Dan Appleman: Kibitzing and Commentary

My personal blog

Extremist Programming and the Polarization of Technology

Now that we have reached the home stretch of the political season, the chance to actually vote on something… and the prelude to what is likely to be an extended and painful period of lawsuits, recounts and recriminations for one side or the other, it’s time to look ahead at what we can do to occupy our spare time for the few months until the next election cycle begins.
Fortunately, there is an ongoing contest that is quickly becoming just as extreme, just as polarized, and just as lacking in honesty as any political contest we’ve seen yet. Yep, it’s the good old closed vs. open source debate.

This is prompted by a couple of friendly messages I’ve received lately. The first sent by a good friend is an presumably objective report in the Register comparing the security of the two systems.

The other, an email from my good friend Steve Ballmer (who I’ve never met, but have seen from a distance at a technical conference or two), containing six pages (2700+ words) extolling the benefits of Windows over Linux in every possible way (including, of course, security, with an indirect reference to a study by Forrester Research).

Now, the Register article seemed to me well researched, but it’s pretty easy to see that despite the innocuous title “Security Report: Windows vs. Linux”, the piece is clearly advocating the Linux side. Let’s face it, an objective report is unlikely to have it’s first couple of sections titled “Myth: There’s Safety In Small Numbers” and “Myth: Open Source is Inherently Dangerous.” Still, it makes for a fascinating read, and the author’s arguments are based both on technological reasoning and hard statistics – not the anecdotal evidence so common in white papers and political campaigns.

I’m afraid this time the “Swift Boat Veterans for Truth” spam of the year award has to go to Ballmer’s letter. It was just too easy to see the spin. My first hint came with the name dropping – while reading the list of customer case studies I couldn’t help but see Kerry in his second debate name dropping an endless list of senators and generals. I also found Ballmer’s choose Windows because “being on the wrong end of a software patent lawsuit could cost a customer millions of dollars, and massively disrupt their business” argument comparable to Dick Cheney’s “if you choose Kerry the terrorists will attack us” tirade (as a technologist, the idea of choosing software to avoid lawsuits instead of based on cost represents a huge failure on the part of our industry and society).

Then there’s the security article itself. The MSDN page is headlined “Windows Users have Fewer Vulnerabilities.” Imagine my surprise when I found the actual title of the Forrester report was “Is Linux more Secure than Windows”

Ok, so maybe the MSDN page refers to the conclusion? No – the executive summary of the report concludes: “both Windows and four key Linux distributions can be deployed securely”.

Ok, so do Windows users actually have fewer vulnerabilities?

Well, Windows users do have fewer overall days of risk by their metrics – which might explain this quote. But the study also shows that Windows had the highest percentage of high-severity vulnerabilities.

I’m not going to try to guess which system is really more secure. I don’t have time to reconcile the methodology of these two reports (the Register report found that Windows had more vulnerabilities). Which brings me to my greatest frustration.

With technology advocacy and marketing becoming as polarized as a political campaign, who can we look towards to be honest brokers? Even non-sponsored objective reports are inevitably influenced by the biases and backgrounds of their authors, and their results spun by each side.

On one hand, I truly sympathize with anyone who actually has to make a choice between platforms. Between the lack of trustworthy information and the flood of marketing noise, the chances of being able to truly choose the best one for your situation are slim. On the other hand, perhaps there is good news after all. Both platforms work, and can be secured. Cost studies go both ways, but few of them seem to claim a real difference in total cost of more than 20%, which is probably well within the margin of error when calculating the cost of a large scale platform deployment anyway.

So if the two approaches really are comparable in cost, and security, maybe the right answer is to choose based on a more arbitrary standard, like which name you like, or which fits better with your personal politics, or maybe the roll of a dice. Who knows, the money you save by not studying and comparing and analyzing the choice may be more than the ultimate cost difference between Windows and Linux.

The Invasion of the Pod(caster) People

It’s the killer app – the one that’s going to revolutionize content and media distribution. Your life will never be the same. It’s a truly disruptive technology that will completely shake up the industry. Billions will be won or lost as companies race to become the leader in this new wave of technology (oops, strike that – my mistake. Nobody except Apple will make a dime because it’s mostly open source). Developers and geeks will pounce on the podwagon, afraid of being left behind the next great wave of technological progress.

Yep, another earth shattering technical revolution is being hyped up the wazoo. And having lived through so many of these earth shattering ultra-hyped revolutions, I great this one with a resounding… yawn.

