Important updates from Microsoft (KB970653)

I’ve been on vacation for a couple of weeks, trying first to battle the Evil Overlords (details on that later) and then spending some time at the beach (and yes, that’s the actual beach.. ) but this afternoon, when I laid my sunburned hands on the keyboard, I encountered the friendly (and highly obnoxious) icon in the system try telling my that I had new updates for my Vista system. Including one “Important” update for windows, and two “recommended” updates.  I thought that was a little odd, since I’ve just installed a bunch of updates a couple of days ago. Every time I install updates it\s a pain because I have to stop everything I’m doing and restart my machine. So it was with some trepidation that I clicked the system icon, and sure enough, it told me I would have to restart after I apply these changes. Yuck.

Well it doesn’t do to leave your system unpatched, I thought, and if Microsoft has updates for my machine, and labels them “important” I should probably install them right away, right? Especially if they have gone out of their way and released a second update package in the same week, got to be crucial.

Not so much. Turns out that KB970653 – the update in question – was an update to the time zone feature in my windows system. Apparently the people at Microsoft were so worried that I’d get the time wrong on my system that they felt the need to push out a special update package, and make me restart my system, just so that the timer wont be off.

Now I agree that the system time functions are important, especially if you are running database systems or servers. But for most of us, simple mortals who just use our computers for everyday life. Is all this hassle really necessary? Couldn’t this wait for the normal Update Tusday cycle? It makes me wonder what other junk Microsoft pushes down the pipe just because no one actually bothers to check if those “important” and “critical” updates really are all that crucial. Those of use who were around a few years ago probably remember Microsoft’s “Critical” update KB833404 that was put out in 2004 for every MS Office product there was. You’d think that a “critical” update for ALL of Office meant that they found and fixed some gaping security hole or something, but no, that critical update did nothing more than remove two swastika symbols that ended up in the wrong font. I’m not making this up.

Personally, I opted not to install the important update just yet. When I’m done with my vacation, and the laptop gets shutdown anyway so I can take to work, then I’ll do it. Until then I will stay with me, alas, not accurate time zone info. In the meantime, if anyone in Microsoft is reading this, I’d like to offer one thought: Before you randomly label updates as important and critical, you might want to take a moment to re-read the story about the boy who cried wolf. Not every update deserves panic mode treatment. Thanks.



Side Channel attacks

Last month I attended Cryptoday 2009 – a workshop on cryptography and security hosted by the Computer Science department of the Technion. Amongst the lectures there was one by Prof. Moni Naor of the Weizmann Institute that focused on the feasibility of, and defense from, certain kinds of attacks on security that circumnavigate traditional encryption by attempting to read information directly from the physical medium. Attacks which are known as “side-channel attacks”.

I’m mentioning this because the June issue of Scientific American Magazine published a really interesting article on the topic titled “How Hackers Can Steal Secrets from Reflections” which explains this kind of attack in a simple and interesting language. It’s a little far fetched, but well worth reading.


Google ChromeOS – a non-event

*** Posted on All rights reserved. ***

The net is abound with buzz nowadays about the aannouncement of a Google “Operating System” due to come out the second quarter of 2010. Yawn..

Beyond the discussion of what qualifies this as an Operating System, for which I will direct you to two excellent articles by TechCrunch and The Register (Caution: colorful language), there is also the question of what the product actually is. According to Google, the Chrome OS is “Google Chrome running within a new windowing system on top of a Linux kernel.” In other words: Install Linux, Install Chrome, take away anything that isn’t Chrome, and expect who ever is using this to only use tools that run in Chrome. Seems to me this should take about a week for a competent System guy to do, assuming he has to write his own scripts.

So what’s the big deal here? The “new Windowing system”? Gnome, KDE, and the rest aren’t good enough for you, you need something that will launch Chrome automatically without showing a Desktop first? I mean seriously, what are they going to be spending a year on?

