Wednesday, February 24, 2010

A little offer from DAZ 3D

Today Daz 3d, the site dedicated to programs and figures has launched a five day promotion. It starts today and ends 02/28/2010. As you can see, there's not much time to think about it, so at least check it out.

The offer includes over 2000 products (figures, textures, poses, objects) that cost only U$s 1,99 each, which is quite cheap. For Platinum Club members, the offer is a little better, those same items cost U$s 1,39 each. The Platinum club is also having a promotion, 50% off inscription cost, so it might be a good time to join and take advantage of the sale.

The quantity of items is incredible, as is their variety. The sale includes most Daz Originals, meaning products designed by Daz Staff, or designed by another vendor that sold their rights to the site.

So now you know, this is a great chance to fill up your library of 3d objects, but pick carefully. Each item is cheap, but it's kind of easy to get carried away and end buying so many that it adds up as a lot of money.

Thursday, February 11, 2010

What I don't like about DRM

There's a whole group of companies that decided it was better to punish their clients than to provide a good service. DRM (Digital Rights Management) is not logical, it's not a necessary evil, it's just a road full of little rocks we are supposed to travel barefoot while smiling and thanking and paying a toll.

Let me explain a little why I think DRM is bad. Let's suppose you have a computer, it runs a version of Windows. You purchased a game and played it a little, it had DRM, but for you it was almost as if it had nothing. Some years later you upgrade your machine and change to a different Windows. The new Windows has some security measures that prevent the old DRM from running. You still own a valid license of a game that's no longer usable in the old machine, because the old machine is broken. You have every right to install that game, but you can't. Because the old DRM does not work, and the company that made the game no longer supports it.

This could also happen if you changed your operating system to Linux and tried using Wine to run the game, or if you changed your computer to a Mac with OS X. The non documented tricks a DRM does to prevent unauthorized use just don't work well with emulations. A game that could have a broader gaming base just decided that it was better to cut a lot of machines from it.

Of course, this is if the DRM scheme lets you play the game in the first computer at all. A little Internet search shows that a lot of DRM software just doesn't let legal and valid users play their legally owned game. It could be something as simple as being a programmer and being told by the DRM that you can't play the game because you have hacking tools installed (in this case a debugger). So the company doesn't only tell you how and where you can play your game, it also wants to dictate what other things you do with your machine. And there's also DRMs that let you install the game a finite amount of time, and/or requires authentication via Internet. So, if the company goes broke or decides to bring down the authentication server, you can no longer install that game. Seems to me you are giving too much power to some publishers over you.

Same goes for movies or songs purchased with DRM. DRM enforces some restrictions on you, some bad restrictions that prevent you from using your legally owned media from using it in ways not covered by the DRM. Let's say I legally own a series on DVD, but some years from now the dvd format will disappear into oblivion. So, what prevents me from keeping copies in another formats? I'm not talking about copies that are used to exploit the media simultaneously in different places. I'm talking about keeping the copies for yourself. If there's no DRM, I can do it. But if the DVD or the new media format are DRM infested, then I can't do that, because it's qualified as an illegal use.

So, as you can see, I'm completely against DRM. I'm strongly opposed to letting corporations rule the way I can use things. I totally against letting them abuse me.

Saturday, February 6, 2010

A sensation of wonder about technological developments

Putting aside hype and advertising, every news we get about new developments usually plays with our sense of wonder. It's a common thing to admire the way someone solved what was previously a limitation. The funny thing is this can be true even when faced with things we normally consider evil, because we can see that the application of the technology is different from the way it was used.

This happened to me while researching data about how to detect if your computers are members of botnets. I came upon a series of data that appears to be a timeline of bot control methods, and I can say it is great to see how the apparent generations work. Let me tell you a little story about it.

In the beginning, we had the direct control. One user infected specific computers and send direct commands to them. It's obvious to note that direct control has a limitation about how many computers it can control, the user. As each computer has to be given a command, it becomes difficult to control large groups. Here comes automation to the rescue. By scripting, the user could now control a great amount of computers, but only if all did the same thing at the same time, every time the same.

