Thursday, December 27, 2012

First Look - Lightning Returns: Final Fantasy XIII


Final Fantasy XIII was a little... well, different, than its predecessors in the Final Fantasy heritage.  They changed whatever was left of the classic formula from soup to nuts, from the overland battle encounters to the new ATB fight system, the whole stagger tactic, the Eidolon system and gestalt versus summons, bloopity blah, bloopity blergh, bloopity blooey.  The list goes on.  And as expected, most of that held into Final Fantasy XIII-2 starring Lightning's younger sister Serah.  But in Lightning Returns, the latest game in the XIII universe, Lightning takes a page from Vincent Valentine's book in Dirge of Cerberus and flies solo as the only playable character.  There are no parties of three or team paradigm shifts in the sense we're used to, just Lightning being a badass starring in a one woman show.  Seems a little strange for a Final Fantasy title, but if any of you unlocked her Army of One ability in FF XIII, then you should find it wholly believable.

... Even though you (well I) had her in Commando mode all game only to find out that this ultimate ability of hers is in her Ravager tree and then you have to switch up your parties and ALL your paradigms to re-align stuff with a crystarium points farm and...

Sorry.  Got kind of carried away there.  But while I'm on that point, come on guys. Come on.

At any rate, the video (which you can see here on IHOGeek's YouTube channel) and screens for Lightning Returns provided by Square-Enix show our heroine jumping from ledge to ledge and over/through obstacles to get around on the overworld map instead of just running around to the next checkpoint, more the way Dante or War would in Devil May Cry and Darksiders.  And that mechanic is both the reason I'm looking forward to it as well as the reason I fear for it.  I'll get into that in a bit.

Once in a battle Lightning seems to be freer in her movements and attacks in taking on enemies - able to issue commands and change up style on the fly.  So while there's still some of the elements of the XIII universe that we know and love left untouched, in battle mode it looks like menus and auto-attack has been replaced with assigned commands, with each of the four main buttons on a Xbox 360 pr PS3 controller mapped to something different.  An example from one of the fights in the trailer, the player has the four commands set as Light Slash, Heavy Slash, Evade and Blizzaga.  Each of these four commands look like they will change when Lightning changes paradigms - and from what we can see so far those are called Divinity, Enchanter and Cerberus corresponding to defensive, magic and physical styles.  Seems to me like that would provide a ton more options that a single character has, which is a direction that needs to be taken when she's the only one you've got.   An arsenal at the ready and tweakable skills look to make it so that players can make Lightning their own.

Now back to what I was saying before.  As I mentioned, the action/platformer element of this game is both the reason I want to play it and the reason I fear for it.  Square-Enix did the same kind of thing in their Final Fantasy VII universe - spinning off a different genre of a game with Dirge of Cerberus.  DoC featured Vincent Valentine in a first person shooter style game, and while it was fun, I felt like they didn't go all in with it, and it was enough of a departure from the lore to seem like an attempt to expand the franchise.  Now in that sense, Lightning Returns isn't in the same boat.  It's a legit part of the FF XIII continuity.  My hope is that these elements are added the right way, and act as an enhancement instead of simply another method of trying to keep the franchise fresh.  Either way, I'll be playing through Lightning's final journey for sure.

Oh, and by the way kids - the game will limit you to 13 days of play time to get it done.  Secret methods notwithstanding, finish in 312 hours or the world ends in chaos.  Have fun!

Thursday, December 20, 2012

After THQ Partnership, Humble Bundle Goes Back to Its Roots

People love bundles.  They just do.  Computers come bundled with software.  Xbox 360’s come bundled with Kinect goodies.  Hell, some coffee makers even come bundled with coffee.  It’s inherent in humans to want value and there’s nothing wrong with that.  And gaming’s no different – there are always bundled deals on Steam and sites like Good Old Gaming that give gamers value in quantity on the cheap.  That’s probably one of the reasons why I love Humble Bundle, a company that has been selling game bundles with a slightly different business model.  They allow customers to decide how much they want to pay – as little or as much as they like, as well as how to split the distribution of that money between the developers involved, the company and charity.  Two great causes that are always on the menu are the Electronic Frontier Foundation, an organization that fights for your digital rights and the Child’s Play Charity, the brainchild of Penny Arcade’s Gabe and Tycho to help children in hospitals.

The first bundle was introduced to us as the Humble Indie Bundle in May 2010, showcasing (naturally) games from independent developers, including AquariaGishPenumbra: Overture and Lugaru HD.  An admirable package, especially when the cost to me was whatever could pay or I wanted to or pay.  I was attracted to this first bundle because it also included World of Goo, a strange and gooey bridge building game that spoke to the engineer in me.  So I ponied up some bucks, it split it between the devs, the EFF and Child's Play, and went on my merry way with a handful of downloadable, multi-platform, and more importantly, DRM-free games.  And it was a win for everyone involved - I got games, the devs got some dough as well as some publicity, and some worthy non-profits got donations.

Luckily for everyone involved, the program continued, spawning around 20 additional bundles from 2010 to now serving up great indie DRM-free games to the masses.  A couple of them were even for books and music.  Last month though they switched it up a little bit, partnering with THQ for an exclusive bundle of their games instead of sticking with the indie route.  There was some solid stuff in there – Saints Row The ThirdDarksiders, a couple of Company of Heroes titles, Red Faction Armageddon and Metro 2033.  Users could still pay what they wanted and decide how much of it went to non-profits,  but with a minor difference in this iteration – what users would get were Steam keys instead of DRM-free downloads, and cross-platform became Windows only.  This in turn caused humble loyalists to splinter into two camps – those who loved the idea of being able to get triple A studio games for pennies on the dollar, and those who thought that a partnership with THQ was a betrayal to the brand that had been built since their first indie bundle.  The former's argument was tough to argue against – it was a pack of games that would normally cost hundreds available for just a few bucks.  The latter on the other hand, felt that this was a great deal for THQ, who was teetering on the brink of implosion, to use the Humble name for a last ditch sales effort and sully the Humble brand image.

In the end I guess it didn’t work out for THQ on its own, since as of yesterday they filed for chapter 11 bankruptcy.  They were rescued though, so their upcoming titles will in fact stay under development instead of being tossed in the bin.  Clearlake Capital stepped in with some cash to save the day, and in the process revealed three new titles THQ has in the pipe - Evolve from Turtle Rock, 1666 from THQ Montreal and Atlas from Relic.

But I digress.  As good as the THQ bundle offer was for users (well, Windows users), and despite the $5 million they raised in 2 weeks, there was fear out there that Humble had abandoned its indie roots and settled on a Windows-only “Steam key” platform moving forward.  But that simply isn’t the case.  In response to questions from Ars Technica, the folks at humble assured fans that they will “never stop creating Humble Indie Bundles... and the other bundle types we've successfully launched this year. But we’re also eager to see if our pay-what-you-want plus charity model meshes with critically acclaimed AAA content as well.”  And they made good on their word.  Their new bundle is the Humble Indie Bundle 7, and I think it’s one of the best ones they’ve released yet.  The new set includes the already popular Dungeon Defenders, as well as the movie Indie Game.

