I’m guessing their idea is to so badly gross out the kiddies that they no longer want to eat a deliciously prepared dead animal.  There’s plenty of blood and guts (in cartoon form of course) to delight the sicko in all of us.

Oh … wait … that can’t be right, can it?

Well, hell.  Maybe it can.

If you like cartoonish blood and guts and sick twisted preparation of a Thanksgiving feast, it’s actually kind of funny.  Though I’m thinking they could have worked a little harder on making the interface.  Some of it is quite a challenge, not because it’s actually challenging, but because the instructions are vague at best and don’t show up right away.  I guess that adds to the replayability?  That or the frustration was an intentional psychological push.

But so as you grossly prepare your Thanksgiving feast with Mama, you get rewarded with different PETA movies that I guess are meant to make you like eating animals even less.  And wallpapers.  And eventually you get rewarded with a bonus round of preparing a tofurkey.  (Which I’ve cooked one before, and they’re not stunningly great, but not a bad solution for the vegetarian in your family.)  PETA is trying to turn us away from meat.

Meh.

If they think so.

Let’s face it, a Thanksgiving turkey feast is tradition.  A cute video game isn’t going to make any impact one way or the other.  And frankly, I think PETA really did the opposite of what they intended to on this one.  If you don’t mind a little sicko, it’s a cute game.  But then I’m an adult, and used to help Grandpa ax off turkey heads by holding them down on the stump and then setting them free to run around headless, squirting blood everywhere, on the nice fresh snow.  Certainly not a childhood delight, but at least I always knew what my food was.  Frankly, I think any such lesson for kids these days, be it in cartoon game form like PETA is offering, or in real life experience, is good for the kids.  Yes little Suzie, that’s where your hamburger comes from.  Yes little Timmy, these cute little chicks grow up to be dinner.

After all, when the apocolypse comes, they’ll still know how to make a Thanksgiving dinner.  And isn’t that what really matters?

I think the bigger concern here is actually, what happens if your child enjoys this PETA game a little too much…

The first bad idea comes to light as a series of lawsuits against employers.  Their bad idea?  Tying in a time-keeping system for logging hourly employee hours into the startup and shutdown of an employee’s Windows Vista PC.  At first glance the idea sounds reasonable enough.  You identify how many hours an employee has worked by how many hours their computer has been on.  Simple and efficient.  Way better than some error-prone clock and paper stub system, right?

Well.

…Err…

Wrong.

Hence the lawsuits.  Now you’d think Microsoft might be to blame in this one, because everyone loves to blame Microsoft and it is Windows Vista.  And in a way Microsoft is to blame… just not legally.  The problem, you see, is that in some cases Windows Vista is taking over 15 minutes to start up or shut down.  And so employees on this computer-driven clock are sitting there for fifteen minutes at startup before being “clocked in” and likewise again at shutdown before being “clocked out”.  In these really bad cases, that’s a half of an hour a day that the employee is not being payed.  At five days a week that’s two and a half hours of unpayed time.  It adds up fast.  Even the employees who suffer less because they have faster PCs are still accumulating hours and hours of unpaid time over the course of their employment.  And obviously, to them, that stinks.

Clearly the idea of using the computer for timekeeping is in need of some adjustment.

US Army USB Sticks:

So you’re a soldier in the Army.  You don’t always have access to a nice handy network for delivering files.  So you have your handy-dandy military issued USB stick.  It’s a simple solution to data mobility.  Which is great.  Until some schmuck brings in a virus.  Uh oh!

Yeah.

The Agent-BTZ worm, a modification of the SillyFDC worm, has been thrashing the US Army so badly that until they get it nailed down, no one is allowed to use any portable media solution.  No USB sticks!

Once the infection is removed, military issued portable media will be allowed once more.  But all of those naughty naughty soldiers and civilian contractors will have to stop using their own personal devices.

It actually comes as a surprise that the US Army didn’t see this coming.  Or maybe they did but they had no solution.  It seems like Windows autorun feature would be the first hurdle to tackle.  In a high-security environment, it’s kind of bad to just automatically run executable code when you stick a device into a PC on a highly secured network.  Next would be a good idea to do the opposite: Run a security program to scan any device for viruses automatically when it’s plugged into such a computer.  (Or even on any CD/DVD/Blu Ray/etc.)  And then of course, obviously, control the use of non-issued media. There are always rules about such things, but never complete enforcement.

