I’ve created a links page that contains a set of potentially interesting links. Mostly it’s a collection of my profiles on several sites that I use from time to time. Hopefully, it will be a good way to find me in other places on the internet.
Now, I have seen a lot of similar pages on other sites that contain long lists of links to things that I’ve almost always seen before. Thus, I have specifically tried to avoid two things with this: Stating the obvious and Verbosity. I will try to maintain this set of links over time given those objectives.
One of the biggest reasons that computer security is so lax across many private industries is that there is a serious lack of accountability. If a business has a massive data breach, currently the only major or direct consequence of that breach to the business is a public relations problem of some degree. Of course, for many of the people who just had sensitive personal information compromised irretrievably, the consequences are much more dire.
In light of this, I’m very please to have read about some promising recent state laws that are allowing businesses to recover costs related to data breaches by other businesses. This is a bit abstract so here’s an example: ABC Corporation has a data breach. This data breach requires XYZ Incorporated, who has many of the same customers, to spend a lot of time and money updating records and making sure that all their customers are once again legitimate. Under laws similar to the ones mentioned in the article, XYZ Incorporated can now recover costs from ABC Corporation.
This sort of financial accountability is critical to improving data security across industries. Bruce Schneier has talked about this before. It’s a fairly simple principle that for some reason has been particularly slow to catch on. Unless there’s a financial incentive to good data security practices, businesses won’t bother with them.
I also like that this is a business vs. business scenario because that should improve enforcement dramatically. HIPAA has been stuck in limbo because of a near complete lack of enforcement to this day. Other businesses are much more likely to take the time to sue companies with poor data security than the government.
Last weekend there was an excellent article in the New York Times about Gold Farming. I mean to post about it earlier, but later is definitely better than never in this case. As a former hardcore EverQuest player, I can say that there’s a lot of this article that rings as very well said.
In particular, they make some good points about how the practice of Gold Farming is viewed in MMORPGs. When I used to play as a significant portion of my life, I was an elitist about how someone earned their equipment or plat, which is the common currency in EQ. I completely understand that perspective and still sympathize with those hardcore gamers who take great pride in earning things themselves. To them, Gold Farming is abhorrent and should be banned, outlawed. It dilutes their accomplishments by flooding the market with expensive and hard to get items.
Now as a more casual player, I would like to be able to at least progress without spending the time doing some of the more tedious things associated with MMORPGs. I tend to play World of Warcraft more than EverQuest when I do play, which is not all that often anymore. I want to spend my time killing things and doing dungeon crawls with friends, not foraging for trade skills or earning gold to buy equipment. Not that I have a lot of disposable cash for such things, but if I did it would be tempting.
The New York Times article shows both sides of the coin pretty accurately, if you’ll pardon the pun. It also describes how these things aren’t going to disappear. MMORPGs are huge markets now. As a result, the demand for services like Power Leveling and Gold Farming will make sure that these things don’t disappear. I think it makes sense for Blizzard, Sony and other producers to find a way to incorporate, regulate and profit from these services. It would eliminate some of the farming, stabilize the economies and perhaps even make the games more fun. It can even improve the endgame so long as all the absolute best items can’t be bought with real world money.
Earlier this week the Sixth US Circuit Court of Appeals made an important ruling about the privacy of emails. This ruling basically states that a probable cause warrant would have to be issued for investigators to get access to your emails from an ISP. While you might have thought that something like this would already have been standard practice, the reality is that previous to this ruling investigators could have readily gained access to your emails from your ISP and you likely wouldn’t have known.
Another important thing to take from this is that anyone using an encryption protocol for their email would have been unaffected by a secret investigation. Investigators would certainly have been able to gain access to your emails, but they would have had no way to read them. I understand a lot of the arguments against using email encryption. It isn’t user friendly in most cases and there’s a lot of annoying overhead in setting it up right. However, in a world where almost every kind of communication from love letters to business deals are talked about in emails, which are stored on thousands of different servers for much, much longer than people realize, there’s certainly a compelling argument to biting the bullet and dealing with the overhead.
If you are using a webmail account, this could be more difficult. However, as I posted previously, there are some promising signs that email encryption can be done entirely through a web browser.
Well, the results are in and everyone predicting ZFS as the file system for the next version of Apple’s Mac OS X was only partially right. Turns out that ZFS won’t be the exclusive file system used in Leopard. Of course, this news has come by way of massive back and forth. Needless to say, there’s a lot of confusion about this story. Confusion is never a good thing. If you only wanted to read one article about the whole ordeal, this one summarizes everything pretty well.