The answer is as simple as it is sad: they are going to spend the next year on trying to make Chrome do things the way a real OS does, and on trying to make Web-apps function like real apps. With all kinds of hocus pocus like HTML 5, Google Gears, and G-D knows what else, they’re going to try and develop a comparable platform for running the programs you need inside a browser.   I doubt they’ll succeed, and I seriously doubt that they can do it in a year.

And that’s the bottom line. No one really cares is the OS they use come from Microsoft, Mac, Linux, or Ed’s computer shopp and live tackle, they simply want to install their applications (that they’ve been using for years) and have them work. Period. This is the reason that after a great valiant run at Linux, I came back to Windows. It let me do the things I wanted, and have been doing for over a decade, without having to re-learn and re do everything. Trying to get everyone to shift paradigms and move to Google Docs is one thing (and a daunting task at that). The fact that Google Docs can’t do everything that office can is completely different. In the larger scheme of the corporate world, a $200 saving on a computer with a free OS is nothing compered to the amount of time, and hence money, wasted on trying to relearn years of established ways to do things.

There’s even more to is than that. As the Register points out:

But it’s not just Office that will keep Microsoft’s hold on the PC market. Can you replace Active Directory with a web app? Is there a site I can visit to connect to my office’s shared printer? What do you mean World of Warcraft doesn’t run in the browser? How do I play a DVD in Google Chrome?

And he’s absolutly right: The greatness of a true OS is that it can run ANYTHING, not just thing that are written in the limited context of the Internet. And if a program is installed on my hard drive it will run with or without a network connection, and can access and modify the files on my drive without the fear that sudden server congestion will break it. Until ChromeOS can claim even a little of that, it is not Operating System, it’s a non-event.

Good Weekend,


The epitome of gimmick

*** The original address for this post is If you read this post anywhere else, it means: A. It’s stolen.  and B. You read some mighty boring sites (That would steal THIS). 😉  ***

I haven’t had much time to update in the past couple of days (lots of fun Java work) but I wanted to share a small site which I think is a serious contender to the “Epitome of Gimmick” award:

The concept is simple: Darkness takes less energy than light, therefore, if we make our screen entirely black, it will take less energy than if it were white (like Google).

It’s a gimmick for two reasons.

A. Depending on your screen, black may actually take more energy than white, and

B. If you had said this five years ago, people would have looked at you like you’re nuts and asked you if you didn’t have anything better to do. If you say it five years from now, people would look at you like you’re nuts and ask we don’t you invest your energy in some REAL energy saving solutions.  But now, right now, people are already concerned enough about the environment to listen to things like this, and clueless enough to actually follow them. This leads to a site which has no distinction other than its color scheme becoming a major destination on the Net.

Something that isn’t special, but has something that looks special enough to attract your attention. Yup, that a gimmick alright. 🙂 Personaly, I’m waiting for the IPhone app that would blacken the touch screen…

Ok, Back to JavaLand.


Asking questions that mean something.

Here is a trivia question for all the minutia lovers out there: what former US surgeon general looks like colonel sanders and has a name that has something to do with chickens?

Go ahead. Type that into Google, bing, or Wolfarm alpha, and see what you get. Chances are it’ll be a long laundry list having to do with Obama picking his surgeon general, KFC, or chicken jokes. In fact, you will get a whole load of matches to your query, but you will not one simple thing: an answer.

This is, of course, because search engines don’t understand questions. They simply scan your search terms for keywords and try to give you relevant pages. They do some rudimentary grammar analysis to try and determine the subject of the query (IE the thing you are actually looking for) but more often than not, they get it wrong (which is why you get more entries about chicken then the surgeon general). Search engines have a hard time with descriptions, too. A ‘man who looks like a thing’ is the sort of thing that a search engine simply can’t handle. And finally, search engines can get easily confused in determining what pages to return that might contain an answer (Consider this post, for example, it has links to search engines, chicken jokes, and observations about grammar. If you had to quantify it by keywords, you’d end up with some mighty odd matches)

I say this because there has been a trend recently of creating “answer engines” – search engines that can understand your question and miraculously supply you with the answer. It started a few years ago with “ask Jeeves” (now part of and had its latest arrivals in the much publicized Wolfarm Alpha and the bing “decision engine”. Sadly it seems that hype aside, there really is no noticable difference between a search engine and a answer engine, with the possible exception of Wolfarm – the first engine that has the desency to tell you when it doesn’t understand what you want.

