Thursday, 26 February 2015

No Comment

Many interesting things happened today, no doubt about it. I learnt that the much anticipated Deluxe Edition of Led Zeppelin's Physical Graffiti is finally out. But then I also learnt something about Google's use of CAPTCHAs.
You probably encountered many of those during your journeys through the Internet. You know, those annoying things that ask you to type a cryptic pattern of text in order to verify you are no bot? Well, Google recently took them a step further. The layman thought this was in order to make the human verification process simpler; but the cynic read this article to learn that Google's CAPTCHAs are just another trick from the vast Google arsenal that is aimed at sucking in more private information from the people of this world.
Since Google's CAPTCHAs are a required step when one seeks to leave a comment on the pages of this blog, I urge you to not leave comments here.

Wednesday, 25 February 2015

Great Expectations

A friend had recently told me of their school plans for their toddler.
At the area they lives in there is only one high school that's considered good. It happens to be a Catholic school. In order to ensure the child will be able to get into that school, the parents need to have to child enrolled into a feeder primary school; naturally, this feeder school is also a Catholic school. In order to be able to register the child to that feeder school, the parents are required to have their child baptised. In order to achieve baptisation, the parents need to attend meetings with a Catholic priest, get their child presented before the congregation, and attend mass. Which is quite a pain, but even more of a pain given they are agnostics who generally try to steer away from religion.

I know what you're thinking: you've been reading this blog for a while, you know what this blog's attitude towards religion is, and you're pretty sure I'm telling you the above story in order to express my utter disgust with a parent about to sacrifice their child on a Catholic church's altar.
Thing is, I'm not. It would be very hard for me to criticise a parent who, lacking in choice, goes to great lengths in order to provide their child with the best education on offer. Sure, I think I can say with certainty I am never going to send my child to a Catholic school, but I am also not in a position to criticise my friend here.
The real problem is not my friend sending their child into the throes of the Catholic church. The real problem is with Australia's education system. And the real problem is with Australian culture, a culture that sends parents very strong signals telling them that sending their child into a state run high school is the equivalent of rape while sending them to a private school is far more an indicator of social status than wearing the dearest Rolex and driving a Ferrari.

I will admit feeling the stress myself.
Almost everyone around me is planning on sending their children to private high schools. Due to the waiting lists involved with that, the majority has already put their children in some private school's waiting list since they were of the age 0. As a direct result of doing so, these parents have pretty much signed and sealed their kids' path through school, from Prep to VCE.
In contrast, I stand out as a parent who has no idea what high school would even be remotely suitable for my child, not to mention sorting enrolment out. The conclusion is therefore obvious: I'm a bad parent who is letting his children down by failing to secure the best education for them.

Image by, Creative Commons (CC BY 2.0) licence

Sunday, 22 February 2015

Tightened iOS App Tracking

When one spends double or more the amount of money in order to put one's hands on one of Apple's gadgets, one's sanity has to be examined. Apple smartphones cost about double that of Androids of similar technical prowess, so the rational person needs to justify the waste. With me, one of the main justifications is privacy: iOS is almost always better at looking after the privacy of its users than Google's Android.
However, as I have already discussed here, the differences tend to be in the flavour rather than essence.
App tracking offers a case in point.

I am not a fan of Apple's sealed garden approach, as implemented through its AppStore: any app developer that wishes to have their code to be considered for sale in the AppStore needs to comply with rather draconian terms & conditions. On the positive side, those terms & conditions include clauses intended to protect users.
One such protection measure is an obligation to avoid tracking app users via unique identifiers. Want to identify and track your app users? Get them to create an account or login through Facebook; however, you - as a developer - are not allowed to track an iPhone/iPad user just because they bothered to install and run your app.
This measure does not only sound like a great privacy protection measure; it is a great privacy protection measure. It allows users to enjoy the best of what the AppStore has to offer, such as the tons of quality games kids can play with, without fear of them being the victims of corporate marketing schemes.
Hooray to iOS!

