FIRST Robotics Challenge

This weekend we volunteered at the FIRST Robotics Challenge Colorado Regional. Not only is this a ton of fun – teams of high school students build robots to compete in a different game each year – it’s a very important activity to encourage young people to get involved in technology.

First a little background on FIRST: For Inspiration and Recognition of Science and Technology.

FIRST was founded in 1989 to inspire young people’s interest and participation in science and technology. Based in Manchester, NH, the 501 (c) (3) not-for-profit public charity designs accessible, innovative programs that motivate young people to pursue education and career opportunities in science, technology, engineering, and math, while building self-confidence, knowledge, and life skills

Founded by Dean Kamen, President of DEKA Research & Development Corporation and inventor of the Segway PT, FIRST has grown from 28 teams in a New Hampshire high-school gym in 1992 to reaching over 150,000 kids and the FIRST Championship held in the Georgia Dome in Atlanta. So what is FIRST Robotics Challenge all about? In the official words:

What is FRC?

FIRST Robotics Competition (FRC) is a unique varsity sport of the mind designed to help high-school-aged young people discover how interesting and rewarding the life of engineers and researchers can be.

The FIRST Robotics Competition challenges teams of young people and their mentors to solve a common problem in a six-week timeframe using a standard “kit of parts” and a common set of rules. Teams build robots from the parts and enter them in competitions designed by Dean Kamen, Dr. Woodie Flowers, and a committee of engineers and other professionals.

FIRST redefines winning for these students because they are rewarded for excellence in design, demonstrated team spirit, gracious professionalism and maturity, and the ability to overcome obstacles. Scoring the most points is a secondary goal. Winning means building partnerships that last.

What is unique about the FRC program?

• It is a sport where the participants play with the pros and learn from them
• Designing and building a robot is a fascinating real-world professional experience
• Competing on stage brings participants as much excitement and adrenaline rush as conventional varsity tournaments

The game rules are a surprise every year

My son and I got involved last year through the IEEE, which is a major supporter of FRC. Me, because it sounded like a great idea, my teenage son because, well, geeks + robots… you do the math. It has been an amazing experience. There is always a need for mentors, coaches and of course corporate sponsorship. I’ve volunteered both years working in the machine shop, which was provided last year by NASA and this year by a local Denver company Club Workshop, where we handled everything from minor accidents to field upgrades. I can’t say enough about this terrific program to really do it justice so I’ll just provide some pictures instead. Check FIRST out. You’ll be glad you did.

Do not fall for this

The folks over at MX Lab wrote this blog entry about a particularly nasty malware site they discovered recently.

When checking some URLs at MX Lab this one caught our attention because it is a nice trick to distribute malware. The trick is to attract people that want high speed internet for free. Don’t we all want this? I believe so but this one isn’t going to offer you high speed internet at all.

The website starts with a very nice offer:

Attention All Customers: March 19, 2009

Comcast High Speed Self Installation Kit v.4 is a special utility designed to boost the speed of your connection. This tool has advanced features of the 3rd generation high speed internet with multiple connections , download scheduling, and many more. It is free proposition for all Comcast clients (any connection) for 300 days.

The upshot is that they have you download an installer, named ComcastHSkit.exe, which actually installs a rootkit that turns off the Windows firewall and Security Center and then “phones home” to a notorious malicious site. Real nasty stuff.

The reason I’ve designated this as “particularly nasty” is that it looks like the real deal. The bad guys in this case have really done a good job of spoofing the kind of stuff that Comcast spams it’s customers (including me) with regularly. While I wouldn’t expect a network security savvy person to fall for this, sadly I can’t say the same for most folks. I know quite a few people who would see this kind of offer and, not unreasonably, want to take “Comcast” up on their offer to speed up their network connection. Especially here in Colorado where our broadband speeds are, well, not that speedy.

Give this a pass. You’ll be glad you did.

And thanks to the guys at MX Lab.

