amarbledesk.com
a fun polemic sonata
« Older Entries | archive for October, 2009 |
The Scoop on Seven
23 Oct 2009 02:16 EST
Today Microsoft released Windows 7, their newest version of their operating system. I’ve worked with Windows and various Microsoft OS development teams over the years, especially with some of the Server OS’s (NT 5.0/Windows 2000, and 2003 server in particular, when I spent a lot of time in Redmond), so I’ve had a fairly intimate view of the evolution of the system. I’ve been on the beta, and I have a fairly positive view of the release, especially compared to Vista. When my disk comes, I’ll definitely upgrade my home machine to the release version. Yeah, I’m not the average Windows user.
So what does Windows 7 mean for the average user then?
If you buy a new PC, it will probably come with Windows 7. That’s good. If your dealer gives you an alternative choice of XP or Vista, choose 7. It will work with your hardware and it will have all the latest code.
If you just bought a new PC with Vista, then you qualify for a free Windows 7 upgrade. Do it. Get the upgrade from whoever you bought the PC from. The upgrade will definitely be worth it since it’s free and better.
If you have an older PC running Vista, you can pay for an upgrade. It’s a hundred or so bux, depending on your edition. This choice is tougher. The jury is still out on whether it’s worth paying to upgrade from Vista to 7, especially since it’s so new. I’d hold off for a while and see; if 7 has a much better security track record then I’d recommend the upgrade. Until then, I can’t recommend paying for it.
If you have an older PC running XP, don’t upgrade to Windows 7. It’s really not worth it yet. First, you have to make sure 7 will even run on your machine. Then you have to buy the upgrade to 7 (see above). Wait, but it’s not really an upgrade! It’s a complete system reinstall where you have to back up your data. When you finally do all this, all your XP apps might not even run (unless you buy a more expensive version of 7). After all this, you do get an OS that’s somewhat better than XP, and with a significantly updated interface. Microsoft has a few other reasons they think you should upgrade from XP to 7, but to be honest the reasons don’t seem compelling to me. Given the potential hardware incompatibilities, the cost, the hassle of a complete reinstall, all for minimal benefit I’d recommend holding off until there is a very very compelling reason to upgrade: like, you need a new PC.
So in short:
- New PC? Get it with Windows 7.
- Recent PC with Vista? Upgrade to Windows 7 for free,
- Older PC with Vista? Wait a bit to see how it pans out, since it costs money to upgrade.
- Older PC with XP? Stay on XP.
HTH
[ Trivia: did you know that the code name for XP was Cairo? Cairo = Chi Rho = χρ = XP ! ]
Training 10-year-old CEOs and CFOs
21 Oct 2009 22:19 EST
Today I had the pleasure of working as a volunteer for Junior Achievement‘s JA BizTown. BizTown is a program where elementary-age children simulate the economy of city. In organizations such as City Hall, a bank, retail businesses, media, utilities, even a health insurer. They worked in assigned (or elected) roles in each business, including CEOs, CFOs, sales, a mayor, and so forth.
To run a successful business, the kids need to apply for a business loan from the bank, and then earn enough money from customers during the day to pay back their loans. They have to learn to price their goods and services appropriately with this goal in mind — too high, and the other kids won’t buy from them with their limited paychecks; too low, they can’t pay back their creditors. The CFO keeps books on computers networked to the bank, with accounts payable and receivable functions and check-printing capabilities. There’s even overhead like utilities, rent, and taxes. Those are just some of the elements in a complex economy. It’s a very realistic simulation, and the children thoroughly enjoy it.
Junior Achievement of Central Ohio and the national organization deserve great accolades for bringing this experience to thousands of 5th graders. Education in entrepreneurship and business operations is sorely lacking from most school curricula in the US; this program is wonderful for the gap it fills. It’s not just this program, of course; JA leads the world in promoting and educating in entrepreneurship among the youth. It is not a cliché to say that this is where tomorrow’s startups and business leaders come from.
I certainly wish I’d had this opportunity mumble-mumble years ago when I was 10. I encourage all readers to support JA and to consider volunteering or sponsoring entrepreneurial education. Central Ohio folks, Junior Achievement is located in a new building now: the repurposed Second Avenue Elementary School in Columbus’s Italian Village. It’s a beautiful neighborhood, and it’s nice to see that the former school has found a use.
