The Bad and the Good

It’s been a strange day. It started out with me getting a ride to work from Chris again (more on this in a minute), followed by 4 long boring hours of Prelude Administration. I ate a quick lunch then walked 10 minutes back to my office. We’re moving to a new building on Monday and since I’m taking Friday off, I needed to pack up my stuff. I got everything organized and onto my moving cart and ended up leaving around 3PM because Chris decided he was ready to duck out early. All in all, not too bad for a work day, but that’s not the annoying part.

About 3 weeks ago I took my car to Jiffy Lube for an oil change. I already knew I had an oil leak that was getting progressively worse and they confirmed it was something they could not fix. I started trying to figure out where I could take it and got some recommendations via the Classifieds at work. A few calls and my options ranged from estimates of $600 to just under $1,000 to fix the problem. I ended up going with the cheapest place, although it wasn’t my first choice simply because of the strong recommendations for a one-man shop not far from here that wasn’t much more.

I think I made a huge mistake. First, the cost was doubled because the problem was worse than originally thought. I was told it should be done Monday or possibly Tuesday. Tuesday came and went and I was informed that it wasn’t done yet. So I called again today during a break from class and was informed they were waiting on a part. They were expecting it anytime and my car should be ready today. Ok, not so bad. But there’s more…

I’d been home for about 15 minutes when I get a call.

I’m calling to let you know that we just got your parts from the shop. I’ve got some bad news for you. It’ll take three more hours to get it done. It won’t be done today.

Keep in mind that tomorrow is Thanksgiving. I asked when they were open next, already knowing the answer was going to be Monday. I responded by saying that was pretty much unacceptable, that my family was coming into town and I needed my car. She offered to “hook me up with a rental” which I considered for about thirty seconds before she said they would only pay for half. Half of $25 bucks a day for five days? I don’t think so. Not when I’m already paying out the nose for this repair.

So lets recap. I’ve been given an estimate on the cost; it’s doubled. I’ve been given two estimates on when it would be done and both have come and gone. I’ll have been without the car for a week and a half. Not to mention the costs involved make less and less sense the more I think about it. One part plus installation = $600. Two parts doubles the cost. Wait a minute…I can understand doubling the cost of the part, but once they take the engine apart to install the first one, they don’t have to take it apart again. Why should the cost of labor double as well? That makes no sense. Let’s just say they’ll have a hard time convincing me to pay their full price when I go to pick it up on Monday (assuming it’s even ready). I wonder how they’ll react when I let them know that I work in a company of over 2000 employees, the majority of which will read the story of my experience with McDermott’s Service and Repair.

The day wasn’t all bad. My family got here before bowling and it was good to see them, although it was a little tainted from the events with the car. League also went pretty well tonight. Although my first and third games were nothing special, my second was a 196, my new high score and the best so far for our team. Only 2 open frames and 7 strikes (4 of them consecutive). Let’s just say I was shocked.

Lost was also pretty good tonight. I finally understand where Ana Lucia is coming from, but I still don’t think her past gives her an excuse to be such a bitch. They’ve got a long ways to go before they get me to like her.

Sony’s Rootkit Woes

For the most part, I’ve stayed away from this subject because it’s really complicated; much more so than the casual user or music listener really cares about. But it is important and it’s something everyone should have at least heard about. I wanted to have a better idea of what has really been going on before I tried to write about it. Most of the pages linked here are pretty technical in nature, but even if you gloss over the tech speak you can still get the gist. If I’ve misrepresented anything here, please let me know so I can correct it.

Starting some time ago, Sony started manufacturing CDs with new DRM software called XCP from First 4 Internet. The discs require you to install a special media player to listen on your computer, but there’s something more happening behind the scenes. This went generally unnoticed for quite some time, then F-Secure identified the software and finally Mark Russinovich made the problem well known. He ran a scan using some software he co-wrote and discovered evidence of a rootkit on his machine.

Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden.

This was a serious discovery, so naturally he started investigating. What he found was pretty scary. He linked a hidden process to the media player installed by a CD from Sony/BMG.

I closed the player and expected $sys$DRMServer’s CPU usage to drop to zero, but was dismayed to see that it was still consuming between one and two percent. It appears I was paying an unknown CPU penalty for just having the process active on my system. I launched Filemon and Regmon to see what it might be doing and the Filemon trace showed that it scans the executables corresponding to the running processes on the system every two seconds, querying basic information about the files, including their size, eight times each scan. I was quickly losing respect for the developers of the software.

If I read that correctly, it’s scanning active processes eight times every two seconds. What purpose could that possibly serve?