Now, don’t get me wrong. Many of the things people are saying about podcasting are absolutely true. The trend towards large number of individuals producing content, already prevalent on the Internet in text form, is certain to spread into audio and video. The tools are getting better. And with video and audio editing almost routine among kids today, the trend is clear. And using RSS (or it’s successors) to subscribe to content, along with tools to automatically download it to a media player, are innovative, yet at the same time logically inevitable advances.

But there are some additional forces at work that lead me to question the hype in this case.

Podcasting is essentially a distribution mechanism for audio content. But while some people do best with audio, it’s a relatively inefficient way to acquire information. Most of us read faster, and given that we are already overwhelmed by far more information than we can process, the idea that audio will somehow gain comparable traction to text blogs is questionable.

Yes, audio is important – commuters who currently listen to talk radio or audio books will find podcasting useful, and those represent large niche – but a niche nonetheless.

Podcasting is getting a lot of hype, and bleeding edge geeks are jumping on the bandwagon, figuring out how to launch their own audio-blogs, and they will meet with some success and gain listeners. But today’s exponential growth curve is going to hit a wall, and soon. And the growth will slow and maybe stop, and the media will write in dismay about another failed technology, until at some point, maybe a few years from now, maybe more, the world will catch up and podcasting will become routine. Except it won’t be podcasting – it will be vidcasting – with automatic downloads to tommorow’s handheld video player devices or cell phones, and the feeds will be short comic bits from places like The Onion and the Daily Show, or short news clips from CNN.

In Memoriam

I know I originally promised not to post the “minutia of my daily life” on this blog. But please forgive this exception.

Today is my father’s funeral.

He passed away Sunday night at home, surrounded by family, in as much peace as I suppose is possible under the circumstances.

I know some of you reading this met him – he would often come to the VBits conferences where Desaware exhibited and where I was a speaker. Conferences then were somewhat of a family affair for us. Aside from the obvious pride he had in watching me do my thing, he enjoyed the travel and the technology, and I was glad to be able to give him the opportunity. He had spent his working life traveling around the world for Fluor (a major construction company), and the conferences gave him a taste of that again. He loved his work – I remember the pride (and amazement) he expressed after negotiating his first billion dollar contract.

My dad definitely qualified as a “geek” by today’s standards. He spent hours on the computer, participating in online discussions, paying bills, playing solitaire, and various sundry other activities. No technophobe, whenever he ran into problems he would attempt to tackle them himself, and if necessary spend hours on the phones with tech support people until things worked. Only rarely would I have to come in and help out.

I don’t doubt that I inherited my love of technology from him. Curiously enough, as I struggle to focus on how he was, rather than how he died, I realized that it’s not his love that I remember most, but rather, his respect. I suppose every good father encourages his children to learn and try new things. But for me the real turning point was when I was 12 or 13 and my interest in electronics had gone just a step beyond building simple kits and playing with 50-in-one project sets from radio shack. I don’t know whether that’s the time when I knew more about electronics than he did, but even if I didn’t – he let me believe that. Suddenly I was the one in charge of repairing frayed extension cords, replacing bulbs, rewiring outlets, and any other household tasks that had anything to do with electronics or electricity.

That respect, or trust in my ability, was the core, but there were lots of little things as well. Buying me my first transceiver kit from Heathkit. Encouragement without pressure when I dragged home an old WWII radio and then took almost a year to repair it. Patience the numerous times I blew out fuses at home (or in hotel rooms). And a stalwart defense when the neighbors were ready to lynch me because my transmissions were coming out of their TV, intercom systems, toasters and so on.

He had a full life, and there were many aspects to it. He’s not a person one can reflect on in a single eulogy. But of all the things I want to say about him, these are the things that feel right to express here.

The Great Cyber Security Debate Between John Kerry and George Bush (that never happened)


The topic of tonight’s debate is security. Because this debate is fictional, both candidates are permitted to ask each other questions directly. There are no time limits. If a red light starts flashing quickly, it’s probably your hard drive light and indicates that your computer has been hacked and someone is downloading your last ten years worth of tax returns.

Our first question is to President Bush. Mr. President, there is some concern that your administration has not paid enough attention to the issue of cyber-security. How do you respond to this?


We’ve been working hard. Very hard. On cyber-security. Securing the Internet – it’s a hard thing. But we’re making progress. Since 9/11 we have had not one, not two, but three different cyber-security chiefs. In fact, our most recent one, Amit Yoran, just resigned this week, leaving an opening for a fourth chief!


