2009年2月号 RAIDで手痛い失敗……皆さんも気を付けて!

I made a careless mistake recently. No, not the RAID one, but more on that later. This one was a simple web browsing mistake, and I should have known better. To start with, Blizzard Entertainment recently released a major content update for their insanely addictive game World of Warcraft, and I was browsing some comments about the new release and changes it is making to the game's mechanics (WoW is a terrific game for people who enjoy complex and arcane mathematics that determine the effectiveness of characters and equipment). In my perusal of various websites, I came across a link to a discussion of new equipment, so I copied an pasted the link into a new Firefox tab. At the time, I didn't think to double-check the link. Before I click links, I look in lower left corner of the window to see where it actually goes, and am almost always suspicious about where a link will take me. But in this case, it appeared legitimate and I simply copied and pasted it. It lead me to a discussion page from a third website and wasn't "branded" like the website I was expecting. It was only then that I noticed that the domain name was spelled differently from the one I was expecting, and not That is something I really should have noticed instantly. I can spell quite well, despite the crutch of Google Docs' and Microsoft Word's spell checkers.

But I was careless, and the cold fingers clutching at my stomach did not feel good at all. What was my fear? I didn't want to get a keylogger installed on my machine. Of course, better to know that you have a keylogger installed the moment that it happens so that you can immediately work on removing it, but better still to not get one at all...

I remained calm, however, and took a look at the html to discover what I could. In I found a frame with src="/ye/ye.htm". Examining that html revealed that it contained little except a refererence to a swf file. And that contained, I am quite sure, a World of Warcraft keylogger. Why try to capture WoW keystrokes? So that the criminals can gain access to a person's account and then sell their items for in-game gold or real-world cash. It has become quite a problem, and naturally one I didn't want to suffer. Thankfully, I had protected myself with a "defense in depth." My first defense should have been my brain, but it failed me. My second defense was the Firefox extension Noscript, which intercepts all scripts and prevents them from running by default, unless you explicitly permit them. It also stops swf (Shockwave/Flash) and other embedded media files. Once I knew how the keylogger worked, I felt much better. Noscript had protected me, because wasn't on my "Okay to run scripts" list. Hurray!

As I mentioned, though, a "defense in depth" is best, and there I had a third and final protection, the Blizzard Authenticator , a one-time password (OTP) security token, a hardware device that, with the push of a button, displays a six digit number which I need to enter whenever I log in to Blizzard's website or World of Warcraft. I noticed that I can use a number even after a new one has been generated, though I don't know how serious of a security weakness that is, if at all. Other OTP hardware tokens I have used have displayed a graphical countdown alerting you to how soon the current one expires, but this one does not. Although providing a very high degree of security, even this device could be circumvented by a man-in-the-middle attack, however. If an attacker could somehow alter the WoW client to connect to a server under their control, they could display a long queue time to the user (say an hour or so) and during that time log in themselves using the intercepted OTP. This would be a rather sophisticated attack, much more than a basic keylogger, and with more than 10 million accounts and probably only a tiny percentage protected by a security token it is hardly worth the effort. Probably do-able in theory, but there is much lower hanging fruit they can go after. This time, I was protected. But I must make sure that there is no next time.

I am not particularly worried about Apple's decision to not exhibit at MacWorld in the future. I certainly expect that decision to reduce attendance, but from Apple's point of view it makes good sense. They have their retail stores to which they attract many more people every day, 3.4 million people each week, and that's the cost of exhibiting is terribly high... not just the cost of renting the space but building it out, putting in and setting up all the machines, and tearing it all down again at the end, not to mention the cost of sending all the people there and the loss of general productivity. I can completely understand how Apple would prefer to run seminars at its stores and hold events at its Cupertino campus. Is it a loss for the Apple community? Yes. It will be a blow to the event, because Apple is certainly the star exhibitor. Will the event survive? That I cannot say. It might not last many more years, actually. I didn't go down there this year, in fact, not because Steve wasn't talking but mostly because I can obtain all the information I need over the Internet. I don't really feel a need to be in physical proximity to Mac enthusiasts nowadays, though at one time I did "get a charge" out of it. Now, I can sit at home in comfort and watch an HD version of the keynote. Of course, before I could do that I needed to download QuickTime, and that required me to also download and install iTunes, and Apple's upgrade downloader utility too. But it was only after downloading that 65.6MB file and running it that I learned that I should have downloaded the 64-bit version. Okay, 66.1MB later I have it. I suppose there was no way for Apple to know I had a 64-bit OS before I downloaded it, and anyway, bandwidth and disk space are cheap and plentiful, right?

The installation was painless, but a bit sneaky: the installer wants to make iTunes the default player and to automatically install updates. Well, at least it points this desire out right on the main installer page, even if the text is in a small point size, and the checkboxes aren't buried in some subpanel. The advertisements it presents while installing had not been updated to reflect the new pricing on the iTunes Music Store ("... for just 99c a song...") but I suppose that isn't a big surprise. Apple has a lot of collateral material to update after this Expo. But it did add Bonjour to my Windows firewall configuration without either asking permission or telling me what it was doing. A momentary "Configuring Windows firewall for Bonjour" or something similar to that flashed by and could easily have missed it. I checked the firewall and yes, Bonjour's port or ports had been given unfettered Internet access. For the time being, I have changed its scope to my LAN only and will look into it further to see if I want to open it up further. Probably nothing bad will happen, but I am just a little bit paranoid on the Windows side, especially after my recent brush with potential disaster.