It was a great experience, and I’m glad to have helped in a small way to train the next generation of entrepreneurs and capitalists!
Tags: Columbus, economics, entrepreneur, local, Ohio, startups
Posted by mark beadles in Uncategorized | No Comments »
Posted by mark beadles in Uncategorized | No Comments »
Topics: Onyx, Proteolix, and an Autoimmune Fix?
20 Oct 2009 16:08 EST
I read with interest yesterday of Onyx Pharmaceutical‘s acquisition of Proteolix. (Thanks to VentureLoop for the tweet that tipped me to this.) Onyx specializes in cancer therapies, and Proteolix has drug therapies that are useful in treatment of both cancer and autoimmune disorders. Among the products in the Proteolix pipeline are immunoproteasome-selective inhibitors.
Proteasomes are barrel-shaped complexes found in every cell of our body. They are cellular recyclers – their job is to break down old or unwanted proteins and turn them in to peptide building blocks that can then be recycled to make new proteins. An immunoproteasome is the form this structure takes in cells of the immune system. Normally, they play a role in fighting infections, by breaking down proteins from invaders and using the broken-down pieces as a sort of signal for infection-fighting cells. But increased activity of the immunoproteasome has been implicated in many autoimmune disorders, like rheumatoid arthritis and lupus, where the body attacks itself instead.
Proteasome inhibitors block the action of proteasomes. Since proteasomes are necessary for the day-to-day life activities of cells, inhibiting them can induce apoptosis (cell death), which sounds bad but which is a great thing when you’re fighting cancer. And immunoproteasome-specific inhibitors are likewise a great thing when fighting autoimmune disorders.
Immunoproteasome inhibitors are being studied as therapies for autoimmune diseases such as RA and psoriasis (where they’ve been shown to be effective in animal models) and potentially many other diseases.
One autoimmune disease that I’d hope was an eventual target for this sort of therapy is Goodpasture Disease. OK, I’m admittedly very biased here: I have that disease. It’s a very rare autoimmune disorder that causes kidney and lung failure; I was diagnosed with the disorder in 1989. It’s a rare enough disease that it’s considered an orphan disease for which there are no specifically-targeted therapies.
Encouragingly, there is good evidence (such as this paper from the journal Proteomics [PDF] and this one from the Federation of European Biochemical Societies) and a good chain of reasoning to indicate that immunoproteasome inhibitors would be effective against Goodpasture Disease as well.
I’m happy to see that this novel kind of research into therapies for autoimmune diseases like Goodpasture’s is bearing fruit. Onyx Pharmaceuticals has been concentrating on cancer therapies. I certainly strongly encourage Onyx to take advantage of Proteolix’s full pipeline and continue the development of proteasome inhibitor-based therapies for autoimmune disorders as well. There are established links between the pathologies of cancers and autoimmune diseases; and there are millions of suffers of these diseases who could benefit from therapies based on this biotechnology.
Boy, do I love this stuff! The intersection of entrepreneurship, innovation, biotechnology, and the hyper-hyper-local. More, please!
[cross-posted to markbeadles.blogspot.com]
Topics: Onyx, Proteolix, and an Autoimmune Fix?
20 Oct 2009 16:07 EST
I read with interest yesterday of Onyx Pharmaceutical‘s acquisition of Proteolix. (Thanks to VentureLoop for the tweet that tipped me to this.) Onyx specializes in cancer therapies, and Proteolix has drug therapies that are useful in treatment of both cancer and autoimmune disorders. Among the products in the Proteolix pipeline are immunoproteasome-selective inhibitors.
Proteasomes are barrel-shaped complexes found in every cell of our body. They are cellular recyclers – their job is to break down old or unwanted proteins and turn them in to peptide building blocks that can then be recycled to make new proteins. An immunoproteasome is the form this structure takes in cells of the immune system. Normally, they play a role in fighting infections, by breaking down proteins from invaders and using the broken-down pieces as a sort of signal for infection-fighting cells. But increased activity of the immunoproteasome has been implicated in many autoimmune disorders, like rheumatoid arthritis and lupus, where the body attacks itself instead.
