Josh (the blog)

I’ve delivered simple, clear and easy-to-use services for 20 years, for startups, scaleups and government. I write about the nerdy bits here.


@joahua

In support of piracy

I am reinstalling Windows on a few of the systems here tonight and things are rapidly getting ridiculous. This is a not-altogether-abnormal household in terms of computer ownership (definitely on the upper side of ownership, but I know families without geeks who have similar numbers of computers, just on a one-per-person basis), and it’s actually getting impossible to keep track of things. Microsoft don’t offer domestic site licensing. But, damn, they should. I’m using ProduKey to audit licenses because I’m never going to affix those ridiculous OEM stickers to anything (so bite me, I’m a criminal) when they’re licensed with whatever dodgy hard drive or network card I bought them with. Accordingly, I’ve lost the key (yeah, $AU200 value) of one system, and confused the keys of three others — because, get this, we paid for three legit academic licenses which LOOK EXACTLY THE SAME AND DON’T HAVE STICKERS. So compliance on at least three systems is rendered damn near impossible, even if you do follow all of their ridiculous rules to the letter.

Not to mention the OEM copy of XP MCE sitting in a draw that I’d lost track of (I think the system is now using a regular XP Pro license) or the miscellaneous systems that have affixed OEM licenses but for which there is no (misplaced) physical media.

Accordingly, if I want to obey the OEM sticker directive, I’ve got to download a CD ISO from a torrent site (because I don’t fork out for MSDN). But MSDN is increasingly attractive; it effectively offers the desired outcome. Unlicensed, unactivated systems that work perfectly well on a subscription basis… sure, subs suck, but whenever they stop their XP activation servers we’re all going to be screwed, anyway, so it hardly matters.

Meanwhile, I’m sitting here making a list (on paper, which I’ll store with the physical media) of all the licenses in use, and roughly where. Thanks to the unauthorised rebuilding of systems that I own and have built from scratch so often (resourcefulness in anyone else’s book, evil work of a pirate to the draconian OEM overlords) whatever descriptions are attached to aforementioned systems is likely to be rendered completely untrue in eighteen months time when I once again get around to the wholesale slaughter rebuilding of them all. Intermittent reinstalls will probably happen, too, unless I’m driven so insane by the inability to discern one license from another I end up, as I do now, simply taking out the lot and shooting them all a new install.

To Microsoft: whatthehelldoyouwantmetodo? I am so not forking out the at-least-$2000 you would have me pay for retail Vista licenses for this lot–it’s that much because Vista Business retail licenses come in at a delicious $500 each. Say it with me: hell no. I’ve heard from a reliable system builder source that you’ve been telling them that the new OEM rules work in their favour as it’ll bring them more business. Sure, but it’s pretty crappy business if I don’t say so myself. I have absolutely no interest in becoming a Microsoft certified system anything, simply because it’d mean dealing with your crap in a professional capacity, and I deal with it quite enough in a professional capacity trying to do other sorts of development as my job, thankyouverymuch. I’m not going to pay a Microsoft tax twice (first for certification, second for individual licenses) just because you claim that your crappy system builders do it better than DIY-ers.

Whenever the time comes around to upgrade to Vista, if I ever deem it worthwhile on the other home desktops here not for any commercial pursuits (still running Business in response to the crippling networking capabilities of all Home line products), I’ll be making a trip to my local store, who, for what it’s worth, don’t even offer retail Vista Business for sale on their website, but mention the OEM edition an awful lot, with the token “(only sold w/ new system or to a system builder)” tacked on to placate anyone from officialdom who comes looking. I haven’t had the pleasure of breaking OEM conditions-of-sale (that’s all they are… are such things even legally enforcable in this country?!) just yet, but have no doubts there will be ample places that want to take my money when and/or if I do.

I’m actually in the position of having one spare XP license (two if you count XP MCE) at this point, but am sorely tempted to install Linux on at least one of the three systems I’m taking care of tonight just to avoid having to deal with these mediocre attempts at extortion in the future. It’s not morally defensible to refuse to acknowledge system builders as “original equipment manufacturers” when they are, in fact, conducting exactly the same tasks as their so-called ‘certified’ builders. Clearly, it’s not being pursued for retail sale: the only retail products that belong in an operating system product mix are upgrades for people who enjoy having computers that don’t work (i.e. most of the population, anyway).

