Microsoft has announced plans to peddle Windows 7 desktop space to advertisers, who’ll create Windows UI themes–customized backgrounds, audio clips, and other elements–that highlight their brand, Computerworld reports. In fact, some advertiser themes are already available in the Windows 7 Personalization Gallery, including desktop pitches for soft drinks (Coca-Cola, Pepsi), autos (Ducati, Ferrari, Infiniti), and big-budget Hollywood blockbusters (Avatar).

…

The advertiser themes are different, however, in that they won’t be foisted on unsuspecting users. Rather, you’ll have to download and install the ad pitch yourself. As a result, I doubt many Windows 7 users will gripe about ad themes. Hey, if you’re a Preparation H fan, why not devote the desktop to your favorite ointment?

But whatever else Mr. Madoff’s game was, it was certainly this: The first worldwide Ponzi scheme — a fraud that lasted longer, reached wider and cut deeper than any similar scheme in history, entirely eclipsing the puny regional ambitions of Charles Ponzi, the Boston swindler who gave his name to the scheme nearly a century ago.

…

Regulators say Mr. Madoff himself estimated that $50 billion in personal and institutional wealth from around the world was gone. … Before it evaporated, it helped finance Mr. Madoff’s coddled lifestyle, with a Manhattan apartment, a beachfront mansion in the Hamptons, a small villa overlooking Cap d’Antibes on the French Riviera, a Mayfair office in London and yachts in New York, Florida and the Mediterranean.

…

In 1960, as Wall Street was just shaking off its postwar lethargy and starting to buzz again, Bernie Madoff (pronounced MAY-doff) set up his small trading firm. His plan was to make a business out of trading lesser-known over-the-counter stocks on the fringes of the traditional stock market. He was just 22, a graduate of Hofstra University on Long Island.

By 1989, Mr. Madoff ‘s firm was handling more than 5 percent of the trading volume on the august New York Stock Exchange …

And in 1990, he became the nonexecutive chairman of the Nasdaq market, which at the time was operated as a committee of the National Association of Securities Dealers.

His rise on Wall Street was built on his belief in a visionary notion that seemed bizarre to many at the time: That stocks could be traded by people who never saw each other but were connected only by electronics.

In the mid-1970s, he had spent over $250,000 to upgrade the computer equipment at the Cincinnati Stock Exchange, where he began offering to buy and sell stocks that were listed on the Big Board. The exchange, in effect, was transformed into the first all-electronic computerized stock exchange.

…

He also invested in new electronic trading technology for his firm, making it cheaper for brokerage firms to fill their stock orders. He eventually gained a large amount of business from big firms like A. G. Edwards & Sons, Charles Schwab & Company, Quick & Reilly and Fidelity Brokerage Services.

…

By the end of the technology bubble in 2000, his firm was the largest market maker on the Nasdaq electronic market, and he was a member of the Securities Industry Association, now known as the Securities Industry and Financial Markets Association, Wall Street’s principal lobbying arm.

A: An extroverted computer scientist looks at your shoes when he talks to you.

Knock, knock.

Who’s there?

very long pause….

Java.

Saying that Java is nice because it works on every OS is like saying that anal sex is nice because it works on every gender.

A physicist, an engineer and a programmer were in a car driving over a steep alpine pass when the brakes failed. The car was getting faster and faster, they were struggling to get round the corners and once or twice only the feeble crash barrier saved them from crashing down the side of the mountain. They were sure they were all going to die, when suddenly they spotted an escape lane. They pulled into the escape lane, and came safely to a halt.

The physicist said “We need to model the friction in the brake pads and the resultant temperature rise, see if we can work out why they failed”.

The engineer said “I think I’ve got a few spanners in the back. I’ll take a look and see if I can work out what’s wrong”.

The programmer said “Why don’t we get going again and see if it’s reproducible?”

To understand what recursion is you must first understand recursion.

From Doc Searls’s “The Most Personal Device” (Linux Journal: 1 March 2009):

My friend Keith Hopper made an interesting observation recently. He said one of Apple’s roles in the world is finding categories where progress is logjammed, and opening things up by coming out with a single solution that takes care of everything, from the bottom to the top. Apple did it with graphical computing, with .mp3 players, with on-line music sales and now with smartphones. In each case, it opens up whole new territories that can then be settled and expanded by other products, services and companies. Yes, it’s closed and controlling and the rest of it. But what matters is the new markets that open up.

From Tim Greene’s “Black Hat set to expose new attacks” (Network World: 27 July 2009):

Black Hat USA 2009, considered a premier venue for publicizing new exploits with an eye toward neutralizing them, is expected to draw thousands to hear presentations from academics, vendors and private crackers.

For instance, one talk will demonstrate that if attackers can plug into an electrical socket near a computer or draw a bead on it with a laser they can steal whatever is being typed in. How to execute this attack will be demonstrated by Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path.

