The enemy gets PWND

Sorry for the poor headline... actually I was reluctant to post about this story because of some sense of dignity preventing me from dancing on the ashes of the enemy... but in the end the joy was too much to contain. Wandering what the Hell I'm babblig about? but of the outcome of the Pwn2Own contest! What else?

A few notes for those who are not familiar with the contest, it is pretty straightforward actually.
There are 3 shiny laptops with default software and latest patches available: one with Mac OS (a MacBook Air, no less), one with Windows Vista and one with Ubuntu Linux.
The contenders have four days to try their best to hack the laptops, take control of them, and violate the file containing the instructions to claim the price... obviously the hackers have no phisical access to the machine except some very basic instructions they can give to a dummy user such as "visit this site" or "open this mail".
The first one who manages to find a vulnerability and put it to good use wins the glory, the laptop, 10k $ and an NDA to sign.


Everything is done in the name of better security (the vulnerabilities discovered are patched before they can used by crackers in the real world), and it goes without saying that this is at the same time a contest for the hackers (who enters first) and for the operating systems (who stands longer), and here we get to the reason of my joy. This is the outcome of the 2008 edition:

OS X, pwnd on day 2 trough a bug in the Safari web browser
Windows Vista, pwnd on day 4 thanks to a vulnerability in Adobe Flash player
Ubuntu Linux standing still, nobody managed to hack it

This is not only a proof of how Linux is secure, it really overthrows some common opinions about operating systems security in general. I used to be the first one thinking Macs to be more secure than Windows pcs.
Even more, some utter moron still goes around saying that just because a software is free (as in speech AND as in beer) it cannot be safer than a closed one... WRONG! Actually in this contest the closest of all was the first to fail, Windows itself was violated due to a hole in a third party software rather than a Microsoft component, while the little underdeveloped african child (that wouls be Ubuntu) stood still.

Bottom line, you can have a very secure computer for free... or you can always have a quite secure one and pay for the privilege ;)

Linux for the human chimp?

Lately I have become a full time dweller (ok, "addict" is the correct word) of Ubuntu brainstorm, the praiseworthy feedback website that lets Ubuntu users share their hints and points of view about what the operating system should be. I have already spent words of praise for this initiative in the past, and I am everyday more enthusiast of such involvment, but reading some brainstorm posts I have known an aspect of the linux crowd that I did not believe could exist and that at times scares me a bit. I'd call it the idiot-obsession (IdOb, from now on).

For what I can observe and infer from their posts, the typical traits of an IdOb user are the following:

- He is a tech-savy user, enough to understand at least in general the underlying problems of certain complex aspects of the system (such as network administration).

- He is not an hardcore Linux nutter (another archetypal type of Linux mental). The IdOb does acknowledge that some people might want to use Linux without understanding it all, just as they did with Windows and Mac, and they might be driven towards Linux for other reasons than the pure hacker spirit (all hail the hacker spirit, but this is not the point right now). Especially, he acknowledges the issues of a user migrating from Windows or Mac in front of the little shortcomings (often reclassified as "freedom features") of the Linux world.

- Most important of all, he thinks that the less computer-savy people will not be able to do anything if the programmers don't present it in the dumbest way possible. He is so concerned about foolproofness that he will likely sacrifice everything else (power, versatility, ultimately freedom). This goes well beyoind the most common command line phobia (actually I am all for graphic interfaces myself), it represents a general approach to the user experience which affects all the subsequent reasonings before actual choices even come into play.

The IdOb approach is in my opinion very dangerous because, under the cover of sometimes plausible reasonings, it misleads the whole point of Ubuntu as a distribution for "human beings"... which sort of involves the ability to reason and learn. I am seriously concerned that a too much "for dummies" approach to a variety of issues would waste the growing potential i see in this Linux distribution.
As far as I see it, having more graphical tools, having them organized better and more friendly is always a good point, and perhaps a priority (I have just recently tried to set up a network bridge and I just plain failed, so there is room for dummy-oriented improvement), but basing the whole process on the assumption that the user is dumb seems a bit excessive. After all it was Linus himself who said that if you give people a system for dummies you will just grow a generation of dummies (which is what happened, btw).
In my opinion, rather than preventing the user from tweaking something just because it is "too confusing for him" (read "give it up without even trying"), a correct approach should tend to develop better graphical interfaces showing all the options the user might have, and organizing them in a way that he can understand what he is doing, achieve his goal, and ultimately learn how it all worked. It is difficult, but it is the only healthy way I see to face the problem.