It was important for them to come back with this Bundle quickly after the THQ partnership, if anything else to let users know that they will never abandon their roots – great games, pay what you want, money for charity, a cross-platform experience, and no DRM.  Check out humblebundle.com to not only grab HIB 7, but every bundle going forward as they become available.  You can do some good while filling your game library.

Thursday, December 13, 2012

Promising Fan-Made Gem to Shine as Capcom's Street Fighter x Mega Man

When I was a wee lad, my first console was an NES. And even back then when the world lived and loved 8 bits at a time, I became a fan of Capcom – a lot of the games I enjoyed playing came out of Captain Commando’s namesake house, many of which went on to become classics. And they had style, kids. I flew in the war in 1942, played soldier in Commando and its Bionic sequel, channeled my inner avian billionaire in Duck Tales (woo-OO-ooh!) and even placated my pizza gluttony with Yo! Noid. But Capcom’s hallmark on the NES was the Mega Man series. We all loved that little blue rascal for reasons that I’ve really only been able to verbalize retrospectively – simple and fun controls, awesome music, character design that made sense, and some openness too with a range of weaponry as well as a choice of which order to fight the robot masters in.

My next console was the SNES, and again Capcom didn’t fail to deliver. A little older and a little more sophisticated (for lack of a better word), there was a different level of appreciation for Capcom’s 16-bit titles like King of Dragons, the Final Fight series, and even Breath of Fire on the RPG front. But again, like they did on the NES, they had one series shine above and beyond the others in the SNES era – Street Fighter. It was fun for some of the same reasons as Mega Man, with the added bonus of being able to play with and/or shame your friends publicly.

 So if you’re in the same boat as me (which I’m just going to go ahead and guess that you are) then you’ll share in my excitement about the following – in just a few short days Capcom will be officially releasing a glorious amalgamation of those two franchises, giving them the crossover treatment in Street Fighter x Mega Man. For free on the PC to boot. Players will don the arm cannon once again in a NES-style environment complete with 8-bit remixed tracks. The only difference is that instead of the classic Robot Masters we’re used to, stars from the Street Fighter roster step in, each with their own custom movesets and weapons that can be won. Sounds crazy, right? Check out the trailer on Brelston’s blog at Capcom where seeing is indeed believing, my friends.

But there’s more to this than just a nostalgic crossover. It’s a fan-made nostalgic crossover that Capcom really wasn’t the primary developer for. The man behind the scenes is actually Singapore’s Seow Zong Hui, a “superfan” and Street Fighter competitor that approached Christian Svensson at the EVO 2012 event with a prototype on his laptop. Svensson in turned shared it with Capcom’s GregaMan and Brelston, who were so excited about the game that they’re using it to kick off Mega Man’s 25th anniversary. The game will be available for download on December 17th through the Capcom-Unity blog. And it couldn’t have come at a better time, with Capcom fans clamoring for more Mega Man.

What really made me smile about this story is the fact that it was an example of a publisher embracing the work of one of their fans. The gaming community has seen a lot of unofficial fan-run projects in multiple forms of media get canned because publishers started flailing about with intellectual property claims and legalese-equipped flak, regardless of how awesome they looked. As an example Square-Enix killed Chrono Ressurection, an unofficial sequel to Chrono Trigger I was really looking forward to a few years back. And just this year Sega brought down the hammer on a fan-made Streets of Rage remake, that was made with fully original code and eight (that’s 8) years of work.

And I’m glad to see Capcom go the other way. Taking the highroad and believing it would be something fans would enjoy was the only criteria they used to make this decision. They didn’t lawyer up and scream “infringement."  And that connection to the fan community is something that should be inherent in publishers, and something I saw up at New York Comic Con as well. Not only on their Street Fighter 25th anniversary events but at their booth and on the floor they were all about fan engagement. I had a couple of questions about their new title Remember Me and the Product Manager just gave me her direct email address if I needed anything else, even as just a fan and not press. And Yoshinori Ono, producer for the Street Fighter series (God bless ‘im) was there in the mix too, dressed up like Chun-Li and on the floor interacting with a wave fans in whatever little English he had. That’s the kind of thing I like to see, and hope for more from some of the other big names.

Looking forward to giving this a go when it drops on Monday. And really, good on ya, Capcom.

Thursday, November 29, 2012

Some Gas in Every Tank and a Lie in every Fuel Gauge [tf charts]



Sort of off topic, but practical, so here you go.

So this morning i get into the car a little late, and notice that my gas fuel gauge has the needle steady riiiight about the 1/4 tank mark.  One way for me is 26 miles, so my brain said "yeah, I should be good."  I mean looking at it physically, 1/4 of a 16 gallon should net me about 115 miles.  But it's not true.  IT'S ALL LLLIIIEEESSSS.  Click the image to see it full sized and legible.

In my gut I knew better.  All the cars I've driven suffer from a similar issue - the gauge drops from full to 3/4 at a very slow rate.  then from 3/4 to 1/4 it plummets like a stone, only to slow down again at the 1/4 mark.  Of course my gut was right.  Over 26 miles 1/4 dropped to 0 and that fun little fuel light went on, luckily enough to get from work to the gas station.

You see this auto builders?  That noise just ain't right.

Monday, November 26, 2012

The Great Facebook Copyright Hoax

Look kids, I like helping you out.  I do.  I like giving you reviews on stuff.  I like telling you about cool and nerdy things.  I even like helping to make sure that your digital life is secure and safe.  But sometimes, every once in a while, it's my responsibility to step in and help protect you. Not from viruses or malware.  Not from hacks or security holes.  But from yourselves.

What brings this up tonight are some things I've been seeing on my Facebook feed.  I thought it was debunked and killed around the time of the Facebook IPO only to see it rear its ugly head again a couple of months ago.  And then when it came back, I again thought, foolishly, that it was sufficiently slain and done with.  But social media has a way of enhancing the viral power of internet memes and their dark cousins the hoaxes, where this is the tale of the latter.  This thing spread like wildfire, with users copying and pasting quicker than my news feed could keep up, until I'd had enough and decided to lay it out for you all.  Take a look at the examples below, then stay with me while I tear into them.

Example 1: For those of you who do not understand the reasoning behind this posting, Facebook is now a publicly traded entity. Unless you state otherwise, anyone can infringe on your right to privacy once you post to this site. It is recommended that you and other members post a similar notice as this, or you may copy and paste this version. If you do not post such a statement once, then you are indirectly allowing public use of items such as your photos and the information contained in your status updates.

PRIVACY NOTICE: Warning - any person and/or institution and/or Agent and/or Agency of any governmental structure including but not limited to the United States Federal Government also using or monitoring/using this website or any of its associated websites, you do NOT have my permission to utilize any of my profile information nor any of the content contained herein including, but not limited to my photos, and/or the comments made about my photos or any other "picture" art posted on my profile.


You are hereby notified that you are strictly prohibited from disclosing, copying, distributing, disseminating, or taking any other action against me with regard to this profile and the contents herein. The foregoing prohibitions also apply to your employee , agent , student or any personnel under your direction or control.


The contents of this profile are private and legally privileged and confidential information, and the violation of my personal privacy is punishable by law. UCC 1-103 1-308 ALL RIGHTS RESERVED WITHOUT PREJUDICE


Example 2: In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, comics, paintings, photos and videos, etc. (as a result of the Berner Convention).

