Security Now! - Episode 248
SERIES: Security Now!
DATE: May 13, 2010
TITLE: The Portable Dog Killer
SPEAKERS: Steve Gibson & Leo Laporte
SOURCE FILE: http://media.GRC.com/sn/SN-248.mp3
FILE ARCHIVE: http://www.GRC.com/securitynow.htm
DESCRIPTION: In commemoration of the 50th anniversary of the invention of the LASER, this week Steve is going to relate a story from his own past, 39 years ago, containing a strong moral about the importance of getting out from behind the video game screen and actually building something.
LEO LAPORTE: This is Security Now! with Steve Gibson, Episode 248 for May 13, 2010: The Portable Dog Killer.
It's time for Security Now!, the show that covers everything you need to know about keeping yourself safe, secure, and private online. Who better to do that than the man who discovered spyware, coined the term, wrote the first antispyware program? He's been a security maven for years, the author of SpinRite, the world's best hard drive utility, Mr. Steve Gibson of GRC.com. Steve.
STEVE GIBSON: Hey, Leo.
LEO: Good to see you.
STEVE: Great to be with you again, as always. We have today a very different episode, one that I really do believe our listeners are going to get a big kick out of, something I've never done before. A number of - there's sort of a confluence of things that came together. This is, actually this coming Sunday, May 16th, is the 50th anniversary of the invention of the laser.
STEVE: First time that it was done practically. Einstein gave us the fundamental theory back in 1917, which predicted that you could stimulate the emission of radiation, which is what the SER of LASER stands for, that you could stimulate the emission of radiation from molecules. But it wasn't until many years later, and May 16, 1960 was the day that some researchers at Hughes first made a laser lase. There was a MASER beforehand, a Microwave Amplification through Stimulated Emission of Radiation, but never super high frequency, which is to say Light Amplification through Stimulated Emission of Radiation. Anyway, the show is not about lasers. This is about something I did when I was 16 years old.
STEVE: That was sort of related. The episode is called - this episode is called “The Portable Dog Killer.”
LEO: Oh, god, I can't wait [laughing].
STEVE: Which I'm going to explain, of course. But the anniversary of the laser got me thinking about this. Also I've been - now Twitter plus one week.
LEO: How has that been for you?
STEVE: Well, we'll talk about that in errata a little bit.
STEVE: It's been really interesting. But mostly there was just a really tremendous outpouring of people. I'm approaching 5,000 followers.
LEO: Yeah. I love it. And you're posting great stuff. You took my advice to heart. You're posting a lot of great links, and it's wonderful.
STEVE: It's been, well, and I've been getting a lot of great feedback about it. And so that kind of warmed me up. And I thought, well, let's try something different, a personal episode. But also one of the other things that we've sort of talked about a couple times is something I'm constantly getting from people in the Q&A mailbag, is questions about career, like how do I get going? How do I compete? How do I get traction in the world? And so this story I'm going to tell has a moral also that sort of, I think, vividly answers that question. So we're going to have some fun in this next hour or so.
LEO: Well, we always love hearing stories from Steve. So this is good. We do have security news. So shall we start with news?
STEVE: Yeah, we have our typical lineup of calamities and disasters. This is just - this is our first podcast after the second Tuesday of the month, so of course we've got Microsoft's monthly security update. This one was very skinny, although broad. They only released two patches this Tuesday on the May 11th. But they affected pretty much everything. They're critically rated. They affect every version of the operating system which Microsoft still supports, probably the ones that Microsoft doesn't support any longer, too. And in fact they remind us again that Windows 2000 support ends in July. So Windows 2000, XP, 2003, Vista, 2008, Windows 7, and even 2008 R2. Office XP had some effect, both XP 2003 and 2007. So all the OSes and the Office suite.
They had a problem, there was a DLL overrun problem, a memory corruption vulnerability in the stack. And of course thanks to our series on fundamental computer technology our listeners have a much better sense for what a stack is today. And then also an embarrassing DNS spoofing problem where, you know, we've talked about DNS spoofing almost about a year ago, when Kaminsky exposed what was going on with servers not being sufficiently random in their queries.
Well, it turns out that Microsoft hasn't been, that in some cases they were using sequential DNS IDs, which is as bad as it gets. And in another case they were ignoring a comparison check for the returned ID. So that it was possible to spoof these operating systems with fake DNS replies. So it's like, whoops. That's fixed as of a couple days ago. So it's not a big, horrible problem; but it's something that you're definitely going to want to update, as I'm sure everyone will. And it doesn't matter which version of Windows you're using.
STEVE: So following up on - remember we talked about, months ago now, the school in Pennsylvania, the Lower Merion School District.
STEVE: Well, it turns out that, as these things go, much more research has been done. And what brought this back on my radar was just the number of pictures that had been taken of students in their homes by the IT people: 58,000.
STEVE: 58,000 pictures.
LEO: Obviously they were on and constantly shooting.
STEVE: Yes, exactly.
LEO: Oh, this is - this is criminal. Somebody's going to jail.
STEVE: Well, and so…
LEO: That's appalling.
STEVE: So they've of course been sued by the outraged parents of students.
LEO: That's appalling.
STEVE: And in a report that they commissioned, that is, that their defense, the school district's defense law firm commissioned, that they hired to defend them against this, the report said, quote, “…the district's failure to implement policies, procedures, and recordkeeping requirements, and the overzealous and questionable use of technology by IS personnel without any apparent regard for privacy considerations or sufficient consultation with administrators…” lies at the root of this problem. It's like, okay. Well…
STEVE: Yeah. Not good. But when I saw 58,000 I said, okay, we've got to - I just have to mention that again because that's amazing.
LEO: There was a power trip going on, too. I remember reading some comments from one of the IT people like, oh, yeah. She said something like - they were talking about watching these pictures. And she says, “Yeah, it's addicting, isn't it.” It's like, what?
STEVE: Wow. It's like, well, voyeurism.
LEO: She was - it was voyeuristic. It was creepy.
LEO: It was really creepy.
STEVE: Wow. I wanted to advise our listeners that there is an old worm which has reappeared in new clothing. It's using Yahoo! Messenger and is in the process of accelerating its spread around the world. It's becoming a big problem. And so a number of security firms are alerting people. BitDefender has, and Symantec has. It uses Yahoo! Messenger, so it spreads through IMing people who your friends are in Yahoo! Instant Messenger. It appears as a JPG or a GIF image, which is actually malicious code. And it's an aggressive trojan, installs a backdoor in the victim's machine which allows attackers to take over the machine to install additional malware, steal files, intercept passwords and grab other authentication information, launch spam or other malware attacks against other systems.
And, much like Conficker, although this is not Conficker, it's picked up Conficker's additional spreading tricks. So it spreads not only through IM, but also via network shares on a machine that's been infected, removable USB drives using Autorun. So this is something you absolutely don't want to get. So unfortunately it comes in the disguise of messages from people you know and trust.
LEO: Oh, it's not from a stranger.
STEVE: No, it's not from a stranger.
LEO: Ooh. They have to be infected themselves, of course.
STEVE: Yes. And so it is jumping around a lot. So just wanted to give everyone a heads-up. There is a new zero-day exploit for Safari on Windows.
LEO: I thought this was kind of funny because it wasn't - now, they say they don't know if it's Safari on the Mac.
STEVE: Yeah, well, exactly. And I don't know that it's affected anybody because who's running Safari on Windows?
LEO: Well, some people, apparently.
STEVE: Okay. Anyway, Windows Safari v4.0.5 and earlier is vulnerable. It has not been seen in the wild. It was disclosed by a security firm that said, oh, by the way, here's a way that you can abuse the way Safari handles pop-ups. And in fact it was Secunia, that we've talked about before, that's a good company. They've produced a demo where they're able to launch just the Windows calculator app, which demonstrates that they're able to run arbitrary code on your machine. So I'm sure Apple will fix this quickly, I would imagine, and there will be an update…
STEVE: …which we'll probably talk about next week or soon, I hope. That would be good. And there's been a lot of controversy about a supposed massive new problem that affects all antivirus software. There's a technique, or actually a component of Windows called a “System Service Descriptor Table,” the SSDT. And this has been making the rounds in the last few days. But Patrick Norton picked up on the fact, or somehow someone said to him, and then he actually tweeted it. I learned about it through his…
LEO: See? Twitter? See? See?
