Sunday, July 31, 2011

"Google Health" on its deathbed

The google giveth and the google taketh away:

Official Google Blog: An update on Google Health and Google PowerMeter:

"we’ve observed that Google Health is not having the broad impact that we hoped it would. There has been adoption among certain groups of users like tech-savvy patients and their caregivers, and more recently fitness and wellness enthusiasts. But we haven’t found a way to translate that limited usage into widespread adoption in the daily health routines of millions of people. That’s why we’ve made the difficult decision to discontinue the Google Health service. We’ll continue to operate the Google Health site as usual through January 1, 2012, and we’ll provide an ongoing way for people to download their health data for an additional year beyond that, through January 1, 2013."

This means that my effort of codifying my health history, and keeping track of my workout regime and it's effect will still have a function: To remind me and other early adopters not to put too much trust in new projects, even from the biggest companies.

Now hows that G+ profile building coming along....

Thursday, July 28, 2011

New snooping bill: What could possibly go wrong?

House panel approves broadened ISP snooping bill :

"Internet providers would be forced to keep logs of their customers' activities for one year--in case police want to review them in the future--under legislation that a U.S. House of Representatives committee approved today.

The 19 to 10 vote represents a victory for conservative Republicans, who made data retention their first major technology initiative after last fall's elections, and the Justice Department officials who have quietly lobbied for the sweeping new requirements, a development first reported by CNET.

A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote, the panel rejected an amendment that would have clarified that only IP addresses must be stored."
Let's think this through (hey, somebody has to!):

  •  This is billed as a "protecting children from pornography" act.   Where is the official double-speak justification on this?  What part of this could even theoretically protect any kid from pornography? Did the spin-doctor on duty call in sick?
  • This is going to be made available for "police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well".   Are we feeling secure yet?
  • Every other monitoring system of this sort has been abused on a systematic basis.  
  • Who is going to be paying for this?  I see a $6.99/month "snooped data retention" fee coming to a statement near you soon!
  • The ISP is supposed to be capturing credit card numbers, bank account numbers, personal information, which begs questions such as:
    • Who is going to be responsible for storing and safeguarding this information?  
    • Can you imagine what kind of tasty target it would be for a criminal?  How may credit card transactions are flowing through Comcast's network every day?
    • Are the ISPs going to be held to the same data confidentiality laws as everybody else?
      I see PCI, HIPAA and a few others jump out as being applicable here.   Who is going to audit these systems to ensure compliance.
    • (Luckily) nearly every website these days uses HTTPS from credit card transactions.  How is an ISP supposed to capture this information on the wire?
There are so many things wrong with this idea, and they haven't even started implementing it yet.

Seriously? A.k.a. "My adventures with "ePolicy Orchestrator"

From the why-oh-why-do-you-hate-me department:

Seriously? We have to break the official IT computer naming policy because you product refuses to be installed on a system that has a (perfectly legit) underscore in it's name?

I usually don't get frustrated with a product until after I install it.

It only after I change the computer name, that I get this error on my Windows 7 professional installation:

Of course, that document is not part of the installation, only the "product guide" is. 

Update 1:
I now have a super duper "Windows Server 2008 R2 - 64 bit" installation.   Guess what I get when the installation starts?  A new error!

"8.3 naming convention"?  Wait...  Didn't you just force me to upgrade to "Windows super duper"? And then you complain that you don't have the features from DOS in 1981?  And no, the "installation guide" doesn't mention anything about this.

Update 2:
After some Googleing, a registry change, installing MS SQL, configuring port, choosing various passwords (whose complexity requirement are kept a secret), the installer finally got running.

And I was awarded with....

At this point, only 1 comment makes sense:
Update 3:

Wondering if I was running the latest version, I found out

  • McAfee's beta portal is seriously broken
    • it refuses my (stored) password 
    • it doesn't really execute password resets (although it says it does)
  • That doesn't really matter, since there is a an open FTP server from which one can download any beta software they ever released.
  • That also doesn't really matter, since I was already testing with the latest version, EPO 4.6 RC3.
  • The beta seems to expire really quickly, in this case: May 31, 2011 (it was released mid march)
So, saying in the spirit, I used an ancient "hack" technique from the 80s.  It's called "setting the clock back".
30 minutes of installation dialogs later:

Allow me to say:

Tuesday, July 19, 2011

Pretty Good Ponderings?

Yesterday, I finally got around to generate a new PGP/GPG key pair, and obsoleted 2 old ones.   They were created in 1994 and 1998.   I couldn't even generate a revocation for the oldest one, since the "IDEA" cipher is  no longer supported.

Let me rephrase that in context:

I can mathematically prove that I was active in computer security before many of the attackers that I defend against, were born.

In other news:
Djee, I'm old.  But in this industry, we call that "well-tested and peer-reviewed".

P.S: For those wanted the shiny new bits on their keyring, the magic incantation is:

gpg --recv-keys 0x788a1200b221877e