CSI: Reality

I saw this piece on the local Denver ABC affiliate, 7News, about  Colorado Crime Lab Experiencing “CSI” Effect. The gist of the report was that the popular crime fiction series is influencing public expectations of what crime labs can really do. I’m really not surprised since I enjoy watching those CSI shows in large part to check out the amazing technology that I wish actually existed – or am glad doesn’t really exist. Like that amazing facial recognition software that cross references grainy CATV images, enhanced by futuristic methods to HD quality against a huge database maintained by some high tech but unspecified international law enforcement agency to identify the perp. Yowza! I’ll take two of those bad boys! Or that killer speech recognition software that not only can filter out or enhance background noise and not only positively identify the speaker(s) but tag the geolocation using the background noise. All of this with the most intuitive user interfaces ever. I could totally use this stuff!

But alas, to paraphrase Scott Adams’ The Dilbert Future, the future will not be like CSI.

While I’m not a law enforcement professional, I’m fairly certain that crime scene investigators do not routinely question murder suspects, participate in high speed vehicle chases, or engage in spectacular shootouts with terrorists. Yep, sad to say, but my gut feeling is  that CSI: Reality would not be that popular. Or exciting. Also by now I’ll bet you’re wondering how this is going to relate to security. Fear not.

As is illustrated by this article by Sharon Nelson in the {ride the lightening} blog, the reality is much more, … how shall I put this … real.

1. A police department that turned a computer on and off (hey guys, this is original evidence you’re stomping on!) six times within two days of seizure, accessing numerous files.
2. A police department that handed over evidence containing child pornography to the city’s IT director for analysis (um . . . gotta read that Adam Walsh Act chaps!)
3. Last but not least, we were once again sent child pornography in the mail by a Public Defender’s Office – and sadly, this is the second time in a month – and generated by the same individual. You would think, after we reported the previous incident just weeks ago, that corrective measures would have been taken. Apparently not.

Or how about this gem, again from {ride the lightning}.

Yesterday we received child pornography via FedEx from our attorney client, who had been given it by a sheriff’s office. It was on a CD marked “Sterile.” In our world, that means no CP [Child Pornography]. Or it’s supposed to mean no contraband. But there it was, which meant (sigh) we had to call our assigned detective and advise him that we were in possession of child pornography, in accordance with our protocol with the Department.

When he heard that a sheriff’s department had distributed the child porn, he laughed. He could afford to laugh. Not us. Because the CD had been identified as sterile, it had been placed in a folder on our server. We had to selectively wipe that folder. We also performed a long erase of the backup tape from the server, thereby overwriting every inch of mylar. We hashed the CD contents and completely scanned our analysis computer to verify that no data was transferred. We destroyed the CD and notified both our attorney and the hapless sheriff’s office.

I don’t know about you, but I’m actually relieved that these guys don’t have access to that fabulous albeit fictional CSI technology. Now don’t misunderstand me, I’m definitely not implying that the good and competent folks on the front lines of law enforcement are bumblers. My point is that crime scene investigation and evidence gathering, preservation and processing is not trivial. It’s often mundane, frequently tedious, rarely dramatic and subject to policies and procedures that are baffling even to specialists. And often can make practitioners look a lot more like Dilbert than Gil Grissom.

Yep, CSI: Reality is not like CSI: Miami. But I still love that wicked cool technology.

Using public Wi-Fi safely

Rich Vázquez, a fellow CISSP, has an article in the Georgetown Hutto/Taylor by way of Community Impact Newspaper entitled Ways to use public Wi-Fi safely. While generally good advice I feel compelled to, if not disagree exactly,  elaborate of some of his statements. So here goes.

The first thing to do in a public space is find the name of the network to connect to. Hackers sometimes set up similarly spelled networks, such as HavaHouse instead of JavaHouse. This is called an Evil Twin Attack. Once connected to the imitation network, hackers can get information from the computer and internet activity. It is important to verify the name of the intended network before connecting to one.

Certainly you want to verify that the wireless net is what you expect prior to connecting, but the more important issue is that the operative word in “open Wi-Fi” is open. Most open Wi-Fi nets don’t need an evil twin. They are totally amoral by definition. Open means exactly that – anyone and everyone is invited to join in the fun. Which is great if you are adequately protected. Or a grifter looking for marks.

