Google vs. China
This is a rather interesting development...
Google believes its systems are being attacked by China, in order to gain information on Chinese human rights activists who happen to use Gmail. Well, duh. What prominent company or government isn't being targeted by Chinese state-sponsored hackers? (Perhaps the nation of Togo.)
The interesting part is Google's response: a threat to stop doing business in China. That would mean closing its office there, and shutting down Google.cn (the Chinese version of its search engine, with government-friendly censored results). If Google follows through on this threat, it will send a simple message: play nice or we'll take our ball and go home. Hopefully they will also release more details about the attacks, so that the rest of us can learn to better defend ourselves.
Of course, China's economy is huge, and the loss of business with one foreign company probably wont have a measurable impact (unless it's Walmart). However, it's still a powerful symbolic gesture. If China wants to be treated as a serious member of our modern global society, they need to stop acting like Mongol invaders from the 13th century.
Maybe if more companies took a similar stance (and followed through), then China would rethink its hostile cyber strategies. Or would they just be sneakier about it?
Green text, black background
I tend to do my development using vim, in a terminal window connected to a remote server that looks very much like the production environment. Thankfully, I am not the only one who works this way. Perhaps I'm not crazy after all?
Green text. Black background. I’ll tell you why right now. I’m an old school DOS guy. My first word processor was Wordstar and that’s the word processing program I came to associate with the fugue-like state of maximum productivity: the Zone. This is why I continue to favor colored text on a black background in my current favorite editor, Textmate. The coloring reminds me of an primal safe place where the tool is serving its purpose — to get the hell out of the way so I can go be exponentially more productive.
This is why, as engineers, we stick with something that works for us. This is why the ancient likes of vi and Emacs continue to flourish. Once we find a tool that works for us, once we’ve chosen that tool, it becomes ours and remains ours. It allows us to get foamy.
I've had similar experiences with Dreamweaver and other WYSIWYG tools, where they are just too helpful and end up jumbling up my carefully formatted code. To be honest, I never even really liked working in Eclipse, either. It's just too distracting, and again, too "helpful" for my taste. But like Rands says, to each his own.
via Rands In Repose
Clever malware
A clever piece of bank account-targeting malware was recently discovered. It does the usual task of transferring money out of the victim's account. But it also has a clever trick to help delay the victim from noticing the missing money. When he checks his bank statement online, the malware-initiated fund transfers will be dynamically removed. Of course, this assume that the victim is checking his account from the previously-infected computer, but it's still an interesting trick to buy the criminal some more time.
The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.
“The Trojan is hooked into your browser and dynamically modifies the text in the html,” Ben-Itzhak says. “It’s a very sophisticated technique.”
via Threat Level
Sandia to boot behemoth botnet
I'm looking forward to finding out the results of this research!
[Sandia's] Thunderbird supercomputer will periodically run a million virtual machines all at once, all with botnet client software. By setting this large network of systems into operation, the researchers, Ron Minnich and Don Rudish, hope to better understand how botnets operate.
It's a cool idea, and could probably keep me busy forever. The only issue I have with this project is that the time and money would be better spent on trying to improve the fundamental security issues of our computing model, rather than just learning about a symptom (in this case, botnets). Still, it sounds like fun, and will hopefully produce some actionable knowledge in a year or two.
via Sandia to boot behemoth botnet -- Government Computer News.
Rethinking “control” in software engineering
I just read a short but interesting article by Tom DeMarco on the concepts of metrics and control in software engineering. Here's the bottom line that really resonated with me:
This leads us to the odd conclusion that strict control is something that matters a lot on relatively useless projects and much less on useful projects.
That might not sound intuitive at first, but it makes sense after reading what he has to say.
The article (PDF) is available here: http://www2.computer.org/cms/Computer.org/ComputingNow/homepage/2009/0709/rW_SO_Viewpoints.pdf.