But wait, there’s more. Mark wanted to remove the software from his computer. Sony claimed it was possible, and yet it was nowhere to be found in the Add/Remove Programs list, there was nothing about it on the Sony site (this is no longer the case), no help to be found at all. He took matters into his own hands and found that the software loads even in Safe Mode, meaning if something went wrong, you’d have a hell of a time fixing it. He was able to get it off his computer, only to find that his CD Drive had been disabled.

In the following few days, things have only gotten worse. Mark has made many more interesting discoveries and catalogued it all for us: Dangers and Phoning Home, First 4 Internet Responds, and his Uninstall Experience. I’d include more details here, but he’s already done a great job of that.

I’ve put together a summary of the information I’ve gathered from Mark and other articles on this issue.

  • The EULA does not disclose the software’s use of cloaking and implies that it can be easily uninstalled (it cannot). It hides itself by modifying the Windows kernel without your permission. Sony denies the software poses a security threat.
  • This rootkit can hide the DRM files as well as anything else set up to take advantage of it (think trojans, worms, and viruses). Sounds like a hacker’s dream come true.
  • The hidden software scans your active processes constantly. 240 times per second. No one seems to know why.
  • If you do manage to get the software off your computer it will disable your CD drive.
  • Sony recently announced to the press that they were making an uninstall tool available, though they made no attempt to ensure their users knew about it. It is virtually hidden in the FAQ section of their website.
  • Sony’s “patch” can lead to system crashes and data loss because of the way it removes the cloak.
  • The rootkit has already been used to get around the World of Warcraft anti-cheat software and now new viruses are taking advantage of it.
  • The Sony CD player establishes a connection to Sony’s site and tells them each time you listen to your protected CD. This behavior could be used to record the ID of a CD and the IP address of the person who played it, though there is no evidence of this. However, simply by logging standard server activity this information would likely be collected. Sony says they don’t use it.
  • Uninstalling the software is a chore in itself with several hurdles to jump through. You have to tell them twice that you want to uninstall. Don’t forget the majority of users wouldn’t know they’d installed the software in the first place.
  • The CDs are trouble for more than just Windows users; they affect Macs, too, though the software comes from a different vendor called Suncomm.
  • This move by Sony likely breaks laws in many countries around the world. Sony claims the CDs have only shipped in the US, though this has already proven to be false.
  • A class action lawsuit against Sony has been filed in the state of California. Expect more to follow.
  • For now, Sony has halted production of the CDs but they have no plans to stop including it with their CDs.

Needless to say, this has people really upset for obvious reasons. I think it’s safe to say this takes the idiocy of DRM to a whole new level of “I can’t believe this.” I guess Sony figured that the only way to make DRM work was to hide it from the user. Maybe someday they’ll learn that you really can’t hide much from the public at all; there’s always a way around (a fundamental reason why DRM will never work). The worst part is that this software opens up a whole new issue with privacy and protection. The fact that Sony denies there is a problem is unforgivable. Their stories change each time new information is revealed which really leads me to believe they never thought anyone would figure out what they were doing. I’m not one to quickly start screaming about boycotts, but I will seriously think twice before I purchase another Sony product.

#$%@ CBS

So I’m working on categorizing old posts while I watch the Chiefs game. The Raiders had just come back to take the lead late in the 4th quarter. They’re kicking off to Dante Hall with 1:45 left in the game, and suddenly CBS cuts to the beginning of the damn Packers’ game already in progress! With that little time left in a close game would it really have killed them to let me see if the Chiefs could pull out the win? No, I didn’t think so.

Update: The Chiefs drove down the field and Larry Johnson scored a touchdown from one yard out before time expired.

Goodbye Blogger

I Went to post tonight and Blogger was choking hard. For hours, it wouldn’t post anything, but instead threw up some unhelpful error (001 java.net.UnknownHostException – what the hell is that?). In the meantime I managed to screw up my template and left things looking crappy until I was able to hack together a fix. I don’t even know if this post will show up anytime soon. Anyway, it’s been a long time coming, and this was just the push I needed to end our 19 month relationship.

Blogger, you made it incredibly easy to get on the web, and I thank you for that. You’ve come a long way with new features, usability, and decent reliability. But It’s time to move on. Don’t take this personally, I’ve just found a better blog system.

I will very soon be switching over to WordPress, most likely before the end of the weekend. More on that later.

Edit: It’s now 7:45 the next morning and Blogger is finally allowing me to post again. I’ve also discovered that Blogger now has the ability to moderate comments, but I don’t get spam comments (yet) anyway, so I don’t think it’s enough to save this thing.

Thou Shalt Not Blog…

Read:

Students can be suspended for a lot of odd reasons these days — wearing “objectionable” T-shirts, cross-dressing for prom, planning elaborate senior pranks — but a principal at a Catholic high school in Sparta, New Jersey, has added another offense to the list: having a blog.

