Thursday, March 30, 2006

Caught red-handed...

Amazing. My book has only been out for a couple months and someone has the audacity to ask me directly if they can pirate it. Here's the message I received:

-------------------------------------
hi,
i m new to this group...
May i know , from where i can get the following books
for free ?
Is there any site , from where i can download ?

Thanks in advance
Manish

>"Accelerated C++" by Koenig and Moo
> "Safe C++ Design Principles" by Thomas Hruska
> "The C++ Standard Library" by Nicolai Josuttis
> "Effective C++" by Scott Meyers
> "More Effective C++" by Scott Meyers
-------------------------------------

Basically, this person stuck their hand in the cookie jar while I was already getting a cookie. Figuratively speaking. I don't think it gets any more blunt than that.

The thing is, I am a fairly lenient person. If someone can't afford my book "Safe C++ Design Principles", then they need to e-mail me and propose a counter-offer. Writing Safe C++ code is something every college professor should be teaching and every student should be learning. Most of the problems today in software stem from the fact that only 1 out of every 1000 programmers actually has a clue on how to write software. The rest are copy-and-paste artists. While imitation is the best form of flattery just about anywhere else, it doesn't work when designing a software package.

Every C++ developer desperately needs my book. I don't know how to emphasize this except to put a $45 price tag on the book and keep telling programmers how simple their lives would be if they owned a copy. Programmers have their head stuck in how complex writing code is. I follow every concept presented in "Safe C++ Design Principles" and I find software design to be simple and straight-forward. Writing software in C++ is easy. The disbelief that writing C++ can be easy is what seems to drive people away from buying the book. But that's what the book does - it cuts through the, to use a technical term, "crap" of whatever you've learned and reveals the simplicity that can exist. And simple is beautiful. Simple, in this case, even offers powerful functionality.

And yet, people can't wrap their heads around the fact that the $45 price tag is simply there to put a mental level of importance. If the price were $20, that would cheapen the knowledge contained within to the level of a nickle-and-dime romance novel. Personally, I would pay $45 if I knew I could save myself 6-10 years of effort. Many of the principles found in the book are based on tidbits of knowledge that form part of my discoveries over the past 17 years of programming. Only in the past 4 years have I discovered what it means to be a software developer. And I pass that knowledge on to anyone willing to shell out a measly $45. In the grand scheme of things, $45 is nothing.

Saturday, March 25, 2006

Why scams work...

Seth Godin has a blog worth reading if you like my style of writing. He's opinionated. I'm opinionated. He's right. I'm right. He talks about business. I talk about software development. He gets to the point. I blab like a journalist. Or an idiot. Pick one.

Anyway, a recent article on his blog caught my eye:

http://sethgodin.typepad.com/seths_blog/2006/03/
the_return_addr.html

In the article (albeit very short), Seth admits having no clue why mail scams work. Unfortunately, I know exactly why they work. Here's the lowdown:

Once upon a time a relative of mine received some junk mail. Now this relative was the type of person who had to have two of everything. This sort of behavior is also known as the packrat mentality. It is important to note that if someone who has packrat mentality can't immediately locate at least two items, they will buy another one just to be sure.

Now this particular relative was also an elderly person. It is important to note that as a person gets older, certain behaviors exhibited earlier in life become much more prominent. This is particularly dangerous for those with packrat mentality. They will continue packing more stuff in their basement, the hallways, the kitchen, and the bathroom until the place is bursting at the seams.

Now remember that this story started with this individual receiving a piece of junk mail. So now this individual opens the junk mail and sees that it is for an item they do not have. If you saw the checkbook/credit card coming out, you are absolutely right.

By the time someone else in my family noticed what was going on, this individual had purchased hundreds of "subscriptions" to coin collections, stamp collections, books on birds and other animals, magazines, and general stuff.

What the kicker was the "donations". You and I receive junk mail every day asking to send money to this or that organization. This individual actually sent money to them without a second thought. It was later determined that some of these organizations are actually illegal (more on this later).


