Rootkit revisited: Technology Review

Technology Review: Inside the Spyware Scandal. The MIT journal attempts to reconstruct everything that happened with the Sony BMG rootkit brouhaha (for details, see the Boycott Sony blog).

A reasonable recap of everything that happened, with a few revelations: First 4 Internet was originally hired to protect studio recordings from prerelease leaking, and the broadly disseminated rootkit technology just kind of happened along the way. Second, Sony BMG initially didn’t respond to F-Secure’s questions because the security company contacted the wrong Sony subsidiary. There won’t be any real answers unless the legal proceedings still underway uncover them; both First 4 Internet and Sony BMG declined to comment for the article, which kind of limits the scope of its revelations.

I’m quoted in the article about the Boycott Sony blog and my reaction to it, though I’m morphed inexplicably into a Web developer.

Unfortunately the article comes down on the side of arguing that there has to be some kind of “good DRM,” that all Sony did was err in how heavy-handed and covert its attempts to apply DRM were. I’m not sure I agree any more. I certainly don’t think the answer is going to come in trying to make something “consumer friendly” that limits your rights.

ITXpo: Microsoft Vista and app dev

Spent some time this afternoon looking at Vista and talking to the Microsoft team here (which includes some folks I know from my past life at Microsoft.com and my internship—hi Arvind! hi Peg!) about what’s coming down the pipe that our company needs to know about from an application development perspective. The guidance I got from the team there is that the major thing to pay attention to is the change in the privilege model—User Account Protection—and how that affects the installation and running of applications. Other than that, there are plenty of cool new features to take advantage of, of course. And the eye candy is impressive.

I also liked the built in RSS widget on the Sidebar. It does appear to be a little funky though—not in parsing the RSS, which is fine, but in loading it in chronological order rather than reverse-chronological order. I loaded my RSS feed for kicks on one of their Vista test machines and was surprised to see that the top entry was an old one—then surprised again to load the feed source in IE 7 and to see the same thing. Apparently the default XSLT+CSS orders the items oldest first. That kind of detracts from the usefulness for me. Maybe there’s a way to change it. I walked away with a beta CD and will check it out once I can install it on Virtual PC.

ITXpo: “Consumerization”

If you know me, you already know one of my points about a few of the sessions that in a well-intentioned and generally thorough way address the question of “consumer” technologies in the enterprise. That’s the C-word itself. Our employees are not gullets that crap cash, and talking about technology expectations set by “consumer-grade” services like Google, desktop search, and IM that are all actually free brings some real cognitive conflict. How can it be consumer technology if there is no money changing hands?

The Docs (Searls and Weinberger) et al have done us a tremendous service in making us aware of the naming problem that the “consumer” label brings. I’m not sure they’ve done a good job of identifying alternative labels. “Producer” has been floated in the case of bloggers and other user-authored media creators, but it doesn’t generalize well; “human being” and “citizen” have the opposite problem—they’re too general. From a technology perspective, is there a useful way to talk about technologies that stand in opposition to the enterprise central-control model that doesn’t use the C word?

This is, I think, an important question. Anyone who has been around “consumer” driven businesses knows it can be like pulling teeth to get them to acknowledge that consumers are the same people who are inside enterprises, just seen at different times. And some of it has to do with the label. If IT organizations are to take “consumer” technologies seriously, as the Gartner mavericks suggest that they should, maybe finding a different word is a good starting point. The session I just was in, led by David Smith and Tom Austin, indirectly suggested one alternative: open market technologies. But of course this suggests that enterprise technologies are not open market. sideways smiley

The question of what to call it (reluctantly) put aside, the idea that systematically bringing non-enterprise technologies inside the enterprise could drive real benefits—not just to the end user but to the enterprise as a whole—is I think worth taking seriously. The speakers cited a case study of a company (which I think was Ford) which hardened its internal systems, then piloted an approach in which rather than providing a corporate desktop it gave its users a stipend with which they could buy their own—shifting the burden of administering and supporting the desktop to the end user, but also allowing them to take advantage of rapidly shifting consumer technology. They also discuss possible worlds where the base OS on an office machine is a consumer OS, and that the standard corporate desktop runs as an image inside a virtualization environment. How silly it is, they point out, to be a consumer service like Google or Ebay and to say that you can’t do business with me unless you have an approved, hardened browser that I provide and can guarantee is secure.

