CyberSecurity News of Note

Here’s the last of the news chum collections for this morning. This one has to do with safety and security.

  • Tiny Dots and Phish. Hopefully, you’ve been getting trained on how to recognize phishing threats, and how to distrust links in email or on websites. But it’s getting even trickier, as this article notes. Miscreants are using characters in other character sets that ļȯоķ like other characters. Hint: Always look at how addresses look when you hover over them, and even then be suspicious.
  • Complex Passwords Don’t Solve All Problems. So you’ve gotten smart: you are using complex passwords everywhere. But every solution contains a problem: reusing complex passwords can give your identity away. Research showed, the rarer your password is, the more it “uniquely identifies the person who uses it. If a person uses the same unique password with multiple accounts, then that password can be used as a digital fingerprint to link those accounts.” Although this is not something previously unknown, there seems to be a lack of awareness about the practice. Remember: complex passwords, never reused, and use a password manager.
  • Two Factor Authentication. Using 2FA can also help. Here’s a handy guide on how to set it up on most major websites. Here’s a list of all major websites, and whether they support 2FA.
  • Protecting Your Social Security. This article from Brian Krebs explores abuse of the social security system, and contains some advice I hadn’t known: go create your account at now to protect yourself.  That’s something I need to do; I tried to do it this morning but it wouldn’t accept the proof for the upgraded account, and I have to (a) find a previous year’s W2 and (b) wait 24 hours to try again.
  • Predicting Problems. A few articles on predictive algorithms. One explores whether predictive algorithms should be part of public policy.  Essentially, should they have a hand in shaping jail sentences and predicting public policies? Government agencies are now using algorithms and data mining to predict outcomes and behaviors in individuals, and to aid decision-making. In a cyber-vein, there are calls to add prediction to the NIST cyber-security framework. The argument: With AI and machine learning, companies should now be considering how to predict threats before they even appear. Speaking of the NIST Framework, Ron Ross tweets that it is being incorporated into FIPS 200 and the RMF.
  • Building It In. The NIST effort — especially with SP 800-160 — is to emphasize the importance of engineering in and designing in security from the very beginning, not bolting it on at the end. Good news: The government is finally coming around to that realization as well. The link is a summary of the recent updates to the NIST pub. It’s an area I’ve been exploring as well, and I’ve been working on some modifications to the process to make it even more accepted. The first report on the effort is under review right now; I hope to publish something soon.



Internet / Security

The never ending task of paring down my saved chum list brings you this collection of articles related to the Internet and Internet security. Pay attention folks — there’s some good stuff here. Also, remember the key adage: If you get a service for free, you are the product, not the customer.

  • Be Alert for Phishing. I’ve always opined that the key risk from the Equifax and other breaches is not identity theft, but phishing. Help Net agrees: they view phishing as a bigger threat than keyloggers or third party breaches. They researched the subject, and noted that “victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims. Keyloggers fall in between these extremes, with an odds ratio of roughly 40x”. The reason for this is that phishing kits also actively steal additional authentication factors (secret questions, phone number, device-related information, geolocation data) that can be used to impersonate the victim and bypass protections put in place by email (and other online service) providers.
  • So What is Phishing/Spearphishing? Here is a wonderful infographic/cartoon on how to protect yourself from Spearphishing. Along the way, it explains what spearphishing is, how it influenced an election (and potentially gave us President Trump) . It also contains some good tips about how to protect yourself from phishing. Note that, depending on where you work, this may be NSFW.
  • Lava Lamps and Security. Entropy. That’s “N”-“Tro”-“Pee”. Say it with me. Entropy is the property of how random your random numbers are. These numbers are usually generated by computers, and depend upon a random seed to start the process. A big issue is: how do you get the seed? Cloudflare does it in a very interesting and analog way: Lava Lamps. A lava lamp is a great way to generate randomness. Cloudflare videotapes its wall of colorful constantly morphing lava lamps and translates that video information into unique cryptographic keys.
  • Facebook Privacy. Remember my adage about getting a service for free? One such service is Facebook, and they don’t care about your privacy (and neither does that minx, Wendy). But you care about you, and that’s why you’re going to read this article about how to lock down your privacy settings on Facebook. Yes, you can make it so that when you go out searching for such-and-such for a friend (you know, that NSFW such-and-such), you aren’t suddenly deluged with ads on FB for that product.
  • Objectivity of Blog Sites. You’re probably familiar with them: all those blog sites that review this product and that product. Mattress blogs. Makeup blogs. Theatre blogs*. But there’s often a story behind the story about how manufacturers subtly influence them. Remember: if you get a product for free, what are you? Here’s a story I’ve been saving for a while about the Mattress Wars, where a bunch of new mattress stores started a war with mattress bloggers. *This, by the way, is one reason I do not accept free theatre tickets. I choose what I want to see and write about. I follow the ethical model of Consumers Reports. I will pay for tickets what I would have paid through the various discount ticket services I know about.



