The first time I saw a Mac was shortly after it came out. A slightly-older, slightly geeky friend, from a well-to-do family that lived down the street, had bought one.
At some point, I was alone in his room with it. It was turned off, but a floppy disk was sitting partially-ejected. I remember panicking when I pushed it in, and couldn't figure out how to get it out. I think I turned it on, and then back off, to get it out. In retrspect, I think that was my 2001 moment.
At the time, I was a recent college drop-out, and working as a messenger at my uncle’s law firm. Eventually, I became a paralegal there — a miserable gig. A friend of mine, was temping as a word-processor and making double what I was making. So I decided to buy a computer to get my typing speed up, and learn WordPerfect.
The law firm, used Wang WP, but we had a PC in our little group, that ran a Clipper db, as I recall. I was literally not allowed to touch it, but stayed late a few nights, and played around with it a little.
From everything I could see about PCs, I know I didn’t want one. I still remembered the Mac. So I did a little reading, and bought a Mac Plus, with 1 MB RAM, and a 21 MB external hard-drive. I think it ran System 6.0.3. I also bought a typing program, and the first version of WordPerfect for the Mac.
There were very few Mac jobs, and zero Mac/WordPerfect gigs, so I had to take PC temp jobs, but Mac gigs started to turn up – usually at advertising agencies. I bought Microsoft Word 3.x .
Eventually, I could turn down the PC jobs, and one thing led to another. Steve Jobs did not make the Macintosh alone; Andy Hertzfeld, Bill Atkinson, Steve Capps, and many other amazingly smart people did. But it’s also safe to say, that without Jobs, the Macintosh — that perfect little machine, wouldn’t have happened.
And I would have wound up doing, I don’t know what..but it would be a lot less cool. Thanks, Steve.
“It’s like a nightmare, isn’t it? It just keeps getting worse and worse.” — Grady Seasons, The Color Of Money
RSA has now announced they will provide replacement SecurID fobs for in certain circumstances. The letter from RSA-head Coviello (and no doubt an army of lawyers), should be read carefully.
An offer to replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
An offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting web-based financial transactions.
So does that mean if you are a “consumer-focused” customer, they won’t replace them? Ha!
RSA is far-and-away the market leader in two-factor authentication. An educated guess on my part is they have two-thirds of the market, so this is a fantastic opportunity for their competitors. Apparently over 40 million SecurID fobs are out there (though I’d wager at least a quarter of those are inactive, expired, lost, or never been assigned).
I know the horse has left the barn, but has anyone been fired over this? And I don’t mean the poor schmuck who got hacked, though maybe him too. I mean, Coviello.
I usually try to avoid getting too geeky on the blog, so when the IT-security company RSA reported it had been hacked, I didn’t post, but now that it appears that incident was merely setting the stage for an assault on defense contractor, Lockheed. News accounts I’ve seen are not giving a good idea of what’s going on, I’ll chime in. I was the architect of a SecurID infrastructure, so I know of what I speak.
For those of you who don’t know, RSA makes a two-factor authentication product called SecurID. You may have seen these little fobs. They are popular with a lot of companies for things like securing access for mobile users who connect to their company’s e-mail, etc.
It’s called “two-factor”, because you need two things to gain access.
something you know (your PIN), and
something you have, (the fob).
They generate a six or eight-digt number that changes every thirty or sixy seconds (depending on the model purchased). A user enters that number, along with their PIN.
The numbers are never repeated, and you can’t use the same one twice. If anyone on 24 used them, there would be no show. The numbers, though impossible to guess, aren’t random. They’re generated based on a “seed” file. The SecurID server in the company you log on to, also has a copy of the seed file that the token is programmed with, and it’s generating the same numbers, and then comparing the two.
What hackers stole (though RSA didn’t confirm it) are the seed files associated with an unknown number of tokens. Now, RSA has no knowledge of who is assigned which token. They sell the tokens in bulk to a customer, which then in turn assigns them to a person, creates a user-name, etc. RSA claims, and it’s technically accurate, that theft of the seed files alone, won’t allow someone access to a protected system.
However, if by phishing or key-logging, you capture the username and PIN and token-code when a person logs in, and you are running your own SecurID server with the stolen seed file, you can figure out which fob the user has. You can then generate one-time tokencodes at your leisure, and you now know their username and password. You may also just be able to guess a person’s user-ID and PIN (e.g., jdoe and John Doe’s birthday). The former appears to be what happened at Lockheed.
Obviously, this is serious for any SecurID customer of RSA’s, and a disaster for the company itself (a division of EMC). It’s a security company, and yet was itself hacked. In a not easy-to-find message to their customers on their website, Art Coviello, the head of RSA writes,
“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
Yeah. “Nothing to be worried about, sir”, said the porter on the Titanic. “We’ve just run over a whale and should be underway shortly.”
IMHO, if any company continues to use SecurID tokens, they need new tokens, from a new seed file. That’s not going to be fun, millions of tokens are out there. Large companies may have thousand in circulation, but sometimes all your alternatives suck.
A discussion about music got me thinking about this fantastic song, but the adwords Google put up probably aren’t what the sponsors have in mind.
With IBM’s Watson computer taking names on Jeopardy!, you might think that Skynet or Colossus is just around the corner. Fortunately for us meatbags, it looks like even mighty Google's computer still has a touch of M5 in it.
I treated myself to a new little digital camera (do I even have to say “digital” anymore?), a Panasonic Lumix MDC-FH20. It’s a pretty nifty, and a big improvement on the hand-me-down I’ve been using for the past year (though it served its purpose well).
A few years ago, three kids remade Raiders of the Lost Ark shot for shot, using nothing more fancy than plastic guns and smoke bombs. It was before the age of iMovies and DVDs, and they shot in their basements and backyards, with 16mm cameras, and later, VHS. They started when they were twelve-years-old, and it took seven years to finish.
They had the giant ball, the snakes, everything. Steven Spielberg became a fan. I got to see it a few years ago at the Archives, and the kids (now in their twenties’) were there to take questions. Now a movie is in the works about their movie.
Now in the age of the Internet and crowd-sourcing and YouTube, Casey Pugh (who works at Vimeo) put together, Star Wars Uncut, where a call went out on the Internet to re-create 15-second long segments from Star Wars, which were then stitched together. The clips range from live-action, to Lego, to CGI, to puppets, to cartoons. Grown-ups to kids. Shot in cars and offices, cars, and living rooms. The fan film has since won an Emmy.
It should come as no surprise how well the story holds up. Lucas’s fairytale set “a long time ago, in a galaxy far, far, away”, can in fact be set anywhere. As with Tolkien’s Middle-earth, or John Ford’s West, the Orcs, Comanches, and big space-ships are just props. When Luke discovers his aunt and uncle dead in their burning house, the scene came right from The Searchers. It wasn’t just that it was a favorite film of Lucas’s, he was telling the same myth.
What I really dig though, is not just the creativity and ingenuity of the clips, but the obvious love that hundred of people around the world put into this. My favorite 15-seconds...in the car, the guy with the horse costume.