May 2005 - Posts

• Burnout to go

  And speaking of gaming in general, I can't wait until Burnout Legends comes to the PSP. The early footage in the interview with Nick Channon looks very promising. Burnout was always one of my very favorite racing franchises, and a portable version will be a blast. And they are even incorporating the much-ignored game sharing feature of the PSP. Too bad the next console installment - Burnout Revenge - will hit the original Xbox in September, instead of being a cool launch title for the Xbox 360 a few months later. Posted May 11 2005, 11:54 AM by peter with no comments Filed under: Gaming Goodness

• Advent Rising trailer - coolness ensues

  Speaking of Xbox, this trailer for Advent Rising - the first part of a sci-fi trilogy penned by Orson Scott Card - is looking amazing. Interestingly enough, given the look of the aliens, the color of their ships, the single-handed saving of humanity, and many other bits, the whole thing looks at least inspired by the Halo universe. I wonder if it will actually end up beating Halo at its own game (yes, heresy), especially if it has a good story. Is Advent really what Halo should/could have been? I guess we'll find out. Bungie could certainly pick up a few pointers. Also - like Halo 2 - the trailer will be shown in movie theaters across the country. Neat! Posted May 11 2005, 11:50 AM by peter with no comments Filed under: Gaming Goodness

• More Xbox 360 leakage

  With just one more day (and probably many more MSN alerts about it) to go until the MTV world premiere of the next-gen Xbox, here's another bit of spec leakage. It all generally looks decent, but the lack of a next-gen DVD drive is a bummer. Sony's Blu-ray in the PS3 may make the new Xbox look a little dated, no matter what the rest of the specs say. Wasn't Microsoft a big supporter of the HD-DVD camp? Couldn't they just stick one of those drives in there by November and later tweak it using firmware updates? The leak is just another in a sequence, following the console and peripheral shots, leaking of the November release time frame, new Xbox logo, and the new Xbox Live features. Of course, neither TriXie nor Major Nelson will let anything interesting slip, so I guess we'll have to wait until tomorrow night to see the supposedly chubby Elijah Wood, a gaggle of annoying celebrities, and the 30 seconds or so of Xbox 360 stuff that will fit in between the commercials. Posted May 11 2005, 11:43 AM by peter with no comments Filed under: Gaming Goodness

• Who has more female developers - the gamers or the inkers?

  "An industry which celebrates violence and the exaggerated female form might expect to be an all-male domain - but a university launched a frantic search today after a prestigious new computer games degree failed to attract a single woman. The Microsoft-backed honours course has had applications from 106 male undergraduates, but now hopes to strike a gender balance by holding a series of summer camps." Ouch! Then again, this seems to be the unfortunate fate of the IT industry anyway: most women were never really interested to begin with - probably because IT is still nerdy, no matter how you spin it - and the overall CIS enrollment in the United States is falling as well, with many students opting for technical schools in other countries. The Guardian article says that "women make up only 17% of the industry's workforce, with only 2% employed in technical and software development positions." I wonder what those numbers look like in places like India or China these days. Of course, if you take a niche area like Tablet PC/ink application development, which accounts for, what, maybe 10% of developers, you could probably count the women without needing to get your toes involved. Maybe Julia could provide us with a demographic update. Posted May 10 2005, 10:02 AM by peter with 5 comment(s) Filed under: Everything Else

• Lecturing and recording

  Here's a utility for students: Lecture Recorder. Sort of like OneNote without the ink. Seems to include an audio editor and, interestingly, records in OGG format. Now, if somebody would write a tight little app like this that included ink... Then again, apart from pricing issues, OneNote does all that anyway, so I guess that particular niche market won't be growing much. Posted May 04 2005, 04:11 PM by peter with no comments Filed under: The Softer Side of Ware

• What's your Office?