Wait a minute.
As Apple security expert Jonathan Zdziarski has been pointing out lately, Apple hasn't been particularly good at enforcing its own policies. All the while, developers have been quick to cease on the commercial opportunity offered by Apple's recent relaxed attitude in order to make a buck out of the millions of unsuspecting iOS users out there.
I noticed the trend myself with games that seemed to know who I was despite me never logging in to anything and despite me uninstalling their games and reinstalling them back on. Never saving the game or backing them up anywhere did not prevent them from knowing exactly where I got to in the game last time around.
Then there the examples Zdziarski comes up with. Unlike your truly, Zdziarski comes up with proper evidence to support his claims with. He clearly demonstrates how Google abuses the privacy of the Waze navigation app users and how Apple turns a blind eye to these abuses, probably because Google is not a monster worth getting into a tassle with. Zdziarski's is a must read analysis of a privacy policy that should be labeled "no privacy policy" instead, especially given Waze's popularity; I am very well aware of just how popular this app is with Israeli users, for a start.
Zdziarski does not stop with Waze. He looks at Whisper and he points out at how this blog's favourite con, SuperFish, was also able to get away with abusing Apple users.

All of which brings me to say:
Dear Apple, if you want me to continue wasting my money with you, you need to make sure I get my money's worth. Lately you've been quite effective at demonstrating the exact opposite.
Sure, Google is much worse than you. But the thousand dollar question is, is Google a thousand dollars worse than you?

Image by EFF, Creative Commons (CC BY 3.0 US) licence

Saturday, 21 February 2015


Over the past day or so I have been reading an intriguing amount of intriguing analysis over the latest computer world privacy fiasco coming at our direction from the House of Lenovo.
In case you haven't heard about it, the story goes like this. Since some time during 2014, Lenovo has been installing software called SuperFish on many of its Windows laptops. SuperFish thus joined a long line of bloatware computer purchasers get when they buy a preinstalled Windows computer, but unlike normal bloatware SuperFish is actually adware. And not just your regular adware, it is proper malware.
The way this application works is that it analyses whatever you're viewing online, regardless of the browser you use and regardless of whether you do so with an encrypted/secure connection or not, and replaces the ads on the pages you're watching with ads from Lenovo. If you run a website whose earnings are built on ad viewing, tough luck; Lenovo will take what should have been your money.
It gets worse. In order to do what it does, SuperFish replaces any security certificate used while browsing with its own. Thus when you think you're conducting your online banking with your bank, you could actually be dealing with any weasel out there who knows their way around the SuperFish's certificate (a kind of hacking attack known as "man in the middle"). And we have plenty of weasels out there: on the left side of the map we have the NSA, on the right China, and in between there are plenty of nice people who would love to get between you and your wallet.
But wait, it gets worse. As it turns out, SuperFish uses a single certificate in all of its installations. This means that all it takes is for this certificate to be cracked once before all Lenovo SuperFish users are under the radar. Lucky for them, the guy who discovered the problem already manage to crack the certificate, and quite easily so; surely, he's not alone there.

If you're stuck with such a Lenovo machine, you're rather limited for options.
Uninstalling SuperFish is a fine start, but it won't do on its own without removing the SuperFish certificate, too. The catch is that such an operation is not a trivial act to the vast majority of Windows home users. You can read more on how to do it here.
The optimal solution to the problem is to reinstall Windows from scratch. No, you cannot use the Windows image Lenovo gave you, because that would just reinstall SuperFish together with all the rest of Lenovo's approved bloatware. Indeed, as this guide attests, reinstalling Windows is not a trivial operation even for people who know their way around such operations, let alone your typical PC user.

Lenovo's reaction to the affair demands its own post.
First it came out with a statement along the lines of SuperFish being a service to Lenovo users in order to help them become aware of goods and services they were previously unaware of.
Eventually, in the third round of company replies, they acknowledged the problem but added that they have ceased the SuperFish servers. What a problematic reaction this is! For what does it say about Lenovo if it had central control, an HQ of sorts, for spying on all of its clients' allegedly secure online operations? Second, the fact Lenovo ceased the servers has zero effect on any hacker's ability to abuse the SuperFish certificate that is still very much installed, and come in the middle of a user and their money.

