Random Developments

Or, why I don’t like CSI Miami and New York.

Simple reason: Grissom. The original CSI is a show for geeks, with geek characters. Grissom (William Petersen) is the alpha geek: he loves his job, loves his insects, and would love them even if he didn’t need them for his job. And he seems to be mildly autistic, which is a major geek feature. And the other characters are not too far behind: Greg (Eric Szmanda, the DNA lab guy), Nick (George Eads) and Sara (Jorja Fox) are major geeks as well. Catherine (Marg Helgenberger) and Warrick (Gary Dourdan) are not so much, but that’s ok; the others make up for them. And apparently Will Wheaton is going to be in one of the episodes, and he’s nothing if not a geek at heart.

CSI Miami, by comparison, is not even in the same league. The boss, Horatio (David Caruso), is not a geek: he’s a cowboy in the wrong state. And, let’s face it, Miami is not a particularly geeky city. As for CSI New York, having watched only the pilot, I can’t really say much; but Mac Taylor (Gary Sinise) is no geek. He’s waaay too emotional even for a policeman (”no one sleeps in NY until we catch this killer”, “you should be put to death, no trial”). Even those cool tricks with face-recognition software and wireless fingerprint-matching don’t make this a cool show. And what’s with the CSIs going to the crime scenes by themselves? Didn’t they watch the first episode of the original CSI?

So, just one CSI a week is fine with me. The Miami and NY versions should have other names; they’re not the same type of show.

Windows plays soccer; Linux plays rugby. In soccer (sorry, to me this is football), whenever one player makes the slightest contact with another, he collapses to ground, writhing in agony and clutching at his ankle. Everyone gathers around and looks very worried until the referee holds up a yellow card and then—amazing!—the player springs up again, completely cured. So too Windows: as soon as anything goes wrong with any program, the whole thing collapses in a screaming heap, and requires a reboot. Linux, on the other hand, shrugs off application failures like a rugby player ignores broken fingers. Programs crash, but Linux keeps going.

From Max Barry’s blog. This says everything, I think.

I’ve just read an interesting article on structured procrastination: the art of making your procrastination habits work for you. Quite interesting, and seems to describe very well the way I work… something to be tested.

A funny thing… I save URLs of texts I want to read at some point in the future to del.icio.us, and that’s what I did to this one. The site tells me that 285 other people saved this same URL to their bookmarks. A surprisingly large number of them filed it as “toread”, “readme” or variations thereof. That’s procrastination at work…

SecureCon, a free two-day conference on computer security issues is happening here (it started yesterday), and I’ve attended a few of the sessions. The attendants are mostly university people, but there are a few corporate employees and non-affiliated people around. It is not a “marketing” conference; that is, presentations go into technical details and corporate presenters get some “hostile” questions at the end of their talks.

Today started with a presentation by Sam Trad, from Cisco, about their Network Access Control products, notably Cisco Trust Agent and related technologies. This is a piece of software that is installed onto network clients and that authenticates the client to the network before it’s granted access. During this authentication process, the agent tells the network what kind of software the client has installed, and the network can have policies in place that, for example, allow access only to WinXP boxes with SP2 plus the most recent patches, or Win2000+SP4+a current antivirus, and so on. The agent reportedly already comes with some antivirus packages, and will be part of future Windows OSs. For other OSs, you’re out of luck for now. A very good question raised by someone was: since we’re authenticating a host based on what the host tells us he’s got, what’s to keep this information from being spoofed? One might be able to write an exploit that takes advantage of an unpatched system and that reports it as a fully patched one to allow it to connect. The presenter mentioned something about “multiple levels of security”, but I don’t think anyone was really satisfied that this is not a problem.

This was followed by a talk by Damien Miller, from Netstar, about network worms. Nicely presented, if a bit scary at some points. His opinion, not stated that flatly, is “we’re doomed”. And I tend to agree, to some degree.

After this talk, I left the conference to do some work, and will be back for the last session, on urban hacking and hacktivism. And yesterday there was a practical session on security auditing, followed by a “hackathon” where attendants were invited to try to hack into three servers and retrieve specific pieces of information from them. Now, that was a scary session. The PCs were running Linux off a CD (the Auditor security collection from remote-exploit.org), and the available tools made it a breeze to remotely access vulnerable systems. As an example, a remote shell was started on a Win2k box with just a few keystrokes, using ready-made exploits. That’s way too easy. (during the contest, I got the two pieces of data from the Windows server, but did not have time to get into the Linux ones; a colleague of mine who attended a later session won).

Yesterday I forgot to mention exactly the type of spam that irritated me enough to post about it: referrer spam. One look at today’s stats reminded me of it, though. In short, the list of referrers is now entirely useless as a means to find out where users came from. It might as well not exist. In yesterday’s access log, which refers to Feb. 1st, virtually all of the top referrers are spammers, coming from domains like freakycheats.com (51 entries) and psxtreme.com (52), both with a large list of subdomains. And, of course, both come from all over the world, so it’s not possible to prevent it by blocking IP addresses (they are certainly using bot nets).

And they generate traffic! Some 5% of the total traffic of my web site is now caused by blog spammers (including comment, trackback and referrer), and I believe this will grow. I don’t think many people are already seeing traffic as a problem caused by blog spam, but mark my words: it will be a problem. It may be a larger traffic generator than podcasts in the not-too-distant future. And this will not be pretty.

On the one hand, I love MT-Blacklist. Yesterday alone, it blocked 136 trackback spams and 39 comment spams to my blog. Most of them were for some type of, and I’m almost afraid to use this expression, online casino. Others were for various types of quasi-legal pharmaceutical drugs (the drugs are legal; the sellers, not so much). I used to have MT-scode generating a CAPTCHA challenge for comment posters, but it stopped working thanks to something my hosting provider did, so I had to switch (and it doesn’t protect trackbacks, anyway).

On the other hand, though, I hate these guys. It’s annoying. It’s like talking against a background of white noise that gets louder and louder. It’s worse than e-mail spam, in a way, because, if it stays online (and you bet that it does, in many abandoned or not actively watched blogs) the spam “hits” many people with just one placement. For e-mail spam, it either hits the owner of the mailbox, or it doesn’t hit anyone; blog spam is closer to newsgroup spam, I think, except that almost no one reads newsgroups anymore.

My mailboxes have been reasonably clean of spam for a while now, thanks to some very good implementations of bayesian filtering. I understand that there are bayes-based comment spam filters around, but last time I checked they weren’t very usable. Maybe it’s time to either check again or to start working in one…