side effect, an unintended consequence. The Supreme Court has ruled that such secondary effects can be permissible, which is why First Amendment protections don’t already stop bad faith DMCA takedowns. Thus, Issa appeases protesters with something that is toothless to prevent censorship.

Item #10 on the Issa list says that we have a right to profit from our creations and to have our intellectual property protection. But of course, some (like Disney) are more equal in this regard than others. The purpose of this “right” is to justify future SOPA-like anti-piracy legislation. Issa put this at the end, as if it were the least important item, hoping that protesters wouldn’t notice and agree to it. This strategy worked: these “rights” received widespread support by protesters.

But Issa’s item #10 is unconstitutional. That was the purpose of this withdrawn position-paper, to make clear that we don’t have a right to profit from our creations, or have our intellectual property protected. Specifically, the “Copyright Clause” grants authors protection for a “limited time” only so far as it “promotes the progress of science and useful arts”.

What’s ironic about this is that Darrell Issa has been one of the Republicans grandstanding claiming to adhere strictly to the Constitution. The Republicans first order of business after retaking control of the House of Representatives in January of 2011 was to read the Constitution in its entirety. The implication was that Democrats had been passing unconstitutional laws, namely Obamacare that abused the “Commerce Clause” for the “individual mandate”. Yet, Issa is willing to abuse the “Copyright Clause” to justify improper anti-piracy legislation. (I’ve attached a photo of Issa – he keeps referring to the constitution, but I don’t think it says what he thinks it says).

The withdrawn position paper used the DJ/mix scene to support its point. Many commentators on Twitter were amused by this, assuming it was some sort of political ploy to attract the youth vote. The opposite is true. It was pure ideology. The paper had to show evidence that the current copyright regime is hindering the progress of the arts, and hence, in violation of the Copyright Clause. Since cultural progress comes from the youth, any example they’d cite would be some new things kids were in to.

This position-paper has created a dilemma for the Republicans. It’s written so clearly, in their own language, that Republicans cannot deny the truth of it. Ideologically, it’s clear that Republicans should support copyright reform and oppose SOPA-like anti-piracy laws. Yet politically, it puts them in a bad position, because on the whole, voters neither understand this nor really care about this. Taking this political stance will only lose them the financial support of copyright holders.

What we (the anti-SOPA crowd) need to do is hold the Republicans feet to the fire. Force them to confront this position paper at every turn. We need to keep asking them the difficult questions, such as “the paper made it clear that today’s copyright harms the progress of the arts, so why don’t you support copyright reform?”. Every time a Republican waves a Constitution over abuse of the Commerce Clause, we need to point out the Copyright Clause. When Republicans criticize labor unions for rent-seeking behavior, we need to point out rent-seeking copyright holders like Disney.

Lastly, as a Republican, I’d like to point out that this is why we lost the last election. Romney was the crassest candidate in recent memory saying anything to get elected. Yes, he did a great job speaking to my ideological concerns, describing the evils of regulation. But then he’d turn around and do just as great a job speaking to Democrats how regulation was a good thing. We need to stop this crassness and actually stand up for what we believe in. We believe in copyright reform. Let’s actually do it.

Sunday, November 11, 2012

The hacking of a general's mistress

This news story claims "Anonymous" (the well known hacker collective) may have hacked the account of Petraeus mistress. That's because her e-mail account, paulabroadwell@yahoo.com, was included in Stratfor email hack last year.

That story is baseless. Since the Stratfor database was made public, everyone had a copy of it. Anybody could've cracked Paula Broadwell's password, not just Anonymous.

The dumped file is known as "stratfor_users.csv". You can still find it on numerous file sharing and BitTorrent sites. It's 200-megabytes in size, and compresses down to about 40-megabytes. The line you are looking for is the following:

"582458","paulabroadwell@yahoo.com","deb2f7d6542130f7a1e90cf5ec607ad1","paulabroadwell@yahoo.com","0","0","0",,,"1263896967","0","0","1","-18000",,,"paulabroadwell@yahoo.com","a:1:{s:7:\"contact\";i:0;}",NULL,"freelist:152402","0","0",

Her email address is in the clear, but the password has been 'encrypted' (into the value deb2f7d6542130f7a1e90cf5ec607ad1) using the MD5 one-way encryption algorithm. You can crack this hash and recover the original password by using a password cracking tool like John the Ripper or oclHashcat. Using oclHashtcat, it'll take 17 hours to crack her password using a GPU accelerator trying 3.5-billion password attempts per second, trying all combinations of upper/lower case and digits.