Because keyloggers and remote executables on highly sensitive military servers is “A Bad Thing”.

Apple MacBook DisplayPort:

So you bought a shiny new Apple MacBook, and you’re all happy.  You hook up your old monitor to it (or one you bought on discount, et cetera) using a DisplayPort to DVI or VGA connector and sit down to watch this great video you bought from iTunes to celebrate your new purchase.

Only to have your new computer tell you that you can’t play your protected content on your unprotected screen.

Doh!

Yeah.

Because Apple’s DisplayPort is basically an HDMI port, using a built in copy-protection system like HDMI’s High-bandwidth Digital Content Protection (HDCP).  Only, because it’s Apple, they made it proprietary and call it DisplayPort Content Protection (DPCP).  It’s basically the same thing.  Before it will play, the media player asks if the media displayer (the monitor or TV) can decode the encrypted signal it’s about to send to it.  If it can’t do so, it doesn’t play.  This keeps pirates from grabbing an unencrypted video mid-stream and recording it.

There’s just one problem.  Apple’s DisplayPort is basically new and basically unused, because it’s proprietary.  So there aren’t many monitors or TVs out there that support it, and certainly buying a new one is expensive.  And Apple, the micro-managing control monster that they are, don’t give you unprotected VGA or DVI ports on MacBooks.  So you can’t connect your monitor or TV up to your MacBook in a way that skips this annoying layer of DPCP copy protection.  You have to do it through the protected DisplayPort in some way.  Meaning, basically, you’re screwed.  So you either have to buy a brand new Apple monitor, or settle for watching the video on your little laptop screen.  (Is there even a TV that will support it?)

You see, this is where PCs have that awkward advantage.  Because PC manufacturers really don’t care.  They’re not there to control your ever move.  In fact, they’re quite “open”.  So even though your PC might have a similar (though much more widely used standard) HDCP copy protection over an HDMI cable connection, it will also have a DVI or VGA port (or even component, s-video, or composite video cable option) where it will let you connect up to any old TV or monitor and play your protected videos.

I don’t think Apple really appreciated the number of MacBook owners that would, you know, actually use iTunes?  Or Apple just didn’t appreciate the number of people that actually wanted to watch their videos on a screen larger than a laptop?

Hmm…

Either way, Apple is not exactly impressing customers with this.

And so long as Apple continues to ship notebooks with only a DisplayPort (no DVI or VGA port) Apple customers will continue to have this problem.

At least until some inspired hack builds a DisplayPort to DVI converter that uses the converter to respond back to the MacBook that all is secure instead of letting the monitor/TV do that.  But that would probably be illegal as it’d circumvent security measures.

But yes, you heard right.  “SuperSpeed” USB (hopefully to always just be known as USB 3.0 as I am not going to be asking people if they have a “SuperSpeed” port) had its specs finalized.  So now we can get a move on replacing that darned old USB 2 standard.

Okay, so on a more serious note, USB 3 seems to not entirely use the same cable.  Somehow the port is meant to be backward compatible so that USB 2 and 1 devices can plug in, but USB 3 devices will be physically different.  And the cables themselves will be more like ethernet cables than USB cables with a lot more wires inside.  Though rumor has it that an optical system in USB 3 may even be in the works.  Goodness knows how this is all going to work out.  It sounds rather like a mess to me.  The more complex a system is, the more places for things to go wrong.

But on the plus side, compared to USB 2’s 480 Mbits/s speed, USB 3 will have 5.0Gbits/s, which is a bit over 10x faster.  This is handy, as disk drives keep getting larger and larger.  Also, while USB 2 and 1 have used a single direction (unidirectional) data flow, USB 3 will have full duplex flows.  That’ll be nice. Plus this time around power management and rest/sleep states will be a part of the spec from the beginning, so we’ll be getting better energy savings.  Green is always good.

Now comes the hard part: waiting.  The spec may be finalized, but the production doesn’t seem to have been jumped on by pre-spec hopefuls, so literally, the production only now begins.  R&D using the new spec is just starting.  First the electronics and chips to put into USB 3 device controllers and in the USB 3 devices themselves have to be developed.  For that matter, the cables too.  And then the crap that actually uses these like motherboards, add-on cards, joysticks, external disk drives, web cams, et cetera all have to be worked on.  It’ll likely be 2010 before USB 3 devices really come to market in earnest.  That’s over a year, and a long time to live with USB 2 when you know that something better is just around the corner.