Personally, I would be interested in using ZFS in two possible scenarios. The first would be on a Linux desktop / server, which is likely not going to happen because it is released in an incompatible license. To make a short story long: ZFS is released under the CDDL, which doesn’t really play nice with Linux, but there’s a movement to port ZFS to FUSE/Linux so that it runs in userspace under the CDDL. At best, it’s under investigation.
The other place where I would be interested in using ZFS is on a laptop. This is interesting because of the incremental remote backup facilities that it provides. I also like the built in compression features. However, I have to say that lack of file system encryption is probably a deal breaker for me on a laptop. It’s just too important to have on a laptop. There is a zfs-crypto project, but it’s still under development.
I know this was originally scoped out as a server file system, but I don’t understand why they didn’t want to include encryption at the file system level. There are certainly a lot of uses for file system level encryption in a server environment, not the least of which is to avoid the cloudy legal status of third party consent in computer searches. With an encrypted file system, you don’t have to worry about someone stealing your hard drive and using another tool to read it’s contents. Maybe I’m extremely biased, but it seems like any new file system that wants to take itself seriously at the server level and especially on laptops should be designed to at least allow encryption as an option.
One of my pet peeves with gmail is that it doesn’t have native support for GnuPG. I don’t think email encryption will ever achieve widespread adoption unless it’s built in to a major webmail client. Since Google’s philosophy of doing no evil seems at least somewhat close to doing something good, I was hopeful that they would find a way to get it to work. Of course, that didn’t happen. I suspect that it was and is because they want to be able to scan the text of your emails to provide you targeted advertising. I don’t really know because I don’t use gmail that often.
However, there was an article that caught my eye on Linux.com about a new Firefox plugin called FireGPG that allows someone to use GnuPG with their gmail client. I haven’t tried it yet, but it really looks legit. Also, I’ve been looking for something like this for so long that I couldn’t wait to announce that it does, in fact, exist. If only web-based email security wasn’t once again an afterthought…
This is one of the most hilarious books I have read in a long while. It is called Julie and Julia: My Year of Cooking Dangerously. The premise of the book is that a 29 going on 30 secretary named Julie Powell from New York City does something extreme to break the mundane routine that has become her life: she decides to cook all 524 recipes in Julia Child’s famous book Mastering the Art of French Cooking in one year.
I know what you’re thinking, but the book isn’t all about cooking. It’s really more of a How-To guide for everyone’s eventual post-college quarter life crisis. You know how it goes. You get to the real world and you finally have “grown-up” by basically every possible standard and there’s nothing. It’s not like you get a prize or anything. You’re just…there. Life is happening and you just have to make your way in the world. This book is one woman’s crazy, hilarious journey to find that inner peace and achieve a level of happiness.
One thing that surprised me is how much I had in common with this woman. We both like playing Civilization, cooking to some degree, and finding the humor in the general idiocy of bureaucracies. It was freaky how many little things there were where I felt a kinship with this woman that I never met. Perhaps it’s just that she comes across as so genuine it’s hard not to find things in the book where you haven’t found yourself in a similar situation.
I can’t recommend the book enough. It’s a crazy project taken on by a woman of arguable sanity, who manages to convey the whole experience in side-splitting fashion. I can’t really even imagine trying to eat 524 French foods in a year, let alone trying to cook them all basically from scratch first.
Of course, there’s a similarity to another book that I read somewhat recently called The Know-It-All by A.J. Jacobs, which was also extremely good. There’s something about these books that feels like a sort of marathon version of Truth or Dare gone wild. These are the sorts of things that kind of make you just sit back in awe and think “Only in America…” Both of these books are excellent. I’m not sure what Julie Powell’s next book might be, but I know A.J. Jacobs is working on a book about a year living biblically, which is essentially about following the Bible as literally as possible, including all the lesser known rules for an entire year. I will certainly be looking into reading that.
Gentoo Linux recently released it’s latest install live CD called Gentoo Linux 2007.0. Slashdot reported that it had some mixed reviews. The Gentoo Forums have a few reports of a buggy GUI installation process.
Personally, I think the GUI installation is a bit of overkill, but then I have never done it. I simply feel this way because the command line install worked so incredibly well for me that it seemed entirely unnecessary to have a GUI. Of course, I am a command line person, so perhaps I’m biased.
Still though, I am somewhat disappointed that Gentoo has invested so much time into a GUI installer. I know that the idea of a GUI installer is sexier than just making sure that other, more basic, packages work right, but in the long run having a solid set of packages to install is a lot more useful than a GUI Installer that people only use once. There are certainly enough difficulties in maintaining other packages to warrant the extra work.