Intel, it seems, have plans to finally dispose of the quagmire of unmitigated awfulness that is the PC BIOS. The BIOS, which is responsible for starting-up all PC-compatible machines, testing and initialising hardware and booting the actual operating system, has been around since the very earliest days of the PC, and, largely as a result of technological progress during that time, has accumulated a myriad of bodges, hacks and additional interfaces to provide access to newer hardware whilst retaining backwards-compatibility with software written for earlier systems.

What I find slightly odd, however, is that Intel has chosen to develop its own system, known as Extensible Firmware Interface (or EFI), rather than adopting the existing industry standard, IEEE 1275 Open Firmware, as used by Sun, Apple, IBM, Motorola and others. This seems a shame, particularly as Open Firmware is already established as a solution to the problem of processor/system-independent initialisation of PCI (and other) devices; indeed, it has been around since the days of S-BUS (see this article in Byte magazine and Matthew Johnson's Open Firmware page).

By adopting Open Firmware on the PC platform, Intel would have flattened the market for PCI hardware to the extent that boards intended for RISC workstations would function properly in PCs and vice-versa, resulting in more competition and lower prices for owners of Macs, Suns, and other RISC-based machines… conversely, by insisting on yet another proprietary solution (which will, no doubt, become a de-facto standard, most probably through nothing more than the market dominance of EFI's supporters), they maintain the artificial and unnecessary distinction between PCI cards developed for the RISC world and the Wintel oligopoly, forcing prices up for owners of non-Wintel systems as well as increasing costs for PCI card vendors (who now have three separate sets of drivers to write… x86 binary, Open Firmware FCode and EFI Byte Code).

It has been suggested that one of the major reasons that Intel and Microsoft are supportive of EFI is that it forms part of their plans for the Trusted Computing Platform (see the Trusted Computing Group site), where your computer is trusted by them to restrict your access to information.

The question that we (the computing community) should be asking ourselves here is why it is that we need yet another proprietary technology, and why existing tried-and-tested, standards-based solutions are not the appropriate solution in this case.

Posted by alastair at 3:55 PM Digg It | Permalink | Comments (2) | TrackBacks (0)

I'm sure everyone that has watched the Matrix has experienced that moment of panic when they realise that they might not be in the real world. In fact, they might not even be real. I'd been thinking along these lines for quite some time when the Matrix arrived on the scene, so I was rather amused at the reactions some people seemed to have when they realised that they had no way to tell whether or not what they saw around them was the “real” world.

Anyway, you might say, that makes me pretty strange, but why am I telling you about this? Well, BBC2's excellent Horizon programme this evening was about time machines. The universe, it seems, has something of a love/hate relationship with time machines; it may be possible to build them (whether you use rotating black holes, pairs of cosmic strings or just very large rotating cylinders is up to you ;->), but it appears that even in the solutions to the equations that allow such ridiculousness, you would be unable to travel to a time before such a machine was built. Which seems rather pointless.

OK, so what has this to do with whether or not I'm real? I mean, that was the title of this piece, right? Well, in rather an interesting twist, it appears that the easiest way to get back to the past may well be to simulate it. Yes, that's right, simulate it. If you assume that Moore's Law continues to hold, then it will eventually be the case that we will have a computer powerful enough to simulate (at the very least) sizeable areas of our universe. Furthermore, assuming Moore's Law still holds at the point at which such simulation becomes practicable, then within a very short amount of time it will be possible to perform it routinely; indeed, within a few tens of years, there would be billions of such simulations. Given that our descendents have an interest in the past, it is reasonable to assume that some of these billions would be detailed replicas of our time. Including us, or at least, models of us that insisted 'til they were blue in the face that they were conscious, and replicated our behaviour down to the finest detail.

The stunning conclusion of this intellectual exercise is that there will be more simulations and hence more models of us than the single original version, and that is before you start counting simulated simulations and so on. That is, the chance that we are real is actually vanishingly small. It is much, much, more likely that we are not!

