Blog Archive

Friday, August 22, 2014

Eye of a needle

I'm haven't reached middle class yet, but I've started making enough money to humbly get along. At work I often have to spend time around people with significantly more wealth than me. The longer I am surrounded by the rich, the more estranged I feel. The heaps of cash these people spend on trivial things makes my head spin. I'm all for technology, but I don't see why you would need all these idiot toys. Everyday objects that seem banal to me become the subject of elaborate discussions and intensive searches for the ultimate product to consume. I don't understand why people spend thousands on a table or hundreds on a lamp. I cannot relate to the gimmicks and trophies they so proudly compare. Good for you if you think your BMW is a great company car, good for you if your new bluetooth headset has just a bit more noise suppression than the one before, good for you if you give your money to kickstarter-fund another smartphone. Just please don't make me sit there and listen.

Wednesday, August 20, 2014

Protect yourself

Germany's Federal Ministry of the Interior Thomas de Maizière has submitted draft legislation to introduce higher requirements for companies and stronger competencies for agencies to counter the growing number of IT security threats. A major aspect of the draft is a system for companies to alert the authorities when an attack is taking place, report the source (or leave it as unknown) and give the agencies a specific case to follow up on. Furthermore the bill will specify minimal standards for IT security every company ought to maintain and expands the rights of the Federal Office for Information Security (BSI).

Here's what is wrong with it: It certainly makes sense to create a police interface like the emergency telephone number, only for the Internet. However I find it hard to imagine that it will find the same acceptance as the classical emergency phone number, companies will avoid getting the authorities involved unless they really have to. Most will shy away from the bureaucratic process of following up on an incident (especially when no damage was done) and just shut themselves off from that particular attack. 

More importantly though, many small and medium companies have always had a minimalist approach to security. Usually, a simple firewall appliance with an all-out, little-in rule set is in place, there's some anti virus software, and that's about it. 
To be able to report an attack to the police, you need to know it is happening. The danger of these digital intruders is that they don't come banging on your door, break a window and leave behind footsteps. Somebody qualified would have to monitor the network, maybe replace some of the appliances in use to have better tools at hand to even identify something is happening, both of which means costs that don't bring immediate benefits to productivity and thus translate to controller speech as investments without tangible return. Even more ignorant, often security measures will not be put in place because they make work less comfortable and slow down processes - safety and comfort often collide, and the latter is shockingly often preferred. 

If there hasn't been a precedent, there is little awareness and willingness to invest in security. Many will argue that they are not that special, not that publicly exposed, not that interesting, so they don't need the equipment larger enterprises have. But if that mindset would relate to reality, there would only be high-risk-high-gain burglaries. Where do criminals rather break in, the well-lit building with the cameras and guards or the small office with the lights out and easily opened windows? Not every attack from the internet has to be the big bust.

Even if there is an awareness of the need to invest in security doesn't mean something will happen. Either the budget just isn't there, or the task is given to internal resources that are used to capacity with keeping the infrastructure running and responding to the daily noise of small requests. In those cases, those risks are consciously accepted.

This is the weak spot that no matter how well thought-through the draft of Mr. de Maizière is, will remain. For comparison: It is nice to have the police patrol the streets occasionally and scare off whoever tries to breaking into houses from the front door in broad daylight, but the real risks are the guys who approach from the backyard at night and enter through the open kitchen window. In order to have a centralized, institutionalized protection, you would need their cameras in your backyards all the time to monitor everything and filter out the criminal events, i.e. total surveillance. It just doesn't work.

What is to be concluded from this is that IT security is not something that can be provided centrally, but rather has to be done in a distributed, local manner. It is something that every company has to worry about and find a balance between cost and effectiveness that is appropriate for their size. No external institution will take that burden away.

