James Galvin

Graham Linehan, on his Hompendium of Dorithies, has taken a quick look at the new His Dark Materials film. They have reuinted the Casino Royale leads Daniel Craig and Eva Green, and opted to cast Nicole Kidman as Mrs. Coulter. Choosing the child actor is always a gamble, so they played it safe with another Dakota. Daniel Craig as Lord Asriel - good stuff.

I have to agree with Graham though, they’ve got Lyra all wrong… and those daemons/polar bears look a bit dodgy too. There’s no better way to cheapen a film than with second rate CGI. A game, made by SEGA, is also announced for this December - that has great potential, but video games which accompany movie releases are always disappointing. Have a look at the website - there’s a lot of stuff on it, including a ‘Meet Your Daemon’ utility, which must be broken because it said my daemon is a crow.

RTE notes that new Census of Population figures published today have ordained six new large towns. Any Cork people who were confused last year by the city’s official decrease in population will not be surprised by the fact that three of the “new major towns” are within 25mins drive from Cork City.

By now, most people acknowledge that the population figure associated with the city of Cork is very misleading, since the official boundry of the city is too tight. With no room for expansion in the city centre, the inner suburbs have been packed in recent years, and now the CSO acknowledges the same trend slightly further afield. What perks will this glorious new title bring to Cobh, Mallow, and Midleton? I don’t know, but word on the street is that the locals are expecting a shipment of white runners and Nissan Micra body kits.

I’m learning new stuff every day on my MacBook Pro. Today, OS X Hacker points out how you can zoom in on any part of the screen, simply by holding control and dragging two fingers along the trackpad. I can’t see this being useful, but that is beside the point. Little features like this are what makes OS X really cool… I will find it difficult to go back to Linux on my desktop.

RTE mentions that Bertie is embarrassed by the fact that we, “the laughing stock of europe”, don’t yet use electronic voting, while France get their election results in two hours, electronically. Two hours is very impressive, and that’s also how long the French voters were left queuing. This is before we even consider the usability and security concerns of the French system:

“protesters sued to ban the machines outright a week before the election, noting that some models don’t comply with a dual-key requirement for safety from fraud, and others, such as the iVotronic machines, have new software, but haven’t been re-verified since 2005.”

While our own e-Voting machines gather dust in a very expensive warehouse, the Taoiseach chooses to blame the opposition, accusing them of “playing politics”. Am I to assume that Bertie knows more than the Commission on Electronic Voting, who explicitly stated that our system is not ready?

• The security of the hardened PC that is proposed for use in preparing elections and in aggregating and counting the votes afterwards is inadequate and needs to be improved.
• Improvements are also required to the security of the methods by which sensitive election data, including votes, are stored, transported and accessed on ballot modules and CDs.

Bertie is happy to pile on regardless and deploy an insecure voting system, simply because his buddies abroad are doing it. Perhaps if he were less concerned in keeping up appearences, and more interested in the integrity of our elections, then he would acknowledge that the millions wasted on our unused voting system can only be blamed on the government who forked out on a product that does not work.

BBC has news of two new movies from the Coen brothers. First is No Country for Old Men - an adaptation of a Cormac McCarthy novel by the same name. “Violence and mayhem ensue after a hunter stumbles upon some dead bodies, a stash of heroin and more than $2 million in cash near the Rio Grande” - sounds like vintage Coen territory. This will be competing for the Palme d’Or at Cannes next month We’ll forgive the dodgy title because it comes from a Yeats poem.

The article also mentions next year’s offering, Burn After Reading, which will be starring George Clooney, Brad Pitt, and Frances McDormand. Wikipedia has a few notes:

Burn After Reading is a comedic spy caper with Clooney. A CIA agent (George Clooney won’t play that role) loses the disc of a book he is writing, which contains valuable information, and it’s up to him to get it back.

It’s great to see the duo back in action. They have really tied the industry together since they wrote and directed Blood Simple in 1984. They may have taken their eye off the ball a bit with their latest offerings (Tom Hanks = bad idea), but if their rambunctiousness and misdemeanoring is behind them, then I will be most eager in awaiting their upcoming releases. Fuckin’ A, man.