I have to confess, I would not be the least bit surprised if the scientists and philosophers responsible for these intellectual acrobatics are correct. Indeed, I wonder whether we may already have stumbled across the evidence with which to back-up this bizarre claim; as we investigate the sub-atomic depths of the universe, it seems we keep running across strange phenomena, things like uncertainty, quantum tunnelling etc., many of which strike me as rather convenient properties if you wanted to simulate the universe… that is, they generally appear to be artefacts that would allow the universe itself to hold less information than it would otherwise have to, whilst providing a high level of overall accuracy.

So, perhaps, the real universe is the only one without unusual quantum effects. If so, then we are certainly not in it.

Perhaps this is also the reason that it is so hard to unify quantum physics with Einstein's relativity… perhaps it is the case that the simulation simply isn't consistent.

Posted by alastair at 10:25 PM Digg It | Permalink | Comments (2) | TrackBacks (0)

John C. Welch has written an excellent article on the DHCP vulnerability, explaining why the issue isn't specifically a Mac OS X security hole, and, indeed, that it exists already on the PC (which is what I implied in my post a few days ago). John, however, went into considerable detail on the DHCP side of things.

So, if, as a Mac owner, you are faced with someone crowing over this vulnerability, I suggest you point them at John's article and let them digest it in full. You could also point them at mine at the same time, which explains why Mac OS X is indeed, as we Mac users have claimed all along, inherently more secure than Windows.

Posted by alastair at 8:35 PM Digg It | Permalink | Comments (1) | TrackBacks (0)

The BBC have, over the last year, been running a public vote on Britain's favourite book (or books); needless to say, J.R.R. Tolkien's The Lord of the Rings won by a comfortable margin (although sadly I suspect, more because of the popularity generated by the film than on its merits as a literary epic). I was also pleased to see Douglas Adams' The Hitchhiker's Guide to the Galaxy in the top five, not least because it is somewhat less serious than the majority of the other books in the 21-book shortlist (why 21, I don't really know… evidently the BBC, like God, moves in mysterious ways).

I do think the competition was a bit pointless in many respects though. For one thing, there are an awful lot of truly excellent books out there. For another, I think that so-called “classics” got more than their fair share of the vote. I would be the first to acknowledge that many of the books regarded as classic works are very good, but I think there are a lot of good books out there by authors who perhaps have been overlooked, not having the advantage of being lauded as one of the greats, nor able to generate the vast publicity produced by the Harry Potter or Hollywood marketing machines. Some of my favourite authors, ranging from the science-fiction authors Isaac Asimov and Alastair Reynolds through to such able comedic writers as Tom Sharpe and P.G. Wodehouse were entirely absent from the top 200. Of course, the vote was about the most popular book, rather than the best book, but even so, it's sad that so many wonderful authors failed to make an entry in the top 200.

Still, The Lord of the Rings was voted the favourite of the British public, so I can't complain too much (it is one of my favourites, and was long before the film popularised it).

Posted by alastair at 10:58 PM Digg It | Permalink | Comments (0) | TrackBacks (0)

One thing I really hate is when people discover that I work with computers, they always seem to want to start conversations about them. I would much rather talk about something else (anything else), unless the other person has something genuinely interesting to say (doubtful unless they're a techie themselves or it's an observation about how people interact with machines).

Even more annoying is when people tell me that I only ever talk about computers, which simply isn't true. Usually the people who say this to me are those who only ever speak to me if they want to talk about computers (that is, it's them starting conversations about the wretched things ;->). Yes, I find technology fascinating, but I find lots of other things interesting too… and given that computer software is what I do for a living, I would far rather be talking about art, astronomy, literature, music, politics, religion or indeed just about any other branch of human endeavour.

So, please, World, don't talk to me about computers, unless either:

1. You have something interesting to say, or

2. I start talking to you about them (which I won't do unless I think you'll be interested by what I've got to say).

By the way, for the record, the absolute most annoying conversation about computers that you can try to start with me is the one where you begin with some fatuous remark about how utterly amazing Microsoft software is.

Remember, I'm a software developer, and a fairly knowledgeable example of the species at that (well, so I'm told, anyway); I don't find very much that computers can do amazing, because I know more about how they work than any sane person would ever want to. I find some things that people can do with computers amazing (3D animation, for example, or modelling the physics of a star; even the latest crazy user interface feature from the likes of Apple or Sun), but when you understand how they work from the transistor up, office software and operating systems are very mundane and not really terribly interesting, especially in the context of “Aren't Microsoft products great?”.