The Worst Programming Language

Yesterday, while reading my RSS feeds, a post came across titled, “Perl is the most hated programming language“.  The article was referencing a Stack Overflow report that was characterized as saying: “Perl, the Old Spice of programming languages, is the most disliked by a significant margin, reports Stack Overflow. Delphi, used by children to write viruses for adults, and Visual Basic, used by adults to write games for children, are running neck-and-neck for second place. Trailing far behind are PHP, for people who still don’t care about security, and Objective-C, for people who still don’t realize they work for Apple. Coffeescript, a language designed to make Javascript more annoying, takes sixth spot; Ruby, very briefly popular among people who wanted to write web apps without actually doing any work, lurks in seventh.”

Now them’s fighting words.

I also took a look at a discussion on the subject over on Slashdot, where the comments were equally derogatory towards Perl, as well as a number of other languages. It is a amazing the hatred cluelessness out there. This is a discussion that has been going on forever about what is the most hated, the worst, the ugliest, the … programming language. I know. I’m a Compusaur — I’ve been programming since the mid-1970s, cutting my teeth on languages like BASIC, FORTRAN IV, and APL, and I’ve used even older language. I’m also — and I can say this with absolute confidence — the person who has been programming in Perl the longest with the exception of Larry, it’s author. I’m Perl’s Paternal Godparent; Larry, Mark, Jon, and I were carpooling to SDC when he wrote the first version of Perl, and I’m the person who was doing combo Perl-QMenu scripts to support the BLACKER program. I’m the one who knows that Perl would not exist without the TCSEC (Orange Book), so don’t say the NSA hasn’t given you anything.  I wrote the first version of the history section in the Camel book, fuggahdsake.

But back to the question at hand: Whenever anyone tells you that something is the worst or the most hated, you must learn context. You think Perl is bad for readability? Try reading APL or LISP, and remember that COBOL was designed to be readable.  Different languages and different editors are good for different things. Almost everything has strengths and weaknesses.

Perl is best at what it was originally designed to do: Text manipulation and report generation. It is great for easy text parsing scripts thanks to regular expressions and associative arrays, and implementing state machine parsing tools isn’t complicated. I have a large tool that at its heart is perl; it is perl that helps me generate the California Highway pages. But is perl the best language for system administration (which is what the Stack Overflow folks do)? No.

I’ve worked with loads and loads of languages, from Algol to Zed (well, I’ve looked at a little Zed — it is a formal methods language like Ina-Jo or Gypsy). I’ve written large programs in Algol 68C and PL/I (actually, both PL/C and PL/I (X)). I’ve worked in BASIC (especially RSTS/E Basic, which was a model for some Perl syntax), Fortran IV and 77 and WATFIV, COBOL, C, Ada, and APL. I’ve even done some LISP and SNOBOL, as well as MINITAB. To me, the language I had the most is Excel Spreadsheet Macro Languages, for I’ve seen difficult to find errors in that language to devastate organizations.

But most of the “kids” responding to that poll grew up in a different era. They learn Java and C++ and drink the Object Oriented Kool-Aide. They deal with PHP and Python and hosts of other new scripting languages, and complain about the old — without realizing that the newer languages are building upon the foundations of the previous ones, correcting the mistakes for a new generation.