That's not the end of the story. The subscriptions were all cancelled over the next year. But the amazing thing was that the junk mail simply kept coming. And coming. And coming. The mailbox was stuffed to the gills. Every. Single. Day.

There is a junk mailing list that is shared among junk mailers called the "suckers list" (it is literally called that). The people on this special list are those who will subscribe to or send money in for anything and everything. Many of these people are individuals like the one I just described - some people collect cats, others send money to everyone who asks for it. Once on the suckers list, you can never get off...and if you move, people will make serious attempts to hunt you down.

Basically, this individual got off the suckers list by disappearing from existence. This was done by careful manipulation of who could contact this person and how the contact occurred. The mail was monitored, junk mail eliminated by hand, and the residence being lived in evacuated. This was a perfectly legal activity by the use of something called Power of Attorney. Power of Attorney allows another individual to do very specific things on behalf of another. It can be as specific or as broad as the individual granting the power wants. From what I understand, this transfer of power (a very broad transfer - someone else controls this individual's checkbook and bank account now) and careful manipulation are the only things that have slowed the junk mail to the standard trickle you and I receive. Disappearing from existence or dying are the only legitimate ways to get off the suckers list.


During this process three additional discoveries were made:

1) There are organizations out there that will send two requests for money in the same week. Amazingly, the people on the suckers list will fall for the trick and send money twice. To the same organization. Using the same letter. It really happens.

You can close the open jaw because #2 will break it if it is even partially open.

2) Non-profit organizations are created for some worthy and humanly-important cause. During the process, it was discovered that there are "non-profit" organizations out there with 90% administrative overhead. Here's how it works: The organization sends out a mailing asking for money for the starving children in [Foreign country goes here]. They use medium-grade to high-quality paper to increase costs and might even put color images of a starving child with big puffy eyes and the classic "sad-puppy-dog-face-you-can't-refuse" on it. They get a professional letter writer to do the letter to make it look really good and then send it out. The owner of the organization pockets $100,000 a year (minus costs of the writer), $10,000 goes to the starving children, and the rest goes into the pot for the following year's mailing. The process repeats. This really happens.

3) The last discovery is that the Department of Justice (DOJ) is always on the lookout for these institutions, but they spring up faster than the DOJ can shut them down. I don't know what the point is where these things become illegal, but, IIRC, it is something like 25% administrative overhead is pushing the organization's luck. Obviously, when these organizations are caught and shut down, the people involved go to prison for a few years (some get out and repeat the process). However, the damage will have already been done - a bunch of suckers will have sent their money to an individual and won't see it ever again.


E-mail is effectively 'suckers list' paradise. E-mail is free (relatively speaking). Sending snail-mail is not. People receive spam because there are so many suckers out there. If the adage "A sucker is born every minute" applies to snail-mail, then "A sucker is born every 15 seconds" applies to e-mail. Instead of weeding out just the suckers, spammers just send mail to everyone because it is too much work to weed out just the suckers. The logic then goes that people besides the usual suckers will want the target product. So, in a spammer's eyes, there are more suckers to be had by not focusing on just the known suckers.

Spam would be incredibly unsuccessful if there weren't suckers. However, there are. So the rest of us get spam.

Here's a tip on how to NOT be a sucker:

Do your homework before spending money. A little time spent up front doing a few Google searches can save you infinite headaches in the long run. So, say you want to have a word processor and a spreadsheet and a number of other standard business tools. Your first thought is "Microsoft Office". Why? The answer is simple: You've seen and been affected by Microsoft's marketing engine. If you buy Office because you have been marketed to, you are a sucker.

If, however, you search and try a half dozen different Office-like suites out there and determine that Microsoft Office is still the way to go, then you are NOT a sucker. Good research and smart decisions are the difference between being a sucker and not being one.