Ok, stop. I don’t care if this is a private school or not, this is absolutely ludicrous. Who is this guy to say that none of the students at his school can express themselves through a website? I can understand if they want to limit comments made about the school or its staff, and it would be perfectly appropriate to hand out school punishments for violations in that regard. But to say that you can’t even have a blog because of the possibility of exposure to the bad people of the world…give me a break. That’s like saying you should never go outside because there’s a possibility you’ll get a cold that leads to fatal pneumonia. No one can live their whole life inside a box.

What really gets me is that this is an issue for parents, not the school principle. It’s the parents responsibility to make sure they know what information their child is putting out on the web, and to teach them what is appropriate and what is not. The school can certainly teach guidelines (and they should), but for a kid to face suspension simply because he writes his thoughts online is shameful. A school trying to instill values into its students for home life is one thing, but actually trying to regulate home life is something altogether different and completely unacceptable.

read more | digg story

Twenty

I’d heard that there could be more than a few versions of Microsoft Vista, but really hope this isn’t true because it’s just ridiculous. I can’t possibly see the point, unless they want to alienate every single Windows user who wants to upgrade because they won’t know if they should get Starter, Basic, Pro, Premium, or Ultimate. What a joke.

read more | digg story

Why Did Apple Kill the iPod Mini in Its Prime?

I think this guy has an excellent point.

No one was suggesting they wanted a flash-based player over a hard drive one, and no one was complaining about the iPod mini being too wide or too heavy. In comparison to the iPod mini, the iPod nano made the battery even harder to get at, lowered its battery life, removed the “remote connector,” ditched FireWire support, weakened the device making it much more fragile, and features a scrollwheel inconsistent with that rest of the iPod lineup.

The nano is cool and all but I don’t really understand why they chose to completely replace the mini instead of just adding to the line or why someone who owned a mini would run out and replace it with a nano. I also like the mention of Motorola CEO Ed Zander’s supposed joke about his feelings for the nano.

read more | digg story

What a Joke

I’m sorry, Epic. You really dropped the ball today.

Let me back up a bit…One of the things I think is pretty cool about Epic is that the company really values the relationship they have with customers. One of the ways they reach out is by holding a week long conference called the Users’ Group Meeting every September. They set a theme every year and it’s a chance to mingle with customers and learn what others are doing with the software, etc. To be honest, I’ve been kinda looking forward to going to some of the sessions to hear a little bit about other parts of the company and what customers really think. Don’t get me wrong, I’m glad Epic cares so much about their customers, but today they totally forgot about their employees.

There is only one session that every employee is required to go to: the general session. Since Epic has been growing so fast over the last few years (current population is over 2100, up from 1600 when I interviewed in February) it would require a very large venue to house all of the employees and even more customers. So they decided to split us up: the customers in the convention center, the employees in the Orpheum Theater. Keep in mind we are still required to dress up even though we won’t see any customers for the only session we’re required to go to.

So some people on my team and I decided to carpool. We get downtown, find a place to park, and walk into the Orpheum right at 8 o’clock when the session is supposed to start. The first thing I notice is that it’s a little warm inside. I immediately took off my suit jacket, knowing I would be miserable if I didn’t. We proceed up to the balcony, knowing we will be able to better see the screen where they will be projecting the feed from the convention center. They’ve got a video on one side of the giant screen and a powerpoint presentation on the other. Not a bad setup. Or so I thought.

Each year a video is made to match the theme. This year: Mystery in the Midwest. I’m sure the video was pretty good, but I can’t really tell you for sure. As soon as the presentation started, a nasty speaker buzz started from the only speakers projecting the audio feed from the convention center. The volume wasn’t bad, but the voices were so garbled I caught about every fifth word. I thought maybe they were having issues and would fix them, but I was wrong. As the movie ended and the first speaker started, the feedback got worse. They made an adjustment and the sound stopped crackling during high volume, but everything was still garbled.

So here we go. Roughly 2000 Epic employees sitting in the dark in their nicest suits and dresses in an 85 degree theater for four hours watching a video feed from the nice (cool) comfy convention center that we can’t even hear well enough to understand. The video, the CEO, the Vice President, the keynote speaker from Princeton…I’m sure it was all great. I think I caught one joke in four hours, meanwhile I’m sitting there sweating through my dress clothes. Absolutely fan-frickin’-tastic.

I went to two sessions in the afternoon after enjoying (sort of) a free box lunch. They weren’t too bad, but I still can’t believe they didn’t test their setup ahead of time. That ranks right up there with a tech company that relies on Microsoft Outlook for absolutely everything having to go without access for 2 days while they install patches, updates, and make server changes.