In reality, the programming language you hate the most is the one that you’re unfamiliar with, that someone wrote bad code in, with no comments, that you have to maintain. Just as you can write easy to maintain code in any language (including APL — but in APL you can write it in one line), you can write garbage in any language.

All it takes is talent.


Chained Chum Looking for a Theme

Observation StewAs I read the various posts that become essay prompts, I collect articles of interest that become themed news chum posts (which typically require three or more common-theme articles). Sometimes, however, the themes never materialize or prove insufficient for a post on their own. When that happens, we have chum looking for a theme… like this. However, in writing these up, it turned into a “chain”, post: where there might not be a connection between the articles, but there is a chain of connection between any two bullets.

  • You’re The Top. Food waste in this country is incredible. From perfectly good food we throw away because it is “expired”, to edible food we don’t realize is edible. In the latter category go the tops of many of the vegetables we eat. But they don’t have to go into the trash: here’s how to use them. Here’s a great quote: “We throw an enormous percentage of food away, not only wasting food we know about but also food we don’t think of as being part of the farm-to-table sequence. Sometimes, when I’m at my neighborhood farmers market pulling beet greens and carrot tops out of the discard bins behind the produce stalls, someone will ask me what I’m doing with them. Or, more often, they’ll ask the nearby farmer whether the tops of the various vegetables they’re buying are edible. Fresh greens are gorgeous, fragrant, healthful and enormously flavorful; they’re also endlessly useful in cooking. Not only do we use herbs and greens in soups, salads, sauces and stocks, but also in bouquets garnis, as garnishes, even in cocktails. Why we value some more than others is pretty arbitrary.”
  • Is all Salt the Same? Speaking about food ingredients, normally, when we think of an ingredient, we think it is interchangeable. After all, does it make a difference what brand of pasta we use, from what company the herbs are sourced? Well, it turns out that when you’re talking about salt, it does. I’m not talking sea vs iodized: I’m talking Kosher Salt. Not all Kosher Salt is the same. Representative quote: “a cup of Morton is nearly twice as salty as Diamond Crystal. Its thin crystals, made by pressing salt granules in high-pressurized rollers, are much denser than those of Diamond Crystal, which uses a patented pan-evaporation process, called the Alberger method, that results in pyramidal crystals. While different brands of fine sea salts and table salts generally have around the same weight by volume, kosher salts do not. “And it’s not only the weight,” says Lalli Music. “Morton is a coarser salt. It takes a little longer to dissolve.” So even at the same weight, it actually performs differently. It’s easier to add too much of the slow-dissolving Morton salt because it may not have fully liquefied when you’ve tasted something.” The difference is so telling, recipes have to specify the brand.
  • Clip It. Little things like salt are critical. We often don’t think about these little things. For example, clips. Now I’m not talking MS Clippy (although I did read a fascinating history of Clippy). No, I’m talking bread clips, those little pieces of plastic that close our loaves of bread. It turns out there is a whole family of different clips and types, and some have gone as far as to develop taxonomies of the clips. Favorite quote: ““Much like insect wings,” the site authors elaborate, “occulpanids are grouped according to the dentition (or lack thereof) in their oral groove, which often dictates both their ecological niche and biogeographic location.” Each bagged specimen is also tagged on the site with an “ecological classification” based on the biomes in which it has been found (e.g. grocery aisle, hardware store, asphalt road, landfill, oceanic gyre or gastrointestinal tract).”
  • Knit One. Clips bring things together, as does knitting. My wife is a knitter, so articles on knitting catch my eye. The first in this group explored the history of knitting, from the earliest  days to the present day. Representative quote: “Despite high hopes, my research revealed neither mortals nor gods. Instead, knitting’s history is made up of an assortment of clues, competing theories from scholars and half-rotted fragments on the verge of disintegration. Not exactly the fun romp through fairy tales I was hoping for. Unlike spinning or weaving, knitting doesn’t figure in any ancient myths. In fact, there isn’t even an ancient Greek or Latin word for knitting! The word “to knit” didn’t make an appearance in the Oxford Unabridged English Dictionary until the fifteenth century and wasn’t part of any European language until the Renaissance. All this confirms that knitting is a relatively new invention.”