What I found interesting about all of these scenarios, and what they pointed out toward the end of the discussion, is that these trends could open the door for players like Apple—not iPods but Macs—to be dragged into the enterprise by end users who are comfortable and productive with them and can do most if not all of their jobs on them, once the users are given the leeway to provide their own desktop machine. Now that’s interesting.

ITXpo: Business service management

One of the pitfalls (or blessings, depending on your perspective) of being a small software company is that you get laser-like focus on your core business problem out of necessity. For me as a vendor, one of the real value points about the Gartner show is getting exposed to other market segments that touch ours that I might not run across otherwise. That’s the case with the session I just attended on BSM (Business Service Management).

BSM is essentially a live dependency map, integrated to monitoring tools, that escalates only the monitoring events that have a real impact on the business and presents them in a business-consumable format. This is a goal for a lot of IT organizations—I know the Microsoft.com operations team was trying to implement something like this using the Microsoft server product stack plus homegrown tools about five years ago before the BSM market was grown, and knowing them they now have a complete solution. What was interesting to me was how BSM seems to dovetail with the work that my company has done in the last year on the CMDB, which really is about creating and documenting the service dependency map that BSM needs as a starting point.

When you combine a good CMDB with robust change management, and then tie in a good monitoring API and logic about how component status rolls up (or doesn’t) to the status of a service, then all of a sudden the time and effort spent on building that CMDB has paid some unexpected dividends.

Gartner ITXpo 2006

I’m back at Gartner’s ITXpo after liveblogging parts of it last year. I’ve decided this year to pseudo-live-blog—to take notes during the session and post them later. Pulling out a laptop during one of the keynotes last year just felt too weird. Blogger culture hasn’t totally permeated the IT universe, and I drew too many stares.

However, I did notice a blogger’s lounge is available on the show floor alongside all the media lounges. So maybe things are changing… albeit really slowly.

It will be interesting to see if this year’s official conference blog actually writes anything about any of the sessions, rather than the conference events.

I hate United.

I really really hate United.

I decided to postpone my flight to San Francisco for the Gartner ITXpo from last night, with the hassle over the basement and everything. I am now waiting at a gate at Logan for our flight to show up at the gate. It was supposed to have taken off 20 minutes ago.

Why is it late? Is it the weather? Is it a delayed crew? No. It’s late because it’s taken 45 minutes to tow it from a hangar to our gate. I’ve already missed my connecting flight.

I really, really hate United.

President Bail Organa

Just as well the West Wing is over. I’m not sure I believe Jimmy Smits as a president any more than I believe him as Princess Leia’s adoptive father.

Oh, hell. I’m too young to be that grouchy an old fart. I’ll miss the show.

Iā€™m an idiot, of course

And anyone who knew anything about floods would have known, as I didn’t, that emptying the basement once wouldn’t make a damned bit of difference with how high the water table is right now. Neither of course did the French drain. I now feel a little better about having let it get clogged, knowing it didn’t make a damned bit of difference. (Yes, all the work I did earlier is for nought. Oh well. We’ll see where we are in the morning.)

Friday Random 10: Sixteen Hours edition

Something I neglected to mention in my post yesterday about this latest illness was the solid eight hours of sleep I got yesterday, on top of eight hours last night. Today I feel odd; rested and yet not.

I can’t wait to be done with this cold.

  1. Iron & Wine, “Evening on the Ground (Lilith’s Song)” (Woman King EP)
  2. Nine Inch Nails, “Get Down Make Love” (Sin)
  3. Choir of Trinity College, “Singt! Ihr lieben Christen all” (In Dulci Jubilo)
  4. Lascivious Biddies, “BiddyCast: Camp Conway”
  5. Peter Schickele, “Closing” (Two Pianos are Better Than One)
  6. The Clash, “Hateful” (London Calling)
  7. R.E.M., “Be Mine” (New Adventures in Hi-Fi)
  8. Bob Dylan, “Nashville Skyline Rag” (Nashville Skyline)
  9. Radiohead, “Palo Alto” (Airbag/How Am I Driving?)
  10. James Brown, “Get Up, Get Into It, Get Involved” (Funk Power 1970)

New (old) mix: Graduation Lieder

I posted a while back about an old college mix that I had posted at Art Of The Mix; at the time I thought I would be writing about more of these old mixes. Funny how time flies. But today I posted one of the pivotal mixes in my personal tape history. Graduation Lieder isn’t really mine; my cousin Greg put it together while he was working at a campus radio station and gave it to me as a high school graduation gift back in 1990.

