A Consuming Experience

Thursday, 23 August 2007

Haute Secure review: browser security plugin

I tried Haute Secure when it first came out in beta just over a month ago. It's a browser plugin /toolbar for Internet Explorer which is supposed to warn you when you attempt to visit a "bad" site laden with malware which attacks your computer the moment you land on the site, and it will even block your browser from downloading nasty smelly germy webpages.

In their words, "When the bad content attempts to load, our behavior-based profiling algorithms identify and intercept it in real-time, before it installs itself on your computer." How it works: they have algorithms that analyse, identify and stop sneaky malware downloads in real time (and send reports home), plus a database of bad sites kept constantly updated from reports etc, or as they put it: "A distributed real-time malicious link database and a scanning infrastructure that is connected to the client software". They'll also include "malicious content found by others such as security experts and hobbyists joining the fight to stop malware attacks on unsuspecting users".

It's had good write-ups. But I go by my own experience. A favourable review will get me to try something, but I won't stick with it if I don't like it. I don't often blog about things that suck because usually I've picked up enough info to know that I should just avoid them in the first place. But if I come across something that's sucky, I'll say so. Haute Secure is sucky.

In more sober terms, here's my verdict. A most excellent idea in theory, but way too blunt an instrument in practice. I had to uninstall it after a few weeks, it was making my browsing unbearable.

Why? Like I said, it's far too blunderbuss in approach. It tars (and feathers) entire domains with the same brush, without bothering to distinguish between subdomains - like, x.blogsome.com is not the same site as y.blogsome.com, and may not even be run by the same person. Yep, you'd never credit it wouldja. And if you have a script or image on your webpage that's from a supposedly "bad" domain, that'll mark out your site as bad too.

For example, go to Yahoo-owned Mybloglog.com, and you'll get a yellowy reddish brown kinda warning in the toolbar (they call it "orange" but I guess my color vision is different...):

Or a messageboard where someone's posted pics from Photobucket:

Here's another well dodgy site, oooh look, see the warning on the right:

And why was my blog suspect, pray? You can click on the Haute Secure toolbar then 0, 1, 2 "Blocked URLs" to check, and, hey, whaddaya know, that well known and now Google-owned purveyor of malware Feedburner (not!) was one of the chief culprits. It wasn't me guv it was that nasty malicious Feedburner:

See, Haute Secure even went dramatically red on another site because of Feedburner, oooh we're really taking agin Feedburner now aren't we, bad bad bad Feedburner:

One of the few totally safe "blue flame" sites was Google:

But Google didn't escape entirely. Not all Google domains were considered non-evil, oh no - there's that suspicious dirty mac-donning googlesyndication.com, fer instance:

The last straw for me was when it stopped IE dead in its tracks when I tried to drop by John Tropea's site:

And why was John's site so all-fired dangerous then? (yeah yeah, can't resist those fiery puns, so poke me with a match). Because it's on naughty smackit Blogsome, is why:

At that point I completely had it (though I didn't quite lose it), and uninstalled Haute Secure. Sure, you can choose "Continue" to visit red sites anyway, or unblock a site it's decided to kill:

But really, why should you have to? Are Haute Secure having a laugh or what? Just because some bad guys have set up malware-ridden sites using Blogspot.com or Blogsome.com addresses, just because some of them burn their feeds using Feedburner, why should legitimate bloggers on one of those "tainted" domains (or who have incorporated pics or scripts from a tainted domain) be given a bad name and hung too? What on earth were Haute Secure thinking? My fingers are tired enough from constant typing thank you, why should I keep having to manually choose to continue to or unblock perfectly safe sites?

It's like anti-virus or anti-spyware software which keeps coming up with too many false positives, false alarms. It wastes your time, you stop trusting it, you stop using it.

Yes, Haute Secure issued an update a couple days ago, but it sounds like it's just fixing crashes etc. Me, I've lost interest, like many other people I just haven't got the time, I'm not going to bother to try it again. Not (perhaps) unless I know for sure that they've sorted out the sub-domain and scripts etc issues. Great great idea, huge glaring gap in the execution.

Wednesday, 22 August 2007

How to create a conspiracy theory: 4 easy steps

New Scientist magazine back in July had a fascinating article by psychologist Dr Patrick Leman called "The Lure of the Conspiracy Theory" - about the psychology behind belief in conspiracy theories, which seems to be increasing in modern society, and indeed has become something of a cultural phenomenon.

The Net is partly to blame: "One factor fuelling the general growth of conspiracy beliefs is likely to be that the internet allows new theories to be quickly created, and endlessly debated by a wider audience than ever."

The article makes the point that there are good and bad things about conspiracy theories. The good: sometimes conspiracy theories are true (e.g. the Iran-Contra affair), and conspiracy theorists can be the little guys keeping big corporations or government in check. The bad: they can spread (misplaced) mistrust and fear, which can get in the way of reality and what is actually true and important.

Research has been conducted, by Dr Leman and others, into what makes people believe, who tend to be believers, and why. Age, ethnicity, income are apparently all factors. The possible link: those who feel generally disaffected, disempowered in society, are more likely to believe in conspiracy theories.