STEVE: Yeah, I know. That in fact this is old news from as far in the past as 2002. So I didn't have a chance to pursue this this week. But I wanted to let everyone know who's listening that I'm aware of this because I've been getting responses through Twitter, and I'm sure there's mail in the mailbag about this. So I will have an informed response next week to nail down whether this is actually news. What Patrick is saying is, through what he found, is that someone is claiming and is showing links to this being old news that has essentially been plagiarized, some security firm saying that this is their invention when in fact they're just taking something that was known years ago. So I don't know one way or the other. But it's something worth pursuing.
LEO: Yeah, and of course we talked about this, or maybe we talked about it on Windows Weekly. But 64-bit Windows has this kernel protection which kind of prevents antivirus companies from using this suspect technique anyway.
STEVE: Yes. In fact, well, one of the - it's been a problem that Windows historically has required, I guess I'll say aggressive techniques to do things other than run apps. And we're going to be talking, actually next week, about operating systems…
LEO: Oh, good.
STEVE: …in our continuing look at fundamental technology. But what operating systems sort of do by definition is publish a bunch of services, the so-called API of the operating system, that client programs, that is, programs running under the operating system, use in order to do what they want to do.
Well, the problem with any kind of antivirus program is it doesn't want to run as a client. I mean, it doesn't want to be like an equal citizen on the operating system because it can't, in order to do the kind of things it wants to do. If it's going to be intercepting your email, if it's going to be somehow hooking into your network and checking for spam, regardless of what clients you're using, or checking pages before they come up in your browser, it has to function very much like an addition to the operating system. It's got to get underneath and not just be operating as a typical OS client.
Well, Microsoft has never provided what we would call “hooks” for that. I mean, that's really - it's sort of antithetical to what they want. They don't want people messing with the core of the operating system. And you can understand because it's extremely dangerous to do that. That's where blue screens come from, traditionally, as you know, Leo. Bad drivers, video drivers or network drivers were the source of all these blue screens. Well…
LEO: Because you need ring zero access to really bluescreen a Windows machine.
STEVE: Correct, correct.
LEO: A modern Windows machine.
STEVE: But that is the operating system.
STEVE: And so AV systems that install their own drivers, they're operating at ring zero. They're down there. And unless the developers are extremely careful, this can destabilize the operating system. Where it's not just the app that crashes, but it takes the whole system down. Somewhere there has to be this ultimate authority in the computer, and that's the OS. So traditionally in 32-bit world it was possible to go in and hook these system calls using this, for example, this system surge descriptor table. Or I talked about the other day my own memory management auditing, which was causing those problems when we came to the attention of The New York Times and…
LEO: Oh, yeah. The server went kapooey.
STEVE: We really had a problem, right.
STEVE: Well, and the reason was, I was hooking all of my own use of global memory allocation, so doing something really not playing by the rules. But if you do it right, it's safe and can be - no one's doubting that it's useful. The problem is that there's this tension between what Microsoft wants and what developers want. Well, Microsoft ended the tension once and for all with 64 bits by just simply disallowing this behavior. They actually could technically disallow it in the 32-bit OSes, but that would break, like, all these things that are part of the ecosystem in Windows. And Microsoft, much as they may wish they could, they just can't come back and do that retroactively. So they've said, okay, from the beginning we're never going to allow this. But we are going to compensate by providing some alternative means, that is, publishing a way for these applications written for 64-bit Windows to gain permission to insert themselves into the way that they need to, to be a firewall, to be an antivirus and so forth. So that's the story there.
LEO: Yeah. And let's hope that going forward these things just don't come up anymore.
LEO: You laughed. Explosive laughter [laughing].
LEO: All right.
STEVE: So, errata.
STEVE: I absolutely wanted to chime in on Paul Thurrott's…
LEO: Oh, the copy-and-paste thing.
STEVE: I'm sure there is something broken.
LEO: Oh, this is great. I mean, it's been driving me crazy. And Paul, too, because we just thought it was us.
STEVE: Yeah, I know. And that was me, too. In fact, it's gotten so bad for me that I'm sometimes right-clicking on the blob that I select and then choosing copy because Ctrl-C just doesn't seem to grab it all the time.
STEVE: And, I mean, and I'm sure the app has focus. We should back up a little bit for people who aren't aware.
LEO: Yeah, let's explain it, yeah, yeah.
STEVE: Yeah. I was listening to you and Paul do Windows Weekly last Thursday. And Paul said, you know, he was sort of scratching his head. He said, “You know, it's occurred to me that maybe there's actually a bug that no one has ever detected before, which who knows when it came along; but it's, like, Windows is not reliably responding to Ctrl-C for copying whatever is currently marked into the Windows clipboard.” And when he said that, I mean, when I heard him say that, I thought, yeah. I mean, this is - it's been something that's been really annoying for some length of time. And I don't know when they broke it or how they broke it. But, I mean, it's not - it doesn't always not work. But it definitely - and as you said, Leo, it's so easy for the whole Windows community to think, well, maybe I just…
LEO: It's us.
STEVE: …pressed the wrong button, or it didn't have focus, or I didn't press it hard enough or, I mean, who knows?
STEVE: But as enough people are beginning to say yes, that's happening to me, too, there's this growing momentum behind this idea that there's some subtle bug in good old Windows copy-and-paste that isn't, at least in the copy side, that isn't copying. In fact, sometimes I'll be pasting what I had on the clipboard before because it didn't get replaced by the Ctrl-C. So it seems that pasting is reliable, but copying often isn't. And who knows why?
LEO: Well, you know, you probably heard him say that Microsoft's sending somebody out. They want to observe and see. They're trying to figure it out. They're not saying there's a bug. But they want to find out if there is one. And enough people are reporting. Now, during the show I said, yeah, I've had it happen to me. And I thought it hadn't - but I use Macs most of the time, and it hadn't happened to me on Macs. So I've been paying attention, and it has happened to me on Macs, as well. Occasionally on a Macintosh you will select text, do a Command-C, which is copy command on the Mac. And the Mac highlights briefly the edit menu when you do that to say, yeah, I got a Command-C, so you know that the Command-C has been issued. And you'll go to another field, and there's nothing there. You'll paste, and there's nothing there.
So my sense is, and I don't know how the Windows paste board works. I know how the Mac's does because I used to write more software for the Mac. And it stores data on the paste board with formatting, and sometimes in a variety of ways, depending on the application, what the application is saying. So the application may say, well, I want you to say this is text, RTF, whatever. The receiving application would have to understand that formatting. And my sense is that sometimes there's an impedance mismatch between the data that was copied and what can be pasted in the target program. And so on the Mac I think that's what's happening. But I don't know what's happening on Windows, or if it's related. I imagine the mechanism is the same.
STEVE: Yes, it's a very similar mechanism. And you are able, for example, you're able to copy rich text, for example, that's got, like, much more embellishments on the text, into the Windows clipboard. And then, if you paste that into an app which is not rich text-aware, that is, the app only knows plain text, then you just - it strips the rich text out and only does plain text.
LEO: Is that an OS feature? Or…
STEVE: Yeah, well, it's a feature of the app saying this is what I'm able to accept. And then Windows looks at what's on the clipboard and gives it, like, the best of what it's able to accept.
LEO: Right, right, right.
STEVE: So, but it could be something like you're positing, also.
LEO: Some sort of mismatch, yeah.
LEO: Well, we don't know. I think - I'm glad, though, that you've observed it. I have, as well. And maybe…
STEVE: Something's wrong, yeah.
LEO: You know, my motto on Call For Help was always, “It's not your fault.” Because we assume, I think it's natural, oh, I'm doing something wrong. And it often isn't.
STEVE: Well, and with something so fundamental. I mean, if we didn't have the clipboard - I'm using it constantly on the iPad. I'm using it constantly in Windows. I mean, it's just so handy for moving things around. And it's just, wow. The idea that it's something wrong with that, it's like, okay, that's - who knows when it kind of crept in? But it seems to be happening. Speaking of my iPad, I did have it hang, actually many times, but once at a perfect opportunity for me to go back to the Apple store.
LEO: Good, good
STEVE: So I showed it to them. They'd never seen one like this before. I mean, as I watched it escalate through several tiers of, quote, “geniuses” at the Apple store…
LEO: They got smarter?
STEVE: Yeah, yeah. It kept elevating it up to someone. I heard them mumbling, oh, could be a memory problem, [mumbling]. And the guy immediately wanted to do, like, the master hard reset. I said, “Whoa, whoa, wait, wait, wait, wait. That will fix it. And it's going to be fine after you do that for a while. You're not going to be able to make it happen again. I want you to see right now, acknowledge that it's not behaving correctly, that it's not responding.” I said, “This happens typically several times a day. And I'm okay with fixing it. But for a while I thought it was software. But a good friend of mine, Leo Laporte, says no, no, no, that should never happen.” And he's like, “You know Leo Laporte?” I said, “Yeah, but that's a long story.” So…
LEO: Really? Did that help?