All the time, more and more things are connected to the Internet. Devices that were formerly completely unrelated to computer networks now run the exact same protocols without having the same security mechanisms (e.g. cars, machinery) or formerly LAN-exclusive systems are now stretched across the WAN (look for the marketing term "cloud managed"). The exposure to these risks has spread from the computer desk to almost everywhere (especially including mobile devices). Companies that have failed to secure their servers from external threads will fail even harder to protect these new Internet participants. I think the problem is that as so often, if something works well, people keep piling on top of it until it collapses. Same with the Internet here: Not everything that is on the Internet should be on the Internet (and I don't mean your selfie gallery). Just because you can do something doesn't mean you should.

I'm not advocating a departure from computers towards typewriters, I'm advocating a separation of networks. Many early adopters mourn that the Internet used to be this fun secret tree house club where everybody is equal, but now the evil big corporations take it over and threaten net neutrality. I say the root problem is that the Internet is this one huge network that almost everything operates on. In the realm of IT backend infrastructure, it is common to separate traffic into different networks - server-client communication should never be in the same network as server-storage communication (iSCSI, NFS, etc.). The same should be done for the Internet: create additional, purpose-built networks. Don't use the original, global internet for everything. Local exchange of data can already be solved with private networks today, I am rather interested in an alternative network of the same global availability as the Internet.
I am well aware that the Internet is not really one huge network, but many networks with routing between them, but there should be an additional set of networks to use for specific purposes that has absolutely no connection to the Internet-networks whatsoever. IPv6 would have been an opportunity to make that cut, but it is easier to adopt this protocol into the old Internet instead of creating a new network with new rules.

Mr. de Maizière's draft has been criticised for the cost it implies, I would rather criticize it for being ineffective. It's not a bad concept, it just won't have a significant impact on the actual level of security German companies will have on the Internet. Considering how audacious it is considered nevertheless, it seems safe to assume that no significant positive effect on IT security is to be expected from the government. It's up to the individual, for better or worse.

Friday, August 08, 2014


HAWKEN is a free-to-play online multiplayer egoshooter game with mechs. The open beta was launched in late 2012, and in 2014 the game moved to Steam where it is currently still in beta state. HAWKEN plays more like Unreal Tournament than MechWarrior, because it is focused on fast-paced action rather than tactics. Quick evasions and precise shooting reign supreme. The usual Team-/Deathmatch can be played against other players or bots. Furthermore there is Missile Assault (King of the Hill), Bot Destruction (waves of bots with intermediate boss fights) and Siege (it's complicated). Shooting everything that moves outside your team is generally a good idea. You get unlimited ammo, but weapons tend to overheat.

Another similarity to UT is the Unreal Engine 3, which is also used by UT3, Gears of War, Bioshock Infinite, Mass Effect, etc. Not only does it therefore have a great technical basis, but Adhesive Games' overall design for mechs, levels, menus and everything else is glorious and really supports the Sci-Fi scenario. Futuristic industrial elements (i.e. the Hawken Virus Giga-Structure) give it a sense of belonging to the same scenario in the variety of stages, from swampy forests to frozen wastelands, crash sites of big spaceships, desert outposts and urban landscapes. There is some sort of vague story about the distant future and hunting for resources on colonized planets, but you'll be too focused on shit blowing up to care.

Other than your skill, your success depends on how good your mech is. There are currently eighteen different models that are grouped by weight/speed/agility/size into three classes. There is no overly powerful model, the balacing works out pretty well in that regard. All of them can use boosters for quick slides and hovering and allow for huge leaps onto high ledges, but there is a significant difference between the light and heavy models. HAWKEN is by far no simulation, but it gives you a digestible idea of sitting in a big machine (also they support Occulus Rift integration). All mechs can be upgraded with practical equipment (weapons, items like EMPs or radar scramblers, internal components) and cosmetic changes (paint job, different chassis, bobble head figures for your cockpit), which brings me to the economy of the game.

