admin

IE, FF & Chrome

 Digital Life, General, Tim's Opinion  No Responses »
Jul 112009
 

I mentioned in some post or other this week that I’ve really come to like Chrome.  One of the reasons is how completely spiffy quick it is not just to use once opened, but to open up.  It loads, no kidding here, 15 seconds faster than FF and 5 seconds faster than IE.  That got me to thinking so I loaded each browser up to the same three pages I have as my default tabs in Chrome and looked at the memory usage of each in Vista Taskmanager.  IE of course is the big hog at 124,000 with FF a close second at 94,000 and Chrome comes in at an anorexic 30,000.  Sheesh, no wonder its fast to load and causes me so much less trouble when shelling in and out of WoW with it open.

The only thing that FF has going for it is Ad Block Plus.  Why those guys haven’t made something for Chrome yet saddens me.  SelectView for IE is nice in that it blocks a lot of ads, but still leaves the “blocks” where they would appear as empty real estate.  Ad Block Plus completely removes the ad from the page leaving only what you’re there for.  Amazing.  Doesn’t make up enough for FFs other flaws including just being kinda ugly, even compared to IE.

 Posted by at 8:17 pm

Interesting items of the day – Weds, April 22

 General, Security  No Responses »
Apr 222009
 

I’m at the RSA show this week.  If you’re in the neighborhood, look me up.

Not sure if I’ll ever be able to get back to regular blogging, much as I’d like to.  The good news / bad news is that work is keeping me busy and completely occupied.  Good news in this economy, bad news in regard to getting time to read and write as I’d like.  I’m thinking of at least posting up those items I find interesting as I come across them every day and posting them here.  Not sure if it will be regular or not, but what the heck… here’s the first installment.

RSA Show related:  Microsoft Pushes ‘Geneva’ In War On Passwords

The Zen of Password Cracking

One (Weak) Password Is All Many Users Have, No Matter Many Strong Ones They Need: Sophos

5 Things You Didn’t Know About Software as a Service

Hackers steal 285m electronic records in 2008 – Verizon

 Posted by at 12:17 pm

Identity system / Payment system

 Digital Life, Identity  No Responses »
Dec 172008
 

Funny that discussions around identity systems always come back to being analogous to payment systems such as this post wishing OpenID to be the next Visa.  Similar to my thoughts on looking for Identity’s version of PayPal, though I don’t think OpenID as an organization has any hope in Hades of becoming the Visa of Identity.  Someone may use OpenID as a spec to build the Identity of Visa, but that’s even doubtful given its current security model.

The problem holding any such system from emerging is an underlying liability infrastructure so everyone knows who is taking what risks and who gets screwed when the excrement hits the fan at any given stage.  The banks formed Visa and signed onto a rule-set that was then taken and marketed to merchants and customers who signed up for their various parts including risk exposure, penalties, etc..  PayPal came along and while they did offer their own guarantees and manage their own risk, they really rode the pre-existing liability infrastructures of Visa, Mastercard, etc.

So where does a wannabe emergent identity system get an existing liability infrastructure from which to launch to victory?  Who vets and backs online identities tied to actual, legally prosecutable individuals across more than one system that isn’t tied to a payment instrument?  I can’t think of any.  Everyone that wants my business or would have potential cause to persue me for some type of fraud requests a payment device from me.  My credit card number, bank account number, etc.

AaaHa!  So the banks should be the ones that issue my identity… uh wait a minute.  Banks are slow, uninnovative, fraidy-cats, which is why PayPal got to be what it is.

Yeah, so there we are.  Back to square one.  Perhaps Facebook Connect will lead the way, but they will have to a significantly better job of vetting users identity.  I’m not sure about you, but I’ve got several Facebook accounts.  Which one is the actual me?  Or are they all?  Does it matter for an identity system?  Probably given that the main purpose of an identity system is to smooth the path to various forms of e-commerce. 

Dang!  Back to payment again!

 Posted by at 1:01 pm

HD format or formatless war continues

 Audio-Video, Digital Life  No Responses »
May 202008
 

The HD format war continues though now the battle is more about whether there needs to be a “format” or not.  Discs are on their way out, we all know this is coming, but it may be coming even sooner than I’d imagined.  The digital-haves may skip BluRay for movies and go straight to digital.  The digital-have-nots may skip BluRay sticking with the regular DVD format until they become digital-haves.  After all is the typical American home likely to invest in big HD sets and players sooner than they’ll get access to broadband and a computer?  I sure as heck don’t know the answer to that one, though the geek in me wants to say the latter, but some average-joe instinct calls me back to the former.