For commercial use of the above my written consent is needed at all times!
(Anyone reading this can copy this text and paste it on their Facebook Wall. This will place them under protection of copyright laws, By the present communiqué, I notify Facebook that it is strictly forbidden to disclose, copy, distribute, disseminate, or take any other action against me on the basis of this profile and/or its contents. The aforementioned prohibited actions also apply to employees, students, agents and/or any staff under Facebook's direction or control. The content of this profile is private and confidential information. The violation of my privacy is punished by law (UCC 1 1-308-308 1-103 and the Rome Statute).


Facebook is now an open capital entity. All members are recommended to publish a notice like this, or if you prefer, you may copy and paste this version. If you do not publish a statement at least once, you will be tacitly allowing the use of elements such as your photos as well as the information contained in your profile status updates


This hoax can be seen in a number of status updates on your feed - self contained declarations of independence railing against the Facebook empire, assuming that their recent status update as "publicly traded company" affords them the right to reach out and annex all content as their own.  But that's not all.  All of these status updates cite obscure regulations and criminal codes that have little to no (mostly no) bearing on anything having to do with content posted on Facebook like the UCC and the Rome Statute.  I'll get into that more later on.

But before I do, let me bottom line this for folks that aren't interested in the details (the tl;dr version):

1. This is a hoax.  It was during the IPO, and continues to be now.  Copying and pasting this sort of malarchy or coming up with your own means exactly zero.  Your already-agreed-to Facebook agreement governs this, not status update legalese.  That's right - if you're a Facebook user, you've agreed to the terms before you posted your first bit of whatever on your wall.

2. The UCC does not apply.  Nor does the Rome Statute. and the "Berner Convention?" Not even a real thing.

Bottom Line: There is nothing you can post that stands as a legitimate legal statement or disclaimer, so for the love of all that's holy DON'T BOTHER. You'll just end up making guys like me write stuff like this.  Now then...

The Truth, Part I - The Real Official Agreement

Here's the truth (the first part of it that is).  Yes, Facebook is now a publicly traded entity.  Yes, there are rules that govern the relationship between the company and Facebook users.  But those rules aren't governed by obscure legal documents or international courts.  Those rules, as they always have been, are governed by one thing: the Terms of Service all users agreed to (myself included) when we signed up and became Facebook users.  Don't remember them?  Well sadly that's not surprising.  For some reason terms of service and terms of use aren't things that a lot of people like reading.  Whether it's just because the text is too long or folks are impatient and want to start using the service immediately - for one reason or another in many situations they remain unread.  And all the information you need is in there.  In this instance, you can get to the Facebook Statement of Rights and Responsibility here: https://www.facebook.com/legal/terms.  It's not only Facebook that operates this way - pretty much any software or online service you use has terms of service that must be agreed to before you can complete the signup or install process.  For example I can't log into World of Warcraft after a new install unless I agree to the ToS.  I wasn't able to install this copy of Windows 7 I'm running without agreeing to an End User License Agreement.  It's just the way things work.

Now let's get to the meat of that Facebook statement.  If I take a quick gander at section 2, entitled "Sharing Your Content and Information," the first line spells out Facebook's rights to your content.  It states, and I quote:

 "You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings."

Exceptions naturally exist for content that was already copyrighted by another entity, but the statement's pretty clear.  If you want to control who has access to your information, you should not only stop worrying about just any legal sounding block of text, but stop ignoring both Facebook and the nerds in your life that have always strongly urged that you keep track of your privacy settings.  Personally my privacy settings are for friends only, which means unless I am friends with a particular user, they can't see any content that I post outside of my profile picture and name.  I'm comfortable with that level of public sharing, so that's where I keep them.  Change them to what you're comfortable with. Check those embedded links above to see those sections in detail.

The Truth, Part II - What Doesn't Apply

(Now here's a real disclaimer - I'm not a lawyer and the below is my lay understanding of the cited statutes)

As I mentioned previously, these things are crafted in a flavor of legalese that can convince the everyday user, but would make anyone familiar with law, tech, or both raise an eyebrow.  Let's take a look at what's cited.  First is the UCC.  UCC stands for the Uniform Commercial Code, and the oft-cited section 1-308 of said code was designed to address the idea of reservation of rights when it comes to contract performance in a commercial setting.  It also says that using phrases like "without prejudice" and the like defend individuals in a commercial setting.  For some reason this makes people think that adding it to an agreement gives them legal superpowers.  Without real legal understanding, it could actual cause more harm than good.

Next is the Berner Convention.  That never happened.  The similarly-named Berne Convention was in fact a real thing, and focused on protecting the rights of artistic and literary works.  I'll let you scour through it over at Cornell Law yourself, then you can tell me how it applies here.  Seeing as the FB terms of service is the core binding agreement, I don't think you'll find a way.  The convention basically said that countries will recognize copyrighted works from other countries.

And the Rome Statute? The Rome Statute outlines the establishment of the International Criminal Court, which "shall have the power to exercise its jurisdiction over persons for the most serious crimes of international concern" according to the text.  Check out the statute for yourself.  You'll be hard pressed to find anything applicable.

My Plea to You All

I'd like you to start reading user agreements and license agreements.  They're long and they may be boring, but they will save you a lot of headache in the long run and maybe acclimate you to how software and online services work.  Knowing a little bit more about the systems we use every day is never a bad thing.  On top of that, we should all exercise a little bit more scrutiny and common sense with things like this.  Just because it sounds good doesn't make it true.  If you're unsure of something or it seems hokey, put some Google-Fu on it and look up what it's all about!  If you have any questions about that sort of content, you can always consult your local legal eagle or tech nerd and they can help you understand what it is you're reading.

I also strongly suggest that you like Facebook Site Governance on Facebook.  It helps keep you up to date on proposed rule changes and other news in the Facebook universe. And please check your privacy settings to make sure you're only sharing what you want to who you want.

** UPDATED 01/05/2015 - This nonsense reared its head again on facebook and was reposted.  The link to details on the Rome Statute became outdated, and has been updated to the current United Nations page. **

Thursday, November 1, 2012

Microsoft Sued for Windows 8 Live Tiles, Trollish Behavior Suspected


Love it or hate it, Windows 8 was released last week.  The biggest change Microsoft has ever made to the Windows operating system, it marks a colossal shift in how Microsoft is doing business, banking on the new OS, a fleet of Window 8 and RT powered tablets, and doubling down on access-from-anywhere cloud access via SkyDrive.  Naturally as it occurs with every OS, it didn't come without its criticism as well as its praise from the general public.  There's a bit of a learning curve on using the live tile interface as opposed to the start button driven Windows XP and 7 UI's a lot of users are used to, and though some users love that it turns your computer into a big phone, others complain that it just doesn't work as well.  And while these user reactions to Windows 8 spanned the range of pure praise to pure criticism, there's no one I've spoken to that hated it enough to actually sit down, call their lawyer and file suit.

But of course there's always going to be exceptions to everything.  In this case it's a small technology company called SurfCast up in Maine, who have just filed a patent infringement suit against the Redmond tech giants.  They filed the complaint in Maine on Tuesday, leaving the amount of damages they're suing for left undisclosed.  Now over the years a lot of tech companies have done some, shall we say, questionable things with regards to borrowing ideas from their contemporaries.  So what was it about Windows 8 that drew the ire of SurfCast?