Attackers grab keyboard signals that are generated by hitting keys. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical system feeding the computer. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say.

Attackers extend the ground of a nearby power socket and attach to it two probes separated by a resistor. The voltage difference and the fluctuations in that difference – the keyboard signals – are captured from both ends of the resistor and converted to letters.

This method would not work if the computer were unplugged from the wall, such as a laptop running on its battery. A second attack can prove effective in this case, Bianco’s and Barisani’s paper says.

Attackers point a cheap laser at a shiny part of a laptop or even an object on the table with the laptop. A receiver is aligned to capture the reflected light beam and the modulations that are caused by the vibrations resulting from striking the keys.

Analyzing the sequences of individual keys that are struck and the spacing between words, the attacker can figure out what message has been typed. Knowing what language is being typed is a big help, they say.

23 October 2008 … The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to create a “wormable exploit”. Worms are pieces of software that spread unseen between machines, mainly – but not exclusively – via the internet (see “Cell spam”). Once they have installed themselves, they do the bidding of whoever created them.

If every Windows user had downloaded the security patch Microsoft supplied, all would have been well. Not all home users regularly do so, however, and large companies often take weeks to install a patch. That provides windows of opportunity for criminals.

…

The new worm soon ran into a listening device, a “network telescope”, housed by the San Diego Supercomputing Center at the University of California. The telescope is a collection of millions of dummy internet addresses, all of which route to a single computer. It is a useful monitor of the online underground: because there is no reason for legitimate users to reach out to these addresses, mostly only suspicious software is likely to get in touch.

The telescope’s logs show the worm spreading in a flash flood. For most of 20 November, about 3000 infected computers attempted to infiltrate the telescope’s vulnerable ports every hour – only slightly above the background noise generated by older malicious code still at large. At 6 pm, the number began to rise. By 9 am the following day, it was 115,000 an hour. Conficker was already out of control.

That same day, the worm also appeared in “honeypots” – collections of computers connected to the internet and deliberately unprotected to attract criminal software for analysis. It was soon clear that this was an extremely sophisticated worm. After installing itself, for example, it placed its own patch over the vulnerable port so that other malicious code could not use it to sneak in. As Brandon Enright, a network security analyst at the University of California, San Diego, puts it, smart burglars close the window they enter by.

Conficker also had an ingenious way of communicating with its creators. Every day, the worm came up with 250 meaningless strings of letters and attached a top-level domain name – a .com, .net, .org, .info or .biz – to the end of each to create a series of internet addresses, or URLs. Then the worm contacted these URLs. The worm’s creators knew what each day’s URLs would be, so they could register any one of them as a website at any time and leave new instructions for the worm there.

It was a smart trick. The worm hunters would only ever spot the illicit address when the infected computers were making contact and the update was being downloaded – too late to do anything. For the next day’s set of instructions, the creators would have a different list of 250 to work with. The security community had no way of keeping up.

No way, that is, until Phil Porras got involved. He and his computer security team at SRI International in Menlo Park, California, began to tease apart the Conficker code. It was slow going: the worm was hidden within two shells of encryption that defeated the tools that Porras usually applied. By about a week before Christmas, however, his team and others – including the Russian security firm Kaspersky Labs, based in Moscow – had exposed the worm’s inner workings, and had found a list of all the URLs it would contact.

…

[Rick Wesson of Support Intelligence] has years of experience with the organisations that handle domain registration, and within days of getting Porras’s list he had set up a system to remove the tainted URLs, using his own money to buy them up.

It seemed like a major win, but the hackers were quick to bounce back: on 29 December, they started again from scratch by releasing an upgraded version of the worm that exploited the same security loophole.

This new worm had an impressive array of new tricks. Some were simple. As well as propagating via the internet, the worm hopped on to USB drives plugged into an infected computer. When those drives were later connected to a different machine, it hopped off again. The worm also blocked access to some security websites: when an infected user tried to go online and download the Microsoft patch against it, they got a “site not found” message.

Other innovations revealed the sophistication of Conficker’s creators. If the encryption used for the previous strain was tough, that of the new version seemed virtually bullet-proof. It was based on code little known outside academia that had been released just three months earlier by researchers at the Massachusetts Institute of Technology.

…

Indeed, worse was to come. On 15 March, Conficker presented the security experts with a new problem. It reached out to a URL called rmpezrx.org. It was on the list that Porras had produced, but – those involved decline to say why – it had not been blocked. One site was all that the hackers needed. A new version was waiting there to be downloaded by all the already infected computers, complete with another new box of tricks.

Now the cat-and-mouse game became clear. Conficker’s authors had discerned Porras and Wesson’s strategy and so from 1 April, the code of the new worm soon revealed, it would be able to start scanning for updates on 500 URLs selected at random from a list of 50,000 that were encoded in it. The range of suffixes would increase to 116 and include many country codes, such as .kz for Kazakhstan and .ie for Ireland. Each country-level suffix belongs to a different national authority, each of which sets its own registration procedures. Blocking the previous set of domains had been exhausting. It would soon become nigh-on impossible – even if the new version of the worm could be fully decrypted.