Is it easyer to just decide a priori what the user is capable of doing? Why not setting everything up in a transparent way so the user is unaware of anything and can sleep quiet (let us just hope that everything "just works" otherwise he is screwed)? If he does not even know that something exists it will not be tempted of tweaking or customizing it, won't he? Hell yes, it leads to a far more polished and neat result...
Wrong! If the user wanted that, he would buy a Mac, and he would be happy to pay for the privilege. Even Windows users who decide to swich to Linux generally do so because they are sick of an environment that treats them as drones until everything works fine just to abandon them altogether when the slightest issue arise. Either I am too optimist about mankind or IdObs fail to see this elementary truth... we shall wait and see.

Slashdot It!

More electroshock games

In a previous post I presented you the delights of the video game pain simulator. Today via Ubergizmo I learn of a way more simple, yet perhaps even more spectacular implementation of pain technology to trivial issues.

Once, when we were kids, to decide who should go fetching the ball trown behind the hedge or who shall have the last candy we made some silly carol count, or to paly some other childish game... not today, today's kids are tough, they are bad guys laughing in front of danger... for such small choices they use electroshock!
The game is pretty simple, you unpocket it and unfold the scissors-like hinge, then every contender (up to four) takes an end and, upon a signal hits the button... the slowest one gets electrocuted (AND goes fetching that damn ball). Simple and sadistic as it is, it is also kid-affordable at mere 11,99 $. Rumors are of a crank powered version on the way for developing countries kids.

The iSpaceship

Game of the day: find a popular portable media player in the photo below (hi-res version here) :



I wander if the Space Shuttle has a proper dock port or the astronauts have to use one of those pesky cassette adaptors :P

How to conjure 1.000.000 Dollars out of thin air

Sounds cool, eh? It is not even that difficult... at least in theory, it just involves some really basic origami skill and another talent we sould all be blessed with.



This is a Psi wheel, the folks at badkungfu.net have some cool video detailing theory and practice of it. Basically all you have to do is fabricate the wheel and make it spin with the only force of your Chi power as in the videos.

A detailed how to can be found on instructables.com, explaining the Chi-power theory, some scientifical explanation and proposing an ultimate test to see if you really have superpowers or it is just luck... and here come the bucks, if you do have superpowers, you might want to try your luck at the James Randi contest, the one that promises 1.000.000 Dollars to the guy who can demonstrate some real paranormal power. Needless to say that the big bucks are still safely in the pockets of the James Randi Foundation but don't let this discourage you. After all you might be the one ;)

Go there and try your luck or simply amaze your friends with the trick, it might not be supernatural but it works for real after all.

The yellow super-battery... revolutions never smelled so fishy

Vie Engadget I read this interesting piece of news. For those of you who are too lazy to hit the link, let me summarize it for you:

A Chinese company is offering a windows-mobile-LIKE smatphone, nothing new. What is new is that they state a stand by battery life of one year (!) or 3-5 days of calling (!!), what is even more astounding is that the device does not seem to feature any cutting-edge power saving workarounds. In a very chinese and very straightforward approach, the problem is solved brute force with a 16.800 mAh battery (!!!), and for mere 145$ (!!!!). Ah, no, the pun about the chinese "yellow" battery is not a pun at all, it IS yellow.


Now this news might be true or might be an hoax: let's do some maths. My BL-5B Nokia battery has 820 mAh and powes a nothing-but-calls-and-sms phone for a week stand by, 10 days tops.

