What Sony Cares About

28. April, 2011

So Sony‘s PSN user database was hacked. It seems the credit card data was in a safe place elsewhere. Encrypted.

The user data wasn’t encrypted.

Which leads me to an interesting thought: Apparently, the money was more important to Sony than the gamers.

Or maybe the credit card companies told Sony in very clear terms how to handle the precious credit card numbers, so Sony complied to those rules and when it came to passwords, age, place where you live, they were economical. As with how they handled the situation. At least, we didn’t have to tell them that they were hacked.

Unlike, say, Apple, they did tell us that something was wrong and they apologized for what happened. We’re just left with the task to clean up the digital mess they created.

How valuable is this data? Well, if you do something sensitive over the phone, say, calling your bank. And they want to make sure it’s you. What do they ask? Well, the simple stuff: Birth date. Where you live.

With data like that, you can open an eBay account and so some online fraud. Good luck proving it wasn’t you. Sure, it won’t be a problem but it will be an ugly hassle.

Make sure you check your next credit card bill; just to make sure Sony didn’t mess that up without noticing.


Why Software Patents Are Illegal

28. April, 2011

Patents on machines are legal, patents on speech are not. You can’t patent Obama’s latest public appearance or a mathematical proof. Those things are covered by copyright laws (and followers of this blog know that those are flawed as well).

So why are software patents illegal? They are recipes which tell the computer what to do. You can’t patent recipes. Therefore, it should be impossible to file a patent on software.

The long version is here: 1 + 1 (pat. pending) — Mathematics, Software and Free Speech (Groklaw). The article explains why lawyers often get confused by computer terms, how this is bad and how to stop them.


Riding The Risk

25. April, 2011

It’s a general misconception that if a human can’t see something, computers can’t either. From my experience, it’s usually one or the other. Or both.

When the financial system crashed, humans knew in advance. Well in advance. Everyone involved knew. The question wasn’t “Will it crash” but “When”. Those behind the bubble made a fortune by riding it. And they still do.

The computers didn’t see it coming because they weren’t meant to. That doesn’t mean it’s not possible, it means that the people, who make fortunes from these events, don’t like the idea of a computer telling the authorities what will happen and when. Especially not when a) they can’t make their fortunes first and b) everyone else has to pay the bill. Bonuses are back at the pre-crisis level. I wonder how that could happen.

Prof. Didier Sornette, Professor on the Chair of Entrepreneurial Risks of the ETH works in statistical models which predict bubbles and crashes. One way is actually pretty simple: If the growth of a market grows exponentially  (i.e. when x in 1^x starts to grow with 1^y where y > 1), there is a bubble forming.

So the problem were facing isn’t “we don’t know” but “we want lots of money.” Lots of money always comes at a risk. If nothing happens, people start to forget that. Or ignore it. Even if they know better. So laws and regulations which “harm the free market” are abolished. Until the next bubble when we all have to learn again why those laws and regulations were in place.

Computers can see things that we’d like to ignore.

I’m not saying computers should make the decisions; what I’d ask is this: When the computers predict a crash, everyone involved should be asked to sign an innocent little extra agreement that reads

In the case of a crash, I’ll be held liable for any damages caused by the crash, personal and fully, with all my wealth.

I’m not saying people want the crash. All I’m saying is that they have little reason to avoid it. It’s their job to make money. To make a lot of money, you need to accept a lot of risk. That’s OK. The problem is that there is no reason not to take intolerable risks. “It’s not my money”, “everyone is doing it”, “everyone makes lots of money, why not me”, etc. That’s human nature. And it’s human nature to start to think as soon as you get hurt personally when it goes wrong.

So let’s add some hurt to the system.


Major Security Flaw in Dropbox on Windows

20. April, 2011

During the installation, Dropbox saves the login credentials in %APPDATA%\Dropbox\config.db

The problem: The file can be copied to another computer or account and this simple operation gives an attacker the same credentials as the victim.

Even worse: Changing the password doesn’t help since the credentials don’t depend on the password. So even after a password change, the attacker can still access the Dropbox account!

Kudos go to Derek Newton for finding this gaping hole.

Original article: Dropbox authentication: insecure by design


Design Patterns for JavaScript

18. April, 2011

Here is a good collection of design patterns for JavaScript: Essential JavaScript Design Patterns For Beginners


Mysterious Eclipse Hangs

15. April, 2011

If your Eclipse installation hangs, there can be several reasons. If it happens while your tests run, chances are that a test printed an exception to the console view. If the exception is very wide, this can cause Eclipse to hang for a few seconds: Bug 175888 – ConsolePatternMatcher causes large delays with some large input.

I’m working on a fix.


Windows 7 Libraries Trigger Eclipse Builds

15. April, 2011

If you’re on Windows 7, you may know this odd behavior: For some reason, Eclipse goes into a build frenzy. Every few seconds, it will rebuild the workspace.

The reason: You added your workspace to a Windows 7 Library and you have “Refresh Automatically” enabled.

My guess is that indexing of Windows 7 Libraries creates temporary files which make Eclipse believe something changed in the Workspace. Which causes a rebuild. Which makes Windows re-index the workspace.

Workaround: Remove your workspace from the library or disable “Refresh Automatically”.

See also: Bug 342931 – Windows 7 Libraries trigger rebuilds