Posted by alastair at 1:13 PM Digg It | Permalink | Comments (1) | TrackBacks (0)

Lance Ulanoff has written a gloating article about a security hole in Mac OS X. The particulars of the hole in question were that a user able to run a DHCP server on a network containing Mac OS X systems could take control of Macs connected to that network when they next reboot, basically because they were accepting config. information via DHCP.

Whilst this is certainly a hole you could drive a bus through, it's certainly nothing new, and it's also certainly nothing we haven't already seen on the PC platform; there are literally thousands of techniques that can be used to compromise Windows-based systems if you have direct access to the network they are sitting on, and many more even if you don't.

The author argues that OS X would be just as insecure as Windows if as many people were running it… however, this argument is flawed, in several respects:

1. Mac users do not normally run with root privileges. By contrast, the vast majority of people running Windows have local Administrator rights (the Windows equivalent). This makes it a lot easier to compromise the system, whether by convincing the user to execute a program or script, or by convincing the software they are running to do it on their behalf.

2. Much of the software running on OS X systems originates in the UN*X world, and a large part of that software has been used in some of the harshest computing environments (places like university computer labs) for the best part of 30 years. Windows server and system software is significantly newer; Windows itself has been around for about 20 years, but the versions we run today are based not on that original effort, but on the NT derivative first released in 1993, only 10 years ago. Since then, Microsoft have added large amounts of new code in virtually every release, much of which is (and has proved to be) a potential source of new security holes.

3. OS X is designed to require explicit authentication whenever unsafe actions are necessary, even if admin users are logged-in. This makes it harder to write viruses and other malware because much of it would require an administrator to explicitly authorise it to execute! By contrast, on Windows, anything the administrator executes runs with full Administrator privileges and does not require additional authorisation.

4. Mac OS X uses largely Open-Source components; on the minus side, this means that any security hole in Mac OS X may also be a security hole in other UN*X or BSD-based systems (and vice-versa). On the plus side, however, it is much easier to fix the security holes than it is on Windows (on Windows, you can only really fix them if you are inside Microsoft), and there is a higher probability of any holes being spotted and fixed by white-hats before the black-hats successfully exploit them.

5. Mac OS X does not use the ridiculously insecure NetBIOS protocol (which was originally designed for use on corporate LANs, and it shows). Microsoft still makes extensive use of NetBIOS-over-TCP, which is still the core protocol for many of their server products. Steve Gibson's site, Gibson Research Corporation, contains a great deal of information about why NetBIOS is bad; indeed, many of the current security holes plaguing Windows users (like the annoying popup-message spam) are a direct result of poor security in NetBIOS.

I do agree that the smaller number of people running OS X contributes to the security of the system (because hackers are less likely to bother with it), although it is still the case that hackers do attack UN*X systems of one sort or another, and some of those exploits will work on Mac OS X just as well as they would work on (say) Linux. The cost of Apple hardware is also undoubtedly a factor; it's hard to break-in to a system that you don't have set-up for yourself, not least because many of the more advanced techniques involved in compromising a machine will simply cause crashes unless you get them just right.

Nobody in their right mind would claim that Mac OS X is virus-proof or hacker-proof. It isn't. But it is an undeniable fact that it (a) has fewer security holes than Windows and (b) has additional security measures that make compromise more difficult.

Posted by alastair at 1:31 PM Digg It | Permalink | Comments (0) | TrackBacks (0)

I've been pretty disappointed over the past year or so with the quality of reporting from tech. journalists, both those on the web and those working in the more familiar world of print.

I used to be a regular reader of PC Pro (indeed, I used to subscribe to it), but over the course of the past year I started to see a worrying trend… the articles were becoming less and less informative, less and less useful and more and more full of pointless speculation on Longhammer, Clawhorn or whatever bizarre codewords were the current Microsoft/Intel/AMD flavour of the month. Typically, a less-than-technical “IT professional” would make ridiculous predictions about how Intel would be adding instructions to allow Microsoft to create a database file system that would subsume all content and make way for an SQL Server-based panacea under which the One True Operating System would finally sink all competition and leave us with the glory that is the Wintel monopoly, ending all compatibility issues once and for all (I mean, they were all created by awkward Linux and Mac users anyway, right?). Purleease.