Using anti-virus and firewall software is a front line of defense. A firewall prevents someone from finding a program on a computer that would allow them to connect and steal information. If a hacker can connect to a victim’s computer, he or she can also find a way to infect the victim’s computer with a virus and later steal private information. Many criminals collect information in large databases and work through the names over time. Some frauds are executed over many months or years, so victims may not realize their information or computer has been compromised until the criminal is ready to use it.

Actually using personal firewall software is the first line of defense. Anti-virus is the last line of defense. While I’m sure this will cause a great deal of controversy (at least I hope so – bring it!) I submit that anti-virus software is optional and a good bi-directional firewall is critical. How so? Glad you asked. The firewall should make you invisible to the outside network. Many, if not most, popular firewalls do not do this out of the box. You need to make a visit to the Gibson Research (Steve Gibson of Security Now! fame) Shields Up! site and tweak your firewall setup until you are in “stealth mode”. If you don’t do that, then even good anti-virus software – and I’m dubious that such a thing exists – will not be useful. The greatest threat posed by the open network is  information leakage, not malware infection. The risk of your PC being infected by malware that steals your information is significantly mitigated by the firewall. And once the PC is infected by such malware, if your firewall blocks egress to everything but approved processes – a feature of those good bi-directional firewalls mentioned earlier, information leakage should be prevented anyway. My point: it is a lot more effective to prevent malware infestation than to detect it after the fact. It should be noted here, that Rich makes an excellent and critical point: there is almost always a time lag between when information is stolen and when the stolen information is used. Sometimes the time lag is significant, so just because your stolen information hasn’t been exploited yet doesn’t mean it hasn’t been stolen.

File sharing is also a big risk. Many people have multiple computers in their homes and share files. If folder with family pictures or business documents is shared at home, those files will still be shared when connected in a public place and may be exposed to anyone else on the network.

Absolutely spot-on here! The average personal computer does not implement many of the file sharing protections that are available on corporate networks. Otherwise very few home users would ever be able to take advantage of file sharing. As Rich points out, whatever you share is shared with everyone on the network. The entire open Wi-Fi network. Just say no to file shares.

Not every attack is high-tech. While engrossed in email or doing taxes online, someone may be sitting nearby carefully watching for user names, passwords or other personal information. This is called shoulder surfing. Social engineering can be a series of emails, phone calls or a conversation that tricks a victim into revealing information that can be used later to bypass security. That same person who was looking over a victim’s shoulder could start a conversation and during casual chatter find out additional personal information such as birthdays, names of children and names of pets — all commonly used passwords. Without ever touching a computer, a hacker could find out e-mail providers, banking information, and answers to commonly asked security questions.

In fact most of the threats in a “coffee shop” environment (i.e. your typical open Wi-Fi hotspot) are decidedly low-tech. Fortunately the best defense is also low-tech – don’t be an idiot. One of the examples Rich uses is a perfect case in point: if you are doing your taxes online from an open Wi-Fi hotspot you are a moron and deserve to be pwned. I’m sorry but it’s true. There really is no mitigation for user stupidity. Seriously though, social engineering is by far the most effective tool black hat hackers have. There is definitely one born every minute. Don’t be the one.

The easiest way to confirm a secure connection is to check for the https, with an s at the end, on a  website to verify that it is using basic encryption for the traffic. Errors on the page could also be an indicator to watch out for. Sites using https are using SSL Certificates, which help verify the website is authentic. The information sent between visitors and the website is also encrypted, or scrambled so that someone watching the network cannot read the information.

Encryption helps protect website visitors from wireless sniffing. Tools are available for free that enable information to be tracked as it moves on the network. Attackers can watch a website vistor’s traffic and use it to find passwords or even recreate a document or file sent to someone via the internet.