  • Purl Two. The other knitting articles are connected in a different way: the describe two groups of knitters on each coast. On the East Coast, Alan Cumming (of Caberet) fame has opened a new club that has a stitch-and-bitch night. In a club promising “Downtown Debauchery”, “It’s like a jamboree, with our ‘Knitmaster’ Tom teaching people different types of stitches, and having a weekly challenge, such as hat, scarf, shawl, and then working to have a few gifts for the holiday season,” Nardicio revealed.  On the West Coast, a tight knit (heh) community has formed around a UCLA Campus Club that teaches knitting. Now, this isn’t a touchy-feely “north campus” club, but a club that meets in the Engineering building.  Started by a third-year molecular, cell and developmental biology student, the i-KNIT-iative knitting club meets in Boelter 5514, providing a space for members to learn how to knit, crochet and do other forms of needlecraft, while socializing and de-stressing in the process. The club is also working to produce scarves and beanies for donation to homeless shelters around Los Angeles at the end of fall quarter. While members bring their own projects, the club supplies materials such as bags stuffed with yarn and knitting needles for members who plan on donating their finished product.
  • Men Using Their Organs The Right Way. Knitting is an activity you do when you’re bored. Where is the best place to be bored? A baseball field. But all is not boring there. Here are two interesting stories about baseball organists. The first is about the organist for the Boston Red Sox, Representative quote: “They’ve devised various challenges to accomplish this. “Sometimes, he plays a song, and I’ll play a song it reminds me of,” Kantor says. “We also do theme nights.” Earlier this year, when members of the ‘67 pennant-winning team were in attendance, they only played songs from 1967. On July 20, the anniversary of the first moon landing, they always stick to songs about space. “Fans will get into it, too,” Connelly says, if they notice. When the April 21 game became an impromptu Prince tribute, it made national news.” On the other end of the country, there is the organist for the LA Dodgers, who tries to do something similar. Representative quote: “Ruehle took over in 2016 following the retirement of longtime Dodger organist Nancy Bea Hefley, who had held the post for a remarkable run of 28 years. But he has quickly earned the respect of music aficionados among the Chavez Ravine crowds for his savvy use of pop, rock, R&B, hip-hop, classical and other genre song snippets woven in with the boilerplate baseball-organ repertoire.” Both articles highlight one of those things that are often in the background, yet are so importance for providing a special ambiance.
  • So Is That XL, or XXL? An old joke, oft told between guys about their organs, is that comdoms only come in L, XL and XXL, because no one would ever buy a small. But with condoms, size is importance and not all men are the same: and you don’t want it slipping off because it is too large. This has led to a new business: Bespoke Condoms. A Boston-based company has begun selling custom-fit condoms in 60 sizes, in combinations of 10 lengths and nine circumferences. As the custom-fit condom company, Global Protection Corp., pressed the F.D.A. and industry standards associations for changes, a key priority was smaller sizes, said the company’s president, Davin Wedel. Until recently, standard condoms had to be at least 6.69 inches long, but studies find the average erect penis is roughly an inch shorter.
  • Getting the Rage Out. Now we move from one form of baseball bat to another: real baseball bats. In Los Angeles, a downtown “Rage Room” has opened. Here, co-founders Peter Wolf and Edwin Toribio allow guests take out their angst on a variety of delightfully fragile inanimate objects with their weapon of choice. As Emperor Palpatine would say, “Let the hate flow through you.” Rage Ground offers five separate rooms of various sizes for smashing, though they’re all linked in such a way that a large group could turn them into one massive anger-fueled free-for-all for around 25 guests at a time. Various packages include a variety of objects to obliterate, including glassware and household appliances. For instance, a $13.99 starter package gets a single person five minutes with three small items and two medium items. The “Get Smashed” package ($29.99), which is particularly popular, scores one person 10 minutes with eight beer mugs, five shot glasses, and three martini glasses. For an extra fee, Rage Ground also offers specialty items for destroying (they’re currently all out of Trump pinatas), or guests can make a special request for a particular item in advance.
