show all comments

General

Guilty until proved innocent? Flagging unrecognized downloads as malicious

February 27, 2012 19:07:43 +0200 (EET)

Google Chrome's "this file appears malicious" warnings are false and unfounded in too many cases. Similar problems exist with IE, and some anti-virus software. Their tests include two factors that have nothing to do with whether the code is malicious: packed executable, and low number of previous downloads.

Packing an executable is good practice: they take up less space and bandwidth, and are faster to start up from hard disk. Like including some form of software protection or obfuscation, packing may make it harder to recognize or analyse the program, but that does NOT mean it appears malicious.

Software downloads follow the law of the long tail: things like Flash and Adobe Reader installers are frequently encountered, but there is a massive amount of software not commonly used, but which may be very useful to some. Recognizing something as a common download tells you its non-malicious, but not recognizing something does NOT mean it appears malicious.

Both packing and infrequent downloads simply mean that you can't say much about that software. In that case, the principle must be 'innocent until proven guilty'.

If you see someone on the street with a black mask and knife in his hand, he appears malicious; if you see a friend you recognize, he doesn't appear malicious; but if you see someone you don't recognise, and who is mostly obscured by a crowd, you can't go around shouting to everybody that he's malicious.

General

Google on Google: This site may harm your computer

January 31, 2009 17:26:42 +0200 (EET)

That was weird: searching for anything on Google was returning all results marked as "This site will harm your computer". Even searching for Google:

All Google results claim: This site may harm your computer

I submitted a report to Google, and in a few minutes Google.com was corrected. Google.co.uk showed bad results for one more search, but now that too is corrected. I couldn't find any mentions elsewhere of this yet, but it occurred both from home and via my work PC.

E: looks like the culprit is StopBadware.org: they seem to provide this information for Google, and their site is currently down.

E2: StopBadware.org put the blame back on Google in their blog entry: they say their site went down because of millions of people clicking through to it from the warnings, which were falsely generated because of a glitch at Google's end.

General

Windows Home Server CTP

April 24, 2007 14:37:30 +0300 (EEST)

Sam Gentile pointed out the CTP of the new Windows Home Server. I can't believe I'd not seen this before -- the original press release is from January. There's a good description and series of previews on Paul Thurrott's SuperSite for Windows: start with the first Windows Home Server Preview and follow the links on the right for the rest. The Wikipedia article is also a useful summary.

The feature list is largely unsurprising -- or to put it another way, just what you'd want. The centralized backup from all client PCs, kick-started by the server, is a nice touch. Disk usage is kept manageable by Single Instance Storage: if the same file exists on several PCs, only one copy is made. One of the issues with backing up all clients is the timing. WHS is set to complete the backups at night, and sets the clients to wake up then. It looks like this is on a timer in the BIOS, rather than Wake on LAN (which is cooler but hard to get working).

I've looked at various kind of NAS devices (e.g. NSLU2), and also at the Mac Mini, for use as an always-on server at home. Having a Topfield 5100 as our media centre (digital TV, MP3, photos) and a Wii as our games console and TV internet browser works great on the home entertainment side, but it would be nice to have something more integrated on the computing side of things. With a Win95 laptop for my son, a Win98 laptop and Ubuntu desktop for my wife, an XP desktop for me, and a couple of PC carcasses to look after, I don't want to tempt myself to waste more time configuring anything clever.

General

IE7: Redmond, we have a problem

December 10, 2006 01:38:24 +0200 (EET)

It's déjà vu all over again... In a fit of optimism, I let Windows upgrade to IE7 on my back-up machine. The result didn't exactly fill me with confidence:

Error on page: opener.document is null or not an object

(Image slightly edited for size: click to open original)

I know this happens to us all on occasion: bugs only appear when customers get their hands on products. Still, you'd think that at least the first intro pages would have been tested pretty thoroughly. And it's hard to find excuses for Microsoft: they have the resources, they wrote the OS, they wrote the app, and they wrote the page. The rest of us building web pages have to make do with just the last item.

Much has been written recently about the problems Microsoft are facing (bloat, Ballmer, brain-drain... and those are just the ones beginning with B! For a more humorous view, see here). I can't see them going anywhere soon, but with the release of Vista, Office 2007 and IE7 we sure get a good chance to examine what we think of them. Maybe people won't jump ship on Vista and Office, choosing just to stay with their current version for now, which will give Microsoft a chance to redeem themselves in the subsequent version. IE7, however, could be too little too late -- and if my first impressions are borne out, too badly executed.