Now for my personal observations.
First, I would like to note that the chances of me ever touching a Lenovo PC again have significantly diminished. It is worthwhile noting I am making this statement just a few days after I have shortlisted its Thinkpad X1 as one of two laptop models to replace my current Windows laptop with. For the record, my current Windows laptop is a Lenovo.
Second, the affair raises doubts about the Windows ecosystem as a whole. Virtually all Windows laptops come with bloatware; what guarantee do I have that Dell, Asus or any of the other Windows laptop manufacturers do not pull the same trick on me as Lenovo? As long as those companies rely on bloatware for their bottom lines, none.
I do not have many options left if I want to avoid such concerns altogether. Fact of the matter is, I need a Windows PC for work purposes; I much prefer open source systems, like Ubuntu, and most of the time I am an Apple OS X user, but with all the love I have towards the latter two I am still forced to use Windows. It therefore looks as if my next Windows laptop would be... an Apple MacBook Pro, on which I will install Windows in a separate partition. It's a very expensive solution, I know, but at least I would get to enjoy Apple grade hardware in the process (and if you don't know what I'm talking about, try using an Apple laptop for a week or so and then go back to your average Windows laptop; once you come close to perfection, going back is very hard).
Third, and last, and perhaps most importantly, I want to ask a simple question: where was the NSA in all of this? Or, for that matter, the GCHQ? The NSA is an organisations with billions in its budget whose role is supposed to be the protection of Americans. Well, where was the NSA when it came to protecting American Lenovo users, undoubtedly numbering in the millions?
There are two possible answers to this question. One is that the NSA was simply unaware of the problem, in which case we may as well ask whether it is worth all the taxpayer money it is sucking out of the economy. The second is that the NSA knew about the whole affair, but chose to sacrifice the security of the people it is meant to protect in order to be able to tap on the seemingly secure online activities of all Lenovo users (and who cares if the Chinese or any two cent hacker can do the same just as well?).
Then again, by now it is taken for granted there is no low the NSA won't sink deeper from.

Image by Graham Holliday, Creative Commons (CC BY-NC-SA 2.0) licence

If you'd like to learn more about Lenovo's SuperFish affairs, I recommend the following sources:
  1. Ars Technica
  2. Anandtech
  3. Jonathan Zdziarski
  4. InfoSec Taylor Swift tweeted a lot about the affair.

Tuesday, 10 February 2015

Physical Graffiti

One of my core music related pursuits, in this age of Spotify and the seemingly unlimited availability of music, is to scan through new music on a daily basis in order to find those rare gems that are worth re-listening to. By now this is done in a very slick, mechanical like manner: I have my regular sources for identifying new music, and I just go through most of their offerings one by one.
I guess it is almost like an obsession. I dedicate so much of my time to finding good music and less of my time to actually listening to the good music I have already found. All the while there is this lingering fear: I must listen to this and that pieces of music, because Goddess knows what would happen if this best album of the year would slip right between my ears. And it's not like I do not discover, quite frequently, there was this great album that I have missed which was released a few months back and really stands out.
One can easily see that this pursuit of mine is doomed. By virtue of the filtering process itself, it is hard for music to stand out before my ears. Perhaps this is the reason why, lately, I can't get no satisfaction. Finding good new music is hard, and lately a generally disappointing process.
But there are exceptions to the rule. This post is here to tell you of my favourite new music.

First comes an album from a band you might have heard of. It's called Pink Floyd, and a few months back they released their first album in like 20 years, The Endless River. Perhaps the most notable feature of this new album is that one of the musicians taking part, Richard Wright, has been dead for almost ten years now.

Yet, for this Pink Floyd fan, the album sounds good. More than good, it's great. I did not like the Floyd's previous album, 1994's The Division Bell; indeed, it is the only Pink Floyd album I dislike. But Endless River is good; it is classic Floyd. An album whose greatest achievement was to make me skin shiver the way it hasn't shivered in the decades since I last heard a Pink Floyd album for the first time.