Now, I don't offer an Office-like suite, but I do have several interesting software products worth looking at, plus a well-written e-book worth reading:

http://www.cubiclesoft.com/

If you don't find the tool you "need" on my site (or find it on other sites like www.download.com), feel free to send your ideas to me. I'm always on the lookout for nifty ideas for applications. Of course, I tend to develop software I need because I need it. Then again, I sometimes develop an application someone else needs because I need to stay on my toes with fresh ideas.

Wednesday, March 22, 2006

Food changes

I like to know that when I make food that it will have the same taste and texture 100% of the time. That is how I know something is done right.

I don't know if you have ever experienced this, but I can taste subtle differences in both taste and texture. I am every food company's worst nightmare - from cereal to ice cream to even rice. Don't mess with my choice in rice.

Which is exactly what Uncle Ben's recently did. In fact, there was no warning that it was "New and Improved" - they simply changed it. And for the worse. See, I like their Fast-Cook (5 minute) Long-Grain and Wild Rice with Chicken Kiev (and I'm kind of picky about that too). However, a couple weeks ago I had some and it tasted terrible. Of course I'm not one to judge instantly - I gave them a second chance before deciding to contact the company. The taste was awful. The texture was terrible. And it didn't absorb the butter sauce of the Chicken Kiev like it used to.

Actually, I am pretty sure that they changed it twice. The first time, the texture changed. It seemed to get more grainy/gritty. This latest change, however, affected the color of the rice along with its texture and flavour. It was enough to make a person gag.

I have a pretty good idea of why the changes took place. Someone in upper management, who has no taste buds, decided that to save $100,000 per year and keep the price of the product the same, chose to alter the recipe and reduce the more "expensive" amounts. Whoever the putz is that decided to do that should be immediately fired, the recipe restored, and product recalled. Not to mention, a public apology on the website.

This is why making product changes to reduce tangible costs, whether it be food or software, can actually increase overall costs. The intangible costs of Uncle Ben's reduction in tangible costs are probably in the billions. The one food item I ever bought from them now tastes terrible and I'm actually considering hunting around for another brand. In other words, they have basically lost a loyal customer to their competition.

What is really absurd is that there was no warning that this was "New and Improved!" No labels at all, just several fundamental changes to the contents of the box. My only guess is that the advertising department couldn't think of how to word "Now Tastes Worse than Ever Before!" and just left the box as-is and hoped no one would notice. Yeah right. I'm a food connoisseur - I know good food when I eat it. I am every food company's worst nightmare because I am also aware that if something changes for the worse, I can complain directly to the company via e-mail and it will get read by people who will forward it to the right people (occasionally I even get the CEO's attention).

I'm more than willing to taste test food items for companies - all they have to do is ask to set up a session and pay me for access to my refined tastebuds. I even usually have ideas for products...and, if I don't think of anything right away, handing me a business card is a smart business decision. The same thing applies to software products - or almost any product in general. I'm fairly opinionated, but I am open to changes that make sense. I can tell you if it makes sense or not. If it makes sense to me, then it is probably a good change and I will adapt to accept the change. This is my flavor of "usability testing". I address what usability testing is in my new e-book entitled Safe C++ Design Principles:

http://www.cubiclesoft.com/SafeCPPDesign/

That particular chapter of the book can even be applied to the food industry. Not just software. Many of the principles found in the book are actually applicable to many different industries...not just the C++ programming language.

Friday, March 17, 2006

Security IS Simple

At the recent RSA conference, Bill Gates said, "Today, we're using password systems, but they simply won't cut it." This was after he presented Windows Vista and its new supposedly-secure architecture.

Uh huh. I don't buy it. For one simple thing was overlooked at the conference: Vista's core graphics engine is based on DirectX (specifically Direct3D). Game developers and programmers have been using DirectX since it practically came out and it STILL is not stable. For example, some of the best minds designed, wrote, and released the Half-Life game engine (a.k.a. "Source") - and it took them all of five years to make ONE game...and it crashes randomly (can even freeze up the PC so that a hard reboot is required)! Microsoft is making claims that it can shift a fairly stable graphics architecture (GDI) over to DirectX in under two years. I don't care how many people Microsoft throw at Vista. The core of DirectX isn't being fundamentally re-written from the ground up even with the latest SDK, so Vista will be unstable. And Microsoft is off spouting nonesense about passwords at a security conference.

