Years ago an employer gave me a small key fob unit that generated unique serial numbers on demand. It was used as part of a two-phase authentication scheme for the company’s virtual private network (VPN). The idea of such tokens is that the fob and central system generate the unique numbers in lock-step with one another; the sequence changes every 30 seconds or so. After that period, the sequence expires. The system uses a highly accurate clock to keep the fob in sync with the central server, so the number generated by the fob is always the same one the server has in its key store.

Such systems are great, but a bit cumbersome. The higher the security level, the more difficult the access mechanism (the opening sequence from Get Smart comes to mind). That said, these units are popular among banks and other online financial services that worry about their users’ access credentials being stolen. They’re not perfect, but they’d force a potential hacker to either steal a fob or gain access to the server providing the tokens. No token, no access.

Even more interesting is that World of Warcraft is now adopting the same authentication scheme to battle what’s apparently a concerted effort to hack into WoW accounts. Recently Microsoft’s Malicious Software Removal Tool discovered masses of PCs infected with spyware specifically designed to steal authentication materials for online games.

Why anyone is interested in online game passwords, I don’t know. Do they want to hijack thousands of pre-existing avatars? Are they looking for personally identifying information regarding the gamers themselves? I’m not sure, but the fact that such material is considered valuable by someone reflects the increasing importance of the online world in our daily lives. Now thieves are interested in not only real-life assets, but virtual ones as well. Where will it all end?

More importantly, how will I manage to keep track of a half dozen synchronous authenticators on my key ring? It’s already filled with way too many of those retail store “rewards” tags. I guess it’s a good thing I don’t carry many keys!

A few years later Windows arrived. Today everyone knows it as an operating system. Back then it was just an application atop DOS, and remained so until Windows 95 (which still had DOS under the covers). I remember installing 2.0 (yes, indeed) on my desktop PC and thinking it was kind of cool, but what was it really good for? At that point, everything was character cell. Oh, how things have changed.

PCs were now usable, but at this point they really couldn’t be networked (this is roughly 1989 or so…) except, in some cases, to other PCs. No one had written a TCP/IP stack for the PC, so they couldn’t be used for this thing called the Internet. That was the realm of UNIX systems and a few others.

In the 1990s, everything came together–the PC, Windows, TCP/IP, and the Internet. The rest is history.

So what did Bill do for us? Basically, I see him as an Edison-like figure. He isn’t Techno-Bill from Dilbert, arrayed with vast technological powers and able to write millions of lines of code at a single sitting. He is the kind of guy who is good at saying “hey, if we take these technologies and bolt them together like this, it’ll make these PC things more useful.” Edison often took others’ basic ideas and expanded or improved them. He was unapologetic about it. So is Bill.

Bill is an idea guy, a marketing whiz, and a strong motivator. Is he also cantankerous, brusque, and single-minded? From all accounts, yes. Successful people often are. Get over it, people.

DOS was just an OS. Windows is, really, an outgrowth of earlier windowing systems developed at Xerox, MIT, and other places. TCP/IP was the foundation of the Internet. Other people had written Office suites before MS Office came along. What Bill and Microsoft did was to bring it all together into one big, more or less happy package and make it accessible to everyone. I’ve always said that Microsoft doesn’t really innovate; instead they take existing technologies and make them more useful.
They popularize technology. They bring it to the people.

Thanks, Bill.

It seems everyone is writing about Bill Gates’ imminent departure from Microsoft. I’ve been in the field nearly as long as he has, and I think it’s a good time to think about what’s happened during those intervening years.

Here we are in 2008, with a global Internet and ubiquitous machines that we use daily. We have terabytes of storage in our houses, superb wide screen graphics, gigabytes of memory, and processors that scream along at speeds that were the realm of science fiction only a decade ago.

When Bill started, there were no PCs. Sure, there were hobbyist computers like the Altair and IMSAI 8080, but most didn’t even have graphics. I remember lusting after an Ohio Scientific machine as an undergraduate, but at $900 (in 1980 dollars) it was just way out of my range. It had an 8 bit processor, minimal character cell graphics, no hard disk, no mouse (what’s a mouse?), and no software. You booted the OS and wrote your own.

Only true geeks owned computers back then, because basically there were no commercial applications. If you wanted a machine to do something, you wrote the software yourself. In fact, I know a guy at IBM who was there when the first IBM PC was introduced. At that point, the company offered its own employees incentives to write useful software for the thing on their own time. If they developed something marketable, the company bought it from them just like any other vendor. That’s how little software was available.