The Endless River, however, is not my favourite newly released album. That title goes to a bunch of new albums released by a guy called Jimmy Page. This Page guy has been busy lately, going through the archives of this band called Led Zeppelin and releasing deluxe editions of its albums. Mr Page has been going through them one by one, from Led Zeppelin (the first album bears the band's name) to - as of this point in time - Houses of the Holy.
The result? Some of the best releases of recorded music in history, period. Personally, I cannot wait for Page to get a move on and re-release the next album in his pipeline, Led Zeppelin's best - Physical Graffiti. [No, I won't argue with you too much if you were to claim Led Zeppelin IV is the best; but one has to agree that songs like In My Time of Dying and Kashmir pack a mean punch.]

You can dismiss this post and the claim I have made in the previous paragraph as the words of an old person stuck with 50 years old music. Hey, I'm a firm believer in freedom of speech, so yeah - go ahead and say it, if this is how you feel.
Yet, for me, it is definitely a case of "they do not make them like that anymore". The surprising thing is that neuroscience had caught up with the world of music geezers such as yours truly and is now offering an explanation for this phenomenon. I'm talking about the phenomenon that makes people, everyone, claim that the music they grew up with is so much better than the new trash that passes for music nowadays.
Apparently, chemical processes in the brain solidify the music you have heard through your teen years so that this music becomes your baseline. In my case, that music happened to be composed of primarily of Pink Floyd with Led Zeppelin claiming a fair share. Your own mileage will vary.

Science aside, I think there is more to it. I really do think that today's music isn't half as good as that of Led Zeppelin, and the evidence I bring to the table is in the above video of Led Zeppelin performing Stairway to Heaven live at Madison Square Garden.
Fast forward to 6:30 minutes in and witness the above mentioned Jimmy Page play guitar.
Now, I'm sure you're familiar with recent theories claiming that it takes about 10,000 hours of practice to make a person into an expert in something. Well, watch the video and you will witness an expert at work: it stops being Jimmy Page playing guitar and it turns into Jimmy Page being a guitar.
It's not just Page; the same can be demonstrated for band members John Bonham and John Paul Jones. Listening to In My Time of Dying, either in its original album release or the recent 2007 performance through my headphones powered by my USB DAC makes that very clear.
So yes, best music ever.

Wednesday, 4 February 2015

The Strange Case of Dr Jekyll and Mr Hyde

It was obvious long before Borders went for a date with St Peter that the establishment we know as the book shop is on its way to heaven. Between the might and magic of Amazon and the game changing concept of ebooks, not much wiggle room is left for your friendly neighbourhood shop. So no, I was not surprised to read yesterday that a famous San Francisco book shop is closing down, although I will admit the reason – being unable to pay its employees the minimum wage now that the minimum wage has been raised – did make me feel for the average American employee. Stuff that the people of other countries take for granted, like leave days and a decent salary for doing one's job, seem to be a bonus in the Land of the Free.
The news did make me reflect on the book shops of my childhood. One of them, Mr Hyde Books, still stands erect at Israel. I even paid it a visit last year.

At its day, Mr Hyde claimed to be the biggest book store in Israel (actually, the sign in the above photo still makes the claim). In my memories it is still a gigantic venue, the hall of many a great childhood memories. Mr Hyde was where I bought my copy of Frederik Pohl’s Gateway, a cornerstone book in the genre of science fiction and a very influential book as far as this blogger’s imagination is concerned. Mr Hyde was the place I could get my copies of Mad Magazine, including two issues whose memory will remain forever etched in my head – the one featuring Inbanana Jones and the Temple of Goons and the one featuring Top Gunk.
So yes, I was curious to see what’s going on in that giant hall of fame nowadays. I got my chance last year and went in.
Gone was the giant book shop of my memories. Yes, I know I am influenced by the standards of scale of Australian shops, but that "biggest book store in Israel" looked small! I guess the worst thing about it was not the size; it was the fact this was no longer a book store, at least not what I would call a book store. Shelves that used to host the best of human imagination now store junk one would expect to find at a $2 shop; the few shelves that are dedicated for books host used books, to be bought and sold in bulk for next to nothing.
Hall of fame turned out to be more like a hole of fame. Then again, as a regular shopper at your local Amazon or Book Depository, and as an avid consumer of ebooks that now considers paper an abomination, who am I to complain? I cannot mourn the loss of the book store when I represent the very reason for its extinction. Yet I still do.