I've not seriously considered another browser since moving to IE from Netscape, but even I'm now feeling more inclined to try Firefox than IE7. If Firefox 3.0 can stay on schedule and nail one more major feature over IE ("places"?), it might well have a shot at taking the lead in the browser wars.

General

Off to OOPSLA , or, The Joys of Travel

October 20, 2006 23:15:43 +0300 (EEST)

I'm happy but exhausted -- and no, it's not much to do with the title of the next post! I'm flying to OOPSLA tomorrow, and the-airline-who-must-not-be-named's in-flight hospitality executives (or whatever they're officially called these days) have decided that now would be a good time to go on strike. This means that my 6am flight tomorrow morning -- which I was of course eagerly looking forward to waking up to -- is canceled, and I've had to find alternative transport for the first leg. Apart from they couldn't just tell me the flight was canceled, that would have been too easy. Instead, some time in the afternoon they announce which flights are going to run tomorrow. Doesn't exactly give you much time to react if they tell you Friday 2pm and you were meant to fly Saturday 6am...

Left without much choice, I booked another flight for this evening. You'd think that would be the end of it -- some hassle, but at least they'll refund my morning flight if it is canceled. The twist in the tail though (and I'm really hoping we've got to the tail here) is that if the flight is not canceled, I won't be using my morning flight (obviously enough), so the airline will kindly cancel the return leg of that flight, leaving me stranded after OOPSLA. Craziest of all is that the return leg is operated by an airline that isn't on strike, in fact the same one as I'm flying on this evening.

So, I heartily endorse Markus Voelter's "I hate traveling" stance (sorry, no links here: we're 20,000 ft above the nearest WLAN). There ought to be an extra ribbon at OOPSLA: "Yes, the airline screwed up my trip too". Whatever the statistics might say, the quality of air travel is rapidly approaching the quality of software ten years ago. We all have our own idea which airline qualifies best as the "Word Perfect for Windows" of the aviation world, and the sad thing is that pretty much all of them are getting a good number of votes.

If things are going to get worse, let's hope they get so bad that we all decide to stay home and figure out how to do these meetings without leaving our families and comfy beds behind -- wouldn't be a bad thing for the environment either.

General

Asking the right question from the wrong person

May 22, 2006 18:57:54 +0300 (EEST)

Great video via Dion of the BBC interviewing completely the wrong guy on the Apple Corp vs. Apple Computer lawsuit:

Guy Kewney, a white, bearded technology expert was astonished to see himself appear on screen as a black man with an apparent French accent. The BBC were interviewing "Experts" on the Apple Corps vs Apple Computers legal case. They called for the "Expert" a Mr Guy Kewney, but a Mr Guy Goma raised his hand. A mic was attached and he was put live in the studio to answer questions. He was a cab driver waiting for job interview.

Reminds me of some DSM/MDA/Software Factories panels I've seen recently... ;-)

General

Server Monitoring

May 19, 2006 19:26:36 +0300 (EEST)

Since our server runs several web apps for internal, partner and external use, I was looking for something to monitor it automatically. Last year I tried a couple of monitoring services from the US, where their PC pings our server or grabs a web page. Both of them completely failed to deliver -- on one the automated system to try out their service for free didn't respond at all, and on the other it responded, but then only ever pinged our server once.

Whilst an external service would be best, having one directly on our server is still useful. If just one service on the server fails, emailing or paging me will generally work fine. With a little ingenuity, it's also possible to check network connectivity, e.g. if our server checks a web page elsewhere, which loads a page from our server.

For the moment, we're going with PA Server Monitor, which seems to be working quite nicely. It has an impressive array of things it can check, all highly configurable, but with a nice default set of choices. No "customization cliff" here, and yet no need to hand-code things :-). There are versions ranging from free to $99 per server, and even the free ones do a useful job. Server Monitor

Their WatchDisk software also seems like a good idea, if you too have users who sometimes hog too much server disk space, but you don't fancy going all totalitarian and imposing quotas.

If you know of any other good solutions, do share them with others by posting a comment!

General

Intentional Software hiring

April 25, 2006 14:05:03 +0300 (EEST)

Intentional Software is hiring a few programmers:

Currently we have openings for a select few outstanding programmers. If you would like to work on a new breakthrough product that will transform how software is used and developed, this is your opportunity. If you are bright, highly competent, willing to take risks and enjoy having fun working together in a team, you will fit right in. Your specific background, your number of years in the industry or the specific technologies you master are less important.