After doing this, you'll discover the original password is "vsKLVg8L". This is a fairly strong password, consisting of random upper/lower case letters and numbers, which is why it takes 17 hours to crack.

This password is just for her Stratfor account. However, most people re-use passwords, so there is a good chance this was also her Yahoo mail password. If so, then anybody who downloaded the Stratfor dump and cracked the passwords could've logged on and found details of the affair.

I googled her password (https://www.google.com/search?q=vsKLVg8L) and so far, this is the only page that comes up. Hackers often talk about their exploits in public forums. Thus, since her password is distinctive, I half expected the google result come back with hackers discussing her account. I found nothing, which means that if hackers had broken into her email account, they probably weren't the Anonymous types that tend to brag about it.


Update: So why reveal her account and password in this blogpost? Because anybody who would do something bad already knows these details. Time and time again it's been proven that only through full disclosure can we fix things. Ms. Broadwel'sl account and password have been burned, and this is the only way to fully prove just how burned they've become.


Update: This is what oclHashtcat looks like trying to crack the password. As you see, it'll take 17 hours to brute-force eight upper/lower case and digits, even though it tries 3.5-billion passwords/second. I didn't actually run this to completion, because I'd already done this over the entire Stratfor dump last December when it was originally made public. Her password defeated the 'dictionary' and 'mutated dictionary' cracks that got most of the passwords, but not the 'brute-force' crack. Had her password been one character longer, I wouldn't have cracked it.


Tuesday, November 06, 2012

Why voting machines suck

This video shows that every time the voter touches "Obama" the voting machine selects "Romney" instead. As the comments on the Redit post show, this cannot be a simple "calibration" issue. Is this proof of a malicious intent to change the vote?

Maybe, but maybe not.

Monday, November 05, 2012

Theory: “impact on the crowds”

Intrade allows people to bet on the election. Right now, Intrade gives Obama a 66% chance of winning vs. 33% for Romney. This is called the “wisdom of the crowds”. The idea is that if somebody has some private information, they’ll profit it from that information by going to Intrade and buying/selling shares, moving the price. Thus, the final price encapsulates everything known about the election. Thus, according to this theory, the best anybody knows about Obama winning the election is 66%. I use this theory in my previous post.

Hack the vote


Dan Gillmore has an article on choosing the lesser of twoevils to vote for. He’s wrong. You’ve got more than two choices. The Green Party and Libertarian Party are two viable alternatives. If you want to change things, you’ll do more voting for these guys than the mainstream candidates.

A lesson in math … and risk

Today is the eve of the US presidential election. I propose the following hypothetical scenario. A friend and I are talking. I think Obama is going to win the election. He thinks Romney will. He is so sure, he bets me $100. So we agree on the bet. The election comes around, and to my surprise, Romney actually wins. I fork over the $100, and my friend gloats over his winnings, saying I was stupid to have bet him, because he knew the outcome all along.

Nope, in fact, I won $33.

Saturday, November 03, 2012

Sandy and the tragedy of collectivization

After the “we-built-that” controversy of this election, Democrats are using hurricane Sandy to refute Republicans, pointing out all the good that government is doing to help victims. For example, the Department of Defense has responded to the fuel shortage by sending in soldiers with 5000 gallon fuel trucks to distribute 10 gallons of gasoline free per person. Isn’t this proof that government helps?

No, it isn’t. The fuel shortage is caused by government to begin with. The government has “price gouging” laws that prevent the price from rising. That means those in nearby states can’t ship gasoline to the region, because they can’t cover their costs. Government licenses who can handle gasoline and dictates its precise formula, likewise making it difficult to bring in extra supplies from other places.