Sunday, December 27, 2009

microsoft got patent-trolled.

This is just insane. A Linux zealot I may be, but I feel for Microsoft in this case.
Patent law was intended to prevent a company from duplicating a better mousetrap without anyhow paying for the invention of that mousetrap. Patent law intends to prevent companies from ripping off the inventor. It is fairly certain in this case that Microsoft has paid engineers to develop a solution, which they did, without using anything whatsoever from i4i. Most likely before i4i showed up demanding the money, neither Microsoft nor their engineers have ever heard of i4i and their 'patent'. The patent covers storing text separately from its layout data. This is so trivial that any qualified software engineer would come up with it quicker than it'd take for him to read patent itself.
Programmers and software engineers are specifically selected&trained to be able to immediately 'invent' simple things on demand. Someone who can't immediately 'invent' this on spot wouldn't be working at Microsoft as software engineer.

Patent law is here to compensate inventors for their ingenuity - for creation of nontrivial things that wouldn't have existed for a while if not for the inventor. Patent law was never intended to let the 'first' expert who got a specific problem and straightforwardly solved it forbid others from independently solving this problem in the most natural and straightforward way imaginable.

The issue is that even the simplest solution could be presented as to appear very profound and mysterious to the totally clueless - just throw in a couple meaningless diagrams and other idiocies, and you get very nontrivial looking nonsense (see that patent, hiding triviality behind verbosity).
It is not understood by a court just how straightforward and retarded the patent is. The increased specialization results in perfect ignorance. It's perfectly equivalent to having 3 years old children for judge and jury - 3 years olds aren't stupid, but they do not know anything, they are not qualified to make any decisions on such case - and neither are adults whom do not understand the topic any better. Back in the day when patent law was introduced, the specialization was not so extreme as to prevent sensible trials; judge and jury could see if a patent is covering something totally straightforward.

Thursday, December 24, 2009

On topic of Linux immunity

It's actually quite easy to write malware for Linux, no harder than for Windows anyway (and 'not running as root' wont save you). Fortunately, whatever the reason, very few linux viruses get written in first place; maybe the would be virus writers productively contribute to open source software instead.

Wednesday, December 23, 2009

More on antiviruses.

Just look at this. They claim there's 15,000 new virus definitions each day. For windows. How comes there's less than 1 new virus per day on other systems, which have only maybe 10x smaller marketshare? How come open source antivirus software has orders of magnitude fewer new definitions per day yet is fairly effective? The world is not so huge for such a number of new viruses a day anyway. How the hell are they counting, what are they counting as distinct viruses? Server side polymorphics? If a clever virus makes new variation every time, specific definitions aren't useful, you need a clever solution that lets the virus run but catches it when it tries to replicate.
My best guess is that this number is not even a count, it's simply a number that they figure is the optimal number to display in the software and write in their releases for the purpose of maximization of their profits and for advertising of their brand new "whitelisting" approach which ain't gonna protect anyone but would probably generate a lot of profit for antivirus companies (say, I launch a new software product, how it's going to get whitelisted if people aren't running it because its not whitelisted? The typical solution to a chicken and egg problem is that you have to buy a chicken. Or an egg, plus incubator. Meaning if there's whitelisting, developers have to pay for certifications).

In my opinion, antivirus is a broken solution to a wrong problem. If you run non-trustworthy code - such as pirated software, keygens for pirated software, various "toolbars", etc. or if you run email attachment, no antivirus can protect your (windows) pc - it'll eventually be infected. If you have insecure network services, antivirus won't protect you - but a security update to a service could. If you keep everything up to date and you don't run non-trustworthy code, then you're as safe without antivirus. A general security tool which watches for changes in files could be quite useful. A specific blacklist is of little use - it cannot protect even from variations of old viruses. A whitelist is just a nuisance. Antivirus software is written in such a way as to maximize profits of antivirus companies, not as to minimize threats; virus signature lists are far superior for profit generation than general solutions; it is far better to autorun files from usb sticks and then sell antivirus software than to forbid autorun for writable or all media. Microsoft's response of tightening OS security is the only hope for Windows world.

Tuesday, December 22, 2009

RIP Amarok 1.4

Amarok 1.4.10 no longer works for me under mandriva (installed from old repository, into /opt/kde3 folder)... it simply doesn't scan collection.