Proteasome inhibitors block the action of proteasomes. Since proteasomes are necessary for the day-to-day life activities of cells, inhibiting them can induce apoptosis (cell death), which sounds bad but which is a great thing when you’re fighting cancer. And immunoproteasome-specific inhibitors are likewise a great thing when fighting autoimmune disorders.
Immunoproteasome inhibitors are being studied as therapies for autoimmune diseases such as RA and psoriasis (where they’ve been shown to be effective in animal models) and potentially many other diseases.
One autoimmune disease that I’d hope was an eventual target for this sort of therapy is Goodpasture Disease. OK, I’m admittedly very biased here: I have that disease. It’s a very rare autoimmune disorder that causes kidney and lung failure; I was diagnosed with the disorder in 1989. It’s a rare enough disease that it’s considered an orphan disease for which there are no specifically-targeted therapies.
Encouragingly, there is good evidence (such as this paper from the journal Proteomics [PDF] and this one from the Federation of European Biochemical Societies) and a good chain of reasoning to indicate that immunoproteasome inhibitors would be effective against Goodpasture Disease as well.
I’m happy to see that this novel kind of research into therapies for autoimmune diseases like Goodpasture’s is bearing fruit. Onyx Pharmaceuticals has been concentrating on cancer therapies. I certainly strongly encourage Onyx to take advantage of Proteolix’s full pipeline and continue the development of proteasome inhibitor-based therapies for autoimmune disorders as well. There are established links between the pathologies of cancers and autoimmune diseases; and there are millions of suffers of these diseases who could benefit from therapies based on this biotechnology.
Boy, do I love this stuff! The intersection of entrepreneurship, innovation, biotechnology, and the hyper-hyper-local. More, please!
[cross-posted to A Marble Desk]
Tags: biotech, local, research, VC, venture capital
Posted by mark beadles in Uncategorized | 2 Comments »
Posted by mark beadles in Uncategorized | 2 Comments »
Every day is a new day, just like every other day.
19 Oct 2009 15:53 EST
Today is the 15,518th day of my life. [Numerological note: I was born on the 26th. Strangely, 15518 in base 26 is "MOM". Hi, Mom!] Now, you might think that after maybe the first 15,000 I’d have had this all figured out. But, like all days, every day is different. We can’t predict the nature or even the existence of tomorrow. If we can’t stop the flow of the river of time, though, maybe we can build some locks to make our journey across the rapids easier. We rely on watches, clocks, calendars, alarms, reminders, schedules.
I’m a big fan of Google Calendar for its ubiquity (it’s available anywhere I can get to the web and syncs with my Blackberry), its ease of use (it looks like a paper calendar), and its shareability (I subscribe to calendars from my church and the YMCA and can easily add event from other organizations). I carry my Blackberry compulsively. My own brain didn’t come with a good memory for schedules and events, so I tote along an extra brain in my pocket. My extra little black rectangular brain is very good at remembering things. Computers are augmented brains, just like cars are augmented limbs. They get us where we’re going better than our natural equipment.
I may have been orbiting a black hole for the past year, though; my perception, my experience of time has been altered — perhaps allowing me a closer view of the strands that make up its structure. Perhaps just spinning me round: Time when you’re seriously ill is undependable. Time in the hospital is interminable. Time in recovery is hour-by-hour. Time with family and friends is far too short.
I’ve not had the constraining luxury of a regular 9-to-5 for a few months now. It’s blissful freedom, but also another clock ripped from my wall. I wandered footloose and fancy free (!) this summer. But I don’t operate well without structure, schedules, and deadlines. They give me something to battle against. I’ve therefore put up some new calendars and clocks on my metaphorical wall, and wound a few watches as well.
I’ve set some interesting and barely-attainable goals for each day and each month. Every day during the month of October I must go to the gym. Every day I must write a blog entry, either here or on my more professionally-oriented blog. Every day I must take active steps to either land an excellent job or start a venture of my own. In the month of November I must write a 50,000+ word novel, which means that every day in October I must be working in preparation. I’ve also set a goal of reducing my material possessions by donating, trashing, or recycling something every week.