820 mAh : 10 days = 16.800 mAh : x days

x= (16.800 x 10)/820 = 204,88

Two conclusions appear evident:

a) either this smatphone is far more energy efficent than my dumbphone (a Nokia 6021), or their claims are worng (or I am an ass and I made the wrong calculations, of course)

b) 205 days of stand-by are still a heck of a lot! (or I am an ass and I made the wrong calculations)

Now the problem is another one. They can manufacture that monster battery and sell it together with a cheap smatphone for under 150$, while top notch devices which cost almost ten times more offer a mere fraction of that battery life (two weeks tops). Let us put aside all the quality issues and all the bells and whistles that top-brand devices have, I have no doubt that there would be a market for a device with so much juice. If I decide to spend a grand in a super-phone, would I not add up to 150 $ more (which is the cost of the entire chinese phone) in order to get all that battery life? Are all the other manufacturers just dumb?
Maybe... but I still would like to know how likely the yellow super battery is to catch fire, explode, damage the device or just plain fail to live up the expectations... because if it is safe consider me already tinkering and soldering to fit one on every device I have!

Battery life is one of the biggest showstoppers of modern consumer electronics, always producing more elaborate, functional, convergent and power thirsty toys. It is nice to see some improvement, even if they violate some phisics law or merely common sense.
Personally I am waiting for this other project, which seems more elegant and less toxic... albeit it is the nanoscale implementation of an even more brute-force approach.

Slashdot It!

Games that shock!

I remember reading an article on Wired speculating on the fact that with the violence level we see in the videogames, the only reason why teenagers are not a mass of bloody murderers is that those same videogames made them also too fat and lazy to lift a real gun. Fortunately Nintendo found the workaround assuring that the joung would-be killers is WiiFit for the task.

A last bastion stood still between our sane of mind world and the gamers uprising: anyone who has ever had a controller in his hands knows that hitting the enemy is only half of the task. Most balltes are won just because our little Master Chief can be shot in the nuts again and again before fainting, the teenager doesn't. He doesn't have composite plating (not to speak of energy shields) and he is not a battle hardened supersoldier à la John Rambo.

Composite plating and energy shields have yet to be properly implemented but, as far as pain adaptation goes, the modern industry has now found the workaround.

This spooky device is as simple as it can get: plug it in, plug yourself in, and when you get hit it discharges a joyfull electroshock for the pleasure of all the realism freaks out there. Good if you want to be the first taser-immune gamer in the world... personally, I was fine with the little suffering portraits of ye good olde Doom.

Via Engadget.

Slashdot It!

Gtalk secrets ;P

If you ask any tenage (especially girls, but there's a fair share of boys as well) about what is missing in gtalk and why do they prefer MSN Messenger (I guess it's called Windows Live now but the $brown_dejection remains the same), they will 90% of the times reply something like: "Awww, but MSN is soooo cuuuute!".
It is true indeed, if you can live whit it bricking your pc and preventing you to do anything else unless you run it on a cray II, if you can live with the incapacity to read what your friends are saying among the crowd of animations, pictures and utter nonsense, if you can live with viruses and malware disguising themselves as wannabe new hot parthners... if you can live with this and a ton of other downsides, MSN actually IS cute.

For all those who have enough commonsense to stay the hell away from MSN Messenger but still enjoy a moderate and wise use of the animoticons (because they DO are funny) rejoice!
Gtalk supports some basic animoticon and this is nothing new, what few people know instead is that there are many more combinations which are not as obvious as, say, ;) or :P, but are also much more funny... and even more so because your friends do not expect them.

Ok, enough small talk... enjoy the list:

Pig :(:)
Broken Hearth Kiss :-x, :*
Moustache :{
Love <3
Monkey :(|)
Get down!. \m/
In shock :-o
Smile :D, :-D, =D
Sad :(, =(, :-(
Angry x-(
Cool B-)
Tear :’(
Wink ;), ;-)
Face :-|
Happy :-), :)
Lopsided :-/, =/
Tongue :P, :-P, =P
Bell +/’\
Crab V.v.V
Devil }:-)
Wince >.<

Try them out, and let me know if you discover new ones!

Slashdot It!

ASCII Wars

I have just come across a full ascii version of Star Wars Episode IV... Man, there do are geniuses out there! And this is yet another proof that geniuses with little to do tend to become dangerous.

To enjoy just open a terminal (if you run Windows MS-DOS prompt should do the same but I am not so sure, so please swich to Linux to avoid problems) and copy/paste:

telnet towel.blinkenlights.nl

And don't forget the pop corn!


Slashdot It!