Then came MS-DOS and its competitors, which made life a whole lot easier in many ways. More software appeared, but it was still primitive and character cell based. Finally, along came the Mac and a windowing system (gasp!). It was user friendly, performed multiple tasks more or less at the same time, and was basically just plug and go. As a closed architecture, you just parked it on a desk and turned it on.

To be continued…

A while back I mentioned certain ISPs were considering tracking network usage of their customers, in order to determine browsing habits and bandwidth use. Now, at least one of those companies has backed off from these plans in the face of privacy and other concerns. Bravo, although as one privacy advocate noted this was “quick damage control” on the part of Charter Communications.

The announcement they issued was a classic of corporate double-speak. “Our customers are always our first priority,” Charter said. “We will continue to take a thoughtful, deliberate approach with the goal to ultimately structure an advertising service that enhances the Internet experience for our customers and addresses questions and concerns they’ve raised.” This is boilerplate PR gibberish designed to calm the situation while leaving the door open for future monitoring.

What the above basically says is “we got caught and will make other plans that will allow us to gather the information we want.” The pie is too big to do otherwise. Internet advertising, especially the directed type that sends locale-specific ads to customers based on IP address, is big business. ISPs want other revenue streams, so if they can come up with a way to gather data that’s useful to advertisers, they’ll do it.

Charter’s plans drew immediate (and definitely unwanted) attention from Congress. Many voters are concerned about how their private data is being used and misused. Personally, I despise locale-based advertising and think it should be heavily regulated. For the most part, it seems to consist of directed ads for movie tickets at nearby theaters and idiotic nonsense about “meeting local singles.” I’m sorry, that’s just a waste of bandwidth.

What the US needs is a good data protection act that prohibits companies from gathering or using this sort of data for advertising purposes. While ISPs need the ability to monitor bandwidth consumption for the purpose of improving network service, they should not be able to retain that data or mine it for advertising purposes.

For that matter, we need a law similar to one in effect in the EU that forces companies to delete credit card information no more than six months after a consumer buys something. Keeping it around forever (which is the current state of play in the US for most companies) just means there’s more to steal when someone hacks into a company’s servers.

Despite a massive push by consumers to keep XP on the shelves almost indefinitely, Microsoft formally announced they’re taking it off the shelves as planned. However, they’ve left the door open for sales to continue in special cases — OEM vendors, for instance, can continue to sell the product for the foreseeable future.

The good news is that, even though you won’t be able to buy new copies, support will be available for a long time to come. According to the above article, under “previously-scheduled timetables, XP continues in “mainstream support” until April 14, 2009, and won’t be dropped from “extended support” until after April 8, 2014.” I don’t buy support contracts anyway, and I’m sure another option (AKA Linux) will present itself long before the 2014 deadline.

I suspect Microsoft really had little choice but to stick to its sales deadline. Extending it would be tantamount to acknowledging the defects and user disaffection around Vista, which continue despite numerous fixes and alterations.

This said, I’m of the opinion Redmond is in trouble. They may not even know it yet. Or maybe they do. Linux is on the rise. Firefox now accounts for a much larger percentage of browser users. Open Office has developed into a superb application suite that can do probably 99% of what Office does. MySQL and other databases continue to gain in popularity. Apple is back with a vengeance. How long can Microsoft retain its hegemony in the field under these conditions?

The folks in Redmond need to do something new. They need to do it soon, and it shouldn’t be yet another pieced-together product based on other peoples’ technology. SQL Server is Sybase under the covers. Active Directory is just LDAP + Kerberos in an easier to manage package. Dot NET is JSPs + some Microsoft extensions. How about something brand new for a change? Or maybe a product that isn’t a vendor-specific twist (J++, MS HTML extensions, etc.) on an industry standard?

Here’s to innovation. Now, let’s see some.

Competition is fierce in the marketplace today. With lower consumer spending and tighter margins, corporations are often desperate to find new customers. Thus, they often lie…or at least don’t tell the whole truth. Comcast seems to be one of the worst offenders in this respect.

I dumped them as a provider because of their idiotic crusade against satellite TV (DirecTV and Dish Network) a few years back. They’d show commercials with a dish mounted in a bucket of cement on someone’s porch, with an actor saying how unreliable it was. Then some staged “wind” would blow over the dish and bucket. Gee, what a surprise.