Note that I'm not bashing Microsoft for the sake of bashing them, but if Microsoft REALLY wants to honestly secure the OS, they are going to have to do a 180 and get every developer on the same page on how to write secure software. Yesterday I flagged MSHTML.DLL as being a level 5 instability inside the VerifyMyPC system due to a newly discovered security vulnerability. The issue is the same old story of buffer overflows, but this one is pretty serious - specially-formulated JavaScript on webpages can execute arbitrary code on the system (which, in turn, could be a way for someone to steal your source code, personal information, and then install a rootkit).

Application security is actually quite simple. There is a new e-book I wrote called "Safe C++ Design Principles" that teaches all the 'no-no's of writing unsafe code (among other things). I know that if every Microsoft developer had a copy of this book and read it (it is quite an entertaining read) and Microsoft simply dropped everything for one month, 99% of their buffer overflow problems could be eliminated. One measly month and Windows could effectively eliminate buffer overflows forever. I've heard it takes $1 mil. (US) and an average of 2 months to fix a single Windows flaw, but there are intangible damages that range from upset customers to IT headaches to actual financial losses. Any reasonable business person worth his/her salt will realize that this has long-term consequences ranging in the multi-billions of dollars.

As an example, I utilize all the principles addressed in the e-book in my own C++ code. The code isn't always the fastest, but I have yet to receive word that my applications written in C++ crash on someone's PC. Or receive notice of a security vulnerability using these techniques.

This brings me back to DirectX. DirectX is the most unstable piece of junk on the planet. It is only suitable for video games - and barely at that. I've seen people with perfectly stable systems (application-wise) blue screen completely randomly in the middle of a DirectX-based video game. So, think how that translates: Vista is going to move the graphics engine to DirectX. This means that as you are typing a report into Word, Bam! Blue screen of death (BSOD). Or you hit reply to an e-mail, Bam! Another BSOD. Just about anything you do will have a pretty good chance of causing a BSOD.

The reason for the switch to DirectX is purely for threat reduction. (I speculate that this is why a number of developers bailed out and went to Google - they saw this as a fundamentally stupid move). Microsoft views Adobe Flash (formerly Macromedia Flash - Adobe unfortunately bought out Macromedia prematurely and became Microsoft's new primary target) as a threat to the business. The move to DirectX is an attempt to undermine the Flash franchise before it gets much bigger. The idea was to do a vector-based GUI environment. Since DirectX did the whole vector-based thing, Microsoft chose to reuse that technology for the basis of accomplishing the goal of eliminating Macromedia. Normally, code reuse is a good thing. DirectX needs an overhaul, however, before reusing it is a good idea.

That said, Vista will be the first OS to have a vector-based graphics renderer based on 3D technology. Some people say Mac already has that, but it doesn't. It just uses large bitmaps to accomplish the illusion and it isn't true 3D. Vista's 3D capabilities is legitimate, cutting-edge stuff, but is incredibly unstable. I've seen applications crash under Vista that work just fine under XP. Well, they don't crash per se, they froze and simply stopped functioning, but you get the idea - some apps will freeze and others will crash the OS.

And now that DirectX is going to be core to Vista instead of "just for games", think about all the undiscovered security vulnerabilities... And to think that Microsoft is more concerned that passwords are becoming the weak link in security. I would probably laugh if I didn't have to download updates to Windows components every month.

The only thing Vista has going for it, IMO, is the whole "see-through" transparency thing (Aero glass). While I don't care for the color choices (green and black), the fancy new 256x256 icons are very pretty.

I see shiny things. They blind me to the evils that lurk underneath.
But then, ignorance is bliss.
{ Stares at icons }
Preeeettty. Soooo preeeettty.