Again Rich makes a very important point. Regardless of how “steathy” your PC is, it still has lots of incoming and outgoing traffic that is easily sniffed on the open Wi-Fi network. Go snag a copy of AirSnort if you want to see just how easy this is. Your traffic had better be encrypted if you don’t want it to be completely public. Having said that, encryption in and of itself is not enough. As Hugh Thompson says you can’t just “sprinkle on the magic crypto fairy dust”. For example if you’ve already been compromised by a Man-In-The-Middle attack, starting an encrypted session might simply result in a nice encrypted pipe that is available to no one but you, your bank and the attacker. Also, a site’s use of  HTTPS is no indication of the legitimacy of the site unless you actually check the validity of the SSL certificate. And very few people do that. Or even know how to do that. So back to an earlier point, don’t be an idiot. Encryption does not mitigate stupidity. Recently an entry on the Security Bloggers Network (sorry I forget who, please set me straight since I’d really like to give credit where credit is due) described a situation in a coffee shop where a business person connects to the corporate LAN (no doubt securely), starts up a remote desktop session (again no doubt securely)  and then goes to the restroom leaving the laptop unlocked and unattended for 10 minutes. Doh!

[UPDATE] The blog entry referenced earlier is from Thomas Nicholson at Nicholson Security blog entitled People will always be the weakest link in security. In addition, I referenced it earlier in this blog in an entry entitled Save us from the other people

Check out Rich’s article, he’s got some great resouces listed. Maybe we can even convince him to blog with the SBN.

Long time coming

Not sure what is is with me and e-discovery this week, but I had to mention this as soon as I heard about it. This entry in the Electronic Discovery Blog reports the following:

eMag Solutions recently announced the development of a new process able to directly access and restore mainframe virtual tape libraries without recreating the mainframe environment.

Maybe it’s just me (that’s an ironic rhetorical statement implying the opposite) but there are plenty of forensic tools to snag potentially discoverable material from Windows, Linux and Mac systems. Even portable devices like iPhones and PDAs. I think we have to low end covered pretty well. But this is the first I’ve heard of getting that same kind of ability with mainframes – particularly VTLs. But why should we care? Who uses mainframes anymore (more ironic rhetorical stuff)? Only pretty much everybody in the financial sector, certainly all of the big guys, rely on mainframes for their serious data processing. Even if they use Outlook or Notes for their end user communication, it’s likely that much of the data will reside in a VTL somewhere. In any case, I just really like the idea of being able to do forensics on a VTL without having to pony up for a Z990 and a VSM.

A visit to eMag’s site provided more interesting, if not a bit breathlessly marketeering, information.

eMag Solutions, LLC, an international provider of electronic discovery services and data management solutions, announced today the development of a technological breakthrough in accessing and restoring discoverable data directly from “virtual tape” created from a mainframe environment. The result of this achievement will be the substantial savings of time and money for organizations needing to restore archive tapes in volume from a mainframe environment. The innovative technology experts at eMag Solutions have developed the ability to read and restore discoverable data directly from virtual tape without having to recreate any part of the original mainframe environment. Moreover, the breakthrough includes the ability to restore virtual tape without over-taxing the data center’s production capacity.

The significance of eMag’s achievement cannot be overstated. Companies have spent millions of dollars to rebuild mainframe environments in an effort to access and restore data that does not exist on a physical tape in a logical format. While virtual tapes contain the same data as physical tapes, they cannot be accessed in the same way, requiring tremendous time and costly processing capacity to recover data needed for litigation, regulatory or compliance matters — until now.

Data management expert Adam Joffe of Datacove Information Services, Inc. described the traditional challenge of accessing data on virtual tape as, “Similar to searching for a single dollar bill in a bank vault full of money. eMag’s advancement provides the ability to quickly and inexpensively access this data.” eMag Solutions is able to support mainframe environments operating Sun/Storagetek Virtual Storage Manager (VSM) as well as IBM’s Virtual Tape Server (VTS).

Maybe it’s just me (again with the rhetorical irony) but this is wicked cool. Although it does kind of hose up the chances of convicing the boss to get that Z990.

Strange things are afoot in e-discovery

For some odd reason – odd because I’m not a lawyer and not really in the biz – I’m fascinated by the goings-on in the e-discovery world and avidly follow a number of e-discovery blogs.  The thing that really fascinates me is that while courts often rule in counter intuitive ways, the caricature of judges as technophobic Luddites is often dispelled with extreme prejudice when one actually reads the rulings – often to the chagrin of litigants who were banking on that caricature being accurate.