I also think that tech. journalists have lost their objectivity. Many of them may as well be on the Microsoft payroll, for all they write about the industry as a whole; I am quite certain that there are now sections of the IT press who wouldn't even know who SGI or Sun were (other than perhaps observing that “Sun make Java, the competitor to .NET”). Indeed, a worrying proportion of them are so pro-Microsoft that they make unsubstantiated (and irrational) claims about competing solutions in the marketplace. I am referring, of course, to wild claims of “better support” or “lower TCO” for Microsoft-based solutions; the former is simply not true (IBM, HP, Red Hat and Sun all provide excellent support), and the latter is a fiction of almost biblical proportions, the belief of which can only be an act of faith, certainly not grounded in financial reality. I mean, factor in the licensing costs, the client licenses, the cost of anti-virus software (per machine, remember), the additional downtime, the fact that even commercial UNIX (Solaris, HPUX, Tru64, AIX or IRIX) comes with basic features like DNS and mailserver software for no extra cost, the extra hardware costs because of Windows' unnecessarily high system requirements, the cost of year-on-year upgrades, and even the costs of things like backup software which are included in competitors' offerings. Then factor-in the lock-in; the difficulty of switching away from Microsoft-based solutions once you've got them. They don't seem quite so attractive now, do they?

As for the age-old “Microsoft is the industry-standard”, granted, a lot of business users use Microsoft Office because they feel that that's what business users do. But given the extent to which many users actually make use of Office, they'd probably be better off with Wordpad. Or, for a full office suite, something like OpenOffice or its proprietary brother, StarOffice; the former is free, whilst the latter costs between $50 and $25 per user ($80 retail). Both of them support the majority of the day-to-day features from Office, and both are capable of reading and writing Office-compatible document files. Indeed, in some areas, they are actually better than Microsoft's offering, not least because of features like built-in PDF export, an XML-based file format, FLASH export for presentations and OpenGL support for 3D elements. Yet many IT departments don't even think of switching their companies to OpenOffice or StarOffice at the next round of upgrades. Personally, I find this failure to properly and objectively evaluate alternatives unprofessional, not to mention a highly questionable waste of companies' (and therefore shareholders') money.

Posted by alastair at 11:58 PM Digg It | Permalink | Comments (1) | TrackBacks (0)

I just ran a whois query, and, yet again, my senses were assualted by Network Solutions' voluminous legal mumbo-jumbo. Apparently,

“By submitting a Whois query, you agree to abide by the following terms of use:... etc etc”

Personally I fail to see how this would ever be enforceable. For one thing, you see it after you have submitted your query, not before, and for another, if you are using a whois server other than Network Solutions', it is quite possible that you won't see their legal boilerplate unless you look-up a .com domain (for example).

Where has common sense gone? This rubbish wastes over half a screen of my scrollback buffer, is unenforceable by virtue of the fact that you cannot agree to terms that you have yet to see and is totally unnecessary. If Verisign wish to publish terms of use for their Whois server, fine… but they should put a URL in the output. In fact, this URL would do nicely.

Similar logic applies to corporate e-mail. Why, oh why do corporate IT managers insist on tacking-on some huge unnecessary boilerplate (often two or three times larger than the actual e-mail) to inform us that we shouldn't take any opinions expressed in it as the opinions of the company, that we perhaps shouldn't have read it in any case (remember, for the most part these legal boilerplates are tacked-on at the bottom of the message), and that given that we shouldn't have read it, perhaps it'd be better if we deleted it and forgot about the whole thing?

Do they not realise how embarrassing it is for their employees? That they don't trust their employees to make sensible comments, or even to send messages to the right place! Yet employees of most companies are free to write letters without the company adding a boilerplate. Even on company headed paper, if they want.

And then there's the dilemma of what to do with the wretched things when they end-up as posts on mailing lists. Or, worse still, in the mailing list archives. Technically speaking, the bit about not being the person to whom the e-mail was written probably applies. So we should delete them, right? D'oh!