The issue is live tiles, the core of the new interface for the Windows 8 family of products.  SurfCast is claiming that tiles were their invention based on a patent that they have, and they want damages for it.  Immediately upon reading the headlines my nostrils tweaked, kind of sideways like and my face contorted to something... unnatural.  It was a smell I've smelled before.  It smelled like patent troll.

So I checked them out.  You can see their website here.  I know, right? Exactly what you'd expect from someone who invented live tiles - great flow, an intuitive user experience, and scores of content.  All of that is totally there. EXCEPT IT'S THE EXACT OPPOSITE.  It looks like something I could have cobbled together in FrontPage back in high school in the 90's.  Scratch that, even stuff I did as a kid was better.  My point is that even just looking at the website, there's nothing high tech happening here.  The website's main headline is "SurfCast designs Operating System technology and has four issued patents with additional applications pending."  There is nothing on the site pointing to any products - hardware, software or the combination of the two - that SurfCast has ever actually created themselves.  A convenient "Patents" section tells the user what they're really all about.  This furthered my theory on their trollish behavior.

Anyway I digress.  SurfCast's complaint is on the grounds of patent 6,724,403, entitled “system and method for simultaneous display of multiple information sources.” The patent describes a graphical interface arranging "a variety of information sources into a grid of tiles," with each tile refreshing content independent of each other.  The patent was issued to SurfCast in 2004 by the USPTO, and sure, on its face I can see how it sounds familiar to the Microsoft's Windows 8 UI.  But Microsoft does have its own patent, 7,933,632 awarded in 2011, entitled "Tile space user interface for mobile devices."  Both Microsoft and SurfCast reference some of the same patents in their application, but the USPTO determined that Microsoft's was different enough from SurfCast's to give it to them.  Actually drawing on SurfCast's patent as prior art is part of the ammo they're trying to use to extract some cash from the house that Gates built.

Now here's my main problem with all of this.  SurfCast has held this patent and a couple of others in 2004, but they're asking only for damages - money for every supposed infringing product, including Windows Phone 7, Windows 8 and Windows RT.  If they had any means or any intent to manufacture or develop any interface using this technology, oh I don't know, anytime in the last 8 years, then why wouldn't they go for an injunction to sell instead of or in addition to just money?  We saw this exact type of situation unfold in the number of legal skirmishes between Apple and Samsung.  SurfCast clearly didn't have anything they could have sold since 2004, meaning that, in my non-professional opinion, any claim of "harm and injury" on these grounds is ridiculous.

If the claim held any water, where was the lawsuit when Windows Phone 7 came out? The Windows 8 Developer Preview last year?  The Consumer Preview this year?  They waited until the very month that Microsoft released Windows 8, RT, and the Surface hardware.  Sorry SurfCast, Technical Fowl just ain't buying what you're sellin'.  Every shred of evidence tells me that this is nothing more than a troll out for some easy green.

Microsoft's statement to Wired and Ars Technica on the topic was simple: “We are confident we will prove to the court that these claims are without merit and that Microsoft has created a unique user experience.”

Translation: "We are going to mop the floor with these chumps."

Tuesday, October 23, 2012

Do I Need to Upgrade to Windows 8? [tf charts]



So as you all know I did a 3 part feature on some of the aspects of Windows 8 from a user perspective.  Personally I like it and think it's going to be pretty good on phones and tablet devices.  In that feature though I also mentioned that I personally wouldn't be replacing my Windows 7 desktops and laptops with the new OS.  For a keyboard and mouse environment Windows 7 works too well to switch out.  I also have a bit of apprehension even attempting to roll it out on my network at work.  We have some custom applications and don't even get me started on the potential learning curve for my users. I know others have some questions too, which is why I decided to answer everyone, user and admin alike, that have asked me Windows 8 questions.

SO. I put a handy little flowchart together to help you kids out.  You're welcome everyone.  Click on the image to make it bigger so you can, you know... read it.

Tuesday, October 9, 2012

Patent Trolls, Twitter, and SHIELD


You all should know by now how I feel about the state of our patent system as it applies to the tech world.  Given the patents awarded that absolutely shouldn't exist and the ridiculously broad and over-reaching scope of others, it's only a matter of time before they're weaponized to make a sleaze-dripping buck or push someone's competition back on their heels.  Outside of these cracks that exist in the system in general though, patent trolls specifically hold a special place on my jackass list.  I've railed against PacketVideo trying to hit Spotify with a lawsuit when US users were finally able to use the service, and outright CRINGED when I read and wrote about Paul Allen suing pretty much the entire internet.  So for those of you that are new to this little song and dance I do or are reading up on this subject matter for the first time, let me explain what a patent troll is:

Patent trolls, the best way I can put it, are the ill-intentioned champions of "just in case," and dark masters of playing the long odds.  They're folks that can hold patents on ideas, even if they have no intention of executing or manufacturing what's detailed in the patent.  Instead, they wait.  They wait for other engineers and inventors to develop something and then hit them with a lawsuit yelling “hey that was my idea!”  In a lot of cases the patent holders don't even have the means to manufacture or create the idea they supposedly now own.  Seriously, check the link at the top of the post on PacketVideo suing Spotify.  You'll cringe just like I did.

Twitter, it seems, agrees with me.  They have a track record of trying to be proactive with innovation and patents, as they are a company of engineers after all.  Back in April their VP of Engineering Adam Messinger proposed the Innovator's Patent Agreement on the Twitter Engineering blog.  And yesterday Ben Lee, Twitter's lead for litigation and IP wrote a little something for GigaOm sharing a patent troll case they just finished fighting off, what the costs are, and a possible method to fix the problem.  The case involved Dinesh Agarwal, who came up with and now owns the patent named "Method and System for Creating an Interactive Virtual Community of Famous People" (U.S. Patent No. 6,408,309 for those who want to see).  As Agarwal himself testified, he is himself a patent lawyer, has no experience in computer science or programming, and came up with the idea while he was at the grocery store.  And that was enough to sue Twitter.  So let's examine this for a second - (a) a self-admitted non-technologist that (b) has absolutely no means to design or create this virtual community that (c) was still awarded the patent.  The case was eventually thrown out before a jury trial, but that's really beside the point. The USPTO issued 247,000 patents last year, a number of them being ridiculous.  This means the means and opportunity for firing off patent salvos is at a crazy potential high.

The financial advantage fully resides with the party holding the patent here.  Patents can be filed for relatively nothing, and as Mr. Lee notes, if you find a law firm that will work on contingency you get to file the lawsuit for free too.  If you lose, no harm, and if you win, well then it's party time isn't it?  And what about whoever's on the defensive? According to the American Intellectual Property Law Association (AIPLA)’s 2011 survey, their cost is anywhere between $900,000 to $6,000,000 to defend themselves, very little of which can be recuperated. 