Consider this case reported in the Electronic Discovery Blog where the defendant decided that if the evidence were destroyed that there would be no case. Sorry, no cigar.

The magistrate judge had previously ordered defendant producer to produce computers for forensic examination. When the expert arrived  [the defendant] refused to produce a laptop for nearly two hours. When the laptop was finally produced, requestors found “that ‘it was hot to the touch and a screw was missing from its hard drive enclosure.’” The court subsequently appointed a forensic expert to analyze the laptop.

Producers responded by admitting many of the allegations raised by the court’s expert. A computer technician admitted reinstalling the operating system shortly before the imaging took place. He changed the clock “to determine whether old files had expired.” Over 12,000 files were copied onto the laptop by the technician, and had searched for programs to help retrieve the data, including “Kill Disk” and “Get Data Back.”

The court concluded that “plaintiffs have demonstrated that [the defendant] spoliated the laptop.” The duty to preserve the laptop arose on when plaintiff requestors had filed their action.  “At a minimum, [the defendant] behaved negligently when he provided [the computer technician] the laptop and asked him to remove potentially embarrassing files without informing him that the laptop’s contents constituted evidence in ongoing litigation.”

The spoliated computer files might have related to any one or more of the claims. Because defendant spoliated the files, “it is impossible to identify which files [were relevant to plaintiff’s claims] and how they might have been used.”… Accordingly, “it is impossible to know what [plaintiffs] would have found if [defendants] and [their] counsel had complied with their discovery obligations.”

Accordingly, the court found that the only appropriate sanction would be a default judgment in plaintiff requestor’s favor. The court noted that previous sanctions against defendants had failed to deter discovery misconduct. In addition, “the most serious forms of spoliation merit the harshest sanctions, and in this case, the destruction of evidence was of the worst sort: intentional, thoroughgoing, and (unsuccessfully) concealed.”

So if you destroy the evidence, the court can only assume the whatever might have been there was really, really bad. Guilty! Thank you, that is all.

Or how about this case reported in Electronic Discovery Law. We’ve always thought – well I’ve always thought – that your spouse could not be compelled to testify against you. Not so fast, buckaroo!

In April 2002, former Broadcom CEO, Henry Nicholas, used his company laptop and email account to send an email to his then-wife discussing his children, his marriage, his drug use, and various issues related to Broadcom. Quotations from the email included:

•   “The worst part is the company falling apart because I am not fully functioning.”
•   “However, I don’t care about Broadcom anymore…I just feel like a liar to the people I am recruiting to new positions…because I am potentially f—ing some things up this week that will be irreparably damaging.”
•   “However, I am willing to lie and bulls— to get key people in place so I can extract myself from Broadcom as soon as possible”

Nicholas also referenced “suffering ecstasy come-down” and “panic attacks” and “electric shock like flashes” upon quitting “cold turkey,” among other things.

In 2002, the email was discovered by an IT staff member engaged in authorized maintenance and was subsequently provided to another member of the IT staff acting on instructions of the Board to gather information regarding concerns over Nicholas’s behavior.  Between 2002 and 2007, when the email was disclosed to the government in the course of their investigation of Broadcom’s stock option practices, many people at Broadcom became aware of the email, including General Counsel, the Co-Chairman of the Board of Directors, and the Director of Human Resources.

Extensive motions practice ensued regarding potential protection of the email by the marital privilege.

As the Ninth Circuit recognized, the Email may be admissible at trial notwithstanding the privilege.  The Court will have to make the ultimate determination of the Email’s admissibility at trial after considering all of the facts and circumstances at that time.  Because the Email may be admissible at trial, in fairness, the Email must now be disclosed to [the co-defendant].  Finally, in light of the disclosure of the contents of the Email by the Orange County Register, the Court finds no compelling interest in keeping this order under seal.