The problem is, according to sources like Metasploit, it ain’t over yet.

“The MS08-068 patch addresses this attack only in the case where the attacker connects back to the victim,” says Metasploit.  In fact, Metasploit goes on to say, “The patch does NOT address the case where the attacker relays the connection to a third-party host that the victim has access to.”

And since this is quite possible to do, it basically means that Microsoft’s “fix” ammounts to nothing for any dedicated attacks.

So what does Microsoft have to say about it?  Well, let’s take a gander over here, where Christopher Budd speaks.

Let’s see. “At a high level, the behavior that was discussed in the original SMBRelay attack is related to some of the basic behavior of the legacy NTLM protocol.“  Okay, congratulations on being able to throw acronyms around.  “When this issue was first raised back in 2001, we said that we could not make changes to address this issue without negatively impacting network-based applications.“  Well … yeah.  Obviously fixing the problem would mean changes to every application that uses the faulty code.  It’s a lot of work.  Something that should have gotten on right away, instead of being put off.  But why do that when you can procrastinate?

“We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation, but, the reality was that there were similar constraints that made it infeasible for customers to implement SMB signing.“  So the workaround wasn’t actually feasible.  Microsoft’s own words here.  “As Mark notes in his post, implementing SMB signing is still an option and one that we ultimately recommend.“  Wait, so it’s not feasible, but it’s still the option that Microsoft recommends?  Even after releasing their “fix”?

“However, if you’re like me and remember the SMBRelay attack, you now have a protection option in case you can’t implement SMB signing: apply MS08-068.“  Oh, great.  The MS08-068 that according to Metasploit isn’t actually a fix at all because a hacker can work around it to still execute code remotely.

So let me get this straight.  Microsoft delays a fix to Windows for seven years because it would mean also fixing all of the affected networking clients.  Instead of just fixing it and fixing the clients too.  Their suggestion to people who are afraid of an attack by this route are to use an admittedly “infeasable” workaround.   And when, so much later, Microsoft finally patches the actual security hole, they don’t fully patch it, but just one approach to it.  So that hackers can still get around the patch.  So your options are use a patch that doesn’t work, or use an “infeasable” workaround? And that’s after seven years!

Yep.  That’s security, Microsoft style.

Now, I’m of two minds on this.

On the one hand, Microsoft clearly made their stupid Windows Vista Basic level far below what every other version of Windows Vista could run.  It was a clear and obvious ploy to put “Windows Vista Capable” logos onto machines far below actual Windows Vista capability.  And in all fairness, I think that Microsoft deserves some kind of slap on the wrist for that.

Was this done for Intel’s sake though?  I don’t know.  Really.  I’m glad I’m not the one who has to decide that.

I can see it.  Don’t get me wrong.  But I can also see a desperate Microsoft, willing to do anything to replace Windows XP.  And willing to do a lot to break into markets typically dominated by low costs, piracy, or a bit of both with a low-cost low-requirement version of Windows Vista.  Let no market go without a fight.

And so, by that very argument, I can almost see a legitimate market for Windows Vista Basic.

Almost.

But most certainly, Windows Vista Basic’s tie-in with the Windows Vista Capable logo branding machine was a very bad choice.  It created a lot of half-truths that ignorant consumers could find confusing.

And there’s the real rub.

What ignorant consumer spends so much money on a computer without even trying to research their purchase, and then has any right at all to complain when they foolishly spent their money?  Even the tiniest bit of research into the requirements for Windows Vista Basic and every other version of Windows Vista would have shed millions of watts of illumination.  (I know, watts isn’t technically the right term.  More like lumen, candel, lux, et cetera.)

So is Microsoft in the wrong for the confusing labeling?  Or is the consumer at fault for not even trying to understand something that was clearly documented?  I believe in protecting consumers.  I really do.  But somewhere you do have to draw a line.  At some point you do have to say, “Beyond this point, you the consumer were just not doing your own due diligence, and thus on your own head your foolishness be.”  I mean the phrase “caveat emptor” has survived so long for a reason.  Microsoft may have made a slightly confusing system, but it was far from obfuscated, so could one really call it misleading?