Meanwhile, Amarok 2 is still completely unusable, even though you can get rid of the "context". It's just insane. Can't resize playlist to take up all the remaining space, cant drag-resize columns in lists, and so on (resizing columns with a slider, who the hell came up with this?! That's outright insane. Anyone with a sense would fix the list control to get drag-resizing of columns to work again rather than make slider dialog for that).
I'm switching to Exaile for final, i think. I promised to fix some bugs in it, then left 'cause i had no time... gonna get on it

Saturday, December 19, 2009

Are antivirus companies the main driving force behind virus writing?

I've always wondered why there is so many Windows viruses. Especially when I clean up friend's PC from malware. The number is on the order of hundreds thousands. An immense number of code lines. Awful lot of human effort. And when you think about it, the world is not so huge place. Naturally, some people suspect that some antivirus companies are somehow funding virus development, given that antivirus companies are the primary benefactors of virus development. This proposition, naturally, is commonly put down as an urban myth (no matter what).

I've figured some indirect but convincing evidence in favor of this 'conspiracy theory'. There's just far too many windows viruses and worms nowadays which replicate but do absolutely nothing besides slowing down the computer and saturating internet etc (so that antivirus speeds up the computer). Somehow, those viruses are the majority - viruses which actually do something like DDOSing a website, stealing credit card numbers, doing some evil as botnet, inserting obscenities into documents, and so on, are the minority - those worms are unusual, you read about them in the news. Even the botnets nowadays just sit doing nothing (Like conficker. A huge scare. It just penetrated into a lot of government facilities which it should not be able to penetrate into, which was quite seriously scary, and then did pretty much nothing except bringing billions into antivirus businesses).

This is very strange. That doesn't even look like vandalism or crime. Graffiti artists want their drawing to be seen; political vandals want to make damage to public property; criminals steal public property for scrap metal; all the IRL vandalism appears motivated, even if motivation is bizarre. There's always some driving force.
If you look at old dos (pre-windows) malware, nearly every virus did some original mischief - falling letters, animations and logos, inserted obscenities into the documents, wiped out hard drives, tried to say obscenities from PC speaker, messed with mouse cursor, and so on. Almost every 'harmless' virus did at least show a message about itself. There was some self expression, not unlike graffiti. You would expect most modern viruses to set something like goatse or 2girls1cup as desktop background, to scream from the speakers, to display political messages, to secretly record videos with webcam and upload those to youtube (particularly effective if combined with display of something nasty), and so on, a zillion possibilities. Indeed, that's what hackers do when they deface a popular website. But if you look at modern viruses, only a small fraction tries to do mischief or actually commit a crime. Majority seem to do nothing except supporting the antivirus manufacturers. There's almost no mischief and no graffiti. The viruses look like someone's boring daily job. Not like bored teens trolling. Okay, some nasty password stealers and such, those MAY be some criminal's daily boring job, but why harmless replicators don't even rickroll the user? (edit: actually there's a virus which rickrolls the users. It's on iphone!)

It seems to me that there is only one explanation: Development of windows viruses is nowadays heavily funded by antivirus companies - this at once explains why majority of viruses do nothing except replicating and generating scare, why amusing (when it's not your pc) virus pranks became rather uncommon, why there's very few Linux worms (mostly backdoors), and how it comes that antivirus companies 'detect' so many obscure viruses (which you would think user wouldn't notice) every day while being unable to respond promptly to real threats (which are extremely noticeable).

Antivirus company speakpeople would say that this is analogous to suspecting tire manufacturer of paying kids to knife the holes in tires. Well, firstly, that's an intentionally deceptive analogy. As matter of fact nobody's knifing tires in such a number as to sustain tire manufacturers; furthermore paying kids to knife the tires would've been far more dangerous and expensive, you can't outsource this to china or safely delegate it. That is why nobody suspects tire manufacturers, not blind trust that a big company would never commit a crime. They're making their profits by natural tire wear. Had they been making most of their profits from the tire slashing incidents, from unmotivated malice, then they would, in fact, be suspect (as the primary benefactors from the crime). The antivirus industry is more similar to heir inheriting billions from the rich uncle, who was killed by a car in hit-and-run near his house. Make that killed by a sniper shot - supposedly unmotivated sniper shot.