  StarOffice 8 next month. Microsoft's Office system is bloated. Maybe. It's pricey. Maybe. (There's always the cheap Student/Teacher version with three licenses that nobody cares if you qualify for anyway.) But really, I live in Outlook. And between the integration of the various pieces, specialty parts like OneNote, and Microsoft-only features like ink support on tablets, it's actually pretty hard to switch. OpenOffice definitely is no FireFox, which in turn again isn't the whole solution, if you need things like ink support in the browser itself. Are there actual Tablet PC users out there who openly prefer something like Star/OpenOffice or even WordPerfect's products, despite losing things like ink enhancements? Posted May 04 2005, 01:00 PM by peter with 2 comment(s) Filed under: The Softer Side of Ware

• Ultra Wide and Blue in the Tooth

  I am speechless. The Bluetooth and Ultrawideband camps are talking about becoming compatible. UWB, of course, is the yet-to-be-finalized short-range/high-speed wireless technology. Bluetooth, of course, is the dead-yet-revived pain in the behind wireless "cable replacement" technology. Posted May 04 2005, 12:36 PM by peter with no comments Filed under: Gadgets

• Wireless and yet not connected

  Totally fun CNET article from the NY Times about the pitfalls of connecting to public hot spots and actually getting out onto the "real" and worldwide Internet. I love this "problem": In this case, some hapless individual's private Internet bubble is probably bleeding through the walls--somebody who didn't, or couldn't, change the hot spot's default name. The only obstacle is the ethical one: Should you enjoy a free connection by exploiting somebody's cluelessness? I'm sorry to say that yes, I will enjoy a free connection. Mind you, I won't go changing their router password or upgrading their firmware to get better range like some people, but I very likely will connect, especially if it routes me out to the world. Does that make me a bad person? Would you do it? What I find interesting is that this article highlights the real issues when connecting to hot spots - something that is frequently forgotten by owners of various wireless devices. For example, Sony's PSP is wireless-ready, so initially all these kids raved about going to Starbucks and playing each other online. Great idea, but it won't work - T-Mobile's hot spot network requires you to fire up a browser and log in - something that the PSP can't do just yet. That's one of the reasons why I like my T-Mobile/HP h6315 - the T-Mobile ROM has a preconfigured wireless network that uses 802.1x security, so I can just store my login credentials, and the device automatically connects when in range of the network. Without that little thoughtful touch I'd be in a hot spot, yet still downloading e-mail over GPRS - on a Wi-Fi enabled device! Microsoft just released an update for machines with Windows XP SP2 that adds support for Wi-Fi Protected Access 2 (WPA2) and Wireless Provisioning Services Information Element (WPS IE). From what I've seen, Wireless Provisioning Services seems like a neat idea to solve some of the hot spot connection problems, but the usual caveats apply: the hot spot must run it, your laptop/tablet has to support it, so do your other wireless gizmos, and so forth. Thus we probably won't see a commonly used solution to this problem for quite a while. Posted May 04 2005, 12:31 PM by peter with no comments Filed under: Everything Else