HAWKEN is generally free-to-play, you don't have to spend any money on it. In the game, there are two currencies, Meteor Credits (MC) and Hawken Credits (HC). HC are gained through playing the game, earch match gives you HC based on how long and successful you played. MC however can only be gained by buying them with real money (you're also given a few after playing for 60 minutes).
HC can be used to buy new mechs and practical equipment, which means that you can get the best possible mech through playing without spending any real money. MC can buy everything, it is a quicker alternative for practical equipment and the only payment method to buy cosmetic changes. Up to this point, it sounds pretty great, because you only have to pay to please your own vanity and anybody can have good equipment regardless of financial capabilities. In practice however, the grind the gain HC is very sluggish and you'd have to spend an awful lot of time until you can buy proper upgrades. Even worse, the prices for the cosmetic stuff are ridiculous - 1$ will buy you 144 MC, which will get you some of the available paint jobs for a quarter of your mech. To fully customize a single mech (bought cosmetics are not interchangeable between vehicles) you have to spend around 30$, which is a lot of money to make your digital robot toy shiny black instead of dull grey.
While the basic premise of the payment system is good (optionally pay for cosmetics), it has some flaws in execution, mostly that you'll have to spend eternity grinding your mech to get any upgrades, which means very little benefits for long stretches other people might bridge and just buy upgrades. Also there are absurd prices for individual items (why does one paint job colour cost more than the other?).

HAWKEN is still in beta and has some things to improve. I once played a deathmatch that wouldn't end, the matchmaking mechanism needs some more fine-tuning (sometimes there are huge differences between the contenders' levels), the mechs hardly show how damaged they are and they might want to reconsider how much grinding it should take to max out a machine.

Despite these downsides, HAWKEN is fun. It looks amazing, it has bigass mechs without the drudgery that usually goes with that, it's a fast-paced shooter with very different weapons and items, there is enough variety to allow for diverse playing styles, and let's not forget that you don't actually have to pay anything to play it. I therefore strongly recommend playing this little gem, but I don't recommend spending an awful lot of money on having your repair drone painted purple in the beta version of a videogame. I'm not entirely sure I want this model to become the norm for mainstream gaming where in many cases you already buy something that feels like an unfinished product and have to pay again for it to work properly. In this particular case, I'm cautiously optimistic.

Sunday, August 03, 2014

Microsoft's near future

Most days, I go to a place, sit there and do things and in intervals I get money in exchange for the things. In doing those things, I have a lot to do with Microsoft and many of their products. Thus, I need to keep an eye on what is going on with that company and what changes are to be expected.

Microsoft in the middle of 2014 is trying to distance itself a bit from the course of late 2012 that is associated with Steve Ballmer, Windows 8 and the failed tile interface, as well as what felt like diversification in the consumer segment at the price of business negligence. Microsoft was investing a lot into competing with Apple on tablets, phones and touch interfaces in general, which proved unpopular. Now that Sergej Nutella Satya Nadella has replaced Ballmer as CEO, many of the developments that were started midway through the Ballmer era are now given more spotlight than before while others are slimmed down. Since the CEO switch, Microsoft hasn't really changed an awful lot, yet they intentionally make it seem like a significant intervention for image reasons.

The timing for some releases has been very helpful with that. The (now partially available) update to Windows Phone 8.1 has consistently been praised, the (when-its-done) return of a classic start menu had many people sigh with relief, the (available) Surface 3 is supposedly their best computer yet, Office for iPad sold very well. In the enterprise world, Windows Server 2012 R2 brought genuine improvements, the latest Hyper-V version has become a very good hypervisor, SQL 2014 brings a load of new features.
Two services that have greatly increased their market share are Azure, their IaaS and especially Office 365, which is the latest desktop version of Office plus services like Exchange Online or Sharepoint Online.

Recent announcements that got a lot of people excited revolved about the unification of Windows platforms. The Windows Store apps are supposed to be unified across the phone, PC and even XBox systems. The consolidation of Windows, Windows RT and Windows Phone into one operating system has entered the roadmap, although only on the horizon. Both make a lot of sense.

I think in the near future, Microsoft's strategy will be something along those lines:
Consolidate the Windows platforms to minimize maintenance effort. Make the Store apps universal to increase their sales. Reduce the previous diversification, invest less in small standalone software. Trim down Nokia. Push Office 365 as hard as possible and eventually move all of Office to an exclusive subscription model. Sell Office on Apple devices. Push enterprise software like Sharepoint, Lync, Dynamics, System Center and MSSQL. Make large contracts for hosting on Azure. Do more direct business and less channel-driven business through partners. 