STEVE: Yeah. Well, maybe. But a lot of people know you, Leo.
LEO: Yeah, I guess so. Wow.
STEVE: And a lot of people want to say that you're their friend, so.
LEO: I recommend that, by the way. When you go to the Apple store, always say you know Leo, yeah.
STEVE: I could have pulled Woz out, but I thought…
LEO: That's even better.
STEVE: Probably don't need Woz. And he would maybe not believe me more. So…
STEVE: Anyway, so I got - this thing got escalated. The problem is - then he goes away to try to find a replacement. We've decided we're going to replace it. And he came back out, rather sheepishly, and said, “Okay, we're going to give you an exchange. And the problem is, we don't have any.”
LEO: Oh, yeah, that's right.
STEVE: “We don't even have a hidden, secret…”
LEO: That's right.
STEVE: “…like, reserve pile anywhere. Believe me, there just aren't any.” And he said, “But we've written it up, and we're going to queue you in for an exchange. And,” he says, “as soon as we get one in the store, you're up. And so we'll send you email. The Apple store will send you email saying that your new 3G iPad is here, come get it.” And so I said, “That's fine, that's all I want.” I said, “It's not such a horrible problem that it's keeping me from using the machine. It only happens very, very sporadically, but definitely repeats.”
LEO: And I've seen enough iPads now, you know, we've gone through, you know, we have several in-house, and I've set up a couple. And I've never seen anything like that. So I think absolutely that there is something going on there.
STEVE: Yeah. It generally happens when I'm enabling and disabling networking, when I'm, like, switching between LAN and 3G, turning those on and off. I often hang in the control panel right as I, like, power up or power down the 3G. And, I mean, so that may - I may be doing that more often than most people who just sort of leave 3G on, like leave everything on. I'm big on power conservation, so I'm turning everything off that I'm not using.
LEO: Yeah, see, I never touch any of that stuff.
STEVE: Yeah. So maybe, well, anyway, I'm happy to have a new one. And if this does, if it hangs in the same way, then I'll say, okay, it's…
LEO: It's a bug associated with your behavior.
LEO: Yup. It's definitely a bug. I mean, it shouldn't - nobody should - that should not happen.
STEVE: I did tweet an interesting article that I ran across by our well-known UI guru, Jakob Nielsen.
LEO: Oh, yeah.
STEVE: You know Jakob Nielsen, of course.
LEO: Absolutely. He's been on [email protected], and I've interviewed him many times. Great guy. Great guy.
STEVE: Yeah. He had a very interesting and rather critical first look at the iPad UI, that is, sort of the problems with it.
STEVE: The fact that a lot of things are nondiscoverable. I did tweet that, if that's the word.
LEO: That's the word.
STEVE: And the short link is - I'm using bitly, so bit.ly/, and then lowercase bbnz3, uppercase M [bit.ly/bbnz3M]. And so that will take you to this report. And then there's a summary there, but also a 97-page detailed PDF with his more detailed findings. And there's enough there that I would urge any iPad developers who are listening to read that 97-page detailed report. He really brings up a lot of good points about the lack of discoverability…
LEO: Oh, I so agree. I so agree.
STEVE: Yeah. I've struggled sometimes, like to delete something. Now I get that horizontal wipe thing. And Leo, I wanted to say, I am so glad you mentioned swiping up from the exclamation point to get an apostrophe.
LEO: Isn't that a huge help? Yes.
STEVE: Oh, well, and so I wanted to ask you, are there any more like that?
STEVE: Oh, great. Where are they?
LEO: They're not documented. I'm sure they're somewhere. But the keyboard, well, for instance, another handy one. So the point of that one is that the main keyboard doesn't have an apostrophe on it, which is something you use all the time.
STEVE: Yeah, I'm big on contractions.
LEO: Yeah. But, you know, you'll find if you type d-o-n-t, that the automatic correction will put an apostrophe in. Where it really hurts is “its” and “it's” because, you know, it doesn't always do the right thing.
STEVE: Because both are legal.
LEO: Yeah. So there are a few times where it doesn't put the apostrophe in. And I think, I can't remember what they are. But you need an apostrophe. And you don't want to have to hit two keys to get an apostrophe. So if you press your finger on the exclamation mark and drag it up, the apostrophe's hiding there. And there it is. Now, you can - there's a handy one with a period.
STEVE: Oh, the double-tap spacebar.
LEO: Double-tap is one. And then the other one is that, if you want a period, a quick period, and so you go to the, you know, punctuation menu, and you drag the period up, it will then go back to the alphabetic menu. So it's a quick way to get out of the punctuation menu with a period.
STEVE: Oh, nice, not having to manually switch back.
LEO: I'd love to know more. This is why, by the way, we're going to do an iPad show.
STEVE: And I did tell you about dragging the shift key onto a letter?
STEVE: Oh, that's how you can get quick capitalization.
LEO: Oh, onto a word, you mean.
STEVE: No. For example, if you wanted capital A, rather than tapping the capital, then tapping the A, you can just drag the shift button over to the A and let go of it.
LEO: Oh, look at that. Hah. That'll save me time typing TWiT.
STEVE: Yeah, exactly.
LEO: And then, yeah, so that's great. And then the period one is, so you want to put a period in, you hit the period one two three, what was it? Oh, now I've forgotten. These come from the iPhone.
STEVE: Oh, okay.
LEO: I mean, that's - I think, look, there's some UI stuff that Apple's assuming that everybody knows from the iPhone. There's some stuff that's just not discoverable. And we talked about the other day sitting in pages in landscape mode, and saying where's the controls?
LEO: And until you go into portrait mode, you tilt it, you don't get any controls.
STEVE: And Jakob actually makes that point.
STEVE: He says it's a real problem that the UI is different depending upon orientation.
LEO: It's hidden.
STEVE: Yeah. And the other thing I'm thinking is that some things were clearly done, cleverly, I thought, for the iPhone form factor, for the iPhone screen size. For example, the fact that the scroll bar appears transiently, only when you're actually scrolling, and then fades out. Well, that's nice because you don't want it taking up space. But now that you've got 1024 pixels horizontally when you're in landscape, I'm finding, as I'm, like, looking at a PDF, I'd like to be able to look at the scroll thumb to get a sense for where I am in the document.
LEO: No, and there's no feedback, yeah.
STEVE: And there's no feedback. You've got to start a scroll in order to force that scrollbar back on. So there are some things that are - they scaled up, and they kept some of the cute things that arguably they innovated for the iPhone, which I'd rather have, like, an option to have that scroll image stay there instead of fade out. So anyway, he really makes - in my opinion he nailed a whole bunch of things. So I'm encouraging any developers to read that because, I mean, it's funny, too, because here's Apple, who portends to be all about, like, the fantastic UI and the experience and all of that, and they have draconian control over what apps make it onto the iTunes store, actually which apps make it anywhere onto their iPhone or iPad. Yet they're not enforcing any of this. And developers do have an awful lot of freedom to just make stuff up. And we're sitting here scratching our heads, like okay, trying to figure out, wrestling with the user interface.
And some people, in response to my tweet, said, well, yes, this is how you innovate. Instead of being locked into a rigid UI, new ideas are going to come up. And my response is, well, okay. The reason the telephone succeeds is that, when you're on the phone, you're not fighting with the phone. You're talking to the person. The user interface disappears into the background. And too often you're actually, I mean, pretty as it is, you're seeing the UI, and you're arguing with it, trying to get what you want, rather than it just really being there to facilitate your work. So I think he made some great points.
LEO: Yeah, yeah. It's a little frustrating. And it's true that Apple, when they first started out with the Macintosh, had very strict user guidelines. And one of the reasons it was easy to use is every application adhered to them. They've definitely wandered.
STEVE: Yeah. Well, and as the applications become more advanced, and as the screen gets bigger now, there's just more room to do wacky things.
LEO: They really need to get back to some sort of user interface guidelines.
STEVE: That would be a good thing.
LEO: Yeah. They publish them, but I think they don't enforce them.
STEVE: They clearly don't enforce them. Well, and they're - it's they who invented all these wacky keyboard shortcuts you were just talking about. So it's not like they've got a clean bill of health themselves, either.
LEO: No. I'm with you. I'm with you.
STEVE: So a week into Twitter…
LEO: The Twitter Experiment.
