Live from Austin!

GamePro reports NPD sales data:

Of note, these are sales to end users, not number of consoles shipped; Microsoft prefers to cite the latter.

The Wii is now the #1 console in the US by installed base. So it seems as though as predicted, the Xbox 360’s best days could be behind it.

Once Sony got their act together and shipped a bundle with the rumble controller packaged along with the console, sales took off. When the 80GB PS3 with rumble controller replaces the current 40GB package, expect sales to rise again. It won’t take long to erase the lead in installed base Microsoft has.

This week, people are making a big thing about the announcement that Final Fantasy XIII is going to be cross-platform, appearing on the 360 as well as the PS3–but only in the US, as nobody in Japan has a 360.

I don’t see the Final Fantasy announcement as all that big of a deal, when you look at all the former Xbox exclusives that are now on the PS3 or will be soon.

• Saints Row was the Xbox’s supposed GTA-killer, and Saints Row 2 is going to be on PS3.
• BioShock was the 360’s highest rated game of 2007 on Metacritic. It’s now coming to PS3, with "graphical improvements".
• Half-Life ’s developer Valve was always a staunch Microsoft supporter, with Half-Life 2 an Xbox exclusive–but The Orange Box came out for PS3 earlier this year. (I’ve picked up a copy–FPSs aren’t really my thing, but I want to play Portal.)
• Elder Scrolls IV: Oblivion made it onto the PS3.
• Dead or Alive 4 is being ported, and it’s rumored that the sequel may be PS3 exclusive.
• Ridge Racer 6 was Xbox 360 only, Ridge Racer 7 switched to PS3 only.
• Full Auto was Xbox 360 only, Full Auto 2 is on PS3.

So looking at the high profile well-reviewed Xbox exclusives, that leaves Command and Conquer, Project Gotham Racing, Mass Effect, Gears of War, and of course Halo. (Dead Rising is heading to the Wii, along with Beautiful Katamari.) It’s a good job Microsoft bought so many game companies, or they would hardly have any exclusives left at this point.

So the video game industry will avoid Microsoft domination for another generation. I think this is a good thing.

Ever wondered how Microsoft managed to launch a game console that routinely overheated, burned out, and had to be replaced?

EE Times has the story. Microsoft decided to try to save a few bucks by designing a key graphics ASIC themselves, instead of going to a company with experience in chip design. They sent their design straight to the fabricators. It was only when the console was in full production that they learned about the overheating issue. Oops.

1. Calumny
2. Candelabra
3. Colonic
4. Cabalist
5. Canker
6. Capitulate
7. Cadaver
8. Cornhole
9. Catamite
10. Colostomy

Seriously, though, who thought it would be a good idea to give them all nondescript one-word names beginning with ‘C’?

One of the problems of working in tech is it can get annoying when you see lots of money being spent solving the wrong problems, or implementing completely ineffective solutions.

Take credit cards and RFID, for example. There’s a big push in the US to include RFID in every card. I’ve had a card with RFID for just over a year now. The benefit to me? Theoretically, I can hold the card against the card reader, instead of having to swipe it through the slot.

That’s it.

And I say "theoretically", because in the half dozen times I’ve tried it at local stores that have the equipment, it has only worked once. In every other case, I’ve had to fall back to swiping the card through the slot instead.

This is dismal. Why the hell are companies like American Express spending millions of dollars on this RFID crap that doesn’t even work, when magnetic stripes are far more reliable and get the same job done?

If they wanted to spend money on an actual problem, they could implement two-factor authentication like PayPal are doing and wipe out fraud. I’ve seen credit cards with displays built in, it’s quite possible.

Instead, they started checking expiry dates. Then when all the merchants started recording the expiry dates in their databases and the criminals got lists of card numbers with expiry dates, they added 3 or 4 more digits to the the card and called it a Card Verification Number. Now vendors are recording those, and in another year or two the criminals will be passing around card number lists with expiry date and CVN, and we’ll be back to square one.

Another great case of solving the wrong problem was in the news today. Google is going to spend money allowing people to put all their medical records on the Internet. This is in response to an earlier announcement from Microsoft of a similar HealthVault service.

C|net says it’s a "laudable goal". No, it’s not, it’s a stupid idea. Let’s go through some of the reasons why it’s stupid.

Firstly, as soon as you centralize your health records in this way, you have a single big target for criminals to attack. Right now, if some hospital screws up and exposes a bunch of medical records, the chances of my being affected are very remote; it’ll only be the few thousand people who used that hospital who are in trouble. If everyone’s medical records are stored on Microsoft’s servers and they screw up, tens of millions of people could be affected.