The benefits of going to the gym daily are most obvious. Although I’ve made a diligent effort to ‘get to the YMCA!’ every week since my surgery, it’s been limited to 2-3 times a week, and only when I’ve been feeling good. Guess what? Going to the gym every day has me feeling really good. Going to the gym every day is becoming a great habit, even addictive — I’m back to getting a runner’s high after a half hour on the rowing machine. Last week when I mentioned to my doctor that I was well enough to work out every day his jaw dropped (good thing he’s a doctor, they can fix that). Exercise is helping me get through my steroid withdrawal. My joint pain is gone, my mood is much improved, and I’m building significant amounts of muscle mass. My family’s much happier about all of the above.
Folks, I’ve done a wide variety of things in the last 15,518 days. Many of them were supremely challenging, and I’ve discovered that it’s in challenges where I’m at my best. I thrive on unachievable or unbelievable goals. It’s the day-to-day stuff I’m bad at. So I think that complete recovery from my second kidney transplant, writing a young-adult fantasy novel about three brothers, and starting a new business venture is a good set of challenges for the next few hundred days.
Old man river, he just keeps rolling, just keeps rolling along….
What is "Context-Aware Computing"?
15 Oct 2009 23:24 EST
Market analysts Gartner, Inc. recently published some research on the subject of “context-aware computing“. Perhaps their recommendations were a little opaque to those not already versed in the topic (a common problem with market analysts’ findings), since a question popped up today on LinkedIn Answers asking what exactly context-aware computing is.
I gave a short and, I hope, helpful response on that forum; but the subject interests me so I thought I’d expand on it here. The barrel of monkeys with keyboards at Wikipedia has an article on context-aware computing; you can read that at your leisure, it’s not bad. Here’s my synopsis:
Context-aware computing is at its core the idea of systems that take the user’s environment into account. By the user’s environment I mean such things as the user’s:
- geographic location
- presence information (such as online/offline availability and status)
- social-networking information and preferences
- interaction and communications preferences
- privacy preferences
- device type (mobile/laptop/etc.)
- and, really, any other data which corresponds to the current state associated with that user.
Context-aware computing can take advantage of all these factors when delivering the user experience. Systems can attempt to make the experience optimal even when the user is accessing different applications from different devices, different locations, different browsers, and so forth. Context-aware computing can make apps better suited to the needs and desires of the individual users.
Without context, user experience can be very fragmented across apps, systems, and devices. Applications can behave generically for users. Non-context-aware applications may make no allowances for how the user is accessing, where the user is located while accessing, and what is happening in the physical and social world around the user.
Over the past few years, we have certainly been beginning to see context-aware applications in the consumer world, especially in social networking. The next wave of support could be in enterprise apps. Examples that are well-suited in the enterprise include call centers, customer services, and collaboration apps, and access control. This last area is where my own work in context-sensitive computing has been. By examining details such as a user’s location, time of day, trust level, device type, computer state, etc., in addition to standard access privileges, a system can make more rational — and more secure — decisions about what level of system access to actually grant a user.
There are some challenges to implementation of this concept. We need to figure out just how to obtain this context data and share it with the applications. We also need to consider trust and privacy – can we deliver context-aware systems while securely maintaining trust and without compromising users’ privacy?
Many of the elements of context-aware computing have been around for decades; Gartner predicts that they have now achieved a critical mass and will become a core part of applications in the near-to-medium future. This makes sense to me: context-aware computing seems to be intimately connected with the related trends of social networking and cloud computing. The three aren’t the same things, of course, but there is a symbiotic relationship among them.
Remember, this is what we humans do all the time: we adjust our interactions based on the context of the situation we find ourselves in — and that context includes other people. We use different vocabularies and different tones of voice with different audiences; we adjust how loud our voice is based on the ambient environment; we use titles of respect and manners of behavior in situations where they are expected. By integrating this concept into human-computer interactions we can make them more natural, more useful, and more flexible.
Tags: cloud computing, computing, context-aware computing, security
Posted by mark beadles in Uncategorized | No Comments »
Posted by mark beadles in Uncategorized | No Comments »
Vista calling today's Critical updates only "Important"??
14 Oct 2009 02:12 EST
Today (Patch Tuesday!) Microsoft released a record number of security patches. This includes some items rated Critical — here’s a good breakdown of the patches at SANS and another from Microsoft themselves.