The problem is that this isn’t how satellite dishes are installed, and anyone who tries something like that is asking for trouble. I’ve used a dish for a decade now, and it’s dead stable in all types of weather. My brother has had a similar experience.

Thus it’s not surprising some people are apparently confused about Comcast’s advertising against Verizon FIOs. Claims are made that “Comcast has used fiber for years, so it’s just as good.” That’s a half truth, as the article notes. Both cable and phone companies have used fiber backbones for years now (I remember watching this happen in the 1990s).

The problem is “the last mile” to the customer’s house. Using fiber in major distribution channels is relatively easy. Pulling it to millions of individual residences is much harder. I seem to recall that putting fiber in all US residences would take more fiber than has ever been laid before, but that could be wrong.

So yes, Comcast has had fiber for a long time…just like Verizon, AT&T, and everyone else. What they’re NOT saying is that, until today, they haven’t done much about getting it into subscribers’ homes. FIOS does that, thereby providing higher speeds and more overall flexibility for the future. Cable companies will need to make the same commitment in order to compete, and it’ll be an expensive proposition due to the high cost of installation.

Cable companies also like to claim their connections aren’t shared, so each subscriber gets faster service. This is an out-and-out lie — cable access is shared just like the phone system. In some cases, there’s still a single cable running through a given neighborhood with a tap for each installed house. Even if there’s a local access point with individual cables running to it, subscribers are still sharing the bandwidth provided by that access point.

What’s the best network option for you? The one that provides the best speed and reliability. That could be cable, DSL, or satellite. It all depends on your location, provider, and requirements.

As I mentioned a few days ago, my employer recently saw fit to send a new laptop to replace the aging Thinkpad T42p I’d been using the last few years. It wasn’t a bad machine and was basically sufficient for my needs, but I was starting to worry it had reached its “useful life expectancy.” It’s like when cars hit a certain point on the odometer and parts start falling off.

The new beast is a Thinkpad (first I’ve had with the Lenovo logo on the lid) T61p. Surprisingly, they sent a widescreen model that’s a full 15.5″ on the diagonal. I guess they like me. That extra 1.5″ makes a difference. I must say, I’m pleasantly surprised at its behavior so far. Everything was, of course, pre-installed by the company so initial setup took only a half hour or so.

Currently, my measure of a machine’s general performance involves Second Life, which is pretty graphics intensive. It also uses a fair bit of memory and CPU. The old machine could barely handle the current SL client, which uses a more intensive rendering engine than earlier versions. The new one picked it right up and is, in some respects, even smoother than my desktop machine. Nice. I haven’t taken it for a long test drive in SL yet, but initial tests showed no problems at all.

My employer also supplied a nice new mini dock. To me, a dock is a necessity simply because it allows you to raise the keyboard angle. While I can type on a flat machine if necessary, that slight angle makes my hands a lot happier and keeps the RSI to a minimum. The machine is mainly used in its docked position, and I also discovered this model has a “battery preserver” mode that exercises the battery even when the machine is in the dock. This keeps it fresher, so it’s more likely to retain a charge over a long period.

Not bad. Now we’ll see how the Lenovo-branded versions hold up over the long haul. If they’re anything like “real” IBM Thinkpads, I’ll be a very happy guy.

And it (the Thinkpad, not the dock) fits my backpack. That’s important.

If you’ve never heard of a “typo-squatter,” it’s a domain that was established solely for the purpose of catching users who mis-type the name of another domain. I happened across one several years back, when I mistyped a letter in “ebay” and ended up…well, somewhere I didn’t really intend. Just don’t try to guess.

These sites are problematic for a number of reasons. First and foremost, they’re often used to dispense spyware and other forms of malicious software. They can be dolled up to look like the “real” site, and some users won’t even suspect they’ve typed the wrong URL. You can imagine the consequences.

Second, they can be used for identity theft. The same rules apply. Someone mistypes the name of their bank, ends up on a typo-squatter site, and discloses their account information. Not a good situation overall, and I’ll bet incidents like these account for a fair number of ID theft problems.

Last (of the big three) there’s the problem of kids on the Web. If adults are bad spellers and typists, many kids are far worse. How hard would it be for someone to typo-squat on “barny.com” in the hope that kids looking for barney.com will stumble across it? What if the bogus site dispenses porn or some other inappropriate material? These are legitimate concerns.