But deeper than this, is also the question, was Intel actually directly involved?  That, I find all that much harder to decide.  Because, as I already noted, there were legitimate reasons for Microsoft to create Windows Vista Basic.  It may have been bad form to call it Vista.  It certainly was ill advised to include this level of Windows Vista into the Windows Vista Capable program.  But even if Intel were in some way involved (and why woudln’t they be, being the largest PC CPU and motherboard chipset manufacturer by far in a PC operating system issue) are they really culpable in any of the damages?  Even the same system that gave Intel the(fair or unfair) “advantage” to labelling underpowered systems as Windows Vista Capable also gave companies like AMD and Via the same advantage.

So I’m glad that I’m not involved in the trial.  Because it’s certainly a mess.

I think it’s fair to say that Microsoft deserves at least some kind of slap on the wrist.  Possibly even more so.

Less sure though am I of Intel’s culpability in the debacle.

One thing is however certain in my mind, and that is that consumers should not get off without their own slap.  It really was not that confusing.  And it was clearly documented.  All that a consumer had to do was care enough to do five minutes worth of web surfing.  If that.  It was all right there, out in the open.  It would be like buying a car with a deisel engine and then complaining that it wouldn’t run on unleaded.  Or that it sometimes has problems starting in cold weather.  There’s still a certain level of onus upon the buyer.  There are plenty of misleading things going on every day.  This, in my opinion, barely qualifies.  The only difference is that this has a nice big target on it, Microsoft.  So I don’t think this is so much about the actual issue as it is about the cha-ching!

Well, it ain’t over.  Not by a long shot.

Because now in less than a month we have three, yes, count them, three false-positives from commonly used software.  That’s right.  Just shortly after smearing egg on their face with the Windows user32.dll false positive, Grisoft went and released a false positive of … Adobe Flash.  Yes, that’s right.  That little bit of software used all over the place on the internet.  That practically anyone who surfs the web has installed.  That just as clearly should be in Grisoft’s test bed.  That Adobe Flash.

I don’t think it could possibly get much more embarrassing for Grisoft at this point.  I mean it was bad enough when they instituted their Link Scanner that automatically pre-scanned common search results, causing web page hits across the world to jump insanely high when people weren’t actually visiting the sites, just getting them returned as search results.  That was bad.

But now three major false-positives, one of which rendered customer’s computers inoperative if they acted on it, in less than a month.

Hello?!

There was a time when I would have said that Grisoft AVG was hands down one of the best anti-virus software packages out there.  It had a lot to offer, and was well refined, even for the free version.  It used less resources than the majors from Norton and McAfee and worked just as well.  And so I’d used it for years.

In all fairness, I can no longer make such a statement.  There are others out there that are better.  There are others out there that are actually taking the time to test before release.

I’m not saying don’t use Grisoft.  If you have it, and like it, then by all means, the choice is yours.  But if you’re looking for something new, maybe, sadly, it’s time to look somewhere else.  Grisoft no longer inspires confidence.

Take, for example, this Texas cop, who tasered himself while trying to bring in the bad guy:

So remember folks, while we all make mistakes, let’s hope that the next time you do something stupid, somehow, no one captures the moment.

Still, it was a good run.  It performed remarkably better than expected.  It lasted longer than anyone thought that it would.  It was able to sample all sorts of yummy Martian soil.  It even proved that water, in the form of ice, lay dormant in the ground.  And it snapped more than 25,000 pictures, of which were near-atomic level shots from an atomic force microscope.  Some even say that it took pictures of snow falling just before it died.  The data that it collected will no doubt keep scientists enthused for years and years.

So rest in peace, little Phoenix.  You did good.

Well, this one has a doozy!

A flaw in Server Message Block (SMB) has been fixed.  Yay!  But how long has this flaw really been known?  Well, Metasploit chalks it up to “Sir Dystic” at a hacking conference in 2001.  While elsewhere it is suggested that the original find is credited to “dildog” (AKA Christian Rioux of Veracode) even further back in 2000 at Defcon.

Either way, that’s an awfully long time to just sit on a critical security flaw.  Oh, sorry, Microsoft itself only labels the flaw as “important”.

I guess we should just be glad that it’s finally fixed.