I’ve been through the Patch Tuesday rounds seemingly countless times now, whether on my personal machines, in data centers, or as part of the process of building and operating commercial security software that’s patch-aware. It’s complex — lots of moving parts that can go wrong.
So I immediately noticed something when doing my check for today’s patches. None of the patches were rated Critical on my Vista machine. Instead, Vista told me that I had 15 Important patches ready to download and install:
With all the news and hype surrounding this release, I certainly expected more than this. Where was the Windows Media Player vulnerability? The SMBv2 vulnerability? I dug in and looked:
Well, there they are: the Media Player fix is KB954155. The SMBv2 fix is KB975517. Etc. These are Critical vulnerabilities with known exploits. But they are all listed as only Important by my Vista Home Premium SP2 personal laptop.
This is a major oversight. If someone thinks these updates are only Important, they may defer installation. Since there are in-the-wild exploits, this would be a very dangerous choice to make. People who aren’t following the news, aren’t tech-savvy, and don’t have their updates set to automatically install could find themselves in a bad situation.
Microsoft needs to investigate and correct this. I’ll report the issue and follow up on anything I learn.
Danger in the clouds!
13 Oct 2009 01:52 EST
OK, everyone, let’s take a deep breath here.
Any kind of architecture might carry the risk of losing all your customer data in one catastrophic event – if it’s poorly designed or poorly operated. Microsoft/Danger’s loss of customer data was due either due to a design failure or an operations failure or both. It’s also possible that the loss was due to a calculated risk: that known design or operations flaws were nevertheless judged unlikely to lead to a loss. Or all three. Either way, it was not due to any particular feature of cloud computing.
Secure computing gets a lot of attention today — but mostly in the attacker/malware aspects. To be sure, malware and other attacks are significant and serious risks. But another important aspect of security is reliability. Even if your data were absolutely impregnable to attackers, in the event of irrecoverable data loss your customers are just as out of luck as if they’d been hacked. There are decades of best practices on how to maintain data reliably, yet naturally, losses still occur.
It’s impossible, of course, to guarantee against data loss with 100% certainty. There are always events which have some small yet finite chance of occurrence that are capable of causing catastrophic loss in any system. And in the real world of engineering, there is always a trade-off between cost and function. Generally speaking, the more you engineer a system to be reliable, the more the system costs. Money isn’t unlimited, and so there is only so much reliability one can realistically achieve with any given budget.
The best kind of risk is the one you’re aware of — the one you can calculate the chance of occurring, the cost if it does occur, and how to recover from the event. Not every risk is even imaginable, much less predictable. In the best case, Microsoft/Danger was aware of the kind of risk that existed in their system, engineered appropriately around that risk, operated with awareness of that risk, and simply got hit with an unlucky event. In the worst case, they were unaware of a poor design or slipshod operations.
None of the above has anything to do with ‘cloud computing’.
Now, ‘cloud computing’ does have some general features which do change the risk profile of these sort of events.
- In contrast to a system where customer data is always stored locally to the customer, a system where data is stored centrally is more likely to experience a loss of data across multiple customers. But central data storage is neither a necessary nor a sufficient feature of cloud computing.
- In contrast to a system where customer data never transits the Internet, a system were it does cross the Internet is more likely to experience a loss related to such transit. Internet transit is a necessary feature of cloud computing, but not a sufficient one. Customer data travels across the Internet in many other ways that are unrelated to cloud computing.
Proper architectures and proper operations will be made with awareness of these risk profiles and account for them in line with the costs of the system. But hey, that ain’t exactly rocket sci…actually, come to think of it, that is rocket science; or at least rocket engineering.
One can argue that the above points represent the very essence of why cloud computing may be more prone to this kind of problem: it encourages centralized data storage and transmission of data across untrusted networks. Well, yes. Different architectures have different risks, different benefits, and different economies. As cloud-based architectures become more and more pervasive, engineers and architects will need to adapt to patterns and models that are appropriate to the cloud and its unique characteristics. (In my opinion, these disciplines should become part of a modern computer-systems education. I digress…)
But this doesn’t seem to be the problem in the MS/Danger/T-Mobile case. Sounds like they just screwed up in any number of ways. Lay this at the feet of ordinary human failings, but not of cloud computing.
A heretical thought experiment: do strong passwords still matter?