Now that's Twitter.  They have the financial position to weather this sort of thing to a point.  But what about patent trolls that target small companies and entrepreneurs?  If I hold the patent on an idea with no means to create it myself, or I buy a portfolio of patents from another entity, then all I have to do is lay in wait and drill someone with a lawsuit when it finally happens.  I can get a payout by doing no work and kill an entrepreneur at the same time.  And that's totally legit by today's rules – not exactly the application of “two birds with one stone” that I like to see.  What this kind of practice does is create an environment that handcuffs inventors and innovators.  Not only does this environment hinder the entrepreneurial spirit, but also racked up costs of $29 billion in the US for 2011.  That’s BILLION with a “B.”  And for what?  Ill-conceived hailmary exercises in frivolity.  How willing can small tech startups to try and come up with something new with the fear of litigation hanging over their head?  My guess is that it would negatively impact the process.  The costs of having to defend against a patent troll can have a serious impact on cash flow - I mean let's face it, not everyone's a Twitter.  If you were running a small startup, flushing all the cash you’ve received over a couple rounds of funding defending yourself from this kind of lawsuit could be a dream killer.

It looks like Congress is finally ready to step up and stem the flow of ridiculous lawsuits with the SHIELD Act proposed a few weeks ago.  Now I know, given the content of my scribblings you’re picturing Nick Fury and any of the Avengers.  While it does represent the same kind of heroics, the players here are a bit different.  SHIELD, which stands for “Saving High-Tech Innovators from Egregious Legal Disputes,” is sponsored by Rep. Peter DeFazio (D-OR) and Rep. Jason Chaffetz (R-UT), and aims primarily to make filing useless lawsuits less attractive to patent trolls with a “loser pays” mentality by making a shift in the plaintiff’s risk/reward estimates.  They propose that should a patent troll lose, that they be on the hook for the defendant's legal feels in full, nullifying the incentive to file suit for kicks, cranking up the risk and toning down any potential reward.  This kind of law would definitely make a troll think twice before coming out from under their metaphorical bridge, knowing that they could be on the hook for another $900k to $6MM should they lose.

Given the legislative fiascos we’ve seen in the past two years  involving tech, SHIELD is a welcome change of pace.  The bill has the support of the Electronic Frontier Foundation, who call the bill a "moment of sanity" and something that can legitimately help.  This is one bill I can wholeheartedly support, and a good step in shoving those trolls back under the bridge.


Thursday, September 20, 2012

Windows 8 RTM Part III - The Windows Spin on Social


[Article first published as Windows 8 RTM Part III - The Windows Spin on Social on Blogcritics.]



Over the first two parts of this Windows 8 feature I described the OS as turning my laptop into some sort of giant phone.  Today we're going to get into that a little further by looking at something that's going to be used by every Windows 8 user in both the desktop and mobile space- and that's the social aspect.  Built-in apps to manage your social networks and photos look pretty good so far, and again it makes operation more like a big smartphone than a traditional Windows system.  One of the things that makes social possible are networks of "friends."  Be it on Facebook, Twitter, Google+ or any other social service you use, without them your social network becomes very... well... antisocial, I suppose (womp woooomp).  The problem is that you're probably connected with them on a variety of networks and sometimes that can be hard to track.

Having all your friends' information in one place makes it that easier to manage, now that a decent chnk of internet communication these days is conducted through social.  Mobile gets that - one of the things I like about my Android devices is that they consolidate my contacts into single, detailed entries, making it a lot easier to keep track of everything that's going on.  So if I have three entries in my phone for one person - a phone number entry, a Facebook entry and a Twitter entry, the device will automatically link them together if they have similar name and email addresses, or give me the option to manually link entries for those that don't really look the same.  Thankfully, that's also the case with the Windows 8 mobile interface.

This was the case with my friend Mikey.  Yeah that's right Mikey, we're on YOU now.  He goes by his real name on Facebook, but on Twitter he goes by the much more sleek and numeric "Ocho."  Much like my Android device, Windows had a bit of trouble reconciling the two, as nothing about the name "Michael" corresponds with the Spanish language or the number 8 at all.  But also like my Android device, I was able to manually link Mikey with his "Ocho" persona.  Linking the two together let me see all of his updates and notifications in one steady stream instead of having to jump back and forth between the two.  Outside of keeping your contacts in order, the People app lets you consolidate your own profile, setting status updates for the supported social media services you have you have connected to your Microsoft account.  Right now all I've really been able to play with is Facebook and Twitter.  Consolidated messaging works the same way with your messaging services.  Right now all I can see is MSN and Facebook chat, but it works with the same idea.

No Google+ though... weird, right?

Next is pictures.  Just like social, Windows 8 can aggregate all of your albums in one place.  From the photos app tile, a user can see both their local pictures as well as any albums on synced accounts like Facebook albums.  So far it will let you add Flickr albums, whatever's on your SkyDrive, and any devices you manage through SkyDrive.  Again, it's one of those minor conveniences that make things a bit quicker, but a lot of minor conveniences can add up to a noticeable increase in a decent user experience.

I've actually grown kind of fond of the new social interface, and could definitely see myself using it, especially on a tablet.  I've been working on a laptop so far and it's worked, and I actually have been finding myself using the tiles from the new interface over the Windows 7 style desktop.  Naturally there's going to be a pretty decent learning curve for most standard Windows users, but I think for users that are all about social media and photo sharing on the go that it's intuitive enough to pick up in a few minutes.  On the upcoming Surface tablets that can provide the touch interface this was designed for, this OS will allow the most social of butterflies to get it done. 


Friday, September 14, 2012

Gear and the Value of Time in World of Warcraft [tf charts]


I've got part III of my Windows 8 series pretty much buttoned up, but figured I'd get this in before I get to my final thoughts on the OS.

Today I logged into World of Warcraft after a long while, and had to download all of the updated tools and the pre-patch for the upcoming Mists of Pandaria expansion set to drop in just a couple weeks.  Having played since WoW original recipe, I've spent a sick number of hours in the realms of Azeroth - enough that I'm a little frightened to see the "/played" stat that the game provides for all of its players.  Through that time there was one very real statistic that all players would agree to - and that's the gear grind.  It takes countless hours to level up a character to max and at that point go through the motions to get the gear to allow seeing end-game content.  Cataclysm made that a little easier in one of its later patches with the Raid Finder feature, but the main idea stays the same:

With all the time it takes to equip those delicious epic items, which may add up to days, at least a couple of them can be replaced after 5-10 quests in the next expansion's starting zone.  And the trend looks like it's going to hold - straight through level 100 when the time comes.

Welcome to Pandaria, kids.


Wednesday, September 5, 2012

Windows 8 RTM Part II - Now with Notes of MacOS and Linux


[Article first published as Windows 8 RTM Part II - Now with Notes of MacOS and Linux on Blogcritics.]

Windows 8 is one of the biggest departures from what we know of Microsoft operating systems since Windows 2000 and the introduction of Active Directory over a decade ago.  So I thought it would be a good idea to show you fine folks what it's all about so you're not met with huge surprises when it drops in October.  Last time we took a look at basic navigationand operation in Windows 8 Professional - namely what's different from Windows 7 as far as the user interface and your UI experience.  The biggest glaring difference was of course what I called 8 Mode, the touch-friendly cell phone style skin than lays on top of the 7-style desktop.  Today we'll be going into a few of more functional features that Windows 8 is packing - one page borrowed from Apple's playbook and another from Linux.