Some other interesting concepts in the article:

"Flashbulb memory" - the recall of a sudden event, often shocking and global, which affects individuals on a personal level. Apparently this type of memory is more easily formed between 20 and 35 years of age, which is why different events tend to trigger flashbulb memories for different generations - the John F Kennedy assassination, Princess Diana's death, etc.

"Major event - major cause" - people often believe an event with major consequences is likely to have been caused by something major. Because if the cause was minor (e.g. a single drunk driver) then it seems like there's been no real cause and effect, life feels more unpredictable and uncertain, which makes us uncomfortable. Easier to assume the cause was something big.

"Confirmation bias" - people generally tend to pay more attention to info that is consistent with their existing beliefs, and absorb that kind of info more readily. This applies to both conspiracy theorists and anti-theorists equally (and, in my view, many so-called "scientists" too) - rather than objectively consider all the evidence, both look for "facts" which fit in with their existing theories and dismiss or discount evidence to the contrary, or change their theory to tie into the new info! Research in fact shows that different people can claim to use the same bit of evidence to support entirely different theories.

How to create the perfect conspiracy theory, step by step

Finally, based on his findings, he produced a presumably tongue in cheek howto on producing the perfect conspiracy theory. I can foresee some unscrupulous people cynically exploiting this to make up and spread conspiracy theories of their choice - but then they'd probably work all this out for themselves anyway, it actually seems pretty much common sense to me.

If I want to deliberately build a conspiracy theory for maximum dissemination and then make a fortune writing a book about it, well now I certainly know how to start!

Here's his guide on how to construct a conspiracy theory that'll seize the imagination of the masses, in 4 easy steps:

Pick your bad guy - government, big corporations etc. Ideally also pick on some shadowy, cult-like organisation which can supposedly be connected with your adversary. (I know The Da Vinci Code is fictional but, heh, Opus Dei was a good pick!)
Pick a major current event to base your theory on - especially an unexpected, shocking, visual event that's shared.
Develop your story - pick & choose your source info, construct a compelling story from it, and hey if something doesn't fit your story, reinterpret it! Sow uncertainty, query the official evidence, find new facts contradicting it.
Prepare your defence - be prepared to tweak your conspiracy theory around the edges should anyone point out any inconsistencies etc, but always hold to the core theory, emphasising that it's just a question of getting the evidence to prove its truth. And if others question your theory, well they must be in on the conspiracy too, mustn't they?

London Girl Geek Dinner videos: 16 August 2007 2nd anniversary - women in technology

UPDATE: Blip.tv seems to be down so I've removed the embed code for now to stop my blog loading so slowly (or not at all!).
FURTHER UPDATE: well it's back up now so the code is back!

The second anniversary of the London Girl Geek Dinners (blog) took place on 16 August 2007, organised by the inimitable Sarah Blow, and kindly hosted by Skype (Paul Amery and Antoine Bertout).

The focus of the panel discussion was on "Women, technology, breaking down the barriers".

I'm not going to say much about it (except pizza pizza pizza, cake, cake, cake!) because it's already been well blogged by:

(have I missed anyone?).

Maz has also linked to some Flickr pics of the London Girl Geek Dinner.

I'd just add that the comments I heard after the event were very mixed, from "Yeah too right!" and "Very interesting", to "We've heard it all before, when is there going to be less talk and more action about getting more women into IT?"

Also, there's one more point I'd like to add. There was lots of talk about how to get girls interested in technology at a young age. But one area which didn't get discussed at all was, what about getting "mature" women into technology, given the increasingly aging population and the growing trend, indeed encouragement, for people to have second or even third careers?

I'm still in my first career, doing something completely different, but I'd love to be able to work in technology. My sense is that IT is a pretty ageist industry, and while a 14-year old coding hotshot will be inundated with offers, what technology company is going to look at an oldie amateur who's not got a technology or science or maths degree, and who hasn't even put in any time in the IT business? Even if I gave up a decent salary to go off and be a poor student doing a CS degree, what would be the point? I'd be even older and less employable by the time I'd finished it... I'm certainly one of the few women there who could honestly, truly say "I'm not a real geek"!

The videos

I managed to video the proceedings, or some of them - unfortunately I didn't think the discussion would be quite so lengthy and hadn't topped up the charge, so my camcorder battery ran out partway through the audience discussion. Despite the camcorder being not too heavy my muscle power also ran out, in case anyone is tempted to suggest that the tremors are alcohol-induced! If I'd known it was going to take so long I'd have brought a tripod. Next time perhaps... Meanwhile, you may need seasickness remedies on occasion, don't say you've not been warned.

UPDATE: the videos are all on A Consuming Experience Blip.tv page, if that's more convenient.

Here's the intro (10:46):

Click To Play

(blip.tv direct page, better quality)

And some words about Skype now and next, by Paul and Antoine, for developers - with their views on women in technology at the end (9:27):

Click To Play

(blip.tv direct page, better quality )

And finally the full panel discussion, plus part of the audience debate (41:41, no that's not a typo, it was over 40 minutes long!):