These thoughts hit me as I was reading this article “When discs go the way of disco“, by John Murrell over at SiliconValley.com and it also brought to my mind why I haven’t yet bought a BluRay player (i.e. a PS3) or really gotten crazy on buying HD discs.  I did buy a HD-DVD player attachment to my Xbox 360 and bought roughly 8 discs in the excitement before I realized just how much the same movies on the same physical media (plastic disc) were costing me over and above regular DVDs.

I’ll admit that over the DVD years I have accumulated quite a collection of DVDs ranging from movies to TV shows.  I’d bet that my average price for those has fallen drastically to $10 or maybe even a little under.  I keep my eye out for good old movies and shows on special and am a huge fan of the $4.99 special.  Consequently, when I reached for that 9th or 10th HD-DVD at $24.99+ I balked and all purchases ceased and just as well as HD-DVD took a bullet to the brain-pan in the interim.  However, I’m not all that interested in jumping on the BluRay bandwagon yet.

This certainly isn’t because there is no difference between a DVD and HD disc, there absolutely, definitely is.  I purchased the most recent Harry Potter disc last fall which has DVD on one side and HD-DVD on the other.  I accidentally started watching the regular DVD side and was very disappointed until I realized my mistake and the difference was remarkable.  Remarkable enough to pay a premium for?  Yes, but not a 60+% difference and certainly not for BluRay which is still adding features that HD-DVD has had all along.

Since I am a HD snob at this point, instead of buying discs, we’ve been recording HD versions of movies via PPV via DirecTV or via Xbox Live.  I don’t get the “extras”, but really the extras on most movies anymore are really not interesting.  Commentaries anymore seem to be more about the movie makers getting together and getting caught up with each other than providing any in-depth discussion of the content of their film.  Of course this may be due to the fact that there really hasn’t been much in the way of great films for the last couple years…  Sorry, back on topic.  Consequently, for me the economics of spending $4.99 for a HD movie that I can watch whenever I want and repeatedly, but without owning physical media seems like a bargain compared to owning physical media of a movie I’ll probably not watch all that often after a couple years of its release for $24.99.  Besides in a couple years BluRay discs will be back down to the $14.99 level with bargain discs beginning to appear.  Maybe then, the economic calculation will change again, but then again I have over 2TB of storage on my network already so…

 Posted by at 11:27 am

Spock difficulties with defining who is “me”

 Digital Life, Identity  No Responses »
May 202008
 

Got this in an email for posting up my picture of Phormtaiqr on Spock.comPhormtaiqr

“Spock users have flagged and deleted a picture which you contributed to Tim Renshaw’s search result. Flagging and deletion occurs for a number of reasons. Sometimes it is because information is factually incorrect, sometimes it is because contributions are inappropriate. For more information please visit our community guidelines.”

I have reviewed the community guidelines and am not sure why my picture was removed.  It was not a picture involving nudity, it was not copyrighted (indeed Blizzard is quite happy too have me promote World of Warcraft by spreading my in-game image hither and yon) and is indeed a picture of me that many of my friends will know as me.  The “me” is from an online game, actually the online game / community World of Warcraft, through which I have met many people and this picture is the only “me” they have ever seen.

I suggest that Spock review their own community guidelines to ascertain what they are going to define as “me” and “my identity”.  This will of course have non-trivial impacts on what reputation of “mine” they are defining.  If the site is only going to work on purely “real me” identities, that’s fine, but I believe that really sells the site’s reputation possibilities short.  Reputation matters a great deal to me in virtual spaces.  One of the core ideas behind forming Clans and Guilds in virtual worlds is around the idea of reputation.  Anyone who has put on a headset and ventured into Halo on Xbox 360 knows that you don’t want to just hang out and play with just any schlub online.

I continue to watch Spock with a level of interest, but I don’t believe their allowing themselves enough breadth and interconnectivity to all that defines “me” online such that my reputation can really be meaningful across all the various entities representing me online.

 Posted by at 11:22 am

Stupid rant of the day

 Rant, Tim's Opinion  No Responses »
May 202008
 

Been too busy working on a super secret project that hopefully will morph into an important part of my future to really spend much time posting here, but couldn’t pass up this opportunity to vent some curmudgeonly steam.