STEVE: I've been, you know, I've got about - I'm approaching 5,000 followers, which is neat.
LEO: We should say you have two accounts.
STEVE: I have two accounts, yes. I have just GibsonResearch, spelled all the way out like that, GibsonResearch. And then - which is sort of for corporate. I won't be talking about navel lint, as I described it last week. Actually I haven't talked about anything there.
LEO: I bet you haven't talked about navel lint even on the other one. I'm guessing.
STEVE: No. Actually a number of users have written back and said, now, is that a navel lint posting? So my personal account is SGgrc. And anyway, it's been an interesting experience for me. I've developed - I'm developing an appreciation for what I would call the “haiku” of 140 characters. Because sometimes you really do need to struggle to fit something into that space. One of my favorite tweets, shortly after I began, read, “When I'm out walking in the morning after breakfast, I see many dogs out walking their people. And I think, that's so good for those people.”
LEO: That's navel lint.
STEVE: Exactly. But Leo, how is it you're following 18,000 people?
LEO: That's a little bit of a mistake. And thankfully it's gone back down to 1,400, which I think is still too many.
STEVE: Wait. But that's under your control.
LEO: No. You know about the follow bug, right?
STEVE: That happened to you during the follow bug?
LEO: Oh, yeah.
STEVE: Oh, my goodness. I thought that was deliberate.
LEO: Oh, no. I don't want to follow all those people.
STEVE: Okay. Oh, I see. Only 1,400.
LEO: Well, in my opinion the right number is somewhere in the 100 to 200 range.
LEO: You only follow two. We've got to get you - but that's all right. You know, with Twitter there's a learning curve. And you're doing really well, Steve. I'm very proud of you. And we take baby steps. But the next step is - because you're putting great stuff in there. If you follow good people like SGgrc, you get the same kind of high-quality feedback. And it can be very valuable. You already said you learned something from Twitter. And that's from following two people.
LEO: So I think if you choose - you've got to choose carefully. What I find is I follow readily, but I unfollow even more readily.
LEO: So you see a good post from somebody, follow it. And then if it's junk after that, you just unfollow them. It's okay to follow and unfollow. Now…
STEVE: So it sort of finds its own level.
LEO: The bug was that “force follow” bug, which I'm sure you saw in the news.
STEVE: Yes, in fact I have that here in my notes. And it was funny, too, because someone sent me a tweet and said, okay, four days after you join, there's a major Twitter security problem.
STEVE: It's like, eh, well, that's…
LEO: You're following two good people, by the way, Patrick and Paul. Excellent. Just you want more like that. And you follow people of like mind. So what happened was, as you know, the bug was that - and I suspect this was in Twitter from day one and just somebody finally found it.
STEVE: I think, well, it was. Actually, they discovered it inadvertently because they - it was somebody who posted “follow pwnz.”
LEO: It was “accept” is the keyword.
STEVE: Accept, “accept” was the word, right.
LEO: And “pwnz” was what he said.
STEVE: Yes. And what he realized was, when he saw that, he discovered that that person was now following.
LEO: Pwnz was following him.
STEVE: And so it actually flowed - it was a command. It flowed from the original text command language, which in this case didn't require a pending follow request in order to accept it.
LEO: That's the error.
STEVE: Yes, exactly.
LEO: So you could force Bill Gates or Oprah or Ashton Kutcher to follow you just by saying [email protected], and all of a sudden Oprah is following you. And anything you tweet, Oprah is seeing.
STEVE: Exactly. So it was a way to get those eyeballs.
LEO: So I don't follow 18,000 people. I think if, you know, you can't effectively follow that many. So that means that roughly 18,000 people force-followed me.
STEVE: I was just going to say, during the window that this was known, all those people…
STEVE: [email protected] How funny. Wow.
LEO: Then Twitter zeroed it out. So for a while we all had nobody.
STEVE: And that's what I saw because I was refreshing from time to time, watching my follower count going up. Then it went to zero. My first thought was, oh, my god, I've been hacked, you know, somebody had gotten in. But I can't even enter my own password, so I don't know how anybody else could. And so it's like, okay, well, maybe not. And then quickly the news came up about what was going on.
LEO: Right, right.
STEVE: And how important do you think it is to have a shorter handle? I mean, I'm now understanding that, for example, it would be nice, it would be convenient for people if SGgrc wasn't so long because sometimes you're wanting to put multiple mentions in a single tweet and so forth.
LEO: Right. Yeah, I think that's good. It's hard to get a short handle now that hundreds of millions of people have used it.
LEO: I also think it's good to use your own name. In your case this is - we were talking before the show about something called SEO, the ability to find the stuff you're looking for on the Internet. And that's why I use @leolaporte because people can find that. In order to find @SGgrc - because frankly Twitter's search for people feature isn't very good.
STEVE: Oh, and if you put Steve Gibson in, there's already thousands of Steve Gibsons. So…
LEO: Yeah, it's too late for you to get Steve Gibson. So I think SGgrc is fine. I would stay with it. It's hard to find a short one. It's also - somebody's saying in the chatroom, be nice to have something people know how to spell.
LEO: So homonyms are confusing.
STEVE: Well, for example, I also grabbed “SgIsMe,” which is really short.
LEO: Lot of people will do “TheRealSteveGibson” or “TheSteveGibson.”
STEVE: But then we're kind of long again, so…
LEO: Yeah. I don't think length is that big a deal. Most people use automated - very few people use the web interface of Twitter. Most people use third-party tools that do a lot of this for them. So I wouldn't worry too much. They can cut and paste, copy.
STEVE: Okay. Well, I'm having a good time. And what I think I'm probably going to do - are you sitting down?
LEO: Uh-oh. Another one?
LEO: Just don't join Facebook.
STEVE: No, no. I'm thinking that probably what I need to do - because I am having a problem with 140 characters. There are some times where I'd really like to explain a concept in some depth, like…
LEO: Buzz, baby.
LEO: Buzz. Google Buzz.
STEVE: What about a blog?
LEO: Oh, my god. No, no, I can't - you know, if you did a blog, I would be thrilled. And that's exactly - they call Twitter “microblogging.” And a lot of bloggers found that they blogged less because they were able to post short bursts on Twitter, and that kind of satisfied their urge. But I think it's interesting, you're getting the opposite urge, which I wholeheartedly endorse. We would love a Steve Gibson blog.
STEVE: I'm running across, for example, I've tried to say some things in 140 characters which were misunderstood because…
LEO: That's right.
STEVE: …I just couldn't be expressive enough.
STEVE: And so then I'm getting people who are saying, you know, responding in a way that I wish I could have clarified. And I would have, clearly, had I more space. And so maybe the thing to do is to do a blog posting and then twitter the presence of the blog posting.
LEO: That's what - that's exactly kind of what people do.
STEVE: Because you can't…
LEO: You're already doing that. You're putting links to Jakob Nielsen's blog post; right?
STEVE: Right. Well, and now, and that brings up another problem because I'm, you know me, you can't, I mean, I won't click on anybody else's shortcuts.
LEO: I agree.
STEVE: So why is anybody clicking on mine? And so, I mean, so an advantage would be, for example, WordPress allows you to use your own domain. So it could be blog.grc.com or steve.grc.com if I wanted a corporate and a personal blog.
LEO: Of course.
STEVE: And then just slash and some number, which would be…
LEO: Well, this is a new trend which is kind of white label URL shortening. There are good URL shortening libraries that you can use on almost any platform now that will allow you to have - but GRC is pretty damn short.
STEVE: I was going to say. And I've got all my own technology, so I don't need any help with that.
LEO: It'd be an easy thing to make that be your short - instead of bit.ly, GRC.com is one letter longer. And I think then we'd know where we're going. I think that's a great idea. It is, frankly, the biggest - and Twitter created this problem. It's the biggest problem that Twitter created which is the need for shortened URLs. You know, TinyURL predates Twitter, but Twitter made it much more popular.
STEVE: Well, and Leo, I'm getting spam.
LEO: Oh, it breaks the web. It breaks the web. The web is not designed for obfuscated URLs. It's a bad thing.
STEVE: Yes. And so when I'm getting, like, really attractive-looking women who are talking to me, I'm thinking, okay, wait a minute.
LEO: Yeah, that's not good, yeah.
STEVE: There's something fishy about this.
LEO: We don't get that very often.
STEVE: And then she's sending me a link to something, it's like, whoa, wait a minute, that's not what I want to click on because we know that, I mean, it's exactly equivalent to clicking on a link in email.
LEO: Phishing. It's phishing.