It’s an indictment upon the difficulty of upgrading/reinstalling Windows that so few people take this route: quite frankly, the products don’t work. Everyone who is unqualified (in the literal, capable-of sense, not some arbitrary didacourse, paidMSsomemoney sense) to build a computer, in my experience, is unqualified to successfully install Windows independently. Even if they succeed at booting from a CD, negotiating the installer prompts (admittedly better than they used to be), manually answering questions about daylight savings and other such things that should long since have been dealt with automagically (c’mon, we’ve had GeoIP products for what, ten years now? Longer?), or at least correct from the outset (two HP machines last week were insistent the default timezone should be Singapore. They shipped in Australia. Is it so bloody hard to pick a populous east-coast state zone as the default?), chances of users correctly installing things such as drivers in post-install stages are slim to none. Nearly all phone a tech-saavy friend (I know no-one who’s ever called the Microsoft support line for OS installs… more should, but few do).

The point stands: retail licenses are for newbies, OEM licenses should be accessible to everyone who doesn’t give a crap about shiny packaging, manuals, and shooting their wallet to bits.

Here endeth the rant.

Di San Xian

Delicious Di San Xian

The second-most missed thing in China.

Some reflections on John 16

His disciples said, “Ah, now you are speaking plainly and not using figurative speech!”– John 16:29

Yay for clarity! You can find the fulltext of John 16 here. Apologies for the slight ramblingness of this post. It gains clarity towards the end… twas somewhat shaped off a Skype conversation that I haven’t the time nor energy to properly edit at this point :)

John 8:14 is pretty funny in its portrayal of the sheer incorrectness of the Pharisees’ assertion of the passage prior: It’s like… you can’t speak truth because you’re speaking truth about yourself (!!)… and then, fastforward back to 16:30 – “We know that you know all things and don’t need anyone to question you; this is why we believe that you came from God” – then, in verse 31, Jesus — “oh, so NOW you get it…”

Verse 32 — “But, seriously… yeah, right. Even if you say you do you’re all about to pissbolt… Oh, that’s now, btw.”

33 — “but I’ve said this stuff so that”… You’ll know after the resurrection what’s going on… The resurrection is the act that will make sense of all of this; there will be no figures of speech because it’s a concrete demonstration of what the Christ is achieving — “overcoming the world” and bringing peace for those who are in him — kinda like way the Father is with Him even when all others desert

Verse 23 is confusing… “You won’t ask me anything” vs. “My father will give you whatever you ask in my name”… are they both talking about prayer or is the first talking about information/knowing stuff about Christ’s identity and relationship to the Father and the second talking about prayer?’

Perhaps its about the perfect sufficiency of the cross — reading 22 AND 23 together:

(Paraphrase of Jesus:) You will be sorrowful til I’m back, and then I basically won life (literally! haha) and you have a joy that can’t be taken away from you and what you’re asking the Father will be asked in my name!

You’re not trying to ask it directly of Him (the Father) anymore. You won’t need to, because you have the Spirit of Christ once Jesus has conquered death and returned to His Father. What I think that means, in the context of the “Spirit of truth” from earlier in the passage, is that the things you ASK for are asked as Jesus would (i.e. you’re not standing alone before the father with an impaired relationship asking things for yourself once Jesus has conquered and we’ve received the spirit of truth that speaks what He hears from the Father and Son. Our hearts will desire different things, and we’ll have a complete joy that can’t be taken from us in Christ.

We don’t get the Spirit so we can ask for crap, but so that He can declare what he hears (from the Father) — AND — in verse 14-15, His purpose is to glorify the son, who is King over everything that is the Father’s; the Spirit will declare the things of Jesus to his people. So, asking of the Father “in my name” is about asking to receive joy in full…

“I am not saying that I will ask the Father on your behalf” — Does this mean Jesus ISN’T an intermediary (as in Hebrews 7:25)? And Romans 8:26 says that the Holy Spirit intercedes for us when we don’t know what or how to pray. But this passage (John 16) says that the Holy Spirit will speak only what He hears from the Father and Son: therefore, His intercessory prayer for us will necessarily take the shape of prayer for things that God desires. And that should be our prayer always.

