Blackmoor Vituperative

In case I was wondering if my decision to get out of IT (eventually) was just an undigested bit of beef, a blot of mustard, a crumb of cheese, a fragment of an underdone potato… the fine folks at TechRepublic and ZDNet have put my mind at ease. The era of independent IT consulting is, indeed, over.

Even as little as five years ago, an IT consultant was an outside expert called in to solve problems, or to create value for a business who wanted to find an edge over the competition. As the holder of knowledge and skills few others possessed, we were respected, and clients listened.

This is no longer true. IT has become a commodity: widely available, aggressively priced, and valued as much as a business values its janitorial staff or the company that handles its payroll. IT is simply another necessary cost which provides no significant business benefit other than to keep the status quo in place.

A good friend of mine, who provides technology policy advice to the state of Virginia, put it this way: when there is a job that your business needs done in a way that no one else is doing, you want to hire the best you can find and make sure you keep them. When that job is something every business needs to have done, in pretty much the same way, it makes sense to outsource it at the lowest cost possible. IT is just overhead, like janitorial service, or building maintenance, and it is put in the same category in the business’ ledger.

There is nothing here to “ride out”. IT has become a commodity, as valuable and respected and as easily replaced as light bulbs and batteries. We had a good run while it lasted, but technology and society have moved on. One might as well try to open a boutique that sells paper towels.

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.

The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

Cracking the drives is therefore quite an easy process. The folks at SySS wrote an application that always sent the appropriate string to the drive, irrespective of the password entered, and therefore gained immediate access to all the data on the drive.

(from Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives, ZDNet)

Chad Perrin has a short article on TechRepublic giving a back-of-the-napkin overview on encryption as it is viewed by the courts. It is worth checking out and clicking the relevant links.

I have set up a free, public OpenID provider at http://www.blackgate.net/openid/, using software from Community-ID.

Fedora 12 has been released into the wild, and the general response is positive.

Every time a new version of Fedora (or any major Linux distribution) is released, there is always a great deal of confusion over the various releases: x86, i386, 686, and so on. Here is a quick guide that covers the vast majority of cases:

i386

• A generic “lowest common denominator” designation for Intel 80386 compatible CPUs (includes all of the above, but does not take advantage of extended instructions on those later CPUs).

Don’t use this unless you have to.

i686

• All Intel 32-bit Pentiums (excluding Pentium 1 and Pentium MMX)
• All AMD 32-bit Athlons

If your computer is several years old, you will probably have nothing to lose by using this version. However…

x86_64

• AMD’s Athlon 64, Athlon 64-FX, and Opteron
• Intel EMT64 processors – Pentium 4, Pentium D, Pentium Extreme Edition, Celeron D, Xeon and Pentium Dual-Core processors, the Atom 230 and 330 and in all versions of the Core 2, Intel Core i9, Core i7, Core i5 and Core i3

If your computer is less than a few years old, try this version first. If it won’t work on your machine, you will know almost immediately. If it does work on your machine, you may find that the performance is improved slightly (when compared to a 32 bit kernel), because the compiler was able to take advantage of slight improvements made in the instruction set for your processor.

So, start with x86-64. If that does not work, try i686. If that doesn’t work, try i386.

Good luck!

I was just creating an account on a new web site. It has freaking ridiculous password rules.

Your password must have 2 upper case letters, 2 lower case letters, 2 numbers, 2 special characters, and be a minimum of 9 characters and a maximum of 12 characters in length.

Why don’t they just generate a random string that they’ll accept and save me the bother? It’s not like I will be able to remember this monstrosity.

When I was at… Philip Morris, I think it was… there were two systems that had complex password requirements, and they were mutually exclusive. Like, one required two numbers, and the other forbade more than one number. Something like that. So ridiculous. The whole “password” thing needs to die.

I wish more places would clue into OpenID. After exams, I think I will set up an OpenID server on mortshire.org.

I recently encountered a mapping program intended for role-playing games, called Hexographer. It is an easy to use application that makes colorful game maps. There is a “free” version (not free as in speech — free as in beer), and a pay version. The free version is pretty nifty. However, if you use Hexographer, I do not recommend that you rely on the “free” version.

The online (free) version is a Java app. Under ordinary circumstances, you can simply download a Java app like this, and run it on your own computer. Why would you want to do this? Because web sites go down. They go away. (Remember Ar-Kelaan Hexmapper? Their Hexmapper software is available elsewhere, but the Ar-Kelaan site itself is no more.) It is a fact of life. If you want to be able to open your maps a few months from now, it is important that you be able to run the app locally. Unfortunately, the author of Hexographer has written the “free” app so that it can only be run on his server.

Do not rely on the “free” version. The paid license version does not have this problem, and that’s what I would recommend. (I bought it myself.)

However, if Hexographer does not suit your needs, here are some viable alternatives, which may or may not fit your own particular situation:

• Arr-Kelaan Hexmapper (download, additional tiles)
• DampfKarte
• HexMapper
• HexReMapper
• Inkscape with the boardgame extensions
• Maptool
• Tiled

P.S. The Welsh Piper has a nifty article on using hex maps to facilitate world building. Check it out.

ZDNet has an article title, “Blackberry the choice of organized crime“.

Gangs know what encryption is. They are using it in force at the street level, let alone at the very top. Rim’s BlackBerries are the ultimate in security for them. Everything is secured and impossible to monitor by police.

The gist of the article appears to be that encryption is bad, because there are bad people who use it.

“Only in a police state is the job of a policeman easy.”

Yes, criminals can and do benefit from the same civil rights as law-abiding people. This is not and shall never be a valid reason to deprive anyone of those rights, despite the absurd “security” at airports, the warrantless wiretaps by our Federal government, and the nigh-universal pre-employment “drug testing” humiliation of job applicants, all of which have become accepted by the somnambulistic American citizenry.

The pendulum has swung much too far in the direction of invasions of privacy by government and by employers (or even just potential employers). It is time for that pendulum to swing back.

Write to your government representatives, and demand that they respect the privacy of the people they ostensibly represent.

Refuse to consent to pre-employment drug testing (and post-employment drug testing, unless they have a damned good reason for asking — curiosity and “company policy” are not good reasons).

Be an American, not a sheep.

All the things your phone doesn’t do, Droid Does. This is so cool.

By the way, the “Droid’ trademark which LucasFilm claims to own is completely bogus — “‘droid” is just an abbreviated form of “android”, which is the common English term for a humanoid robot. You cannot protect generic terms, which are terms that are the actual name of the associated goods or services. However, LucasFilm can (and has, and will) bully people into pretending this trademark is valid because they can sue you into bankruptcy. Another example of what is wrong with the laws in the USA.

If you are considering migrating from another office productivity suite to OpenOffice (and if you are not considering that, you should), check out this Sun Microsystems on-demand webinar: tips and strategies for moving to OpenOffice.org.