Saw this article on a super smart guy researching whether or not Abraham Lincoln may have suffered from a rare disease.  The part that got me going was the opening sentence, “Did John Wilkes Booth shoot a dying man?”.  Wouldn’t it have been actually more newsworthy if John Wilkes Booth had shot a non-dying man?  Is everyone else in on some piece of history I missed, principally that in some way Lincoln was otherwise immortal except for Mr. Booth’s magic bullet?

That said, would this have been the same magic bullet that ricocheted around so devastatingly through JFK’s limo in Dallas?  Was the bullet also silver?  Were Lincoln and JFK related by the fact they were secretly werewolves or some other such immortal creature with an Achilles heel weakness to magic bullets?

This would be a fun book / screenplay / comic to write.  Could write it into the Underworld universe for the next movie, which might then actually be interesting, or just take it into a stand-alone fictional effort.  Unless of course it isn’t fictional and Lincoln wasn’t in fact dying when Booth shot him, but would have lived forever which would have been cool, cuz I’d still vote for him.

Make a great day, I gotta get back to work.

Originally published April 14, 2008

 Posted by at 11:10 am

See you at RSA next week

 Digital Life, General  No Responses »
May 202008
 

So I’ve finalized my plans to attend the RSA Show again this year.  Will be the first time I’ve been there not attached to a vendor exhibiting on the show floor.  Should be liberating!

I’ll be networking as I pursue several avenues of opportunities for my “next gig”.  Good news is that there is a lot going on and I’m really looking forward to linking up with friends, old and new.

The main non-networking item I’m interested in at the show is the OSIS Identity Interop.  There’s a lot of buzz in the identity space and I’m anxious to see what the reality of the situation is with real vendors, real products and real useful applications and use cases.  So far, I read a lot of good ideas, see a lot of work being done in various efforts around specs, protocols, etc., but haven’t seen any services or implementations that make me exclaim, “aHA! There’s something useful and secure, I’ll trust my online life to THAT!”.

Given that, you can imagine that my main focus as I examine my “next gig” options, is how to participate in the creation of exactly that service or application.  I believe all the pieces exist already today to put in place and create a revolutionary service, but all I see are the most timid steps forward.  This doesn’t mean that something won’t be announced at the show this week and I certainly hope it is and that we all can be using it by the end of next week!

Leave me a comment here or email me if you’d like to get together at the show and kick around some ideas or just grab an adult beverage <grin>.

Originally published April 4, 2008

 Posted by at 11:06 am

How often do you need to crack something, really?

 Digital Life, DRM  No Responses »
May 202008
 

How often do you need to crack something, really?  Once is all you need.

Information Week has this story on Blu-Ray Copy Protection Breached and the response from the BD+ encryption provider has me scratching my head.

“BD+ is a security response system designed to react to security attacks, not prevent them entirely. As part of this system, updated BD+ security code is continuously developed so that BD+ customers obtain ongoing value from the use of this technology.”

First, though I am often a guilty party, I hate sloppy language.  Of course their system isn’t designed to prevent attacks, it should be designed to prevent successful compromise having launched the attack.  Sure, it’s great if you can prevent someone from running at you with a baseball bat, but that’s really hard to do, especially on the open internet (see, sloppy analogy… guilty).  Its really, really important though that the bat and your head don’t meet.  That would count as a successful compromise of your defenses… crunch!
Second, this an admission that the BD+ system was successfully breached and content has been copied against the producer’s / protector’s wishes and therefore likely already a very busy Bittorrent.  So now that Movie X is a freely and widely available digital copy, how’s BD+ going to put the cattle back in the barn?  If someone in the Cryptography Research division of Macrovision can twiddle some algorithmic dials and make all those currently cracked discs become “uncrackable” again (“uncrackable again” is an oxymoron, right?) that will be impressive…

But useless.  The movie is already out there.  It can’t be retrieved, right?  Is Eric Rodli stating that they can make some adjustments and break all the digital copies sitting on all the hard-drives of those Bittorrenting miscreants?  I guess it isn’t beyond the realm of possibility that a copy could have embedded in it some type of “phone home or don’t play” mechanism, but that would be immediately obvious without any need for tweaking back at BD+ headquarters.

If I didn’t think this wasn’t a bunch of hot air, I’d investigate further, but there’s no need.  While very feasible that some algorithmic changes could be made to change how the next batch of Blu-Ray discs are protected and even feasible that currently cracked discs could get re-un-cracked (ouch that hurts to type) given the online nature of Blu-Ray (or is that in the next release when they’ll nearly catch up to HD-DVD technologically?), this is all just a bunch of Quixotic energy being wasted and defended.  This version got cracked, the next version will get cracked and once cracked there “ain’t no going back to re-un-cracked”.
Hey, that has a nice rhyme to it.  Makes it easier to type and say the second time around.

