Monday, August 16, 2010

Why people play WoW

So World Of Warcraft has millions of players, as well as addicts and support groups. Why do people get so enthralled with this game? It's beyond just being a fad; it has playing a large role in many peoples' lives.

Up until recently, I thought it was the whole "escape from reality" thing where people can go to pretend there something they're not. I still maintain that's the main reason, but it's not like (most) people can't tell the difference between the game and real life. I think it's more that people are so dissatisfied with their lives, that they don't care that it's a dreamworld, it's better to have a dream which fake than to spend every minute in the misery of their daily life. I'm speaking about the really hardcore people who log several hours per day, the majority of every week, not the casual gamer who plays once a week for an hour. I don't see the game as the cause of anything bad, but rather a symptom. Also, this would be any RPG, it isn't exclusive to WoW. WoW is just the largest scale example (at least, for now). Nothing new here, I just thought I'd comment on it since my perspective has shifted and this phenomenon has beem brought to the forefront of my attention.

As for what's making people feel so miserable that they feel the need to escape to a fantasyland... that's another topic, for another time...

Saturday, February 27, 2010

problems with society

I've been feeling rather disillusioned lately. I can't put my finger on the cause nor solution to this dilemma. Perhaps it's the economy and how we seem to be faced with a rather different problem than previously in history. We already shifted from agriculture to manufacturing, then from manufacturing to the service industry. So where do we go next? To go to an almost fully automated workforce would be require radical changes from people. On the other hand, are we to stop automating things in order for people to remain employed? Given the historical record of resistance to change and what it takes to overcome said resistance, I have a feeling that's part of why I've been feelings more dismal than usual.

It's easy to say that one person can't make any difference in a matter so large, but that mentality is a large part of what causes stagnation. We need progress, and that can't happen if nobody participates. We're not going to get the kind of change required from any politician, not matter how good their intentions or how charismatic they may be. As much power as politicians may have, they don't really solve problems anyway; they merely pass laws and declare war. So we shouldn't really expect them to solve all our problems. The mainstream media may not be educating people on the possibilities of the current technology, but with the Internet, it's not that hard to get informed. With things like twitter and RSS feeds on bloggers' sites, the content can even be pushed to people so that once they find sources they know and trust, they don't have to continuously go out searching in order to stay up to date.

In a dark kind of way, the unemployment actually is good for change. For if one has no job, they'll be happy to try something new. If there's 300 million people in the US, and about a 10% unemployment rate, that'd mean that there are roughly 30 million people unemployed right now. If these people decided they were going to abandon the monetary system, that'd be an incredible labor force. As long as they were given food/water, a home, and electricity, I think many of them would take the offer at least as a short term solution if nothing else. Even if you figure only 10% of the unemployed would be interested, that'd be enough people to form a quite large city. It seems that the first step of the Venus project (http://www.thevenusproject.com) isn't such a far stretch of the imagination after all.

Why not give it a try? If all the naysayers are correct and it doesn't work out, we can either solve those problems, change out the problematic parts so it does work or find something that does work, or go in another different direction. One thing seems obvious, if what we have now isn't working, then we should stop doing it. It's like the old saying goes... if you're stuck in a ditch, the first thing you should do is STOP DIGGING!

Tuesday, December 8, 2009

Why auditing makes poor security

Compliance and auditing has been the main driver for "securing" computer systems for about a decade now. There's basically rules in place, be they legal regulations, or conditions which need to be met before a contract is signed, and these rules need to be followed or else these are consequences. The consequences typically just result in a fine and maybe a lost contract and a little bad press.

The basic problem with the compliance and audits is that it gets people into the mindset that if they follow all of the steps laid out so they are compliant and they do nothing more. This doesn't make them much more secure, since the attackers are just as familiar with the regulations as the auditors and system administrators who implement the rules. However, it does give them two important things. First, it gives them the false sense of security. More importantly, however, they don't really care if they're compromised because it gives them legal and political protection. The legal protection is that they were compliant, and therefor the compromise clearly wasn't their fault and thus the liability is severely limited. The political protection is the same argument but used in the event that the story makes it to the media. This doesn't save the company any money, but it helps make them look good.

So if we don't give companies guidelines on what they need to be secure, how will they know what to do to make sure the information is secure? Well, I'd say that's up to them. We don't have laws requiring them to do their accounting, but they seem to manage to make that work and still inter-operate with the IRS, the state government, and other businesses. Another argument for having these compliance standards is if we didn't have them they wouldn't take any initiative to secure their information. This purely depends on the economics of the situation, it's merely a matter of the cost to secure their system and the cost if they don't. If they spend hundreds of thousands of dollars buying equipment and hiring quality people, that may make they a very difficult target and tremendously lower the risk of data theft. On the other hand if they spend little to no money on security, they might not get compromised anyway.