• Phishing - not the relaxing weekend kind

  At work we had a fun couple of days monitoring the latest variant of the Sober worm that sent us a pretty large batch of infected messages (we blocked about 5000 yesterday alone), which came right on the heels of weeks and weeks of very annoying malicious spam of another kind. It's something that has grown very fast lately, affects pretty much everyone (probably both at work and at home), and even high-tech software and IT magic can't always block it. I'm sure you have even seen reports about it on evening news shows - it's always a bad thing when a computer problem reaches TV news (because it has become so common these days). Yes, I am talking about phishing. And really, who came up with that spelling anyway? Anyway, I figured I'd take a moment for a repetitive but needed basic primer on spoofed e-mails. Many folks are probably familiar with the problem already, but some of the links at the end are pretty neat, especially the phishing IQ quiz. So if you don't want to slog through a refresher course, just skip to the end. Phishing is an electronic attack that combines social engineering with some technical aspects of software programs in order to trick you into giving up some personal information. Even with up-to-date virus scanners checking your computer and your e-mail, phishing attacks usually get through, because in and of themselves they aren't harmful. That's where you come in. Let's look at a typical phishing scenario. I'm sitting in my office, working away, when all of a sudden I get a new e-mail. Since I have local anti-virus scanning on my computer and the mail server is scanning my messages, I regard the new message as safe, since no warning messages are popping up. It doesn't even have any suspicious attachments. And it doesn't look like spam either - no offers for l0wer m0rtg.age ra-tes or personal enhancement products. It's a worrying message from PayPal saying that my billing records need to be updated, otherwise my account will be suspended. It sounds very urgent. PayPal - now owned by eBay - is sort of an online banking service that lets people transfer money back and forth, and is frequently used by eBay customers. I actually do have a PayPal account, so this seems very real, and spurs me to action. I click on the highlighted link, which opens my browser to a site that looks just like PayPal. It prompts me for all sorts of personal information - back account numbers, social security numbers, you name it - so I fill it out and breathe a sigh of relief that my account won't be terminated now. A few days later my identity is stolen, sold, passed around on the Internet, and somebody opens a few accounts in my name and applies for a mortgage. This is exactly what you should NOT do! Let's look at that e-mail message a little more closely (in case you are wondering, this is a real one that I dug out of my trash): It looks very authentic. At the top, it claims to come from a "PayPal" address. Of course, whether such an address actually exists is another matter, but it seems legitimate. The graphics are all there, consistent with the real PayPal site. (Actually, if you use Outlook 2003, be default the graphics wouldn't show, and you would have to explicitly right-click and display them.) Ironically, there is even a section about protecting your privacy, which sounds real and appropriate. All of it is designed to make things look legitimate at first glance, instill a false sense of security, and rush you into clicking on a link. However, if you start to look closer, you may notice a few odd things. First of all, the title is misspelled. It shouldn't be "You're", but rather "Your". That's a tiny thing, but you can be sure a company like PayPal has people check the spelling of anything they send out. In fact, many spoofed phishing messages have poor spelling or grammar in a couple of places, so that's one thing to watch out for. If you hover your mouse over the links (don't click, just move the pointer over them), you will see a pop-up that shows the real address you would go to if you clicked the link. It may say one thing in the e-mail, but even a link that looks like a URL (an Internet address) could really be pointing somewhere else. That's why you should always check links in any message you receive, no matter how legitimate it looks. In fact, you can do the same in your browser - if you hover your pointer over a link, the address should display at the bottom of the browser window, in the status bar. If it doesn't look like something you would expect, don't click it. In our example, the bottom link definitely looks suspicious, because the domain isn't even close to paypal.com. However, the top one is "sort" of right, just with an extra character. It's fake as well. The real domain is paypal.com, without any extra characters. Normally, if you do business with the company, and you have been to their web site, you would know what the real address looks like. Here is another example: It doesn't have graphics, and seems "less real" (or even "less fake" to some people), but both links would redirect you to another site in this case as well. If you notice, the real links go to an Internet address specified in numeric (IP) form rather than a domain name. As a rule of thumb, no legitimate company would point you to a site with such an address, so that's yet another warning sign. If you are unsure about a link in a message, especially one that asks you to go to a site that you think you visit often (even more so one that came from any sort of company that deals with money or personal information like social security numbers), be safe rather than sorry. Ignore the message. If you do business with the company and are concerned about your account, do one of two things: Open your browser and manually type in the address. If you have a bookmark, use it. Call the company over the phone to make sure your account is safe. Many companies that are targets of spoofed e-mails have put up advisories and guides about protecting yourself from such fake messages. PayPal's guide is a great example, and covers a lot of the common things to watch out for when looking at a suspicious message. Definitely worth a read. Generally, no legitimate company will ever ask you in an e-mail to provide personal information, follow links to verify your account, or threaten to quickly close an account unless you reply or do something. Sometimes it's easy to disregard such messages simply because they come from a company that you don't do business with anyway. In recent months I've seen them from real companies like Regions Bank, Washington Mutual, Key Bank, Huntington Bank, just to name a few. If you have never been involved with them, simply delete the messages without even looking at it. Remember that successful phishing requires you to not think and blindly follow some directions in an e-mail message or on a web site. So just take your time, don't rush to click on links, carefully read all the text, determine how (un)comfortable you are with it, and only then act. It may take a few more minutes to deal with an e-mail, but you will be spared living the horror stories of people who had their identities stolen and later had to spend a lot of time and money to get everything straightened out. If you want some further reading about phishing, here are some good sites to get you started: FTC's consumer alert about phishing How to Avoid Phishing Scams Phishing entry in Wikipedia Examples of phishing messages Test your phishing IQ Microsoft's phishing page Phishing page at the Better Business Bureau Phishing: Spam that can't be ignored (ZDNet article) Symantec's phishing page There are, of course, many more sites dealing with the problem, but these will give you a pretty good overview and suggest steps to protect yourself. Remember, think before clicking and stay safe out there! Posted May 04 2005, 11:58 AM by peter with no comments Filed under: Tips and Tidbits