Originally published March 25, 2008

 Posted by at 11:00 am

Fast opening browsers, really an issue?

 Digital Life, Rant  No Responses »
May 192008
 

This is the first of what will likely become a series and so categorized as a Rant:

OK, so this is the last example of the day and nothing against Rafe, his post is just the last straw over the last couple days, where I’ve heard that how fast a browser opens really, really matters to the reviewer / commentator.  Seriously?  How often are people opening and closing their browsers that speed of launch is any kind of a measuring stick for the quality of a browser?  The only time I’m launching a browser is at some point after I boot my PC and then never shut down the browser until the PC does so at shutdown.  Nearly everything I do anymore occurs in a browser or is destined to be submitted, emailed, stored, etc. through the browser.  Why close it?

Rant off…

Some rants will be more serious than others.  This one’s not so serious, use your browsers any stupid way you want <grin>.

Originally published March 19, 2008

 Posted by at 3:00 pm

A friend asked me about IronKey

 Digital Life, Gear, Security  No Responses »
May 192008
 

A friend asked me about IronKey today and my first recollection was that I stopped by their booth last year at RSA. So I initially responded that far as I could remember, it was just another secure USB storage play. But since he was asking, I figured I would revisit it, especially when he mentioned that Bill Harris is currently their Chairman of the board. He was with Intuit, then PayPal, then pAssmark (yes, that’s the proper spelling, where the “p”, like the security is silent) and sits on a variety of boards. Why does that matter? Bill Harris has been involved in a lot of things that run parallel to my own career over the past decade and he’s found lightning-strikes more than once. Me? No lightning yet <grin>.

So like anyone, I started with the web site and it pretty much confirmed my recollection. I read the most recent article from their PR page and it revealed some interesting details. I won’t recap it, you can go read it at your leisure.

Certainly has some nice functionality, but the price is prohibitive even for me, one of the paranoid and willing to pay to resolve my condition. I’m completely happy carrying Roboform2Go around on a much cheaper finger biometric USB. I further protect the Roboform data encrypted with a second-factor key-file setup using TrueCrypt. Though Roboform touts their use of AES for encrypting their data, big deal, the weakness is still the fact they are at base, reliant on a password from which they generate keys. Me, I’m big into true multi-factor security, you know, some combination of:

  • Something you know (password / passphrase),
  • Something you have (typically a smartcard, but in my case files I use as my TrueCrypt keys on a separate device),
  • Something you are (biometric of choice, in my case my fingerprint(s).

So using my finger biometric USB, with TrueCrypt using key-files from another location and of course my Roboform password, I get all three factors. Purchasing Roboform, my biometric USB and free TrueCrypt comes in well under the $149 Ironkey price for their 4GB. The other benefit of my configuration is that for the same dollars spent on Roboform ($40) and TrueCrypt (free) I can do the same thing using all 80GB of my iPod or at least whatever is left over with my podcasts on the iPod. Sure, in this case I only have two factors, not three, but they are still two solid factors such that anyone stealing or finding my iPod would have no ability to get at the encrypted data (remember the files I use as my TrueCrypt keys are not on the iPod itself). Of course, there may not be many others in the general consumer market likely to be aware of the cheaper, more flexible options and how to use them to construct their own secure portable storage.

Of course, IronKey isn’t the only game in town and at their price, I’m not sure the security advantages are going to be obvious to those comparing IronKey to GuardID’s IDVault. If the purchaser is looking for secured surfing I suspect the IDVault will win, but if secure data storage on a portable device is the goal, IronKey all the way. These devices are actually nothing alike, but will Joe Noob at Best Buy rack understand beyond $40 vs. $150? It all comes down to marketing as usual and Bill Harris does know how to do that, so I’m not betting against him and the IronKey team. I’m just not likely to be one of their customers unless their service offering increases in some interesting direction… say, making CardSpace cards portable and still secure such that IronKey serves as my Identity Provider playing with OpenID while also making OpenID secure.

Yeah, that would have my attention and likely my $$.

Hey Bill or Mr. Harris, if you prefer; I’m available to help with that <grin>!

Originally published March 18, 2008

 Posted by at 2:54 pm
 Older Entries