In reaching this determination, the district court first examined the scope of the Ninth Circuit’s ruling regarding the applicability of the marital privilege and relevant precedent regarding the same. Accordingly, the district court stated:
[P]recluding the use of the Email for any purpose would exceed the “appropriate scope of the protection” to which the Email is entitled.  Evidentiary privileges are not absolute, and the jury’s obligation to consider relevant, probative, evidence may outweigh any interest in keeping privileged information from it.

Yeah. Be real careful what you email – even to your spouse. Also you probably shouldn’t send email when you’re baked. Or try to run a major corporation.

And then there’s this case from Electronic Discovery Blog wherein a clever guy hatched a plan for milking the DRAM industry with surprise licensing fees but was careful to cover his tracks before launching the dastardly plan.

Rambus is a developer and manufacturer of computer memory chips. As a result of meetings among other chip technology owners, manufacturers and purchasers in 1991 to develop industry-wide standards for memory chips, Rambus became concerned that chip manufacturers were using its technology to develop competing chips. In 1996 and 1997, Rambus “planned to create a patent ‘minefield’ that it could use to its advantage in dealing with other companies in the industry.” In October, 1997, Rambus hired Joel Karp as VP of Intellectual Property, who would be responsible for “assessing [the Rambus] patent portfolio, determining when chips infringe [the Rambus] patent portfolio, setting licensing strategies for infringing chips, and for negotiations with companies that build and sell infringing chips.”

Karp met with several attorneys to discuss licensing and litigation strategy and discussed preparing trial graphics and claims; retaining experts; gathering critical documents and implementing a document retention policy; and building a case against potential litigation targets. A memorandum for the Board was prepared which “discusses Rambus’ competitors, features of the licensing program and a hierarchy of potential licensees and, in the event that licensing efforts failed, a tiered litigation strategy contemplating litigation in fora that “proceed at an accelerated schedule,” making early preparation advantageous for Rambus.” In his presentation to the Board, Karp told them “that the document retention policy was necessary to prepare for the ‘upcoming battle.’”

“One of the reasons for implementing the policy was to allow Rambus to purge documents, including emails, from its files that might be discoverable in litigation.” In May, 1998, Karp sent an email to Rambus employees “announcing that, effective immediately, full system back-up tapes would be saved for only three months and that data to be saved beyond three months must be archived separately…. Karp also announced the imminent implementation of a company-wide document retention policy.”

In September, 1998, Rambus employees participated in “Shred Day”, during which about 400 banker’s boxes of documents were destroyed, “relating to contract and licensing negotiations, patent prosecution, JEDEC and Board meetings, and finances.”

The court concluded that “[i]t is apparent from the record that Rambus, from its inception, was prepared to be an aggressive competitor in a very competitive industry. Its patent portfolio was considered a weapon to be used, as necessary, in its chosen theater of operations, the DRAM market. Under these circumstances, one could safely predict that litigation was inevitable.”

The duty to preserve arose “no later than December, 1998, when Karp had articulated a time frame and a motive for implementation of the Rambus litigation strategy.” Because the document retention policy was discussed in the context of this litigation strategy,
the court found that Rambus knew, or should have known, that a general implementation of the policy was inappropriate because the documents destroyed would become material at some point in the future. Therefore, a duty to preserve potentially relevant evidence arose in December 1998 and any documents purged from that time forward are deemed to have been intentionally destroyed, i.e., destroyed in bad faith.

The spoliation conduct was extensive, including within its scope the destruction of innumerable documents relating to all aspects of Rambus’ business; when considered in light of Rambus’ litigation conduct, the very integrity of the litigation process has been impugned. Therefore, the court concluded that the appropriate sanction for the conduct of record is to declare the patents in suit unenforceable.

Curses foiled again by that “duty to preserve” thing. Great way to bury a promising technology under a mountain of greed.

And finally a P.T. Barnum-esque observation by my favorite e-discovery blogger, Sharon D. Nelson, Esq. in her {ride the lightening} blog regarding social networks.

Theglobeandmail.com has just reported that (according to Nielsen) one in every eleven minutes spent online is spent on a social networking or blogging site. Consider the veritable avalanche of electronic evidence that will result, much of it written in haste and ill-considered.

Apparently there’s more than just one born every minute.