  • Native LA. Speaking of Los Angeles, last week brought Indigenous Peoples Day in Los Angeles. Yes, the banks were closed. But it did bring out an interesting article on the natives of Los Angeles: The Tongva-Gabrieliño tribe. California was home to thousands of people before Spanish settlers arrived—around 350,000 across the whole state—and the Los Angeles Basin in particular was home to the Gabrieliño-Tongva people. The movements of the Tongva peoples set the stage for what would eventually become Los Angeles. Their footpath through the Sepulveda Basin was the original 405 freeway. The L.A. State Historic Park was formerly a fertile basin within a mile of Yaanga, the Tongva people’s largest known village in the area. The Hahamog’na, a band of the Tongva peoples, settled along the Arroyo Seco river, which now comprises Northeast Los Angeles.
  • Jacked Around. The Tongva got jacked around, but if they were buying a new iPhone or Pixel, that couldn’t happen. No jacks. The 3.5mm jack is increasingly disappearing — for no good reason other than profit. Don’t believe the BS about more space in the phone. 3.5 mm jacks provide a universal way for things to connect. Bluetooth is touted as universal, but typically tends to be a walled garden forcing you to a particular manufacturers product for the best sound.  Always remember this: Even if you are the customer, shareholders come first. Changes made aren’t always for the benefit of the customer, but for the profit of the company.
  • Software Replacements. A great example of this is software, where a few articles on replacements caught my eye. Google is replacing the easy to use Google Drive with Backup and Sync. What’s changing are the apps. The major difference between Backup and Sync and Drive File Stream is the latter’s ability to stream files from the cloud—the popular “placeholder” capability that can display copies of all of your cloud-based files, without actually storing them on your PC. Backup and Sync syncs files more traditionally, placing local copies on your desktop, and then backing them up in the cloud. If you want to back up your photos and videos, you’ll use Backup and Sync. Ditto with a generic USB drive that you want to add to the cloud. On the Microsoft side, Skype for Business (the meeting app we love to hate) is going away. It is being replaced by Microsoft Teams, ostensibly to put pressure on Slack. Microsoft is also promising better meetings with Teams in the future, thanks to AI. Microsoft is building in machine learning, cognitive services, and speech recognition to improve a meetings experience and make it easier to set them up and receive follow ups after the meeting has concluded. But some replacements are never as good as the original. For example, RSS and similar syndication is still the best way to keep on top of things.  [and although not mentioned in the article, Newsblur is still my RSS reader of choice.]
  • Running Away. All these changes make you want to run away. If you do, you probably want a passport, given the mess with RealID. The winter is the best time to get one, according to the LA Times. They report that the State Department is claiming that Americans should apply for or renew their passports before January because processing times are shortest between September and December. Demand for passports typically heats up in the new year and continues into summer. If you want to get your passport back quickly, now is the time to apply or renew. Why get a passport? Something called the Real ID Act will go into effect in 2018. The law, passed in 2005, requires state driver’s licenses to meet certain security standards to be considered a valid federal ID you can use at airport security checkpoints. California is one of the states whose driver’s license does meet the requirements. If you have a license issued by a state that’s not compliant, a valid passport is your best bet for airport identification. Not to mention that you need a passport now to go to Mexico or Canada. [Hmm, mine is from 1976. I think I should renew.]
  • End With The Best. If the fall is the best time for passports, here are some more bests: (1) Best VPN services; (2) Best Art Supply Stores in LA.