I think this course will prove very profitable for Microsoft if it works out as intended and they might just win back some sympathies they lost in the last two years or so. There will however be downsides to this, not necessarily for Microsoft, but the rest of the world: Microsoft doing more direct business might hurt partners and leave customers to deal with Microsoft directly instead of talking to local businesses. Most importantly though, essential parts of the strategy I laid out will move Microsoft into a more proprietary position than ever. If you need Microsoft's approval to run applications on your PC by applying for an entry in the store, if you have your services hosted on Azure and the Office 365 back end, if you rent your software, you loose an awful lot of control over your software. 
Just as an example: Microsoft won't let you install the updates for Office 365 manually but does it in the background by itself. There is no visible integration with Windows Update services, there are no service packs for the desktop applications, it just updates by itself. Of course it makes sense to have the latest fixes, but consider this: If Microsoft releases an update that causes a problem, you cannot choose to leave out that particular update and wait for it to be fixed, you'll have to eat it up. If Microsoft is doing maintenance on the back end services and limits the functionality of some systems during a client's most important productive hours, well too bad.
Considering how well Office 365 sells, it wouldn't surprise me to see more components moving into this state where Microsoft has maximum control over the application, not the user. Still, it will sell well because it is convenient and requires no investments in locally kept hardware. The loss of control isn't felt by the people who sign the contracts because they personally never felt in control of their software in the first place.

So that's my take on the next two years or so for Microsoft. It might be a pretty good time for them, not so much however for anybody else.

Wednesday, July 30, 2014

Movies recently

I've been watching more movies than ever and at the same time I've kept up with recent releases less than ever. The major reason is that none of the films of the past few months got me excited beforehand.  I've glossed over a long list of 2014 releases, which was mostly remakes, reboots, adaptions, sequels, prequels. The 2014 films I watched so far were:

Monuments Men - If it wasn't for the subjectively very interesting subject, this movie would have been banal and forgettable. Either way, it is wasteful. The subject is very interesting, the casting is impressive, the film looks expensive enough and the cinematography is very professional - and yet it fails to live up to the potential. Mostly this is because of the poorly structured thread of a plot that is torn to episodic fibres and loosely twisted together in the end. It's not even a bad movie, it's just not as good as it should have been (if you want to see Clooney's best directorial work, watch Good Night, and Good Luck).
Lego Movie - I've been led astray by the fantastic reviews, turns out my first impression from the trailer was correct: stuffed with pop-cultural references and the ADHS speed of a youtube video, this movie is forgettable and without substance. There are some good jokes here and there, but it feels too bland and without unique identifiy to leave any lasting impression.
The Raid 2 - Good action movie that is packed with just a bit too many over-the-top gimmicks, which makes it not quite live up to the flawless predecessor. Still there's lots of amazing action scenes, so if you just want to watch southeast asian people beating the shit out of each other this is for you.
The Grand Budapest Hotel - That particular Wes Anderson style is like a very strong taste in food, one can very much enjoy it in small portions but too much of it would make you vomit. The Grand Budapest Hotel is the utter fulfilment of the enjoyment aspect. A fun, fast-paced, quaint movie whose biggest directorial trick might be how it blends the subplots of different scales and tangibility into an intertwined threedimensional object that makes sense as a whole. It's a great film with great talent used to its fullest.