Secondly, you have a single point of failure. Microsoft’s service goes down, and suddenly nobody can check in to the ER. Yeah, great idea.

Thirdly, if you’re running a hospital, you don’t want to have your computers that are used for medical records connected to the Internet, for reasons that should be blindingly obvious to everyone. So in practice, hospitals will need extra Internet-connected computers to obtain the health records from these services, and they’ll then end up printing them out on paper like before. Either that, or they’ll take the risk and put their medical records processing systems on the Internet. So, ‘no benefit’ or ‘reduced security’, you choose.

Fourthly, a centralized record of all health information makes selective disclosure difficult or impossible. Right now, if I go to the drugstore, they have the medication I’m taking in a list and can flag possible drug interactions. That’s it, but that’s all they need. In the glorious future, they ask for my central database ID, and the guy at the counter can browse the results of my STD tests, see if I had therapy for alcoholism, and so on.

Now, it’s possible that Google are going to make an effort to allow compartmentalization of the information, with need-to-know disclosure. They’re smarter than Microsoft, they might have worked out why it’s a good idea. But it’s a hard thing to do. When I go to a drugstore for the first time, how is it going to be handled? Will I have had to log on to Google at home first and list the information that I want to allow the drugstore access to? Or will they have a web browser in the store so I can do that? (If not, what if I forgot something important?) If they have an in-store system that I log in to to allow them access to my info, how am I going to know I can trust it not to record my keystrokes?

This selective disclosure requirement is why a single national ID card for all government services is a bad idea. It’s why combining all the cards in your wallet into one universal card is a bad idea. And if we look at your wallet, we can see the obvious alternative: put the medical records on a card.

With the "medical records on a card" approach, there’s no central point of failure. There’s no way for criminals to get fifty million people’s medical records at once. There’s no need for hospital computers to be connected to the Internet. And selective disclosure can be done simply by having more than one card–a pharmacy card with my prescription drug list, perhaps a mental health card, and a full medical history card for my doctor. In fact, that’s pretty much what I already have, since several US pharmacies issue regular customers with pharmacy cards so they can check for drug interactions. All we really need to do is standardize the cards, put data chips on them to increase capacity, and get card readers in the hospitals.

Oh, sure, I can lose my card. I can also disclose my Google login, though, and I’m betting average mouth-breathers are far more likely to choose bad passwords or write them down or tell them to phishers than they are to lose a credit card.

But no, we’ll spend money on the dumb solution instead, perhaps because it’s really all about control. Solving the problem sensibly wouldn’t give any company control over fifty million people’s medical records, and that’s what this is really about.

Update: Via Slashdot, a WSJ story on the perils of a single centralized healthcare database : a woman’s insurer gets access to her mental health records because they’re stored in the same place as her regular healthcare information, and decide she’s probably malingering and deny her claim.

When the Xbox 360 came out, it was portrayed as something everyone wanted, the amazing new console that was selling out everywhere. Yet the next week, when I walked into Costco they had a pallet piled high with the things.

When the Wii was launched, it became the console that was really selling out everywhere. But by then, Microsoft had moved on to their new story, that the Xbox 360 was the biggest selling next-gen console.

Except that it isn’t.

If you read the small print on Microsoft’s announced sales figures, you find that they’re not actually lying; but they count a console as sold as soon as it leaves the factory. Sony and Nintendo do the same, but there’s a big difference in how that figure relates to the number of consoles actually sold to gamers.

If you walk into any electronics store, you’ll probably see several dozen Xbox 360s piled up in the main store. You won’t see anything like as many PS3s, and you probably still won’t see a Wii. Think about that. Also, think about the fact that electronics stores don’t actually like to pile expensive items up in the middle of the store inside their boxes; it usually indicates that they’ve got even more piles of the things in storage out back, and have run out of space and are trying desperately to shift them. Have you ever seen a big pile of digital cameras in their boxes in Best Buy? A stack of dozens of Denon receivers in Circuit City? Nope. But you’ve probably seen a big stack of $30 Chinese DVD players on clearance…

Someone has put these observations together with some hard sales data. It turns out that the channel is absolutely bloated with unwanted Xbox 360s. Not only that, the 360 was almost matched for sales by the PS2, except during Halo release month, which is clearly visible as a statistical anomaly. When the release of a single game skews your sales that much, that can’t be a good thing either, can it?

In fact, Xbox 360 sales peaked in 2006. And with the PS3 now having a solid library of good games, I don’t see it improving. Also interesting is the analysis of how the 360 is actually more expensive than the PS3, once you factor in the add-ons to make it equivalent in capability.