Then there's the latest pet hate of IT directors… Instant Messaging. Employees might actually communicate with the outside world…shock, horror, we didn't realise that. Better put a stop to it before all of our sensitive information leaks to our competitors. No, no, no! Your employees can leak information to your competitors much more easily without using IM programs, and, equally, there are much easier ways for your competitors to obtain such information without snooping on your data traffic (which, by the way, is actually quite difficult… much harder than, say, bribing an employee, tapping a telephone line or even just walking into your building and taking it!).

Employees use IM the same way they use SMS messages on their mobile telephones, to communicate with their friends. The only convincing argument against IM software is that it might circumvent your firewall, but there are ways of dealing with that.

In any case, I think the IT world is coming at the problem from entirely the wrong angle. It's very easy to be influenced by the media, who have a vested interest in over-hyping things (because it sells newspapers, right), into taking an altogether too draconian approach to IT security. Indeed, some of the companies who operate in this area are also guilty of hyping it up (well, it does sell their products, after all).

I propose a better, entirely novel solution: trust. Trust your employees. If you're uncomfortable about doing so, then call a meeting and tell them that you're going to try trusting them, just to see how it feels. Tell them that they will have to take responsibility for their actions (so, if they say something stupid that gets the company in hot water, then they'll have to explain themselves), but let them know that it is their responsibility.

People aren't machines, and they don't appreciate being treated as such. Sure, they make mistakes, but everyone understands that (even the courts). Give them enough rope to hang themselves, and, if they don't, then you'll probably have more productive staff.

Put an end to Corporate Legal Nonsense, while we still can.

Posted by alastair at 10:04 PM Digg It | Permalink | Comments (0) | TrackBacks (0)

If there's anyone out there who is thinking of purchasing a Belkin Wireless Access Point and is actually going to use the thing, don't bother. I bought one, quite some time ago now, and soon discovered that it trashes its WEP key occasionally, usually part-way through transferring large (compressed) files. OK, I thought, perhaps this one's just broken. So I contacted Belkin, who were very helpful and even sent me a replacement before I'd returned my original unit.

Sadly, that one doesn't work properly either. It forgets its WEP key less often than the original unit, but it still does it, which is annoying, not least because you can only reset the key from a PC running Windows (for those that don't know, I defected to the Macintosh some time during 2002, and haven't looked back since).

Anyway, I got fed-up and did what I should have done in the first place… I bought an AirPort. Owing to the fact that I didn't want to run all Internet traffic via the AirPort (largely because I have a DSL router with a built-in Ethernet switch), configuring the thing took me a few minutes longer than I had anticipated (but only because I was indecisive about whether my LAN should be connected to the LAN port or the WAN port on the AirPort). I was a little concerned about the lack of an external aerial, but it seems to work fine.

The really neat thing (which I didn't really expect, since I was just buying something to replace the Belkin unit) is the USB printer port. I could already print to my laser over the wireless link (the laser printer in question has a network card), but the addition of the AirPort has meant that I can get at my inkjet as well :-)

Posted by alastair at 5:43 PM Digg It | Permalink | Comments (1) | TrackBacks (0)

OK. I think I've finished the redesign now. A big improvement over the original (default) template, I think you'll agree.

The site also now has a spam filter (thanks, Matt), so hopefully no more unwanted adverts for Viagra. I hadn't really been paying much attention/spending much time on my weblog, as I've been busily beavering away on my program, however this entire spam incident increased my desire to really sort it out.

Anyway, I'm afraid that I haven't validated the HTML (or indeed the CSS). It seems to work OK in Safari and Internet Explorer (the Mac version, at any rate), which is enough for me, for now.

Posted by alastair at 3:30 PM Digg It | Permalink | Comments (0) | TrackBacks (0)

I'm in the middle of doing a new style for my site. If you're looking at it in the meantime, it might be inconsistent or just plain wrong :-( Please bear with me.

Posted by alastair at 12:12 PM Digg It | Permalink | Comments (1) | TrackBacks (0)

Aaargh!

The spammers just get worse. Now they're spamming weblogs as well as everything else. Just to make it absolutely clear, the comment facility on this weblog is provided for legitimate readers only; use for advertising, including but not limited to advertising of a possibly offensive nature, is expressly prohibited. You are only authorised to access the comment system for the purposes of responding to an entry on this blog, or to reply to a comment that was a response to an entry.

Posted by alastair at 4:35 PM Digg It | Permalink | TrackBacks (0)