How to write headline commentary

I’ve been an avid follower of The Code Project for many years. Although Microsoft technology centric, they are most definitely not shills for Microsoft. Every weekday I look forward to the [CodeProject] daily news for not only pertinent and valuable content but for the most clever headline comments for aggregated content anywhere. The following are some of my favorites so far this year.

10 things Windows 7 must do to succeed
Sell?

Microsoft’s glimpse of the future
Do we get the shiny suits with big shoulders yet?

How to automatically install required software after a reinstall
Definitely beats my old method {training my cat to press the ‘Next’ button}

How to achieve more ‘Agile’ application security
Hide the keys somewhere only you can reach

U.S. lists top 20 security controls
Don’t leave the key under the mat, and more

Most fired workers steal data on way out the door, survey shows
“Excuse me, I believe you have my stapler…”

Why netbooks are killing Microsoft
How do you get them to buy Ultimate, when all they want is Facebook?

Introducing Microsoft’s Gazelle: A Web browser as a multi-principal OS
A secure browser from Microsoft: now there’s a thought

Children get first mobile phone at average age of eight
Who are they phoning, Elmo?

Ballmer stumps for openness in bid to beat Apple
Pot, meet kettle

Web application platform Coghead shuts down
Bonus marks if you knew what they did before reading the article

Military’s killer robots must learn warrior code
Perhaps if someone were to codify some Laws of Robotics?

Judge gives Microsoft big win in ‘Vista Capable’ case
Vista even makes suing Microsoft more difficult

Microsoft’s IE 8 Compatibility List: Is it working?
You’d think it would shame those sites (like Microsoft.com) into getting fixed

Somnambulism in the Internet Age
Sending emails in your sleep? I do that most of my time at work.

9 Common usability mistakes in Web design
Without even including Flash/Silverlight

How to defend against deadly integer overflow attacks
Never use variables of type “Deadly integer”

Microsoft denies it profits from Vista-to-XP downgrades
It just profits

What can database developers and DBAs do about SharePoint?
“Be careful with that axe, Eugene”

Is the relational database doomed?
If by ‘doomed’ you mean, “Going to be the primary data store for many years to come”, then yes

Calculating the odds you’ll lose your job
(log(loc*pi)+meetingsperweek-bugs^2)-(ceosalary mod 1000)

HD TV beats depression, claims HD TV company
There you go: it’s not a frivolous expense, it’s therapy

One of those magic times: On Friday the 13th!
Sesame Street+Wicca = Unix

Bill Gates releases bugs
Mosquitos with fricking lasers on their heads!

Does the space shuttle’s computer really run on just one megabyte of RAM?
I’m guessing it’s not running Outlook

Understanding your enterprise architect: A guide for managers
Lattes go in one end, UML comes out the other

Forward slash led to massive Google glitch
I’m just guessing that something else might be getting forward slashed

Six ways to save your IT project from the scrap heap
Bonus #7: Ship it

Gartner reveals the eight hottest mobile techs to watch
“Mobile phones are the only subject on which men boast about who’s got the smallest”

Coming soon: Full-disk encryption for all computer drives
Ecausebay ypingtay verythingeay niay igpay atinlay ustjay ontway orkway

Microsoft contributes code to Apache SOA project
Anyone have a spare sweater? I think it’s frozen over somewhere.

12 useful techniques for good user interface design
Sometimes the pig looks better with a little lipstick

Belkin exec disavows fake user review offers
We’re really terribly sorry (we got caught)

What your computer’s drive will look like in 5 years
Five times as big as it is now, and still full

Caffeine can cause hallucinations
That explains the code I just checked in

NSA helps name most dangerous programming mistakes
Drawing UML diagrams on the side of a water buffalo?

Hackers hijack Obama’s, Britney’s Twitter accounts
OK, no one has coined a term for phishing on Twitter yet. How about: twawling, twitting or twiping?

Don’t shout at your disk drives, warns Sun engineer
They’re sensitive and easily offended

Our favorite blogs
They pulled this list out of their RSS

Anyone who will quote Office Space and Pink Floyd and reference Isaac Azimov to comment on tech news is okay by me. I couldn’t have said it better myself.