09 Oct 2009 17:57 EST
Phishing is growing as an important mechanism for stealing passwords. Is phishing the leading way that criminals are gathering credentials? If so, does this mean using ever-stronger passwords doesn’t confer the protection that it once did?
Acutenix performed a great statistical analysis of a small number (9843) of passwords that were phished and released on the Internet. Some reports about this analysis, such as this one from Elinor Mills’s InSecurity Complex at cnet [edit: I had the wrong name for her column initially] have focused on how weak many of the passwords were — one-character passwords, all lower-case dictionary words, etc. Weak passwords are easy to guess through automated mechanisms, which can rapidly focus in on the correct password if it’s not well constructed.
What I noticed was at the other end of the strength curve. There were some relatively strong passwords on the list — 565 (6%) passwords were composed of alpha + numeric + other characters, and there was even one 30-character password. Here’s what struck me: strong passwords did not protect these users from having their passwords stolen. These passwords were successfully phished and released, even though they followed standard security guidance on construction.
Consider that strong passwords carry their own risks based in psychology. Strong passwords can be hard to remember — resulting in password re-use; forgotten passwords requiring intervention (creating a weak link in the security process); and writing passwords on sticky-notes for anyone walking by to see.
I’m not suggesting that we abandon the teaching of creating strong passwords. Strong passwords are still an element of layered security or defense-in-depth. If you’re going to use a password, make it strong. But if strong passwords don’t provide any protection against an important new vector, what do we do about that vector? Is this just another piece of evidence that we need to be (finally) moving beyond passwords?
Think of it this way: in a world where everyone uses keys to lock doors, criminals will get better and better at picking locks. Correspondingly, locksmiths will make locks that are more complex and harder to pick. This will continue to escalate in arms-race fashion. But if a rash of criminals find they can just bust the doors down and do so in ever-increasing numbers, isn’t it time to consider if we need something else in addition to the locks?
The answer to these questions might be found empirically. Thought experiment: an we numerically calculate the relative risks of weak passwords vs. phishing, based on actual evidence from the field. Work for another day.
Nebula and open-source democracy
09 Oct 2009 01:50 EST
I’m ambivalent and skeptical (ambivical? skeptivalent?) but definitely optimistic about Nebula. No, not the science fiction award (although, hey! Wouldn’t it be great to win one from a novel written during November’s NaNoWriMo?) or the various Messier catalog objects. This Nebula is the US Government’s entry platform into cloud computing.
I’m ambivalent because, first off: the government (inasmuch as you can attribute any unified direction to such a hydra) has been working on getting into cloud computing (under various names and models) for a long time, at least a decade. Cloud computing seems to be the soup du jour, but really we’ve been stirring the cloud computing pot for years now. We just didn’t call it cloud computing or even software-as-a-service back in the nineties when many of us were already building the stuff. So the gov jumping into the cloud is certainly very welcome, but to a large degree was inevitable.
I’m skeptical because, um, well, it’s the government. There are some very very sharp people working in the government, do not mistake me. Unfortunately they’re working for a bureaucratic and politicized organization with a history of being slow, over budget, and off the mark.
Overall, I’m optimistic. There certainly is some fawning commentary about Nebula, but to give credit where it’s due, it’s a great direction for the feds to go. The high-level architecture certainly looks sound, and the claims of the kind of service improvements Nebula could make are in line with the best models for cloud computing, SaaS, and SOA.
One of the best things about the system is that it’s open source. I’m not an open-source devotee, as such; generally I believe that both open and proprietary software have their places in the market. But I firmly believe that in an open democracy the government should only use open-source software (with certain limited exceptions such as legitimate national-security concerns). There are certainly strong theoretical precedents for this, such as the fact that the US Government does not have copyright in its creative works (17 USC 105, 2007). There is legal precedent which supports the concept as well, for example courts ordering a couple years ago that the source code to breathalyzers be released to criminal defendants. These are certainly not dispositive, but at least lend moral support to the idea of democratic open source.
So the fact that it’s open source, and the fact that the architecture looks reasonable are good signs. Keep your eyes on Nebula and its evolution.
about mark beadles
I write the things you read here. Polymath renaissance redneck. I build software, stories, and young men. More...on the desk
around the web
in the vault
-