Christ needn’t ask the Father on our behalf because His act of death and resurrection/victory OVER death means that our sins have been paid for if we trust in Jesus and call him our Lord. When our sins are paid for, we can be in relationship with God the Father and pray to Him; the High Priest that Hebrews 7 talks about is presenting us blamelessly in unblemished relationship again with God, so we can approach Him. When Christ’s perfect sacrifice was made, we are able to and should do as the writer of Hebrews says we should in chapter 10 of that letter: Where there is forgiveness of sins and lawlessness, there is no longer any offering for sin. Therefore… let us draw near with a true heart in full assurance of faith, with our hearts sprinkled clean from an evil conscience and our bodies washed with pure water.

We are able to draw near to God. Right now this is in the form of prayer to Him and for His purposes; that He might achieve them and use His people to this end in His service. We don’t need to pray in a church or temple, we don’t need to burn incense or hear music to uplift us — though these things are not intrinsically bad. We have freedom as we are saved by Christ’s sacrifice for us; we have a new Spirit which He has put in His people to allow them to draw near to God without impediment or constriction. We needn’t pray to Christ, because He has opened a new way to the Father for us, having fulfilled the law of the scriptures and making perfect that which we (His people) could not.

God’s presence used to dwell in the holiest place of the Temple; now, He dwells in the hearts of His people as Christ has made us His own.

When Jesus says “It is to your advantage that I go away”, he means it. If Christ hadn’t gone away from His followers to the brutal Roman cross to pay for our sins, we would not have peace with God, and there’s no way He could say “I have overcome the world” without lying through his teeth unless He faced death and came out the other side, opening a new way to God for His people.

Flying away

I’m off to Beijing today to see the most wonderful girl in the world. We are both uncontainably excited and rapidly exhausting our supplies of synonyms. Back in early March. We are both so blessed to be able to see each other even in this remarkably scattered world we live in!

Cheap secure authentication

Verisign OTP from PayPal

These things can be had from PayPal for about five bucks. Or $7.50 if you’re an Aussie. Verisign will flog them off to you for $30, if you’d like, but basically PayPal rocks for this kinda stuff. It’s a one-time password token that effectively enhances your authentication by a massive degree. It’s cool because it works with PayPal and eBay. It’s cooler (and worthwhile) because you can potentially use it with OpenID.

Essentially, it’s a random number seeded with a unique key that gets appended to your regular password. This defeats keyloggers and pretty much all kinds of phishing currently out there. These kinds of devices have been used in corporate VPN/dial-in scenarios for years now (predominantly, in the situations I’m aware of, with technology by RSA SecureID), but this is the first I’ve seen of it from Verisign.

And, sure, it’s only as secure as physical security or the endpoints themselves are, but it’s a massive step up from “what’s your cat’s name?” two-factor auth (though, unfortunately, I think PayPal/eBay offer that as a backup).

I’ve ordered mine and will probably be having a play with OpenID implementations of it (backed by Verisign’s PIP service, but not overly tied to it because of OpenID’s identity-delegation ability) once it arrives (10 business days).

Can’t help but wonder what Verisign’s rates for these things are in a standalone sense. Normally on 5 year contracts, but in terms of cost-per-token. Seems like a great way to defeat the idiot users who insist on having passwords that are blatantly obvious (argue all you like about strength policies: it’s often not feasible when balanced against support load for resultant forgotten passwords).

Also, to those who argue PayPal = evil, if you’re in Australia then please… don’t. Unlike in the US, here they’ve basically got the same financial reporting obligations as any bank does, and customer service necessarily to match it. All the horror stories from the ‘States (not that I think them universally untrue!) pretty much couldn’t happen here or they’d be chucked out of the country. And, whilst they’re so heavily subsidising (or at least obtaining bulk discounts for) this kinda tech, that’s cool with me.