STEVE: It's going to open my browser to a destination I can't even see, I don't know about. And that can be all it takes these days to take my machine over.
LEO: That's why you want to only follow trusted people. And even then, because unfortunately Twitter's security sucks, people have been hacked many times, and not necessarily through any fault of their own. So even then, if it's a suspicious message, you may want to be careful about what you're clicking on.
LEO: It's a bad model. There are a number of third-party utilities or third-party Twitter tools that will show you what the obfuscated URL, the bit.ly URL is…
STEVE: On your way there.
LEO: …in full on your way there. And I think those are - I prefer those. A good one that I use, if you want to use a web interface, is Brizzly.com. It's a web interface to Twitter. Instead of using Twitter's page, you use Brizzly. They do things like expand pictures so you don't have to click the link to see what the picture is. And they unobfuscate bit.ly URLs. There's a lot of ways to do that. Gee, now there's a lot of people listening, going why did Steve start to Twitter? Oh, god, now we've got to hear about Twitter and iPad?
STEVE: Oh, it'll be a good thing.
LEO: No. And, you know what, I'm glad you are because there are security issues with Twitter. And I think it's a valuable thing for you to be casting your beady eyes on what's going on there.
STEVE: Yup, be aware of what's happening.
LEO: Recently I've deleted my Facebook account because of the issues with Facebook is really a serious concern to me. And not so much because I, you know, I live in public. So, and I know enough to only post stuff on Facebook that potentially everybody will see. I don't put anything personal or private on Facebook. But it's coercive to use Facebook because anybody who wants to interact with me on Facebook has to join. So by participating in the Facebook ecosystem, I'm promoting what I know to be an unsafe privacy concern. So I've decided to completely opt out of the Facebook ecosystem. In a way that hurts us because we use Facebook to promote TWiT.
LEO: But I feel uncomfortable coercing my users into using Facebook to follow me.
STEVE: I should say one of the things I appreciate about Twitter, and for those listeners, I mean, I know there's tens of thousands of listeners who are probably where I was a week ago. If anyone's curious to see what I've been tweeting, you just say Twitter.com/SGgrc.
LEO: You don't have to join.
STEVE: Right. And there, sorted from most recent to least recent, is the history of my tweets - god, this is…
STEVE: …strange vocabulary - over the last…
LEO: You'll get used to it.
STEVE: …over the last week. So if anyone's curious, Twitter.com/SGgrc, and you can see what I've been tweeting.
LEO: By the way, here's the Brizzly interface to Twitter. Very similar, but you see all of your bit.lys have been expanded. So now instead of saying bit.ly it says useit.com. And so I know exactly where I'm going, which is really, really a good thing. It also has a few things that are handy for Twitter users. For instance, it explains what the trends are. So if you see Teresa May is a trend on Twitter, you can see why Teresa May is a trend on Twitter, and that's helpful. It's a web-based interface. And if you have multiple accounts, as you do, it allows you to maintain both accounts on a single page.
LEO: So that's just my little plug for them. But I'm glad you're looking into security on Twitter. Keep doing that.
STEVE: Will do.
LEO: Okay, I'm ready for the story of the dog that ate the laser, or whatever that is.
STEVE: Okay. Well, so it's 1971, and I'm 16 years old, a sophomore in high school. And we had a real problem with a dog in the neighborhood. I don't know if this dog was clinically rabid or what its problem was. But it was about two blocks away from where I lived. And the people who owned this dog had sort of an RV trailer or something parked in the backyard, and a fence which went right up to the sidewalk which contained, not only this RV, but this unbelievably vicious dog. And so the fence had a gate where sort of this driveway was, right onto the road. But this was not, like, their main garage entrance. And the fence, the two wings of this gate were pinned just at the bottom, so that it was sort of flapping open if there was any pressure on it.
So what would happen was, for I don't even know how long this was going on, but, I mean, it was a serious problem, people walking by the sidewalk would virtually be attacked by this amazingly vicious dog. I'm a dog person. I grew up with dogs. I love dogs. Actually at the time of this going on I had a redhead cocker spaniel. And so this dog was just unbelievable. It would scare the bejeezus out of people because they'd be walking on the sidewalk, and this thing would hear them and come galloping through the backyard and lunge at the top of this gate, which looked like it was about to spring open.
And, I mean, and the dog, I think it was a German shepherd, I can't quite remember the breed now, but, I mean, it was big. And, I mean, the owners, I don't know what could have been in their mind. They must have known this was a problem. They must have been getting complaints from people. But times were different then. Dogs were not on leashes. Kids were not on leashes. I mean, dogs roamed the streets. Times were, as I said, this was 39 years ago. But finally one day, as I was coming around my block, there was this elderly lady - and this all happened in San Mateo, up in Northern California, which is where I was in junior high and high school. And this dog scared this elderly lady so much that she tripped and fell off the sidewalk into the street. I mean, it was that big a problem. It was just unbelievable.
And so I thought, okay. I need to take matters into my own hands. This dog needs some training that this is not okay to rush people and lunge at the gate and look like it's about to jump over the gate. And the gate looks itself like it's about to give way because it's only pinned at the bottom and wasn't closed at the top. So I thought, in order to train this aberrant canine, I need to do something that will shock it, something - give it an experience which is negative which is completely outside of its normal daily experience. So I thought, I need some sort of a sonic, loud sonic weapon. So…
LEO: Oh, Steve [laughing]. I can see where this is going.
STEVE: Oh, this - actually this has unforeseen consequences, which is part of the moral of this story.
LEO: The case of the aberrant canine.
STEVE: So my parents were divorced at the time, my father and his wife living up in the city, in San Francisco. So my sister and I would jump on the train Friday afternoons and take it up to San Francisco, and then the trolleys over to the marina on the other side of the city, where Dad and his wife were. And then Saturday mornings was sort of free-for-all time. Basically, it was “Kids, get out of the house. Go play.” I mean, as I said, times were different 40 years ago. And one of my favorite areas in the city was Mission Street. It was a couple blocks out of the city from Market. That's one of the main - like Market Street's the main drag. And back then Mission Street was lined with war surplus stores.
LEO: I think it still is, actually.
STEVE: Is it still?
LEO: Yeah, I think there's a bunch of Army surplus stores down there, yeah.
STEVE: Okay. And so I was hacking when I was five. In fact, on my rsum page there's a picture of me that Dad took before I was five years old, in the backyard building something with wiring circuits and things. I mean, I just had this drive from forever. So for me, I would just - I could spend hours in these war surplus stores. I mean, radar sets, dynamometers, all just - it was like nirvana for me. But this particular weekend I was on a mission because I had to build some sort of a sonic beam weapon in order to deal with this dog. So…
LEO: [Laughing] Was there no parental supervision at all?
STEVE: None at all.
STEVE: No, they'd given up.
STEVE: I'd beat them to - beat them senseless.
LEO: That's just Steve.
STEVE: They knew I was a good kid. They knew I was not going to get them into any real trouble.
LEO: No, right.
STEVE: I mean, the Boy Scouts of America might disagree with that, but that's a story for a different time.
LEO: I mean, most parents, if they heard the phrase “sonic weapon,” “military surplus store,” and “dog,” might exhibit some concern.
STEVE: Yeah. Mom just said, “Okay, I don't know what you're doing, just don't kill yourself.” So I found the pieces I needed. I don't know if it was over one week or several visits. But I found this amazing, like, grip from like maybe a helicopter trigger handle or something. But, I mean, it was a gun grip with a switch in it. Which was like, okay, perfect. And I needed a transducer, some sort of a high-frequency, high-powered transducer. And rummaging around in these bins with my sister sort of in tow - she's two years younger than me, so she was 14 and just sort of following big brother around - I found some sort of a piezo - it was in like a black steel casing, a piezoelectric crystal with a pointed silver dome. And I said, oh, that looks like the right kind of thing. So, and none of this cost anything. It was 50 cents for this, two bucks for something else. And so I got those things. I also found just a perfect photoflash parabolic reflector that at the widest part it was probably about maybe 10 inches in diameter.
LEO: This is very Tom Swift here.
STEVE: Oh, this, I mean, this is what happened. And so, like, then I needed a body for it. And in San Mateo down on 42nd Avenue was, like, a real electronics store. Not like a Radio Shack that was just kind of cheesy. This was 42nd Avenue Electronics. And so I found a steel little mini box to - I think it was, like, two inches by two inches by six - to be the body of the gun. And then set about building this sonic weapon. There was a chip at the time called the 555, the NE555. I think Signetics innovated this thing. It was this incredibly versatile oscillator.
LEO: What year was this?