I can’t think of too many better gifts than to be introduced to such a concentrated bundle of great music. The irony at this remove is how much the landscape was about to change. All the REM influenced college bands like the Connells, Drivin’n’Cryin’, and Camper van Beethoven, who dominated the first side of the mix were to disappear, buried under the one-two onslaught of early 90s dance music and the grunge avalanche (which Camper would ride out by transforming into Cracker). A lot of the other artists were to undergo some radical evolutions as well. Björk, Frank Black, and Ian McCulloch went solo, the former more successfully than the latter two. The Chilis went through enough evolutions to merit a separate post of their own. And whatever happened to Living Colour?

Anyway, a great artifact and something that I hope you’ll enjoy as well.

Okay, really: enough of this.

This is now the third time in two months (approximately) that I have been felled by a sinus cold. It’s taken residence in my throat too. I want my immune system to step up and do its job. Unlikely with the rain that we’re having right now, though: there’s no sunshine predicted for the next ten days. Fortunately I’ll be in San Francisco next week for the Gartner ITXpo—and they have sunshine.

Oh yeah: George, are you in town next week?

Google Trends, analyzed

Dave points to one of the announcements from Google Press Day today: Google Trends. The publicly facing application shows trending for search terms over several years, and compares it to the volume of news items that contain the search terms.

When I was working on online BI at Microsoft, we had an internal application very much like this that I helped launch for Microsoft.com search analysis. The bells and whistles were different but the display and the idea were the same: by looking at what people are searching for, you can gauge the popularity of a concept.

Dave fell into a trap that we discovered, too: neglecting to check synonyms when comparing the popularity of concepts. While RSS beats podcasting and blogs in the sample search Dave did, the term blog (singular) handily beats RSS and podcast.

So synonyms are obviously one issue. According to the About page, you can address this by grouping terms together, but I couldn’t make this work. Bug? Overall volume is another issue. Did you notice that the y-axis isn’t labeled?

But it’s still fun—particularly when you can take advantage of common names to tell a good joke. Hey ma, I’m bigger than Dave!

Kitchen beginnings

Is there such a thing as a slow, incremental kitchen renovation? Beats me, but Lisa and I are hypothesizing that, up to a point, it can be done, and we’re moving forward with a plan to do one.

The first part will be to take the outside wall of the kitchen, which until this weekend housed a stand-alone cabinet, and install a set of actual cabinetry there, complete with countertop. This will require some work, namely removing a built in ironing board (which is cute, but essentially useless to us) and a rudimentary chair rail molding, but should otherwise be straightforward–especially since we’re using Ikea’s modular Akurum system.

It’s the second step, where we rip out the rest of the old cabinets, install a dishwasher and an outside-venting hood, and move the stove—and maybe rip down the wall between the kitchen and the dining room—that will be the fun part. The theory about doing incremental changes kind of breaks down at that point.

So many decisions. At least with the Ikea system there are some constraints. We’ve already picked the cabinet bodies and doors, and will try out one of the counter surfaces on the first two cabinets we bought—at $50 for six feet of counter space, it’s a cheap enough experiment. But then the other questions come: what kind of dishwasher? What about the floor? Can we fix the sag in the floor that is ominously under the refrigerator?

As they say, stay tuned…

Trackback, you are dead to me.

I finally turned off trackback on this blog. For a while there have been certain posts that were trackback magnets, and I was dealing with those through a manual review process. In the last month, though, just about every post started to collect trackback spam within a day or so of being posted. The version of Manila that my host supports doesn’t really provide any mechanisms for managing Trackback spam—there is no notification mechanism and no facility for centrally reviewing pings. So it’s gone as of last night, and good riddance.

I’ll continue to send out pings when I post, but given my experience with Trackback I don’t know if anyone will be receiving them.