I’m not faulting search engines developers, mind you. Understanding plain-English questions is a hugh and daunting task, and the field is really only init’s infancy. Search engines have gotten a lot better over the past few years, and will continue to improve (and users will continue to get better in searching, which is a different topic for a different day.) But we’re still far far away from the day when all the knowledge of the Internet is at our fingertips. Search engines can fill in many details, but they’re no replacment for a structured approche to learning,  no replacement for simple thirst for knowledge, and no good in trivia. At least, not yet.

Big Endian.


For anyone who’s wondering, the answer is

C. Everett Koop

C. Everett Koop

a great name, if I ever heard one.

Fair use vs Piracy

I mentioned a week ago that a certain site seems to be stealing programming-related content from several blogs including my own. I took it upon myself to notify the two other people who’s blogs I found and telling them too, and so I was delighted to hear from sriram chewsthefat – one of the two – who wanted to know how to lodge a complaint against the site in question. Sriram: Due to the fact that the site doesn’t have any email or contact information, I ended up lodging a complaint with their HOST company, called You can find exact directions on how to lodge a complaint at Good luck.

During the course of the week I discovered yet another site which was stealing my posts: (You might notice that the headline sounds awfully familar..) Yet, I don’t mind this one nearly as much, for a very simple reason: Whoever copied my post put a link to this blog at the bottom of the page. They didn’t pretend that they wrote my blindingly witty comments about the IPhone, they attributed them to the source.

That’s the small but oh-so-curcial detail. Above all else, a writer want to be read and recognized. When I write a piece about facade classes, of java Strings, or even why IPhones suck, I want who ever reads is to benifit from it, and I want that person to be able to respond to me. I don’t really care how a person found my words. I care that he finds them, reads them, knows who wrote them, and occationally write something back. Nothing is more exciting to a blogger then comments (hint hint) , so when a site uses my words but strippes out my name, that’s piracy, and it makes me mad. Where as a site that links back to me will never hear me complaining. And why should I? They’re just helping advertise my blog, it’s fair use. And if they make money in the process, well… I’ll chuck that up to advertising fees. 🙂

Good weekend,


P.S., On the same topic, check this out:

Being Spammed as a way of meeting new friends.

I mentioned in my previous post that a certine site seems to be stealling content from my site. And not just mine, incidentally, I found two more victims: (Post:differences-between-software-development-and-software-engineering) (post:/a-simple-logic-for-swapping-values-of-two-variables-without-using-temporary-variable-or-pointer)

Beyond being annoying and kinda pathetic, the problem that any blogger has with their posts being stolen is that it may result in lost readership from people who might have otherwies read to post in it’s proper place on the blog. So once I discovered that my posts are being stolen, I looked to see if there are any comments on them that “belong to me”.

While I’m happy to say that I didn’t find any real comments, I did find one spam comment about a money making scheme through Google. The whole thing wiffed of a scam from the get-go. I LOVE scams, and consider them some of humanity’s greatest work of fiction and innovation, so with a little screat throb in my heart, I clicked the link.

The scam itself was pretty basic, and a quick search for the guy’s name revealed a really neat site explaining the makeup of a scam page in detail, which was very interesting. But what caught my eye was the third link in the search result: a woman asking the guy from the scam page to stop spamming her. The synopsis was cute and witty, so I clicked on the link and discovered Clara Todd from Cambridge, UK,whose blog Anglodoodlge, managed to cram posts about the IPhone, a chicken coop, Poetry, and Bra sizes all in one page of posts. And make it funny, on top.

The kicker is, of course, that I would have never found Clara’s blog if we weren’t both (in a distant way) targets of the same spam. Seems to me there’s a new startup company here waiting for someone to start it: “Tell me who spams you and I’ll tell you who your friends are”. Could be the next big thing…