LEO: Oh, this is very early in terms of microprocessors, yeah.
STEVE: Yeah. Oh, we didn't have those. No, no, no. I mean, and my first job was - it might have been this same year, or the year after, with - this is where I encountered the PDP-8 for the first time.
LEO: Aha, aha.
STEVE: So I built an oscillator. And I wanted the frequency to be, I mean, I understood that dogs have very sensitive hearing, and they're able to hear outside of the range that we can, like the classic dog whistle where we blow it, and the dogs perk up. We sort of hear maybe like air blowing, or maybe we can get a sense of something. But on the other hand, I didn't want it to be supersonic because I wanted to know if it was working. So I wanted to be able to hear it, too. So I pitched it somewhere like around 15 KHz, is my guess, way high, but still audible to us.
And I had a - I remember that I had power settings. Remember that at this time “Star Trek” was happening. And so of course they had phasers. And so I was obviously modeling this on something sort of that I'd seen in science fiction. So I had, I remember, a knob on the back with - it had four positions: off, just so you wouldn't hit the trigger by mistake; and then three power settings. And I had three different colored dots that I got at the stationery store, a green dot, a yellow dot, and a red dot. And this thing had three nine-volt transistor radio batteries in it. So the green dot gave it nine volts on the output stage. The yellow dot was 18 volts, and the red dot was 27 volts, all three batteries ganged in series.
And so I assembled the oscillator, built the output, the power amplifier stage that was transformer coupled to this piezoelectric transducer, and it worked. Then I built this thing together, you know, mounted the pistol grip on the bottom of the box, this perfect photoflash parabolic mirror on the front, and then positioned the transducer in the focus of the parabolic mirror so that it would work. And the machine was finished. Now, back then I was 16. I called this the “portable dog killer.”
LEO: Not worried too much about SEO, I guess.
STEVE: Well, exactly.
LEO: Or police.
STEVE: And, I mean…
LEO: Or the ASPCA.
STEVE: It wasn't that I wanted to kill this dog. Certainly not. But the dog would have killed anybody walking by if it could get loose. I mean, this thing was out of control. So the name was more inspired by the fact that the dog was the killer than that this was going to do any killing. I just wanted to teach the pooch that it's not safe any longer to go lunging at passersby. I mean, literally, the fence was at the edge of the sidewalk. And, I mean, this was a hazard to public health. And frankly, I was probably saving the dog's life, or I hoped to, by training it not to do this because sooner or later something horrible was going to happen, and the dog would be put down. So, I mean, it would just - that dog would be destroyed.
So this thing, oh, my god, it really worked. Two things I remember about it vividly is I was surprised by how quiet it was off axis. That is, it really did, this parabolic mirror really did focus the beam of sound that it produced so that it wasn't - it didn't hurt you at all to, like, be behind it, to be the shooter, or even to the side. But boy, you aimed this at yourself, it was - it made the weirdest sensation. There was, I think it was probably…
LEO: You felt it. You didn't hear it, but you felt it.
STEVE: Well, there was, like, this - yes. No, no. You also heard it. I mean, it was pitched down low enough that it was, I mean, it was really loud. But something about the phasing of it with your ears, it made this weird sort of like bone-crunching feeling in the middle of your head.
LEO: Oh, dear.
STEVE: It was just strange. Anyway, I thought, well, this ought to do the trick. So I snuck up to the gate the first time and did, you know, “Here, doggie,” or something to the effect. And I heard [galloping and roar], as it always did. And I blasted it in the face pointblank.
STEVE: Now, the dog made…
LEO: Now, it's not lethal. We should emphasize.
STEVE: It's not lethal, no. And the dog was never hurt. I mean, it wouldn't hurt ants. It might make them go around in circles, but it wouldn't hurt them. The dog's legs collapsed, I mean, they fell out - it fell to the ground and then ran as fast as it possibly could away. So I thought, okay, round one. And an hour later I came back and, like, nudged the fence a little bit, and I heard [galloping and roar]. And I blasted it again. And this went on for a couple hours.
LEO: [Laughing] Oh, geez.
STEVE: And then I remember…
LEO: We are not recommending this. And we will not - this may not be your first blog post is the plans for this device.
STEVE: No. So…
LEO: I don't want the ASPCA calling me.
STEVE: Well, like I said, this ended up working out well for the dog, I really believe…
LEO: Oh, no. Oh, no.
STEVE: Because a few hours later I went up to the fence, and the dog didn't attack. And I will never forget carefully - because, I mean, this thing was really, this would have taken your head off - peeking over the fence. And there was the dog. I could see its nose and one eye peering fearfully around the corner of the house.
LEO: There's something over there, I don't know what it is.
STEVE: [Laughing] So I was delighted with this. And I think it took about three days before the first shot of the day wouldn't, like the dog was realizing, okay, this is just not something I'm going to be able to continue doing. This had been its favorite thing, attacking people, for who knows, I mean, for months or years. I mean, it was sort of a known problem in the neighborhood. And it was finally when I saw a block away this poor elderly lady literally blown off the sidewalk…
LEO: Oh, dear, yeah.
STEVE: …I said, okay, this is not okay. So that was done. Now, my buddies at school had sort of been aware of the project. I was telling them what I was doing.
LEO: Steve, you must have been such a cool kid. I am - this is so cool.
STEVE: So they wanted to see this.
LEO: Sure they did.
STEVE: So it was, I think, okay, it's show-and-tell day. So I brought the portable dog killer to high school. Before first period, the gang had gotten together. We had what we called the MRC Gang, which was the Math Resource Center. In other words, this is the…
LEO: Nerds. Geeks.
STEVE: …geek, this is the nerd group of the high school, a Math Resource Center group.
LEO: Oh, boy.
STEVE: And I don't remember which one of us it was, but we had a real problem in the school. And I need to explain a little bit about the structure of the school, the layout, because this comes into play here in a little bit. Aragon High School in San Mateo was in the form of, like, a huge square doughnut. So it was hollow in the middle, and there was an Olympic-size swimming pool and some other concrete, sort of on a lower level. And then sloping up from the lower level, up to the normal class level, was this huge green lawn with some trees. And, you know, we called it “the quad” because it was a quadrangle. And then in the inner perimeter was sort of sidewalk, and against the wall were all of the student lockers. So it was this, you know, large square structure, one single structure was the entire high school with then classes all around the outer perimeter. And sort of going down in spoked halls from this center quad.
Well, we had a problem with seagulls. You know, we're not far from the ocean. I don't really know where the seagulls came from. But they were constantly circling around, and no doubt looking for potato chips or unguarded sandwiches or scraps of food that students would leave behind. And of course unfortunately they created a big mess just with their own droppings. Someone, and I don't remember now who…
STEVE: …shot a seagull with the portable dog killer.
LEO: Want to emphasize, at this point, for those just tuning in, the name “dog killer” is…
LEO: It doesn't kill. It's a sonic blast that is harmless.
LEO: But annoying.
STEVE: Yes, well, what it did was it nearly knocked the seagulls out of the sky. Now, we're 16 years old.
LEO: Oh, dear. Oh, dear.
STEVE: Pong won't be invented for another year.
LEO: Oh, no.
STEVE: Until 1972.
LEO: Oh, no.
STEVE: We had no videogames. Until now, we didn't have any kind of a beam weapon. We saw it on “Star Trek,” of course. Now we had one, and it shot birds. Now, it didn't kill them, but it definitely surprised them. And this was the best thing that had ever happened to us because it was like, something was reacting to this. It was fantastic.
LEO: Sure. The nonlethal bird stunner.
STEVE: Yes, it was fantastic. And so Aragon High School was performing an experiment in the district. This was the second year of what was called “flexible scheduling.” More like college scheduling, instead of all students being in classes periods one through seven, we had blocks of free time scattered throughout the day, different times and different days of the week.
LEO: Santa Cruz High did that, too, when I was there, at the same time, yup.
STEVE: And so what happened…
LEO: Very trendy.
STEVE: Very trendy. And we loved it. What happened was, that meant that various of us in the gang had free time in different slots. So then it became a matter of handing the gun from one to the other. And basically we would, in small groups that were free during that period, lay on the grass, having target practice.
LEO: Oh, man.
STEVE: You know, shooting seagulls. Which was just fantastic. I mean, each seagull reacted a little differently. But there was definitely a reaction. I mean, you knew when you got a shot off. And so that's the way we spent the day. It was just, you know, we were having the time of our life.