Microsoft has a solution called Strider that’s designed to help intercept and avoid typos that will lead someone to an inappropriate site. It’s also supposed to help with the problem of 3rd-party redirection by an allegedly legitimate site to something the user didn’t intend.

And don’t feel bad about avoiding these sites, either. According to one source, the majority of typo-squatting sites are simply there to make money off syndicated advertising. They don’t sell anything real, and are just parked there to catch the unwary or spelling-deficient. “The typo domain makes its money from syndicated advertising such as Google’s AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program.”

Strider is a good idea. Hopefully it and programs like it will make some sort of dent in this problem.

If you haven’t upgraded to Firefox 3 yet, I strongly suggest giving it a try. The reviews that have appeared so far indicate it’s a massive improvement on an already awesome product. Predictive browsing, lower RAM usage, faster browsing, and support for 46 languages…what else could anyone want?

The browser is your key to the Internet. If it behaves well, life is good. If it doesn’t (cough cough…Internet Explorer 7) you’ll have problems. I’ve been developing software for years, and for the Web since 1995. The fact that IE has always been “different” drives me and other developers crazy. Plus, it’s a memory pig and IE7’s so-called security features are often just plain annoying.

I can’t count the number of times IE7 has refused to allow me to install a certificate it thinks is somehow dangerous. And sometimes it even whines after I’ve managed to get the certificate installed. I’m sorry, but not every self-signed certificate is indicative of a spam or otherwise bogus site. Some people just can’t afford to cough up $1000 for a real certificate from Verisign. Unless you’re divulging your credit card information or some type of sensitive personal data, a self-signed certificate is probably okay to accept.

But back to Firefox 3. Apparently there are 15,000 bug fixes in it. That’s a lot of fixes. Some people would scoff and say “well, that’s free software…if it’s free, it can’t be any good.” They don’t know (because Microsoft generally won’t say) how many fixes went into a given Windows service pack or brand new release.

I also love the cross-OS integration, i.e. that “browser buttons and window frames have also been redesigned to conform with the look of whichever OS you’re running—Windows XP, Vista , Macintosh, or Linux.” Now that’s just cool. No longer do Mac users have to suffer with a Windows-like GUI. Same with Linux (I haven’t tried FF3 there yet, but I hope it looks like a traditional X-windows app).

By far the coolest thing is the “Awesome Bar,” or “location bar” that uses predictive algorithms to figure out what site you’re after. Gotta be AJAX under there along with some pretty good statistical modeling at the server end. It’s just cool. Go try it. IE is officially dead as far as I’m concerned. There’s no contest.

Recently I needed two small PC parts — an ATX power supply and a SATA cable — and realized how difficult it’s becoming to find components in local retail stores. CompUSA is gone from my area. Places like Best Buy and Circuit City barely stock any parts. Radio Shack is a pale shadow of its former self.

This is sad, but it isn’t surprising. PCs are less a hobbyist item these days than appliances. Back in the day, more people built their own systems because it was often cheaper and resulted in a better machine. Mass produced machines generally didn’t have high end graphics cards or disk controllers. Buying a PC back then was like ordering from a “no substitutions” restaurant, or buying a car. You got what they had on the lot.

Today it’s all changed. I just bought a new Dell for my wife, and really enjoyed their online customization process. I picked the hottest graphics card and largest memory option, opted for XP rather than horrific Vista, and got exactly what I knew she wanted. The easy availability of pre-built custom PCs has diminished the need for custom solutions, except among dedicated geeks and gamers who overclock their machines for fun and education. Pre-built machines also have warranties, which are important for many people who weren’t born with diagnostic abilities.

So where do you get parts these days? Mainly, you’re confined to online vendors. There’s always Tiger Direct and NewEgg; both offer lots of components at decent prices. I just received a catalog from Cyberguys, who specialize in cables, small components, repair kits, and interesting add-in bits. They have some odd items I’ve never seen anywhere else.

I’ve also noticed a number of independent PC repair and parts stores in my local area. Some stock a fairly wide range of components, while others order stuff in on an as-needed basis. Most I’ve encountered are owned by very friendly people who seem willing to offer any help they can. I like patronizing independent stores — buying locally is not a bad way to handle business.

The moral of the story is that you’d better plan ahead if you decide to do any hardware hacking or repairs. You might be lucky and live in an area with a Frys Electronics — a Mecca of geekdom if I ever saw one. If so, you can probably find anything you want whenever you need it. If not, UPS may be your best friend.