The "willing to take risks" bit might just be related to their No-Privacy Policy (Terms of Use for their website), which is either hilarious or frightening (or then both):

Intentional Software Corporation reserves the right to change these Terms of Use from time to time without notice, effective when changed on this website. For that reason, you should read these Terms of Use each time in the future before you click, access, browse or use this website or our blog.

Catch-22. I just hope they can find someone to shave their barber...

On a more serious note, they have some great people there, including Magnus Christenson. He's charged with turning the interesting ideas and prototypes into an actual released product -- a task I and many readers can sympathize with!

Intentional Software's ideas are similar to DSM and Software Factories. They're more like Software Factories than DSM in that they stay closer to code than to models -- the main visual format is more code-like than model-like. Then again, they're more like DSM than SF in that a new language is created for each project domain -- SF being more about Microsoft or partners creating somewhat domain-specific languages that many companies will use. A good overview can be found from a ZDNet interview with Charles Simonyi.

General

Re: Very cool outlet update

March 01, 2006 14:11:20 +0200 (EET)

Rotating socketSpotted in Smalltalk Tidbits, Industry Rants

This is a very cool outlet gadget - it's simple, but boy, would it solve a lot of problems. ... I have lots of devices whose power plugs eclipse the nearest outlet (on powerstrips and on walls). Very cool.

Next I want to see the powerstrip version (sorry, the PowerSquid just doesn't do it for me). And why not let the sockets slide back and forth along the strip while we're at it?



General

Hammer factory horrors

February 10, 2006 00:01:25 +0200 (EET)

Late last year there was a great piece of parody on software factories on Joel Spolsky's forums (tip of the hat to Software Chimp for spotting it). Note I said "software factories" without any TM or initial capitals: the parody was on megalomanic code frameworks for web apps, rather than anything out of Redmond. Still, that didn't stop Jack Greenfield from responding - or apparently from getting a little annoyed. His reply starts off with a *Sigh*, which looks like it's becoming the de rigueur response by industry luminaries to perceived criticism :-).

In other news, it's great to see VMWare server becoming free: I'm a big fan of Workstation, which takes a lot of the pain out of supporting MetaEdit+ on multiple Windows and Linux versions. Sad but hardly surprising news was Borland's leaving the IDE business. I got my first play with Turbo Pascal back in 1988, and whilst it's something I've only had to use for work a couple of times, I've always appreciated the clarity of the language and the well-thought out UI of the IDE.

That clarity of language and tools is something I sorely missed over the last couple of days. I've been consulting for a client who wants to generate C++ on Linux, using a framework that is decidedly from the last century and a development environment that I thought died out in the 1980s: basic text editors and compiler errors on stdout. To parody the parody above, if that's what using a hammer is like, I can see why our client liked the DSM nailgun we built with them!

General

Grady Booch in damage control mode

December 16, 2005 02:02:55 +0200 (EET)

Grady Booch has swung into full damage control mode, with the main force of the attack directed against our CEO, Juha-Pekka Tolvanen. Back in October, Booch said on an OOPSLA panel that he typically throws models away, but never throws source code away. Juha-Pekka quoted him on that, and his quote was picked up by Microsoft's Harry Pierson and Steve Cook.

Now Booch has written in his blog, and commented in Juha-Pekka's and Steve Cook's blogs, accusing Juha-Pekka of misquoting him:
Sigh.
It's sad how one can be misquoted and then for that misquote to be picked up by someone else with both then making a spin of the events to support their position. How silly is that.

Let me just state for the record that Juha-Pekka is one of the nicest guys around, and would never purposely misquote someone. We're all only human though, so let's see if anybody else was in the panel and recorded what Grady said. As it happens, there are at least three: here they are, with their versions of Booch's words:

Ivan Moore: "I often throw models away but tend not to throw away the source code"

Brian Foote: There was something decidedly devolutionary in Grady Booch's overdue exhortation to cast models aside

Erik Rose: "I typically throw my models away, but I always save my source code"

So it looks like Grady has his work cut out now, having to go round so many people to tell them they've misquoted him... ;-)

I have no problem with Grady explaining more clearly what he meant, and indeed later in the panel he said he only throws some of the models away. But I do have a problem with unfounded accusations of misquoting. Let's hope Grady is as quick to admit he was wrong about being misquoted, as he was to admit he didn't really throw all his models away. Even if we disagree on technical matters, we can still be polite and accurate - whatever our guru status.

Next (14 total)