Technology Tidbits

Here are some technology news chum items that have caught my eye of late:


Cyber Newses You Can Uses

This has been a busy busy week, and I haven’t had a chance to work on clearing out the news chum until now. This first collection is all computer related:

  • Going Phishing. Hopefully, you’re all cyber-aware. You know not to trust links in email you receive. You’ve been trained to look at where a URL goes before you click on it. You know not to click on links in email; you’ll copy the link and paste it into your browser bar. You know not to trust sites that aren’t the well-known version. But https://аррӏе.com is safe, right? Right? RIGHT? Actually, no. It may look like it reads “apple”, but that’s actually a bunch of Cyrillic characters: A (а), Er (р), Er (р), Palochka (ӏ), Ie (е). The security certificate is real enough, but all it confirms is that you have a secure connection to аррӏе.com – which tells you nothing about whether you’re connected to a legitimate site or not. This is what is called a homograph attack. It is something that can fool the best people, even if you hover over and check the link before browsing — unless you’re using IE or Edge or Safari. Ars Technica has even more information, but the short and skinny is: If you use Chrome, make sure you’re at Chrome 58 or later; if you use Firefox, enter “about:config” in the address bar, agree to the displayed warning, and then enter “punycode” in the search box to bring up a line that reads network.IDN_show_punycode. Next, double-click the word “false” to change it to “true.” From then on, Firefox will display the “dumb ascii” characters and not the deceptive, encoded ones.  I’ve done that, and now I see when I hover over the link.
  • Secure Coding. I grew up programming in Fortran, PL/I, Algol 68, RSTS/E Basic, and C. Except for perhaps Fortran and C, the rest are mostly dead. Today, kids program in C++ and Java — but they aren’t necessarily writing better programs. But following good standards can help. Here’s a link to a discussion on how to do secure coding in C++.
  • iPod without iTunes. If you are like me (and fewer are), you use your iPod for all your music (and you plan on adding more this Record Store Day). But do you backup your iPod? I do — via iTunes to my M: drive, and I back that up on my X: and W: drives and on a backup iPod. But most don’t — and most abhor iTunes. Here’s how to backup your iPod without using iTunes. I’ll not that I’ve used copytrans in the past (especially before I just kept everything in iTunes), and I’d recommend it.
  • Never Too Late. As I’m typing this, iTunes is playing “Never Too Late” (to tell the Truth) from Scottsboro Boys. If you’re like me, and like to tell the truth, you’ll be happy to know that Snopes is now embeddable.  Here’s an example of an embedded article:
  • Decluttering Apps. If you’re like us, you need to declutter. The NY Times recently had a review of a number of apps that will help you do just that.
  • Pushy Microsoft. Microsoft is continuing to push people to subscribe to Office 365. The latest is restricting the ability to use Skype for Business and One-Drive if you are using a Microsoft Office Standalone Office product. You’ll see more and more products insisting on the subscription model: Adobe, Quicken, Microsoft, ….



CyberSecurity News Chum

Continuing to clear the news chum, here are a bunch of articles all related to cybersecurity:

  • NIST Cybersecurity Framework is Changing. NIST is getting ready to release an update to their Cybersecurity Framework (and other updates are planned: eventually, the IPD of 800-53rev5 will be out for review, and then an update to 800-37). A key change in the new framework is measurement: The first, which should really be the starting point for any comprehensive cyber risk management program, is an entirely new section about measuring the performance and maturity of organizations’ cyber risk programs. It also discusses the need and complexity of correlating those metrics to business objectives and outcomes. That means measuring both how organizations are reducing risk to the business and identifying the benefits to the business resulting from good cybersecurity, such as how many new customers the organization has gained and/or how much more revenue was brought in. Another significant change in the framework is the addition of recommendations surrounding supply-chain risk management. Finally, the access-control category has changed within the framework. It was renamed to identity management and access control. The change adds more focus on making sure identities and credentials are managed from the time they are created to the time they are deactivated.
  • Minimal Cybersecurity Requirements. Although some of us have known about this for a while, the world is growing increasingly aware of NIST SP 800-171. The new mandates take effect Dec. 31 this year and apply to contractors for the Department of Defense, National Aeronautics and Space Administration (NASA) and the General Services Administration. While some manufacturers are accustomed to working with federal agencies on classified projects, these regulations are meant to safeguard sensitive information in unclassified material, particularly as the threat of cybersecurity breaches grows.  Basically, they apply to any federal contractor that handles what is called Controlled Unclassified Information.
  • Encryption and Protection. Protection is good. Just ask porn site Pornhub, home to things like thumbzilla and youporn. They’ve gone to always on encryption, meaning that although your ISP knows you’re going to pornhub, they don’t know what you’re looking at. Others are turning to VPNs, and here’s a good summary of how to use one.  Lastly, for those worried about your ISP seeing where you go, one thing you should do is not use the ISP’s DNS. I use openDNS: and
  • Verizon and Spyware. Note that if you use Verizon Wireless, they may be pre-installing spyware on your phone.
  • JavaScript Popups. Google is making some changes to eliminate those popup dialogs that don’t let you leave. Such popups are occasionally useful as alerts, but their fix sounds reasonable.
  • Congrats to North Hollywood High. They won a national cybersecurity competition. Disclosure: My employer helped sponsor the team, although I was not involved.
  • Printer Cartridges. Lastly, an interesting court case that could dictate how much you pay for ink. This week, oral arguments were heard in the case of Impression Products, Inc. v. Lexmark International, Inc., and according to the well-regarded SCOTUSblog, it seems that the justices are having a tough time figuring out how to view this difficult legal tangle themselves. At its most basic, the case is a dispute over Lexmark’s patent rights regarding refilling printer cartridges. Impression Products is a small business with about 25 employees. It specializes in buying used printer cartridges and re-manufacturing them. In 2012, Lexmark decided to add Impression to an already existing lawsuit against other re-manufacturers. While the other defendants eventually settled, Impressin has stuck it out and the case has made it to the highest court in the land. The question is: Does the manufacturer give up rights to something when you physically purchase it? Can Lexmark dictate what you can do with your printer cartridge? Can HP dictate you can’t open your computer and modify it? Big key questions.



