Monday, June 29, 2009

(Another) Windows Security Problem

I found a security problem with Windows Vista last week that I have never heard of before.

Microsoft claims that Windows Vista is "Capable" with 512 MB of RAM and "Premium Ready" with only 1 GB. However, when using a computer with only 1 GB, I was able to gain access to someone's account without entering their password.

The root cause (I believe) was that the system had run out of memory, both physical and virtual. The screen saver had started on this person's account and normally requires a password to continue using the account. But in this case, I was given an error message instead of a password prompt. The error message said that the system was too low on memory to start any more processes (apparently, even for the process that prompts for the password when returning from the screen saver). At this point, I had full access to this person's account.

In this specific situation, another user was also logged into the system (and therefore taking up RAM). So if I was going to try and reproduce this, I would log into all user accounts to which I had access, open programs that require large amounts of RAM (like Firefox...sadly), and then leave the system on the log on screen for the target user to login. When they step away from the computer and the screen saver begins (which in my case, was set to the lowest value of one minute), I would try and bring it back from screen saver and pray that there is not enough RAM to prompt for a password.

Does that sound too outrageous to actually occur when desired? Probably...but Windows should never get so low on RAM that it is incapable of displaying a password prompt.

Thursday, June 25, 2009

Verizon (Potential) Customer Service

Today, I used Verizon's Live Chat feature to speak with someone about Verizon's service plans. I have always had Verizon service and was trying to determine how much it would cost at Verizon for a single person to get the same deal as Boost Mobile's Unlimited plan. This plan comes with unlimited domestic calling, text messaging (including text, picture, and video), data, and Walkie-Talkie and also includes callwaiting and voicemail.

I started a chat session with someone from Verizon because I could not find a plan that had the same options as the Boost Mobile plan. I was honest with the sales representative that I wanted to compare their plan with Boost Mobile's, however, they did not seem very willing to help me. Especially frustrating is at the end when they asked me if they could be of further assistance, I said "yea...", and they ended the conversation anyway. What kind of sales department is that??

You can read the conversation for yourself below.

Please wait for a Verizon Wireless sales representative to assist you with your order. Thank you for your patience!
Chat InformationA Verizon Wireless online pre-sales specialist has joined the chat. You are now chatting with Deshondra
Deshondra: Hello. Thank you for visiting our chat service. May I help you with your order today?
You: Hello
Deshondra: Hi. How are you?
You: Good
Deshondra: Good. How can I assist you?
You: I was just trying to compare prepaid plans between service providers
Deshondra: I will be more than happy to provide you with information on our pre pay plans. Do you know what plan you are interessted in?
Deshondra: *interested
You: Yesterday, my friends mentioned Boost Moblie's Unlimited plan...
You: yea...
You: basically, unlimited everything
You: just like boost mobile's plan
You: I dont see a comparable prepaid plan on your website
You: http://plans.boostmobile.com/monthlyunlimited.aspx
Deshondra: Prepaid Unlimited Talk Daily Access (only on days used) $3.99, Mobile to Mobile Calling is Unlimited, Night & Weekend Minutes are Unlimited, Each Additional Minute (for all other calls) is Unlimited and Text Messaging Rate (per address, per message sent and received) is $0.01.
Deshondra: I would not be able to view Boost Mobile information, only provide you with our site information.
You: yea, I saw that one, but it is not unlimited texting
You: you don't have general internet access
You: ?
Deshondra: You will be able to add the text messaging for $20.00 once you have the phone.
You: unlimited text messaging?
Deshondra: Correct.
You: ok, what about data?
Deshondra: Viewing the web will come from your daily access fee.
You: what does that mean?...charging by the MB?
Deshondra: Yes.
You: What does it cost for unlimited data?
Deshondra: There is no unlimited data plan for the pre pay services.
You: ok...what kind of plans have unlimited data?
Deshondra: I will be more than happy to provide you with the number to our customer care department to better assist you. Will that be alright?
You: no, i am find using this chat feature
Deshondra: CLick here and click on a plan. Scroll down to view addtional information,.
You: yea, i was already there...did you want to show me something on that page?
Deshondra: Did you view the additional information page?
You: you mean the "Additional Calling Plan Information" section?
Deshondra: Yes.
You: yea, that is not unlimited text messaging...is that what you were talking about earlier when you said i could get it for $20?...
You: its says "For Additional Messages, overage Messaging rates default to those of your Calling Plan."
You: that means "not unlimited"
Deshondra: $20/month for Unlimited Messaging to anyone on any network in the U.S.*
You: yea, with that star (*)
You: which is where i just copy-pasted that quote from
Deshondra: Is there anything else that I can assist you with?
You: yea...
Deshondra: You can contact our customer care department at 1-800-922-0204 , option 0 or *611 from your mobile phone.
Deshondra: Thank you for visiting Verizon Wireless, I look forward to speaking with you again. Have a great day!
Chat InformationYour chat session has been ended by your Verizon Wireless online agent.