Secondly, as matter of fact, a lot of antivirus software is recognized to be fake - and the big brand antiviruses use pretty much same unethical tactics (popups telling you to upgrade, scaring you with numbers like '27 threats detected', reporting stuff like browser cookie files as threats, and so on) to generate revenue.

On the topic of trustworthiness of 'good guys'...
Putting aside small brand scareware, even the major 'antivirus' companies such as McAfee and Norton Antivirus engage in nearly fraudulent overcharging of credit cards of their customers (not outright illegal, but extremely close). If you did un-subscribe from Mc A Fee, they reportedly keep charging you the fee for 3 more months.
I certainly wouldn't trust such companies so much as to hold them above suspicion of virus development. There's certainly a plenty of ways to do this quite safely; e.g. a company could outsource virus identification to a separate company in a third world country, and this company in turn could hire a sweatshop of people and give 'em instructions vague enough that they could write the viruses in first place. Should this get discovered, the proxy gets blamed and liquidated, the sweatshop stays in place and keeps working (under different name). People whom were getting suckered into paying for antivirus still are getting suckered into paying for antivirus. People with a clue are 'outraged' but they would never have bought antivirus in first place.

I myself (I'm a Linux user) would not care about windows viruses and associated scareware at all if not for impact on the honest software developers. False positive rates of antivirus software are very high - the primary reason, i suppose, is that high false positives rate leads to increase in profits for antivirus companies - typical user tend to think that antivirus which found a virus is superior to antivirus which didn't find a virus. It appears as if some random short strings - which have nothing to do with any virus functionality itself and which appear in random software as much as in viruses - are consistently recognized as 'viruses' by design, resulting in credible virus scare for the customer. This is quite annoying for developers.

Sunday, December 6, 2009

Ted Chiang's What's Expected Of Us

I strongly recommend to read this brilliant story (if you haven't read it before).

Some minor commentary. Consider the Free Will Device, put next to the predictor. Free Will Device is actually entirely deterministic, and doesn't have any free will of its own. It consist of photocell which watches the LED on predictor, timer, which gets reset to 0 every time light hits photocell, and actuator which pushes the button when timer reaches 2 seconds. If predictor blinks within those 2 seconds, there won't be a button press, and if predictor doesn't blink, there will be a button press. That's fairly deterministic and if you had been given a box and told that it works as Predictor in this story, you're bound to try doing exactly this - setting your mind to press the button if LED was dark for several seconds, to check if it really works.
The laws of universe in this story would forbid you to press Predictor button 2 seconds after the start of experiment or flash of LED (rather than 1 second) but not forbid you to take egg out after 3 or 5 minutes of cooking depending on your decision whenever you want it hard boiled. That's not mere determinism; that would require some special malice on part of the universe, forbidding you to set your mind to make even a deterministic, predictable decision.

Tuesday, December 1, 2009

My view on 'crowdsourcing'.

Crowdsourcing is IMO much similar to common scam. Fraudsters are crowdsourcing they money. They make a business proposition which almost nobody would accept - to a large group of people. Very small percentage of whom make a decision mistake - i.e. get conned.
Same goes for most crowdsourcing. A crowdsourcer is making a business proposition - typically to write some software or make some design with non-guaranteed AND small pay - which almost nobody would accept (not even mythical people from 'third world'. Don't forget that both computer and internet connection are more expensive in developing countries). But with 'crowd' of hundreds thousands passing by, it is guaranteed that a few make decision mistake and accept. Bottom line is, both scammers and 'crowdsourcers' are profiting from rare psychological conditions and decision mistakes in a huge group of people.

Some crowdsourcing-like businesses could be different however. Innocentive, for example, where its mostly industrial chemistry, not programming, and rewards are quite big, good for few weeks work at $100+ per hour. Some of those problems might be nice for industrial chemist with relevant obscure expertise who can solve it quickly and win with no competition. I would call that expert sourcing; the industrial chemistry problems are of different league than programming and software design entirely and the spec work approach makes lot of sense when you really don't know if the problem is even solvable - and makes no sense what so ever if its mere matter of spending time. (I'm no chemist though sometimes I wish I were doing chemistry or physics for living)