It was then time for a new innovation: Cascade Control. With Cascade control a user needs to control only primary nodes (infected computers). A second group of nodes (also infected computers) receives it's orders from the first node ones, and so on with different node levels. This method is great to control several groups that each do a different thing, but begun a pair of different problems: detection and feedback. A cascading user generally has feedback on the first node computers, but usually lacks that same feedback from the second tier and beyond. This means that he could be trying to control a healed computer without knowing it, and if it's being actively monitored after the healing, it could be dangerous.

Thus, to enhance feedback and avoid detection a simple method was devised. Every infected computer had a mini ICQ client inside the infected programs, complete with a username and password, different for each bot. So, upon connecting to the Internet, the bot logs onto ICQ, and waits. When the attacker decides to launch an attack, he simply logs with an ICQ account that has all the rest registered as friends. Now he can write messages to groups of users and everyone gets the same message that contains a command, and can answer back. This solved several problems: now the infected are the ones that report back even before starting any attack, and only the infected connect. But, of course, the number of friends you can message at the same time was low, thus leading to a different but similar method for control.

It was time to go for an old protocol. By mounting a channel on an IRC server, the user can now see which bots connect with their built in IRC clients. IRC supports real massive plain text messages, so it seems like a match made in hell. Now the attacker can issue a single command and be listened by hundreds of infected nodes. Logically, feedback now becomes burdensome, as hundreds of users talking back at the same time can be a little too much. But not every command needed feedback, as infected nodes can declare their presence by connecting to the chat room. When IRC sites begun to being policed to prevent this, it was time to move on, and they did.

The next target was a completely unsuspecting one. Now it was time to evolve into social networks. The target was Twitter. With a simple sub 140 characters command, a user can make Twitter servers to relay this command to all his friends. If all his friends are bots with twitter clients and accounts, we have a new evolution. This time it gives back some feedback and some timing adjustment (as the delay introduced by the twitter servers are unknown and variable)but gains a simply astoundingly massive control method.

So, after all this reading, one thing becomes clear: knowing where our computers are connecting to can become the difference to detect infections. Later developments seem to favor built in messaging clients with login data. This means that those bots are connecting as we connect the computer, even when not being part of any attack, only waiting forever, making it easy to spot this with any port scanner.

Wednesday, February 3, 2010


Since I'm a big comic fan I like not only American comic, but European as well as Manga styled and Argentinean comics (called Historietas) which is logical since I'm from Argentina.

Some years ago I discovered webcomics, so I jumped in and begun reading like crazy. Styles and quality varied, and generally improved as artists found their unique voices. But there was a little problem, there were just too many webcomics, and keeping track of which to read each day, or keeping the place where you had stopped reading each one was kind of tricky.

So I discovered that fabulous thing that is the RSS feed. An RSS feed turned over the equation, since now I didn't have to remember, the sites informed me of their updates using their RSS feeds. There was still some problems with long webcomics I was reading (it takes days to go through some archives) but as they were few, I could keep the pace.

Still, there was the small problem with some great webcomics I didn't want to loose that didn't offer RSS feeds. And as those begun piling up, the problems started again, and I begun missing some series again.

One day, I stumbled upon a site called Komix. It offered an aggregator service, meaning that it listed a lot of webcomics and informs about updates. That was just what I was needing, so I signed up to test it. I fell in love.

Komix not only informs you about webcomics, it also lets you navigate through the archives (showing the entire webpage where the webcomics normally appear), but it also keeps track of the position in the archive you are in each of the webcomics you subscribe to in Komix. It's important to note that when I say it shows the entire webpage that means that it also shows every shop link, ad and everything the original creator used to get some money in it's original form, meaning that the webcomic creator gets every benefit from it.

Some time ago it almost shut down, as the creator of Komix received emails about why it was listing some webcomics. So he unlisted all and begun asking each creator if they wanted their webcomics listed in Komix. Nowadays, with more than one hundred listed and authorized webcomics, Komix shines again.