Thankfully, QuickTime didn't make me reboot, and I could enjoy the HD version of Phil's keynote. However, I didn't want to watch it in my browser, so I saved the MOV ref file locally and watched the stream within a QuickTime window. It let me watch it full screen, too, which I thought only the paid version allowed, but perhaps I am misremembering. Anyway, it was a solid keynote, not really amazing considering it was Apple's last one (and Phil's first and last). The ending act with Tony Bennett was okay, too, though he isn't quite as in-sync with Apple's current userbase as someone like, oh, Sting or Moby or Seal. The quality of the HD was quite good. I saw some pixelation and the framerate wasn't high enough to be completely smooth, but it was impressive. No doubt my Core 2 Quad CPU helped. As for the announcements, one thing struck me, actually hit me over the head quite a few times, and that was Phil's use of "incredible" and "unbelievable" far, far too often. I know he meant them as superlatives, as descriptions of remarkable achievements or features or whatever, but I could not help but hear them as "this is not believable" or "this is not credible." He didn't mean that, no one ever means the literal definition of those words, but his overuse of them was quite unpleasant to me. There were so many other words he could have used, but did not. Oh well, probably not something that will be a problem in the future.

The new MacBook Pro looks excellent, but at US$2,799 it will be a while before I ever have one. Although I am still a bit skeptical about the non-removable battery, it is quite possible that Apple has again made one of those key design decisions that marks an industry turning point. Manufacturers always lie about battery life--let me rephrase: manufacturers always present battery life based on absolutely optimal usage conditions. But if Apple is being honest when it says that you can get eight hours of usable life out of one charge (using the integrated graphics chip rather than the discrete one), then that will be a terrific improvement. I suppose more and more airplanes have charging receptacles, too, so when taking those trans-Pacific flights you might not be forced to read a book or watch the same in-flight movie over and over again. JAL will let you a battery (if you are in Executive Class) but it seems that the most recent Mac they support is the iBook G4 from late 2003. Not particularly helpful, but I suppose it is the thought that counts. Phil showed a short video about their battery production, and I noticed some signs on the equipment with Chinese characters. Although I suppose it could have been in Japan, I think it more likely that it was a Chinese factory.

Santa brought my wife a US$999 MacBook, the one with 2.1GHz Core 2 Duo, 1GB of 667MHz DDR2 SDRAM, and 120GB HD, but that is quite an improvement over my old 800MHz G4 she had been using. But what's really great is that the transition from the PowerBook 800 to the MacBook was absolutely and utterly seamless. Connecting the two machines and transferring the account and application data took a while, but once it was done she was up and running within moments. Compare that to moving between Windows installations. There really is no comparison, but just for fun I searched for "windows laptop migration" and found a Microsoft site talking about "Windows Live Sync replacing FolderShare." I'm not sure what either of those two things are, but the first public posts starts out by saying "I have worked and worked with Live Sync. It never works!" The second post is a bunch of links to World of Warcraft sites selling in-game gold, which is quite amusing, too. It appears that this is merely a function to make files available to different machines. In researching those further, I eventually ended up at but when I selected Help Central at the top, I got an error page: "There's a temporary problem with the service. Please try again. If you continue to get this message, try again later." No doubt the problem was with me not using Microsoft's browser. I could have had Santa bring her a Windows laptop which would have been much cheaper. But the transition would have been painful for everyone and the ongoing maintenance absolutely awful.

Overall, I was very impressed with iLife's new features, for example the face recognition function to help you classify your photos, its integration with geocoding and Google Maps, and Facebook and Flickr syncing. iMovie is looking more and more like the video editor my old employer created many years ago, with lots of drag-and-drop editing and real-time display. The image stability function looks fantastic, though I imagine there is some heavy pre-processing that needs to happen before we can see what they showed in the demo. iWorks looks like a solid upgrade, and Apple even included a feature for me: full screen view, when the app blocks out everything except the word processor page, assisting the writer to concentrate on the work at hand! One thing I have some questions about it, which sounds a bit like a presentation version of Google Documents to me, something without the online editing. Although possibly handy, Google Docs is free, has more features, and is integrated with spreadsheet, form, and presentation applications. Apple wants to make a paid product, but I don't know how far that will go. I have no interest in moving from Google Docs, other than my general unease with Google's apparently unstoppable march to world data domination. Speaking of which, Google is now analyzing search requests related to influenza in an attempt to detect influenza hot spots. has more on this. Although I have not been able to find an equivalent site, I do see some discussion on this on Japanese blogs. While I can see how this information can be very valuable, there is a short hop from there to the government monitoring people's searches directly, or seizing historical search data, all in the name of "public health." So much evil has been done "in the name of the people," but though good intentions might have been there originally, those intentions became perverted. I'm not saying that Google is necessarily doing a bad thing with its flutrends analysis, but this knife cuts both ways. The same is true for Apple's face recognition technology in iPhoto. Yes, it will help us sort and collect our photos with great ease, but how far away are we from having police agencies secretly gain access to our private photo collections and use this face recognition technology to determine if we have associated with any known criminals, or if perhaps we are criminals ourselves? Again, it benefits us to have criminals caught and removed from society, but consider how quickly and easily a free society can turn into the dictatorship of Orwell's "1984." Sometimes, I think scientists and engineers should ask the question "Can we?" less often and instead more often ask the question "Should we?"