So at this time I was creating curriculum for the third year of electronics. The high school had Electronics I and II, which was the first two semesters of the first year, which taught basic electrical theory using tubes, unfortunately. And the professor, Harold Ferrin [sp], was a neat guy, old, gnarly, ex-Navy guy, and tubes was what he knew. For him, transistors was a big deal. He wasn't quite sure about them. That was Electronics III and IV in the second year of electronics. And of course this was - I felt like I'd died and gone to heaven, to actually be in school taking electronics. I mean, here I already knew electronics. I'd force-fed myself…
STEVE: …this stuff, you know, years before. But now I was actually getting credit for it and had a lot of enthusiasm for it. And at one point I said to him, I guess in my second year, I mean that year, my sophomore year, I said, “Mr. Ferrin, why - what about digital electronics? Why - it's nice that we learned about tubes last year, and transistors are good, but the future is digital.” And he said, “Well, I don't know digital.” And I said, “Well, it's really not that hard.” And he said, “Well, why don't you teach it?”
STEVE: And so during my sophomore year I created an entire curriculum for third-year electronics, which we created there. And I heard years later that it had gone district-wide and was being taught throughout the whole San Mateo Union High School District.
LEO: That's so neat.
STEVE: So the point of this is that, after school, I would go into the electronics lab and work on this stuff. And I had free rein. I'd come to the attention of the administration very early on. I think it might have been the incident with the shock machine. I'm not quite sure what the first…
LEO: The shock machine.
STEVE: Oh, yeah. Well, that's another story.
LEO: Another story [laughing].
STEVE: So but Mr. Ferrin knew that he could trust me. And he would leave, and leave the doors locked. And I just…
STEVE: My requirement was just - oh, yeah, I mean, I was trusted - just to, you know, make sure that I'd pulled the door behind me. So this afternoon of the sonic beam weapon, I was probably leaving around 4:30. And so the school was completely deserted, nobody there. I mean, literally, it was completely empty, the whole quad was empty. I went to my locker, got the books that I needed, got the portable dog killer out of the locker, which is where I had stowed it at the end of seventh period. And to this day I don't know what I was thinking.
LEO: Oh, no.
STEVE: Because I saw on the far other side of the quad Mr. Archibald, the assistant principal. And so…
LEO: No. No.
STEVE: …there was good cover where I was.
LEO: No. No.
STEVE: We had these big concrete containers for the garbage and big cement planters. And so I crouched down behind one of these cement garbage can containers and shot Mr. Archibald with the portable dog killer.
LEO: Oh, dear. Oh, dear.
STEVE: Now, I mean, it was a long way away, he was, and I was hidden. What completely jarred me was his reaction. You would think that a regular person being shot at great distance by a sonic beam weapon would be a little confused. They'd look around, kind of like look up maybe, it's like what is going on. Not Mr. Archibald.
STEVE: No, he couldn't see me. So I was hidden. I was undercover. He spun around. And that's what took my breath away. It's like, oh, my god. I just - I didn't expect a reaction like that at all. And he stood there motionless, trying to take in the entire scape of this huge high school quad. And he just - he was motionless. And he was looking for, like, anything. And so I'm thinking, oh, my god. So I was probably starting to shake at this point. But I kept my cover. And he stood there, slowly looking from side to side. And then he appeared to give up. And he turned back around and continued walking in the direction he had been before.
[Clip] And I've gotten word that a child is using his imagination, and I've come to put a stop to it.
LEO: Principal Skinner. On his way.
STEVE: So I stood up and started to get the heck out of the quad. But I kept one eye on him, of course, because he was the danger.
LEO: Oh, yeah.
STEVE: Well, he had faked me out.
STEVE: He spun around again and saw me.
[Clip] I saw that.
STEVE: And pointed at me. Pointed at me and then beckoned with his other hand.
LEO: Oh, oh, dear. He's smart. How did he know?
STEVE: Oh, this was, well, you know…
LEO: I guess you were well known by now.
STEVE: Well, yeah. I was. And so we met about halfway in front of the office wing. And he - and I was doing everything I could with my body language to have this gun be as inconspicuous as possible.
LEO: What did it - it had this parabolic thing.
STEVE: Oh, it wasn't inconspicuous at all. I mean, it was clearly a gun.
LEO: Like a ray gun.
STEVE: I mean, it was a ray gun. That's the way I designed it, you know, with a power control knob on the back with green, yellow, and red, and a big reflector out the front. So it was dangling at my side, sort of as inconspicuously as possible. So we approached. And he looked at me, and he said, “Steven?” I said, “Hello, Mr. Archibald.” And he looks down at it and then back at me and said, “What is that?”
LEO: Oh, boy.
STEVE: And I said, “Well, it's a sonic beam gun.” I wasn't going to use its real name.
STEVE: And he said, “I see.”
LEO: I see.
STEVE: “And did you just shoot me with it?”
STEVE: And I said, “Uh, yes, sir, I did.”
LEO: Well, you're very honest, Steve. That's good.
STEVE: Oh, yeah. I'm, you know. And, I mean, there wasn't much - there wasn't much choice of answer…
LEO: Not me. No, I didn't shoot you, no, sir, no, unh-unh.
STEVE: …at this point. And so he said, “And where did you get that?” And I said, “I built it.” He said, “You designed it?” I said, “Yes.” And he said, “Why?”
STEVE: So I gave an abbreviated version of the dog story, about training this dog.
LEO: Oh, yeah.
STEVE: So it does not attack people any longer that were walking by on the sidewalk. And he said, “And was that successful?” I said, “It was.” And he said, “And you brought it to school this morning.” I said, “Uh-huh.” And he said, “And were you shooting it all day long?” And I said, “Um, well, it turns out that it also shoots seagulls and pretty much knocks them out of the sky.” And he said, “I see.” And so I said, “My friends and I…” He said, “The MRC Gang?” I said, “Oh, you know about that?” He says, “I know everything.”
STEVE: And I said, “Well, yeah. We were sort of handing it around during our various free periods for target practice.” And he said - oh, and I said, “It didn't seem to be a problem.” He said, “Oh, we'll be talking about problems in a minute.” And he said, “We began getting phone calls in the morning from teachers all over the school who were reporting high-frequency sounds.”
STEVE: They didn't know what was wrong. They thought maybe the heater system had gone on the blink. And I said, “Oh.” And he said, “So we called the district engineers.”
LEO: Oh, boy.
STEVE: “And they came out, and they heard these sounds, too. We heard them in the office wing, as well. Everyone was hearing them. And they thought maybe it was the ultrasonic alarm system that protects the school had gone on the fritz. And of course we couldn't close down the school with an alarm system that wasn't functional because there'd be all kinds of consequences for that. So they worked on the alarm system, trying to figure out if it had gone wonky somehow. So now we know what it was. It was you and your sonic beam weapon.” He said, “I guess I'm glad you shot me because the mystery is solved.” He said, “Now, I want you to take that home.”
STEVE: “And I don't want to ever see it or hear it again.”
LEO: I'm amazed he did not confiscate it.
STEVE: He did not. Well, he knew me. I mean, I was…
LEO: You were a good kid.
STEVE: I was a good kid. I'm sure that the office knew I had permission even to stay in the electronics lab after hours and all that because, I mean, Ferrin was very much by the book, being ex-Navy. He was not liked by most students, who thought he was way too rigid. I just thought he was great. So I took the gun home, put it on the shelf. My friends and I were all very disappointed. They were all anticipating many more days of target practice. Although, to be fair, I have to say that by the end of the day there really weren't so many seagulls any longer, circling around overhead.
LEO: Trained them, too, I guess.
STEVE: Well, I think they decided this is not where we want to be.
STEVE: So that's the story of the portable dog killer.
LEO: Unbelievable. Steve, what a great story.
STEVE: And when I was thinking about this, I was thinking about all the email that I've received during the podcast from young listeners who wonder how to get going, how to get started, what would I recommend? How do they differentiate themselves? And the second employee at Gibson Research Corporation, one of the most brilliant engineer programmers I've ever known, a guy named Steve Ranck, went on to found a couple gaming companies. He has one now called Specular Entertainment. His first one was Swingin' Ape, which he sold to Blizzard. And what stood out in my mind about Steve actually is really that, like me, he was building things from the beginning. Nothing could stop him from building things. He was involved. I mean, I heard about all the projects that he had built, much as I had, as a kid.
LEO: It's a good sign, isn't it.
STEVE: Well, that's my point, yes, is clearly there were incredible unintended consequences from my creating this gun to train this incredibly vicious, ferocious dog. But that's what happens when you build things. Nothing happens if you're sitting behind a screen shooting aliens in a videogame. Doesn't happen. All the discoveries that have been made have been made by people experimenting.