If information security is important to the population at large, then the punishment needs to be stricter. If a company can't secure the information they've been entrusted with, be it due to neglegence or incompentence, they should be held accountable. To say "Well we did everything on the checklist. We spent a lot of money on security and tried really hard" is a fine explanation, but that does not excuse them from what they allowed to happen. Whatever they did obviously wasn't enough.

There are some outstanding disclosure laws which do a good job at accomplishing this. It makes it less common for companies to just sweep things under the rug when something bad happens. Instead, they must report it to the government who is going to make sure the incident is publicly known. The limitation of this is that a slick public relations person can mitigate the damage very well. In addition to making it known, they should be required to pay damages to the people. As long as there's such a little cost to allowing your company to have a data breach, we can expect to see more and more of these problems.

Now, some are quick to point out papers like that of Romanosky which indicate that we can't find any "statistically significant effect that laws reduce identity theft." Of course, I could refute that with other papers which indicat there is some correlation, but go one step further in looking at other benefits of these disclosure laws. My point is just that it's a step in the right direction; I certainly wouldn't claim that it's enough to motivate industries to take their obligation to secure the information they possess.

Of course, when companies don't even know they've been compromised, it's a difficult problem to solve. There are some interesting products that look at "normal" traffic over one specific protocol and will detect anomalies which would indicate there's a problem (attack occurring, something compromised and data outbound, etc). The problem is that this is an incredibly difficult thing to do, just from a technical standpoint. With research now being done so that plain text which looks like it's English being used to launch shellcode attacks, it's really difficult to tell the good data from the bad. Filters which look for "things that look like social security numbers" are inaccurate on both ends (miss things, and flag things which are not actually SSNs) plue they're often limited to a specific protocol (typically HTTP).

The moral of the story is that, just like any complex problem, there's no magic bullet. There are things which will help in different aspects, but it really takes a person who is knowledgeable and spends time thinking about the technical limitations of something.

Thursday, December 3, 2009

Interesting patterns

I just looked at the clock and saw it was 12:36, which seemed like an interesting series. I came to determine that this was inherently interesting because 12 * 3 = 36 and three is not only the third digit in the series, but also the lowest factor of 12 (excluding 1, of course). Beyond that three is also the largest common denominator between 12 and 36 as well as the smallest odd prime. The square root of 36 is six, which also happens to be the last digit. If just looking at the digits by themselves, I noticed that 1 + 2 = 3 and 2 * 3 = 6. If there was another number in the series, it'd probably be 729 (3^6).

That makes me wonder about a lot of things. Like do other people see numbers and start picking out patterns? Do certain series of numbers look interesting to others, even if they can't explain why? Would I (and perhaps others) pick up on these interesting numbers if looking at an analog clock?

Monday, November 30, 2009

Police raid Swedish hackerspace

If you haven't already heard, the police raided the social center where Forskningsavdelningen is housed. Here's the full article.
http://forskningsavd.se/2009/11/29/i-can-haz-moar-bout-teh-reid/

I understand that the police are expected to uphold the law. Perhaps the best use of their time really was to raid a concert where there may be alcohol being sold to underage people. It's fine that they raided the place.

Now, did they have to come in riot gear and ski masks for an underage drinking accusation? No, they did not. We'll give them the benefit of the doubt and say that maybe they had reason to believe some patrons had weapons and planned to use them against police if it came down to it. If that's the case, and I'm not saying it is, then that would explain, and perhaps excust their actions.

Next, they started seizing stuff. This is understandable if they are alleging a crime has taken place. If they got there and found there was no underage drinking then there's no reason to take anything.

Finally, there's the three biggest issues. The police took things which did not belong to any suspects, they took things unrelated to the case they were investigating, and they seemingly didn't give anyone a list of things taken. The last item can be easily rectified, but it should have been done before the police cleared out. However, I can't think of any legitimate reason for taking items unrelated to the crime and not owned by the alleged criminals. The only logical reason I can come up with would be to cause harm to anyone affiliated with that venue.

I'm not familiar with Swedish law, so perhaps they have the authority to take anything they please without even as much providing any indication as to what they took. But even if they do have that power, it doesn't make sense as to why they would do so in this case unless they have some kind of vendetta against Forskningsavdelningen. If that's the case, then they should just get a warrant and raid them properly. This was of seemingly circumventing the law is unjust and likely illegal.