Infoworld are crowing that a “myth” has been crushed, as a hacker managed to break in to OS X to win a security contest in Vancouver. No myth has been crushed - at worst, perhaps a misconception has been dented. OS X is not hack-proof - there is no operating system on earth that is 100% secure when attached to a network, and the way some people have responded to a run-of-the-mill Safari vulnerability, you would think that there has been an apocalypse.

What the Infoworld article fails to mention is that CanSecWest organizers relaxed the rules Friday after nobody at the event had breached either of the Macs on the previous day. It doesn’t specify exactly how the rules were relaxed, but a comment mentions that “The successful attack on the second and final day of the contest required participants to surf to a malicious Web site using Safari”. If this is the case, then as far as I’m concerned, the contest only served to show how well secured OS X really is.

The article quotes Dragos Ruiu, organiser of the event:

“You see a lot of people running OS X saying it’s so secure, and frankly, Microsoft is putting more work into security than Apple has”

Dragos: the reason Microsoft is putting so much more work into security than Apple is because it needs it so much more. How many times have I had to fix friends’ Windows computers for no other reason than they left it online for a few hours without a firewall? No myth has been crushed, common sense has prevailed. Your Mac is not untouchable - it is advisable that you tighten security controls on your web browser, and be careful of surfing to dodgy sites on the internet. As long as you don’t make a habit of antagonising MaddoxX, then you can be reasonably confident that your computer won’t be trying to nuke eBay if you leave it online untended for the weekend.

Kotaku highlights this Wall Street Journal article which examines Nintendo’s success so far in 2007. Having never paid much attention to the portable market, the extent of the Nintendo DS’ dominance is surprising to me. What is not surprising, however, is the performance of the Wii relative to its expensive competitors.

Despite initial doubts based on the name of the product, it became clear early on that 2007 would be the year of the Wii. Following its release a few months ago, YouTube bulged with homemade videos of hillbillies swinging motion-sensing controllers in a bout of Wii boxing; a new era had dawned for console gaming.

This old video summed up the appeal of the Wii over the PS3:

For me, the pricetag is the critical factor - a quick comparison from Smyths Toystore in Ireland just for the base console with no games:

Playstation 3	€629.99
Xbox 360	€409.99
Nintendo Wii	€269.99

Even now in mid April it is difficult to get a hold of the Nintendo Wii, as retailers are constantly sold out. Hopefully this trend will influence an evolution towards smaller, cheaper gaming consoles, as opposed to bloated all-in-one entertainment centres which cost more than a ‘98 Ford Fiesta.

Congrats to Colm and Joost in becoming immortalised in /etc/services - they now have an official IANA assigned port. Incidentally - if you haven’t got a Joost account yet and feel like checking it out, let me know because I have a few invitations available.

The Daily Tech have an article about a hacker who is curretly holding Valve Software (the makers of Half-life) to ransom, having hacked into the system that manages internet cafe licences, and retrieved details and credit card information.

Most gamers will remember the bit of trouble that Valve had a couple of years ago, when a German hacker known as Axel G, or “Osama Bin Leaker” when he’s in a particularly powerful mood, snuck into their network. Internal emails were leaked, demos were leaked, and ultimately the source code was to Half-life 2 was put on the internet. Valve burst into action like a coiled spring - instantly assembling a dynamic and energetic tiger team:

The fiasco resulted in a lot of hassle for the company, but they got some consolation in the end when they caught the perpetrators by pulling the oldest trick in the book - offering to hire Axel G as an in-house security auditor. Beaming with pride as he headed for the plane, ready to start his new life in America working on the game he loves, the poor boy had no idea that the FBI were laughing their asses off at the airport, doing Axel G impressions as they waited for him to arrive.

Axel G - a misguided enthusiast, suffering from classic notions of teenage hackers convinced himself that he was working for the greater good. He claimed that the motive behind the source code leak was to expose Valve for lying to the public about the state of the game, which was far from finished, implying that they demoed a fake version of the game at E3.