Monday, June 22, 2009

$1.92 Million...Really?

Last week, the (second) file sharing case of Thomas-Rasset v. RIAA finished and made national headlines when Thomas-Rasset was found guilty and sentenced to pay $1.92 million for illegally downloading 24 songs. I have been wondering all weekend if I should create a post on this, because I don't want to just say what everyone else is saying. However, I thought of something novel.

Well, I think the Ars articles about the trial were great. That is how I stayed informed of the trial's progression. The latest article from Ars on the issue is about Thomas-Rasset's options. My favorite section was about "Changing the Law". Nearly everyone thinks she is guilty, but almost no one thinks that she should have to pay $1.92 million for stealing $30 worth of music. I think that Thomas-Rasset will be a catalysis for change in copyright law, especially the allowed damages.

Currently, the Title 17 (section c) of the U.S. Copyright Act allows for damages between $750-$30,000 for "unwilful" infringements and $750-$150,000 for wilful infringements. I think that absolute dollar amounts are poor choices for several reasons.

In this specific case, nearly everyone believes that $1.92 million is too large for stealing $30 of music. It might even be in violation of the Eighth Amendment of the Constitution, which prohibits "excessive fines". So, if the intellectual property (IP) is too cheap (i.e. $1 for 1 song), absolute dollar amounts seem too large.

What if the exact opposite were true? Can you image a situation where some piece of IP costs $200,000 (to legally purchase)? In that case, it would be would be cheaper to "wilfully infringe" and only be liable to pay $150,000. So, if the intellectual property is too expensive, absolute dollar amounts seem too small.

I can think of one other, albeit, minor case. The Copyright Act became law in 1976 and went into effect in 1978. So, when our congressmen created this act and decided on the absolute dollar amounts mentioned above, did they mean the value of the dollar in 1976, 1978, the year of the infringement, or the year of the verdict? This question is non-trivial. I personally think that they meant the value of the dollar in 1976, but then (assuming we always have positive inflation), future Americans will be able to pay the maximum allowable fine with money they find in their couch.

My novel idea is to replace the absolute dollar amounts with amounts relative to the value of the IP that was infringed upon. This would certainly solve my first two examples with IP of both extremely high and low values. One additional clause should be that these relative amounts should be for the dollar value of the IP in question at the time of the infringement since that was the legal alternative to the copyright infringement. The only remaining critique is to claim that the various inflation indices (such as the Consumer Price Index (CPI)) used to calculate the damages are not actuate.

If fallout from the Thomas-Rasset case instigates copyright reform, I hope the absolute dollar amounts in the Copyright Act are replaced with amounts relative to the IP in question.

Wednesday, June 10, 2009

Distributed Computing: More than CPU Cycles

I wrote a previous post about wanting a system to automatically seed Ubuntu disk images, but I have been thinking about this concept at a more general level.

Distributed computing involves people from across the Internet donating their CPU time to a common cause. Why does it have to just be the use of your CPU? In my previous post, I began to introduce this concept involving bandwidth. The other resource that I thought about sharing is disk space.

As an algorithmist, I love the idea of having a constant time algorithm, sometimes called an oracle. One why to simulate an oracle is to cache every possible answer. Well, most algorithms, including my favorite numerical algorithms, have infinitely many answers, so we should just try to cache everything we know.

This is not a foreign concept. GIMPS is a distributed computing project which searches for prime numbers even though we know that that there are infinitely many primes. (As a side note, GIMPS found another prime in 2009.) Similarly, there are infinitely many positive integers and each of them have a unique prime factorization. I think that it would be interesting to create an online service that would return the prime factorization of a positive integer.

This factorization oracle could greatly benefit from a distributed computing project in which people donated their disk space, because this project would require a very large amount of disk space. When a user would query the service for the prime factorization of a number, they would be redirected to the distributed "disk space" user's computer containing their answer.

Whether or not you like my online oracle idea, I think there is some benefit in expanding the distributed computing concept to resources other than the CPU. The mirroring of file servers and the BitTorrent protocol are both ways to distribute bandwidth. The distribution of bandwidth by either of these methods is still more difficult than the distribution of computation, so there is still room for improvement. Finally, I do not know of any current solution that could be considered a type of distributed disk space.

One reason why things might be the way their are now is because of cost. Computation probably costs more than bandwidth which in turns costs more than disk space.

Are their other services that a computer could donate in a distributed computing-like fashion?