Hopefully the hackerspace will get their gear back in a timely manner, however that doesn't sound likely. The appropriate response by the police at this point would be to return the property of anyone who is not a suspect, apologize for the confusion, and provide a list of everything which is not being returned. What is done, is done, but it's not at all difficult for them to start doing the right thing. While most people aren't going to be happy about the whole situation, I think we can all find it acceptable. The longer the authorities fail to take this action, the more unacceptable their actions become.

Monday, November 23, 2009

Just found Another survey showing that insider threats are very real and that it's actually getting easier for insiders to steal information. From the article: "Pilfering data has become endemic in our culture as 85% of people admit they know it's illegal to download corporate information from their employer but almost half couldn't stop themselves taking it with them..."
http://www.net-security.org/secworld.php?id=8534

The moral of the story is that if you care about things like your customer list, product information and business plans, take serious action to protect it! If you are unsure if it's safe or not, hire someone to do an audit and advise on how to address the issues which are found.

The economy is getting better, kinda

So I noticed some interesting market trends which started shortly after the new political leaders took office.

Mar 09, 2009 Dow Jones 5647.05
Nov 10, 2009 Dow Jones 10,226.19

So that's a 54.31% gain. I know what some of you are thinking... but Dr. Nichols, the media tells me that things are bad and how scared I should be. They even cite hard numbers like unemployment rates and relate that to the failed Obama plan. How on Earth can you explain these stock prices?

Actually, the same thing that explains the stock prices also indicates that things are bad. If we take a look at the unemployment rates we see a huge jump from April 2008 through June 2009. Companies are cutting jobs, saving money and becoming more profitable. So businesses are getting more profitable, by putting people out of work. So the question becomes: Will the companies be able to keep their gross income up when there are less people employed and thus less people willing and able to buy their products and services? I'd say they're selling things which are necessities, like food, the answer is yes. Likewise, if their markets are in countries that can still afford and desire the products they'll do okay. On the other hand, if they are selling items which are not required and expect the domestic sales to keep coming in, they may be disappointed.

So, although the market turn-around happened only a couple months after Obama took office, I'd say the recovery began (for the businesses) when they started killing jobs. The fact that some of their competition went the way of the dodo is also a factor, because the customers will now come to them.

If the government decides to do something to help people instead of corporations, but given the opposition from the right (Republicans, Joe Lieberman and some others) any attempt to help "Main Street" will surely be shot down for being "big government", a "waste of money", and "fiscally irresponsible" by many. By the extremest, it'll either be hailed as exactly what we need, or socialism and thus a complete government takeover of our lives and freedoms... depending on which extreme you're listening to.

The problem isn't just the politicians, who practically accept bribes* from lobbyist in turn for passing favorable legislation. It's also the self-serving media, which reports on whatever is profitable for them. The more products they can sell for their sponsors, the more money they'll ultimately make. While there were the multi-national monopolies of the late 1800s and into the early 1900s such as standard oil,
Carnegie Steel, Bell telephone, and J.P. Morgan's railroad, they didn't do so because people preferred them to their competitors. For the most part, this was before the radio was even invented, let alone a common thing to find in the home. TV, the Internet, the science of psychoanalysis, were all completely non-existent. So I'd argue that even though the companies today might not be as large (in terms of market share) as the ones yore, they're more powerful, both in terms of influencing (or manipulating?) the common people, as well as getting laws passed which will make them more profitable.

So all of this leads to a few questions. How do we fix this? Can we do so or is this just the natural order of things and is ultimately inevitable? Of course there's no one answer. Some things that would help is if America went back to producing things (other than military equipment), as shipping jobs overseas may help other people, but it doesn't help the American economy. We've already seen what happens when the American stock market stumbles and falls, so it's arguably better for more than just Americans. People could buy locally from sustainable businesses. The problem with that is that it's more costly to do, so even in good times many people won't think it's worth that extra money, and justify this rationale by convincing themselves that one person won't make a difference. To them, I say "Be the change you wish to see in the world." If you don't understand that, listen to "Man in the mirror."
I'm not sure what "the answer" is, but I think with the technology we have right now, we should be doing much better than we are. We need some incentive for companies to make products that last, rather than cheap junk which sells. If you have better solutions for societies woes, please share them. Even better yet, take the next step and start making them happen!

* Bribery, as defined by the courts, must be more specific than "we like guns... do you like guns? You do? Oh, well here's a bunch of money for your campaign." It need to be more like "Here's a bunch of money for your campaign in return for you promising to pass a law which forces people to buy health insurance whether they can afford it or not."

Some of the sources for the economic data:
http://www.google.com/publicdata?ds=usunemployment&met=unemployment_rate&tdim=true&q=unemployment+statistics
http://finance.google.com/

Update:
Here's a map which illustrates the unemployment stats quite well:
http://cohort11.americanobserver.net/latoyaegwuekwe/multimediafinal.html