One of the biggest points I try to drill into everyone is the importance of data backups.  I've seen people lose a lot of data, from something easily retrievable like music to something irreplaceable like baby photos.  And unfortunately it's generally not until some sort of data loss like that before people start heeding the advice of their local IT nerd.  Microsoft did actually have a native backup program built into previous versions of Windows, but not many people used it - in fact the Windows engineering team estimates that the total number of users is less than 5% of all windows users.  It just never really took off, and there were a number of improvements that could have been made.  So traditionally I advised people to burn data to discs or an external hard drive, or even to use a consumer cloud solution.  Windows 8 seems to have improved on that backup and recovery solution with their new file history feature.

It works kind of like Time Machine if you're familiar with MacOS.  Instead of periodically taking a snapshot of files on your backup schedule like the occasional copy or burn, file history is something that continually runs to check for changes to files that are flagged for file history.  To set it up the only thing that a user has to do is to configure a destination drive to backup to, and that's it.  Outside of any exceptions selected,  from that point on every file (excluding the exceptions set by the user) is checked every hour for changes and backed up if needed.  File history is designed only for a user's local libraries and not windows system files.  This means that users will take less of a resource hit when it scans for file changes, and who really cares about OS files anyway?  They can always be re-installed with little issue.

Now if you've got some computer nerdery in you, you've probably already got a solution for full system backup should you need one.  Windows 8 file history is really aimed primarily at tech civilians as an easy "no work involved" backup solution.  The screenshots in this post are from setting it up on my 2GB USB drive called nenemicro2.  And it really did only take a few clicks.  And for those of you that use file encryption, it's set up to work with BitLocker too.

So file history was the taste of MacOS.  Those of you who are familiar with flavors of Linux are probably familiar with Live CD's and USB drives that let users plug into a computer and boot up into a portable Linux system.  There's shades of this present in Windows 8 Enterprise with Windows to Go, a mobile workspace that lets users plug into any machine and get down to business.  It works pretty much the same way - plug in and power on to boot into your USB image of Windows 8 Enterprise, except without access to the computer's local drives - only the space that's on your USB device.  It works pretty well though, and the ability to carry around an OS  in your pocket could be a handy little tool for Enterprise users on the go.  Since you're packing an entire OS on your USB device with some additional room to work, make sure that you're using a 32GB device or larger.

The problem with it though is that that particular feature is targeted at business users, but I don't know any of my colleagues (including my own) that are scheduling Windows 8 rollouts over Windows 7 to replace Windows XP.  Cool feature, but not sure how much play it's going to get.
So after part II of this series I'm still of the same mind - It's a good OS and I'd like it on a tablet, wouldn't mind using it on my desktop, but don't see rolling it out in the enterprise just yet.

Coming up in part III - More of a consumer focus, your social scene in Windows 8.

Friday, August 24, 2012

Windows 8 RTM Part I - Initial Impressions

[Article first published as Windows 8 RTM Part I - Initial Impressions on Blogcritics.]


I started playing around with Windows 8 when I got my hands on the Developer Preview a while back.  At the time poking around in there showed me a lot of things that looked very promising.  I saw an OS that was setting itself up to be a decent touch-based platform for mobile devices that retained some (some) of the old school "Start Button" love from previous Windows iterations.  Today I started working on Windows 8 Pro (the actual retail version).  It'll be available to the general public in October, but my tech pro ilk and I are kind of special, and those of us that are TechNet / MSDN users are pulling it down to play with it now.  So I got a chance to see what's up.  Keep in mind that I installed this on a laptop though, so I don't have the ability to review any of the touch features here.

What I noticed wasn't really wholly different from the Consumer Preview that was released a couple of months ago.  It still has the same look and feel, but the user is offered a few additional options for personalizing their start screen and user profile designs.  It's quite a bit more colorful and bright than users of XP of Windows 7 are probably used to.  And sure, it does look nice.  So for those of you that put a premium value on colors and look and feel, there you go. But if you haven't seen anything on Windows 8 yet then you're probably more interested in function.  In the words of King Arthur in Monty Python and the Holy Grail when asking about the holy hand grenade -

"So, uh... how does it work?"

After logging in with your Microsoft ID (or an unlinked local account if you choose), Windows 8 operates in 2 modes - the first is what you start off in, which I'll be calling "8 Mode" for lack of a better term. Call it whatever you want, really, as long as you don't call it "Metro."  They kind of frown upon that one now.  8 Mode made my laptop feel like a huge phone, with apps and live tiles for basic settings and social media.  8 mode is also what triggers when the user clicks the Start button.  Then there's Desktop mode, or what I call 7.5 - it's reminiscent of Windows 7, only minus the traditional start button and minus aero glass.  It's where users can still get to regular things like "My Computer" and document/picture libraries.

"8 Mode"

As you can see from the screenshot at the top of the page, 8 Mode looks like a big cell phone interface.  Imagine swiping left and right on that screen to get to a number of tiled apps, just like you do on your Android or iDevice.  It runs on live tiles and apps as opposed to full applications that users are accustomed to.  Instead of opening and closing programs like we did in XP and 7, the apps stay on and running all of the time (again, like mobile), letting the user switch between them with Alt-Tab or other mouse driven means.  While the apps aren't active, Windows drops their resources down to run in the background so it doesn't hog up system memory.  The design from the Developer Preview and the Consumer Preview has been altered slightly, and the newer scheme really reminds me of the tile system for what currently runs on Windows Phone 7 devices.  The advantage of this interface is really geared for mobile devices - something akin to what we can expect from the ARM Windows RT powered Surface tablets to be released later this year.  There's also an option to show more tiles, covering quick access to common functions like the control panel and other system settings.

I can at least say that there more apps on the Microsoft Store than I remember there being while playing with the Consumer Preview.  8 Mode comes stock with a "Games" app, linking up with a user's Microsoft / Xbox Live ID, as well as built-in "all in one place" social apps.  Another default app is for mail, which handles both Microsoft and third party email accounts.  A number of other apps exist for sports, news and travel, which basically act as RSS feeds that look a lot brighter and more colorful than what you're used to on your basic feed reader.  See? A big phone.  But there's one thing that gives me pause so far, and that's the Microsoft Store. Like its competitors, Microsoft lets users broaden their experience by downloading apps for multiple things, but the problem is that it still needs some development.

If you look Microsoft's future competition in Android and iOS devices, there's a large gap that has yet to be covered.  Those mobile platforms rely very heavily on the Android Market and App Store to provide a vastly expandable and richer mobile experience to users.  This "8 Mode" interface, which in my opinion would in fact work great with a touchscreen and is posed to compete in its own right, is only going to be able to deliver an experience to rival the other heavy hitters in the mobile space if they can expand what's available in the Microsoft Store.  Microsoft's also trying to cash in on the cloud trend with their new SkyDrive initiative for those who love to share and/or overshare on the run, but the whole package is going to need a little more substance.