The Good Old Days

XKCD EditorsA recent XKCD on editors reminded me that I’ve been accumulating a number of articles on computer history I should clear out, because I’m a computing dinosaur.

  • With respect to the xkcd, there’s nothing new under the sun. I remember the days at UCLA when there was a pitched battle between the supporters of the Rand window editor (“e”, formally “ned”), and the vi editor (for those clueless, vim is a later reimplementation of vi, and of course, vi was the visual version of ex, which competed with the ed editor on Unix). Then there were the TECO stalwarts that came from the DEC world (I used TECO on RSTS/E), the editors such as TSO and URSA on the IBM 360/91 (later 370/3033), and the battles between emacs and vi stalwarts.
  • At the same time we were dealing with URSA and TSO, we were printing on a IBM 1403 Lineprinter. This wasn’t a dot matrix or a laser printer, kids: this used a chain of type and printed super fast. You could even play music, if you did your boldface right. IEEE Spectrum has a fascinating article on how the 1403 was able to print so fast, including the fact that it didn’t press the type against the paper — it pressed the paper (from behind) against the type.
  • Back in those days, we didn’t program in C++ or Java or even Ada. It was FORTRAN and COBOL and Algol and… Guess what? Folks are still using those languages. I had a CSSF submittal this year that was programmed in FORTRAN, and you can make a slew of money in banking if you can program in COBOL. All the old-time COBOL programmers are retiring (sometimes feet-first); and these newfangled kids don’t want to learn it. [As a PS: Dan Berry at one time had a cartoon that showed a 1950s housewife labeled COBOL, a 1950s engineer labeled FORTRAN, and a baby labeled PL/I…. and the milkman walking down the driveway labeled ALGOL. The caption: “Funny dear, he doesn’t look like me.” Does anyone have a scan of that cartoon?]
  • Jumping up to the 1980s: The news these days are filled with items on the death of support of Windows Vista and the first version of Windows 10. But there’s another milestone: Windows 3.1. Twenty years have passed, and we’re still living with many of the notions 3.1 introduced (it was the first stable and popular Windows version, cementing the fact that you should never trust even numbered Windows variants, remembering that Windows 10 is really Windows 9, but they screwed things up with 95 and 98)
  • Turning to the hardware: Chips used to be simple: instructions sets, memory mapping and such. Intel is starting to change all that, with multiple processor instruction sets on a single chip. One of Intel’s changes is a mix-and-match heterogeneous design where different types of cores can be put in a single chip package. Under the new design, it’ll be possible to mix different architectures on a single chip. Chip packages could also have cores made using different manufacturing processes. Now ask yourself: with hardware this complex, how do we know it is correctly implemented?