This latest haxor, MaddoxX, displays the same symptoms of a glorified self-image, probably seeing himself as half Robin Hood, half Darth Vader and half Zerocool. However, by comparing the number of x’s in their names, we can assume that MaddoxX is at least twice as l33t as Axel G, and thus less likely to fall for the “hey, you’re good! Come and work for us” trick. I would remind Valve of the old Chinese proverb that is strangely apt here: “Blind eagles soar with wings, but do not mess with psycho Russian hackers because you’ll get pwned”.

The Daily Tech article quotes MaddoxX, who outlines his motives:

In fact, MaddoxX says that he’s been tooling around on the Steam server’s back door since January. “I did try [to] contact them several months ago. At the time, I didn’t do anything harmful — just got [a few free copies of games] but never heard anything from them,” he says. “Later,” the steamed hacker adds, “I tried to warn them to fix bugs…but as usual, they don’t listen.” He recounts that he allegedly tried e-mailing Valve employees on several occasions without a reply. When a friend of his called attention to the potential security breaches on Valve forums, every trace of each thread got shut down. “They don’t even warn or reply to their Café customers that private information is leaked,” he says.

And here we come to the issue that is bothering me: MaddoxX is dead right in what he says. When you take confidential information from your customers - be it credit card details, home phone numbers, or their dog’s middle name, you take on a degree of responsibility. My guess is that Valve’s IT guys are still sitting around eating sandwiches in front of an empty whiteboard. The director of marketing at Valve, Doug Lombardi, just recently confirmed the security breach and released this statement:

There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam.

The Daily Tech refers to a very reasonable Californian Law which says that you are required by law to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed). I’m not a lawyer, so I don’t know if Valve are bound by this, but I am aware of a general rule of thumb: if you discover a security breach, you snap to it and do something about it. You don’t hum and haw and mumble some comment a week later about an “alleged hacker” who broke into the system. If the guy has got:

• Screenshots of internal Valve web pages
• A portion of Valve’s Cafe directory
• Error logs
• Credit card information of customers
• Financial information on Valve

…then I think its safe to put your hands up and acknowledge this. Funnily enough, the Cork gaming cafe Area 51 even makes an appearence on one of MaddoxX’s screenshots. I wonder if they know that their credit card details could be compromised? Perhaps I’m being unfair, and all of the affected customers have been contacted and informed, but judging by the concerned cafe account owners on the steam forums and elsewhere, this does not seem to be the case. This only serves to validate what MaddoxX is saying, and highlights a gross lack of responsibility on Valve’s part. I believe the guy when he says he has contacted them many times about exploits and bugs and never got a reply. They sound like an absolute disaster.

Security breaches happen occasionally, and that is inevitable. I won’t dwell on the fact that it seems to be a recurring event for this particular company, I’m more concerned about the reaction when something does go wrong. Read this example of how it should be done, from Wordpress. A responsible, well worded, concise account of what happened, when it happened, who is affected, and what to do if you are affected.

What would you have said if Automattic had come out with drivel like this: “There is no security breach at Akismet. I repeat, AKISMET IS SECURE AND SAFE. oh, by the way, Wordpress got allegedly hacked.” Doug Lombardi: the issue is not “There has been no security breach of Steam”; the issue is: “THERE HAS BEEN A SECURITY BREACH“.

I saw an article today about a USB chess board that tracks your pieces and allows you to see a virtual representation complete with analysis on your PC. Nothing hugely innovative there - perhaps there was no demand for this kind of thing 8 years ago when they were churning out steering wheels for racing sims.

However, it did make me wonder about the next generation of online chess. If you could get an external chess board to reproduce the moves of your opponent as well as your own, then you have an excellent product. My attempts at playing online chess on Yahoo and elsewhere over the years have always ended in alt-f4 after six minutes as soon as I lose my bishop. I like chess, but it’s not the same game when you’re clicking on a computer screen. My future USB super chess board will also project a hologram of your opponent and respond to voice controls and it will also make toast.