7.5 (Desktop mode)

From 8 Mode users can click the desktop tile (or Alt-Tab) over to Desktop mode.  Navigation here runs a little bit differently than it did in Windows 7.  Instead of a single start button that's the kickoff point for the programs a user would want to open, it runs on a basic premise of corners.  Moving your cursor to the upper right corner opens up a sidebar and the Windows 8 version of the Start menu, which puts you into Metro mode.  A cursor to the upper left acts as a quick alternative to Alt-Tab to switch between apps that are currently running.  Moving the cursor to the lower left does open a "Start" icon, but it only takes the user back to 8 Mode.  What I did notice about this iteration of the desktop is that things loaded and reacted a little bit quicker then they did on Windows 7 using the same hardware.  Maybe it's because aero's not taking up as much from the resource pool?  That's my theory, but either way in addition to that my battery seemed to drain just a little bit slower.  At least that's what it seemed like.

Basic compatibility so far

I've tested general usability using a limited test run of programs that I routinely run in Windows XP and 7 and haven't experienced any problems. All of my hardware picked up with no incident, but that doesn't mean that it's going to be the same for everyone. Of course there were no problems with Microsoft software like Office programs and basic stuff like antivirus.  Next I tried something a little more important, namely World of Warcraft.  It ran pretty smoothly without any performance drop from Windows 7.  It doesn't look like basic users are going to have any issues.  Power users will be glad to know that virtual desktop does exist like it did in Windows 7 should any compatibility issues come up.

Unfortunately I don't have a stack of laptops and machines laying around to run exhaustive compatibility tests, but I will have more in depth stuff after I do some extended testing for you next week.

Initial Impressions

While I had no issues testing the system on this limited run, my experience was on a laptop.  So while sitting here with a fully functional keyboard and a 1080p screen, I never felt any need for the "8 Mode" layer on this OS in a laptop or desktop scenario.  I don't need "apps" - I have the full internet for pretty much anything I need.  Where this operating system is really going to make sense is on mobile.  The 8 Mode UI would be great for touchscreens with the option to switch over to desktop mode should the need arise.  But personally, I'll be sticking with Windows 7 so far for my desktop and laptop work and play.

I also see potential usability problems with the 8 Mode interface for users that aren't up on their keyboard shortcuts.  There were a number of times where I was forced to back out of an app using the Alt-F4 "kill" keyboard shortcut because I simply didn't see a clean exit outside of using the windows key on my keyboard to switch out to the desktop.  If you're running a shop where users had a hard time adjusting from Windows XP to 7, then I fear for you if you choose to deploy this.

This by no means says that this is a bad operating system, just one that would provide a better experience on a phone or tablet. And like I said, that mobile experience is going to rely on the fate of the Microsoft Store.  We'll see how things go with the scaled-down Windows RT on the Surface tablets in a couple of months, and I'll have more for you soon.

Coming up in Part II: the Enterprise edition's Windows to Go, Windows 8 file history mode, media codecs, and whatever else I can find

Friday, August 10, 2012

Why Your Computer Just Made You the Fool [tf charts]


If you've ever worked anywhere with a computer (actually any tech for that matter) you've probably experienced this.  You have a computer problem, and call the IT department.  They start making their way over, but when you try to replicate the problem for them, it magically corrects itself!

Don't you worry, it happens to everyone, and we have a couple of theories on that.  The first is that the computers in the building technically report to IT, so they don't want to look bad in front of the boss. Maybe they're not so different from us after all.

The second, and really better theory is that a lot of IT bosses are secretly digital green lanterns, and just hide the rings in public.  Just the aura of our digital will possibly creates a pocket universe around us where everything works perfectly fine.  Well, everything that's not ours anyway, because computers love to play tricks on IT too.

so when you "swear it was just doing it!"  We believe you.

Most of the time.

Wednesday, August 8, 2012

The "Epic Hack" of Wired's Mat Honan - Social Engineering at Work


[Article first published as The "Epic Hack" of Wired's Mat Honan - Social Engineering at Work on Blogcritics.]

I spend a lot of time and effort attempting to keep people safe in the digital age.  Whether it's on a professional level at my job or through my writing or social media, to me it's important that everyone is as safe as they can be, knowing that nothing is 100% foolproof.  Part of what I do professionally is keeping computer systems safe, and even I have had to go through the pains of wiping everything from my computer and starting from scratch more than a couple times.  It happens. Even to the nerd elite.

So when someone brings me their machine or reports some sort of issue, I know it's going to be one of a few things - (1) a virus, (2) malware/scareware or (3) phishing scams.  But these are all software methods with the aim of destruction or data theft.  Sometimes, especially with scareware, someone's looking for the user to give up a credit card number, a user name or password, account numbers of any kind, hell, even social security numbers.  The reason is that any combination of these things can be pieced together enough for someone to pass themselves off as you.  And once that happens, your digital life can be reduced to ruins. Accounts or credit cards can be opened in your name, and you can wave bye-bye to your credit, your money, or even your good name.  There are a lot of snippets of code or scripts or SQL injections (and blah blah the list goes on) that can do this to you.  But in my experience, knowing what I know and having had to help people protect against it, I've found that there's one tool that works better than all of the above combined, and that's social engineering. Low tech compared to software hacks, but highly efficient.  I wrote a bit a while ago on the topic concerning RSA if you want some details, but I'll nutshell the concept for you - social engineering means hacking people, not machines.


It's a fancy way of saying "tricking people into giving up information." And attempts have been made on all of you, whether you know it or not.

So why am I going all into this topic today?  Unfortunately the way things work in this world is that something has to happen to someone with some clout for an issue to be addressed. What I just described happened recently to Wired Magazine's Mat Honan.  A bit of social engineering with some security holes at both Amazon and Apple led to what Honan addresses as an "epic hacking."  He outlined his experiences for all to read yesterday, and it is 100% worth the read if you have a couple of minutes to do so.  He details everything to the what and the how all the way to actual talking to the hacker that broke into his life and the conversation they had.  I'll go over a little of it here.

Mr. Honan realized there was a problem on Friday - while he was trying to restore his iPhone, he was getting messages on his MacBook that his saved account information was wrong, asking him for a 4-digit PIN number.  The problem was, he didn't have a 4-digit PIN number.
His timeline that follows should scare the living hell out of you. Especially those of you that entrust all of your accounts to an AppleID.


Upon calling AppleCare for help, it was confirmed that they handed over temporary .me e-mail credentials to someone claiming to be him, and he watched over the next hour as that person reset credentials on his twitter, then his Gmail, then wiped his iPad, and permanently reset his AppleID. But that was only the start - next was outright deletion of his Google account, followed by a remote "Find My" data wipe of his MacBook.  Now not only were all of his accounts effectively locked out to him, but anything on any of his devices that wasn't backed up was gone forever.  Maybe not such a big deal on his iPhone or iPad, but on a MacBook, his primary machine, that's a big deal.  He lost pictures of his kids, all of his email, and other data from the laptop that he'd never see again.  The hacker posted a new status on his now hacked twitter account - " Clan Vv3 and Phobia hacked this twitter."


What the hell happened? On his extensive talk with AppleCare, he realized that all that was needed to get a temporary .me password reset were the last 4 digits of your credit card number and a billing address.  And how did they get that information? Afterwards the hacker (Phobia) contacted Honan.  In Honan's words:

"After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m••••n@me.com. Jackpot."

Two-factor authentication being turned on probably would have been the end of this story.