LEO: Do something, yeah.
STEVE: You know, Tesla was building all kinds of things. And you can't know what you're going to learn until you're confronted by it. You've got problems. Something happens you don't expect. I mean, it's just - it's amazing how opportunity-rich the environment is. But if you're not in it, you're not going to get the opportunity. And so what I would encourage people to do - Steve and I are still good friends. We get together every so often. And we sort of reminisce about the projects that we built and think to each other, can you imagine being a 10 year old now?
LEO: Wow. What opportunities.
STEVE: With all the stuff there is? I mean, there are these things, programmable gate arrays, which are just amazingly powerful, where you can use software to program logic in, like, softly in this. I mean, I don't know what I would, I mean, there just isn't enough hours in the day as it is for me. But if I were a 10 year old or a 12 year old or 15 year old, I would say turn off the videogame. That's doing nothing. Build something. Build anything. I mean, the feedback you get, the fun, but mostly the discovery. You will end up discovering things that you cannot predict, you cannot know about. That's the nature of it. But I just think that's something that our pasteurized world has sort of lost a little bit of. I mean, this sounds like a wild story. I guess it was probably a little wild in 1971. But probably not as wild as it sounds today.
LEO: Today the Department of Homeland Security would be coming to your door.
STEVE: Exactly, yeah. So…
LEO: But it's a very good - I even have, in a very small way, a similar story. And it did start for me with videogames. I got an Atari 2600. But what the game did is made me think, oh, I want to know how this works. And it doesn't have to be a physical thing you're building. It's easy to build software.
STEVE: Oh, yes. In fact, that's where I've switched to.
LEO: Yeah. Yes. And everybody has an opportunity now, for free. There are so many great choices. There's Alice.org, a great way to start littler kids on object-oriented programming. And there are so many things out there, just, yeah, I think - but I think there has to be that little seed in your brain, which you obviously have, Steve obviously has, where you get inspired to say, I want to make something. So, and I think there will always be people doing that.
STEVE: I think it's a - maybe it's a matter of empowerment. I mean, now, I will say that my dad did encourage me. I mean, one of the things that I did when I was five, we would go down to the docks in Oakland and buy a hunk of electronic gear coming off of the naval ships down there. And they hung it on a fishhook, a big, huge fishhook, and you paid for it by the pound. And the car looked like its suspension had gone broke in the back because this thing was in the trunk. And we'd bring it home, and he'd sit it in the middle of the garage. And he'd say, okay, go at it. I mean, there was nothing I wanted to do more than tear that thing apart. And he says that he knew that I was internalizing the work of the country's best engineers as I was taking this apart. And he thought that someday I would start putting things back together again. And it turned out that was sort of the path I took.
So there has to be, I think, some encouragement. But as you said, also some spark. And nothing could stop me from this kind of inquiry. And so I would just encourage people to get involved, to do something, I mean, something proactive, something creative. Not just passive, because passive, nothing's going to happen that way.
LEO: I think that it's probably the case that there are people who just don't have that spark, and they're going to - look, we need people to flip burgers. And those people, not everyone is going to be a maker. But boy, if you see that spark in a kid, just encourage it, don't discourage it.
LEO: It's a great lesson. And you know what, thank goodness that Vice Principal Archibald didn't beat you up over this. He knew, he sensed that this was something that was appropriate for you to do. He made sure you didn't do it at the school.
STEVE: Yes. And he understood it was completely unforeseen, there was no way I could know.
STEVE: Or that, oh, I forgot to tell you one thing he said as I was leaving with the gun and breathing a big sigh of relief. He said, “Oh, there's one thing, Steve.” I said, “Yes, sir?” He said, “Next time something appears to go wrong with the high school, we're going to track you down first.”
LEO: We're calling you [laughing]. I think that's wise.
STEVE: Just because, I mean, he went through so much trouble. I mean, bringing people, engineers out from the district, crawling around to figure out what had gone wrong with the heaters, and then with the ultrasonic alarm system, I mean, I don't like to think about the expense that they went through. But he realized, had they just said, “Steve, are you doing anything strange today?”
LEO: What are you up to there, Mr. G? I think that's just a wonderful story. And I would have to ask, I don't supposed you still have the portable dog killer.
STEVE: I have a lot of my paraphernalia. I've got - I did do helium neon laser guns later in life, and I have some of those. But I don't know what happened to this. I went to Berkeley and then moved to Southern California. And at one point there was - I actually had a lab upstairs in San Mateo. That's where this was built was in Steve's - I'd be “in the lab,” as they put it, when I was called for dinner, which is where I built this. So, and it was just sort of an extra room that I commandeered. I said, okay, this is mine. This is my space. I need a lab. So at one point there was a purging of all the stuff I'd left behind.
LEO: Yeah, of course, yeah.
STEVE: I think that that happened. I mean, I can see it clearly in my mind. And of course many people were witness to all this craziness. But, and my life was a series of wacky adventures like that. We'll share one every so often.
LEO: I love that spirit. And you know we celebrate that spirit today with the maker, MAKE magazine, the maker faires. And there is this notion of making which is focused, I think, on physical making, which is a great thing. But it's fine to make with software. In fact, more than ever we need software. And that's perfectly appropriate. And I think kids should learn…
STEVE: It costs nothing. Costs nothing.
LEO: Costs nothing. You don't get your hands dirty. And most of the time the principal doesn't confiscate your program.
STEVE: And, frankly, when people have asked me, and I've said this before on this show, how do I learn this language, how do I learn this, or how do I learn that, my answer is, solve a problem with it.
STEVE: That is, you just can't sit there, I mean, reading a book about a language…
LEO: Abstract is not good.
STEVE: …is dry.
STEVE: So come up with something you want to do and make yourself do it in that language. I mean, there's no hurry. There's no deadline. Doesn't have to be tomorrow. Just start. And when you start, the rest will flow.
LEO: Such a great moral. I hope - anybody listening to this show is probably in that category of maker and doer. And, I mean, you wouldn't be listening to the show if you didn't have that spark. But it's good for us to remember, spread it around, let others get involved. We're going to - I want to sponsor at my kids' high school a FIRST Team, the robotics competition this fall.
STEVE: Oh, neat.
LEO: Because that's an example of - it's an institu- truth is, it's better if the kid goes off and does it on his own and gets in trouble, like you did. But failing that, at least if there's some sort of institutional encouragement to do that, and some opportunity to do that, that's a good - gets you started.
STEVE: Well, and it does, frankly, it does fit today's world more than building sonic beam weapons fits today's world.
LEO: Yes, yes.
LEO: Great, great show. Thank you, Steve. I really appreciate it. Always a pleasure. And this was a good one. I'm glad you took a little time. And I don't know how much Twitter had to do with this, but I'm glad that you were inspired. I look forward to the blog. I presume it'll be at your website, GRC.com.
STEVE: Yup, it will be. I'll announce it on the show and certainly through the followers who are following me on Twitter.
LEO: Good, good.
STEVE: And I'll have it up here probably by next week. And again, it was - I want to remind people it was the 50th today, well, not the day, this week, the 16th, the 50th anniversary of the invention of the laser.
LEO: Isn't that cool.
STEVE: And so you can see what the tie-in was. That's what sort of got me thinking about my own beam weapon and the story that it begat.
LEO: Isn't that great. Steve, thank you so much. Go to GRC.com for Steve's stuff - 16KB versions of this show for those of you who have limited bandwidth. And Steve's great, he edits this down and makes it available to you. He also does transcriptions on his own, out of his own pocket, and we thank you for doing that, Steve. That's all at GRC.com, including the show notes. And once you're there, you've got to get SpinRite, the world's best hard drive maintenance and recovery utility. I mean, following in the spirit of the portable dog killer, this is the portable hard drive cluster mess-up killer, sort of, 64K.
STEVE: We know what you meant.
LEO: Also great free stuff, lots of it, ShieldsUP! and all his great programs. GRC, Gibson Research Corp., GRC.com. Follow Steve on Twitter, I have to add this now, @SGgrc. And GibsonResearch is the Twitter handle for the corporate account. But the fun stuff is at @SGgrc. Steve, we'll see you next week…
STEVE: Thanks, Leo.
LEO: …on Security Now!.
Copyright © 2010 by Steve Gibson and Leo Laporte. SOME RIGHTS RESERVED. This work is licensed for the good of the Internet Community under the Creative Commons License v2.5. See the following Web page for details: http://creativecommons.org/licenses/by-nc-sa/2.5/.