Human beings have different kinds of memory; they remember things in different ways. Three common classes of memory are spatial memory, visual memory and verbal memory. (There’s also chronological memory, but that’s not relevant to my point here.)

I have excellent spatial memory. It’s what I rely on most. For example, if I start to think about how to get to a given place in town, I literally find 3D visualizations of my route flashing into my consciousness. I also have pretty good visual memory; when I make the journey, I verify that I’m going the right way by comparing the visual appearance of buildings and landscape that I pass with the scenes I remember.

My linguistic memory is terrible. If you asked me to name the actual streets on the route, I’d have a hard time remembering them. My mental map of London, for example, only has 6 street names. This makes me a really bad person to get directions from. “You take the narrow road that heads off at a thirty degree angle, right at the place with the green copper roof, over the light colored bridge…”

There’s an upside to my condition. If you rely on verbal memory to navigate, as soon as you step outside your known area you are pretty much lost until you can find a familiar street name. In contrast, I have a pretty good chance of navigating between two known points, even if the area in between is totally new to me.

This hierarchy of types of memory also applies in my interaction with computers. When I want to find my password manager, I don’t remember its name. Instead, I remember that it’s in the bottom hierarchical menu of my KDE menu, positioned near the top, and has a green icon.

I know this experimentally, incidentally: back in the System 6 days there was a joke Mac INIT that removed all the text from the menus. I tried it, and was quite startled to discover that I could still use most of my favorite applications.

With that background out of the way, I would like to talk about why for me, the new KDE 4 application launcher is a user interface disaster of epic proportions.

Continue reading »

For the last 6 years, Microsoft has been quietly shipping Macrovision DRM software embedded in Windows, in order to “increase compatibility and playability” of video games.

Unfortunately, there’s a bug in the DRM code which allows privilege escalation. So Windows boxes are now being pwned across the Internet.

The best part: this video game DRM has been shipping in Windows Server 2003. Yeah, I bet lots of people need video game compatibility on Windows Server.

Oh, and Microsoft worked with Macrovision to fix the security holes in the Vista version of the DRM code—but they didn’t bother to fix the XP version. Classy.

Microsoft’s Xbox division has announced their results for Fiscal Year 2006. Highlights:

• Total loss of $1.2 billion.
• Operating losses up 183%.
• Revenues down 10% YTY in Q4 because of “decreased Xbox 360 console sales”; specifically…
• Sales dropped from 1.8 million units per quarter to just 700,000 units per quarter, YTY.
• Revenue from sales of games down 28%.

This is awesome news, making it six years of losses to date.

Microsoft say they expect to make a profit in the upcoming year. O RLY? They couldn’t make a profit during a year in which they basically had no competition, so how do they expect to do better now that the Wii is outselling their console by a factor of 3:1 or more and Wii games are already outselling Xbox games? Nintendo makes a profit on every Wii console, while Microsoft has apparently lost money on every Xbox 360 they’ve sold, even after you factor out the huge losses from replacing broken consoles under warranty.

Added to that, the PS3 is going to see its first “must have” games ship towards the end of this year. Grand Theft Auto IV looks incredible, but the Xbox 360 version is apparently in trouble because it’s hard to cram the game onto a DVD. Demos to date have been the Xbox version, but there’s a good chance the PS3 version is going to end up looking significantly better. Then there’s Ratchet and Clank Future: Tools of Destruction, Heavenly Sword, the new Indiana Jones game, Killzone 2 (with its 2GB levels), LittleBigPlanet, Metal Gear Solid 4, Uncharted: Drake’s Fortune, and so on.

Basically, Microsoft have already been squeezed out of the low end of the market by the Wii, and the hardcore gamers are likely to start getting more interested in the PS3 soon. I suspect Microsoft has much less chance of turning a profit next year than it did this last year.

What’s slightly worse than working with whale feces?

Working on security at Microsoft, according to Popular Science.

From AP via Slashdot and Yahoo:

A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government’s network.

In the first public account revealing details about the intrusion and the government’s hurried behind-the-scenes response, a senior State Department official described an elaborate ploy by sophisticated international hackers. They used a secret break-in technique that exploited a design flaw in Microsoft software.

Consumers using the same software remained vulnerable until months afterward.

Donald R. Reid, the senior security coordinator for the Bureau of Diplomatic Security, also confirmed that a limited amount of U.S. government data was stolen by the hackers until tripwires severed all the State Department’s Internet connections throughout eastern Asia. The shut-off left U.S. government offices without Internet access in the tense weeks preceding missile tests by North Korea.

Awesome. Meanwhile, Microsoft lobbyists successfully killed a bill in Florida that would have opened the path for official use of OpenDocument standards instead of proprietary Microsoft Word documents.