Mostly I have been catching up on films that either I missed on their release or ones that are considered common knowledge. To name a few that come to mind:
Among the prior category fall The Physician (very underrated), The Zero Theorem (feels like a Brazil remake), 21 Jump Street (I wish I had spent that time in a different way), The Hobbit : Desolation of Smaug (CGI wankfest that crams in idiotic videogame sequences instead of developing characters), Source Code (surprisingly ok), Snowpiercer (not brilliant, but very good), The Skin I Live in (holy shit), The Girl with the Dragon Tattoo (perfect), American Hustle (great) or The Wolf of Wall Street (brilliant).
Among the latter category fall Patton (magnificent), LA Confidential (splendid), The Breakfast Club (halfway between completely outdated and still relateable), Silent Running (meh) and Julius Caesar, the 1953 version of the Shakespeare play with Brando as Marcus Antonius (one of the best films I've ever seen in my life). I would also like to recommend the Extended Edition of The Lord of the Rings, which I binged on (dat hero of Gondor).

I feel I've watched every movie that I would enjoy and the future doesn't seem much brighter. Edge of Tomorrow and Guardians of the Galaxy seem enjoyable but predictable (one stars a freaky talking space animal with vaguely humanoid behaviour, the other is based on a MARVEL comic). Sin City 2 might be good and I'm not sure about Interstellar yet. Boyhood is all the hype lately, but I'm afraid it's just too touchy-feely for me. 

However I'm happy about every original script that isn't based on a book, a comic, another movie, a TV show, mythology or supposedly real events. All big studios seem to go with franchises that already exist, that already have existing fanbases and thus a guaranteed minimum return-on-invest. Even movies that can not generally be linked to existing brands follow the same formulas and have to incorporate the same elements so audiences aren't too alienated (e.g. snappy banter between main characters). There certainly are still movies that are willing to take risks, but they are underexposed in comparison to the flood of screaming marketing that the big idiot shitorgies like all cape hero movies, Lucy (seriously fuck that shit), the new Robocop or " Rise of the Dawn of 300 Part 2 Segment 4 Episode 7 Chapter 9 - Spartan Boogaloo".

Friday, July 25, 2014

Gaza is not absurd

The recently swelled up conflict between military Palestinian organizations and the Israeli armed forced has been called absurd by some publications. 

That the murder of three Israeli men and then one young Palestinian man causes a military conflict that surpasses the accumulated violence of the last few years in the region isn't absurd. The death of 800 civilians in two weeks isn't absurd. The firing of rockets into densely populated areas to kill individuals isn't absurd. Destroying homes isn't absurd. Hamas using civilians as human shields to present them to the media afterwards isn't absurd. A professional army making children homeless by mortar fire isn't absurd. Both sides declining a ceasefire and negotiations isn't absurd. Bombing a school that is run by the UN without consequence isn't absurd. Indiscriminately firing explosives isn't absurd. Committing war crimes that rival those of Karadžic and Mladic and still finding new followers/cannon fodder isn't absurd. Jewish people all over the world facing racism and hatred over the deeds of the Israeli government isn't absurd. Fighting the same war across several generations isn't absurd.

None of these aspects are absurd. Journalists shouldn't be so cynical and condescending. What they are is disgusting, shameful, intolerable, an atrocity and a testament to the worst humanity has to offer.

What is actually absurd is that society seems to expect that pressure from the media, public protests at home and social media will make any difference. Benjamin Netanyahu and Khaled Mashal really must be blown away by all those retweets the pic of a wrecked nursing home is getting when they check their twitter accounts for feedback on their policies (Netanyahu's PR team actually has one). There won't be any crass reaction by either of the allied states that so eloquently condemn the general violence in the area without ever specifically calling out the responsible decision-makers.
There will be no internally developed solution to a conflict that is so fundamental, with both military factions (excluding the non-combatants) preferring the extermination of the opposition. Stability and safety require the decisive involvement of outside parties, significantly beyond the means demonstrated so far. John Kerry shaking hands and wagging fingers isn't going to defuse a conflict that is so deeply ingrained. However no external party will ever invest so much and take risks so high with so little to gain for themselves.

It's like a person addicted to heroin - suggesting to stop won't get them clean, only massive interference will. Cutting off their drug supply, forcing them to stay off it no matter how loud they scream and supporting them in finding alternative lifestyles might work, but only if you permanently change their mentality about the issue. It's difficult and intensive in cost and time for individuals, now try doing that to 10000 Hamas operatives at once.