I have a clear and consistent vision on cyber-security. It’s a four step plan. First, we’ll give our cyber-security chief some real responsibility and funding so he can make a real difference. Second, I’ll have the department of education require that computer security education be part of every classroom in the country where a computer is used. Third, I’ll make sure that our own government agencies are secure. Fourth we’ll work with allies around the world, employing a global test to shut down the phishing attacks coming to our citizens from other countries. Fifth, we’ll start a national campaign to educate all our citizens about how to protect their computers.


The American people want a president who is consistent and decisive. Not one who flip flops. First you say you have a four step plan. Then you have a five step plan. What hacker will be convinced to stop hacking by a president who can’t count? My plan is a real plan. We stopped the legal action against Microsoft, leaving them free to innovate. That’s the American way. Innovation. We won’t let the government use open source – people contributing to a common code base? That’s communism.


The job of government isn’t to protect Microsoft from open source. It’s to protect citizens from spyware and identity theft. It’s to prevent cyber-terrorism. It’s to protect people’s privacy. People should be free to use whatever software they want. People should have the right if they buy a CD or DVD to play it on any operating system or device they own, without fear that they will be sued by a large corporation.


We need true tort reform, to stop the trial lawyers from suing the large corporations and driving up prices for everyone. What kind of candidate chooses a trial lawyer to be his vice presidential candidate?


We need true tort reform, to stop the corporate lawyers from suing individuals and scaring the s**t out of everyone. What kind of candidate chooses… oh, what’s the use.


We need to protect the core values of this country. American values. Values held by real Americans. Look at this (he holds up a book). “Always Use Protection” What kind of name is this for a security book for teenagers? It’s immoral. The only real answer is abstinence.


Mr. President: You’re protecting large corporations and their right to control the way individuals use technology. Your cyber-security efforts have been mostly exercises in under funded turf-building. And now you suggest that the best way to secure computers is to not use them? This country needs new leadership. We need a hacker in chief. Someone smart enough to create a fake document that could fool a national news network….


This concludes our fictional cyber-security debate. Please join us next week when Dick Cheney and John Edwares debate the relative merits of the MSN Messenger and AOL Instant Messenger Services for spreading misleading statements about the opposing candidate.

Volcanoes as Weapons of Mass Destruction

Having watched the recent presidential debate, I realized that President Bush is in need of additional help. It seems that constant repetitions of 9/11, terrorism and nucular weapons are no longer as effective at scaring people as they were (at least in so far as portraying the president as the only one who can handle them), and there is urgent need of a new threat.

Fortunately for the president, there is unequivocal evidence that the eruption of Mount St. Helens is, in fact, being caused by Al-Qaeda.

Want proof? Consider this:

  • Mt. Canlaon (in the Philippines) erupted in 1988, the same year as Al-Qaeda was founded.
  • At least one volcano has erupted somewhere in the world each year since Al-Qaeda was founded.
  • Historically, volcanoes truly are weapons of mass destruction, resulting in massive casualties and property damage, not to mention poisoning the air and environment.
  • Though somewhat lacking in portability, they have the advantage of already being at the target area, eliminating the need to smuggle them into the country by air or sea.
  • John Kerry has done nothing to address the potential terrorist threat of volcanoes, leaving the door wide open for Bush to take the initiative.
  • Afghanistan, the home of Al- Qaeda, is mountainous – the ideal training ground for volcanic warfare.

Clearly, in these final weeks leading up to the election, the vicious terrorist attack at Mount St. Helens is the ideal campaign issue. It will catch Kerry’s camp completely by surprise, and by the time they formulate a clear policy on the issue, the dust (or ash) will already have settled.

For those wondering how truly effective volcanoes can be as weapons of mass destruction, the following may be of interest:

The Forge of God by Greg Bear: Plenty of volcanoes and cataclysmic destruction in the most depressing rendition of earth’s obliteration since the Vogons blew it up to make way for a hyperspacial bypass.

Volcano (DVD) – Toss in a few earthquakes and plenty of fire, this L.A. disaster epic is surely bedtime watching for Bin-Laden and company.

Dante’s Peak – Not much for mass casualties, but this volcano must have never listened to scientists, cause it erupts and blows up in just about every way possible.

Our Amazing Volcanoes – Terrorist training kit for Al- Qaeda children, teaches how to construct volcanoes and trigger eruptions. It is truly astonishing that such toys are allowed to be sold.