But it went on.  Phobia indicated that any email address associated with an Apple account is pretty easy to get, and Amazon was the next target.  The same kind of trickery was used to fool Amazon into believing that Phobia was a legitimate Amazon user that couldn't access their account - changing the associated email, getting a password reset sent to that email, and logging in.  And what's on file on an Amazon account?  You guessed it, the last 4 digits of the user's stored credit card numbers.

And that's how it all comes together.  Like I said at the top of the post - Low tech, high efficiency.

Mr. Honan asked Phobia why they did this to him. Phobia's response was that they like to publicize security exploits so that all users can see what happens and be able to defend themselves from hackers.  It sounds like the so-called "hacktivism" we've seen over the last two years with stories like Sony's PSN fiasco.  But I'm really not sure how destroying a private user's irrecoverable data was needed to make their point.  If you want to do this thing for the public good, it is well within your power to do it without hurting any of the public involved.

But I digress.  Admittedly Mr. Honan made a lot of mistakes on how he had his personal security set up that led to his digital demise.  I don't mean stuff like strong passwords for people trying to hack their way in through brute force.  I mean other things people can do specifically to reduce their risk of low-tech hacks.  And I'm going to walk you through some of them to help you all stay a little safer at home.
Right off the bat he broke one of the cardinal rules of keeping your stuff safe - routine backups of important information.  Personally about once a month, or when I do something important or official, I back up one or more file sets.  It's the single best way of adding a layer of redundancy to your data in case something should go wrong.  You can use external USB drives, a cloud solution (if you're into that), CD's or DVD's, or a number of other forms of media.  Apple operating systems as well as Microsoft's Windows OS's come with native tools to back up your data.

Secondly, he used a common prefix for all of his accounts. if you have multiple email accounts, try not to use the same prefix for all of them - as in abc@hotmail.com, abc@yahoo.com, abc@me.com, etc.  If someone knows one of your addresses it becomes that much easier to guess what your other accounts could be called.

For Google accounts and increasing in popularity in a lot of things is two-factor authentication.  For those of you that play any Blizzard games, this is the equivalent of your Authenticator.  It means that even if someone has your password, they can't alter your user info without that second piece of information.  Google and others use an "alternate email" or even phone numbers for extra verification.

Next is something that's Mac-specific, and that's the Find My Mac feature.  This is a great feature for the iPhone, because people lose their phones pretty frequently, and need to have some sort of tool to wipe that data.  For a laptop it could be useful, but be real, how apt are you to lose your laptop like you could lose your phone?  And as Honan notes, there's some problems with implementing the service that has been part of their system starting with the Lion OS. Reversing a remote hard drive wipe is easy - but only if you're the one that did it.  If someone remotely wipes your machine, you don't have the PIN number you need to make that happen.  So until they improve it, my suggestion for most of you is to turn Find My Mac off.

In addition to these things that were relevant in what happened in this case, you need to make sure you know who you're giving information to and what you're entering information into. Let me give you an example - if I get a call claiming that there's an issue with my credit card, I don't engage it.  I will call my bank myself using a number that I know is real so I minimize any chances of someone getting my information.  It's little things like this that will help you minimize your risk of becoming a victim of social engineering.  And with all of the forms of social media, email and other types of accounts, there's more information out there to be got than ever before.

Since this event occurred, Apple has suspended over-the-phone AppleID password resets and Amazon has tightened up their security as well. Unfortunately Mr. Honan had to get hacked for them to take a closer look at their practices.

If you have any questions, of course you know by now that I'm here for you America. You can find me at helpdesk@tusharnene.com if you need some pointers.  Of course I can't do the fixes for you (I do have a day job) but I can try and point you in the right direction.

Friday, July 27, 2012

The Importance of System Administrator Appreciation Day


[Article first published as System Administrator Appreciation Day on Blogcritics.]

Every year on the last Friday in July, nerdkind recognizes System Administrators’ Appreciation Day.  It may sound silly to those of you that have never done the job, but over the years – well to me anyway – I’ve found there’s some legitimate value to it.  Even sites like ThinkGeek celebrate it with sales on techie goodness.  Years ago I wrote a small angry post on “why your IT department hates you,” and its main focus was something I called Social Swiss Army Knife Theory. We can call it SSAKT for short.  That was a long time ago… a time before my writing became the polished gems you know and love today (please, hold your applause and/or laughter).  But trust me the sentiment still stands. Most of the time when we seem angry or bitter, there’s a good reason.

System administrators (and I’m going to lump most tech people in here) get the short end of the corporate stick. Period. And most arguments the rest of you have against that statement are invalid.  Over time society has forcibly relegated the tech crowd from actual human beings to on demand help centers, as if we have some sort of Google engine that runs inside our heads 24/7. Eventually the techs’ names aren’t associated with much else other than solving computer problems, resetting network accounts, replacing parts, or even just executing the most mundane computer tasks for grown adults that a child could do without too much thought.  In short – Swiss Army knives. A multi-tool to do what other folks simply can’t.  And soon, even the formality of a “hello” isn’t even uttered before the onslaught of issues and requests begin.  All urgent.  All with deadlines.  And all expected to be resolved like magic.

So why do admins have the right to be more bitter than all the other departments in the world’s corporate structure?  Respect.  That’s all it boils down to.  Someone will always be there to bug us when something’s not working, or freak out about when something’s going to be fixed, or when that impossible project is going to be done on top of the other things that need to be done.  But when everything’s working great, and problems don’t even show up on users’ radar because the tech team has it well under control before they even know about it, there’s no one there the hold up the “10’s” on the scorecards for them.  And I don’t think that’s fair.  There’s no other team that has to stay on site and work the occasional 24 hour shift just so business can run without issue.  Or drop everything they’re doing on a relaxing Saturday afternoon just to log in or come in and make everything is OK. Or be on the phone for two hour calls on a vacation thousands of miles away.  While you’re comfortable in your bed, your sysadmin could be on the clock.

Sysadmins and techs are responsible for every email you send and receive, every phone call you make, and every aspect of day-to-day business that involves a computer – which let’s face it, is everything. We go out of our way to try and teach people about digital responsibility, viruses and malware to look out for, and just how to stay safe in the digital age.

So today’s for the techs.  Whether you’re just starting out putting together your playbook, been in the game for a while running the show in the enterprise, the tech that does wiring, PBX, Database, Domino, Exchange, AD, Web, or any of the other oh so many custom systems that are out there – I salute you.  Having a career that started as an IT intern as a teenager and ending up in the ranks of project and tech management, I know what kind of nightmare scenarios you’ve been through, and what kinds of hell you’ve been in.  I appreciate what you all do to keep our world spinnin’ round.  Keep up the good work folks.

As for the rest of you – As much as it may seem like it I’m not writing this to admonish you or call you bad people.  I just want you to be aware of how things work.  These techs that probably make your job possible to even do, don’t solve problems with a magic wand.  It takes research, training, practice, and a lot of trial and error to learn things and get things done.  It’s the type of work where the consequence of mistakes is business coming to a grinding halt. And unfortunately there’s far less recognition than what’s deserved.  And we’re not looking for a parade or parties or anything crazy like that.  Just one day out of 365 where maybe you bring up something other than how your computer’s not running right, or just saying hello like we’re normal people.