Luckily, Porras quickly repeated his feat and extracted the crucial list of URLs. Immediately, Wesson and others contacted the Internet Corporation for Assigned Names and Numbers (ICANN), an umbrella body that coordinates country suffixes.

…

From the second version onwards, Conficker had come with a much more efficient option: peer-to-peer (P2P) communication. This technology, widely used to trade pirated copies of software and films, allows software to reach out and exchange signals with copies of itself.

Six days after the 1 April deadline, Conficker’s authors let loose a new version of the worm via P2P. With no central release point to target, security experts had no means of stopping it spreading through the worm’s network. The URL scam seems to have been little more than a wonderful way to waste the anti-hackers’ time and resources. “They said: you’ll have to look at 50,000 domains. But they never intended to use them,” says Joe Stewart of SecureWorks in Atlanta, Georgia. “They used peer-to-peer instead. They misdirected us.”

The latest worm release had a few tweaks, such as blocking the action of software designed to scan for its presence. But piggybacking on it was something more significant: the worm’s first moneymaking schemes. These were a spam program called Waledac and a fake antivirus package named Spyware Protect 2009.

…

The same goes for fake software: when the accounts of a Russian company behind an antivirus scam became public last year, it appeared that one criminal had earned more than $145,000 from it in just 10 days.

However, their loss is your gain. Here’s the outline for the book. Yes, it’s sadly outdated. Yes, it focuses quite a bit on SUSE, but that was what the publisher wanted. Yes, Linux has come a LONG way since I wrote this outline. But I still think it’s a damn good outline, and you may find it interesting for historical reasons. So, enjoy!

From Rob Cottingham’s “From blocking to botnet: Censorship isn’t the only problem with China’s new Internet blocking software” (Social Signal: 10 June 2009):

Any blocking software needs to update itself from time to time: at the very least to freshen its database of forbidden content, and more than likely to fix bugs, add features and improve performance. (Most anti-virus software does this.)

If all the software does is to refresh the list of banned sites, that limits the potential for abuse. But if the software is loading new executable code onto the computer, suddenly there’s the potential for something a lot bigger.

Say you’re a high-ranking official in the Chinese military. And let’s say you have some responsibility for the state’s capacity to wage so-called cyber warfare: digital assaults on an enemy’s technological infrastructure.

…

It strikes you: there’s a single backdoor into more that 40 million Chinese computers, capable of installing… well, nearly anything you want.

What if you used that backdoor, not just to update blocking software, but to create something else?

Say, the biggest botnet in history?

…

Still, a botnet 40 million strong (plus the installed base already in place in Chinese schools and other institutions) at the beck and call of the military is potentially a formidable weapon. Even if the Chinese government has no intention today of using Green Dam for anything other than blocking pornography, the temptation to repurpose it for military purposes may prove to be overwhelming.

If that’s so, then why is the Mac market share, even after Apple’s recent revival, sputtering at a measly 5 percent? Jobs has a theory about that, too. Once a company devises a great product, he says, it has a monopoly in that realm, and concentrates less on innovation than protecting its turf. “The Mac user interface was a 10-year monopoly,” says Jobs. “Who ended up running the company? Sales guys. At the critical juncture in the late ’80s, when they should have gone for market share, they went for profits. They made obscene profits for several years. And their products became mediocre. And then their monopoly ended with Windows 95. They behaved like a monopoly, and it came back to bite them, which always happens.”

… Susan Pinker’s The Sexual Paradox, which explains, using scientific findings, why large majorities of girls and women behave almost identically at different stages of their lives – while large minorities of boys and men show vast variability compared to each other and to male norms.

Some of these boys and men exhibit extreme-male-brain tendencies, including an ability to focus obsessively for long periods of time, often on inanimate objects or abstractions (hence male domination of engineering and high-end law). Paradoxically, other male brains in these exceptional cases may have an ability to experiment with many options for short periods each. Pejoratively diagnosed as attention-deficit disorder, Pinker provides evidence this latter ability is actually a strength for some entrepreneurs.

The male brain, extreme or not, is compatible with visual design. It allows you to learn every font in the Letraset catalogue and work from a grid. In fact, the male-brain capacity for years-long single-mindedness explains why the heads of large ad agencies and design houses are overwhelmingly male. (It isn’t a sexist conspiracy.)

In the computer industry, extreme male brains permit years of concentration on hardware and software design, while also iterating those designs seemingly ad infinitum. The extreme male brain is really the extreme Google brain. It’s somewhat of a misnomer, because such is actually the average brain inside the company, but I will use that as a neologism.

Google was founded by extreme-male-brain nerds and, by all outward appearances, seems to hire only that type of person, not all of them male.