Archive for the 'Geekn' Category

The fear bouillabaisse back on the menu

Thursday, February 7th, 2008

Crime fears as cheap PCs head for Africa

Initiatives such as the OLPC and Classmate could mean an explosion in botnets in the developing world, warn security experts

Pete Warren
The Guardian,


One Laptop Per Child project, Nigeria

The OLPC could have the unwanted side effect of fuelling cybercrime in Africa

What if the plans to spread low-cost One Laptop Per Child (OLPC) and Intel Classmate computers to the developing world work? What if in a few years there are hundreds of millions of them out there? Many might applaud. But among computer security experts, there’s growing concern that those scheme could inadvertently lead to a huge increase in computer crime.

Because of course, only europeans can maintain and update software, wheras the ‘darkies’ cannot.

Initiatives such as the OLPC and the Classmate are intended to help bridge the digital divide. But security experts warn that there could be an unforeseen negative effect.

“There is the possibility of creating the largest botnet in the world,” says Yuval Ben-Ithak of Finjan, a computer security company. This view is borne out by a recent report by F-Secure identifying Africa as one of the emerging cybercrime threats.

When they say, “this view is borne out”, what it really means is that someone else repeated the same lines. There is no proof, no proof of concept, no study, nothing. Just a bunch of fear mongering twaddle of the type the Guardian loves to peddle.

Phenomenal takeup

“Within the past few years, internet take-up in emerging markets has been phenomenal,” says Mikko Hypponen, chief research officer at F-Secure. “The trend is expected to continue and spread into areas such as Africa, India and central America. People are developing sophisticated computer skills. But,” he adds, “they have limited opportunities to profit from them legally. There will be a delay before legal systems catch up with developments in the IT sector. Computer criminals may also be able to escape the law more easily in countries which are undergoing serious political and security problems.”

The case of Onel de Guzman, the student who wrote the 2000 Love Bug virus and who escaped prosecution because the Philippines, his home, had no offence with which to prosecute him, is a case in point.

No, it is not, because this story WAS about ‘Africans’ fueling ‘cybercrime’. Phillipinos, ‘Africans’ what’s the difference? “They are all foreigners innit!”

But Ivan Krstic, OLPC’s director of security hardware, points to the choice of Linux as the operating system for the computers. “You cannot have one program loading from the internet that can then go to your [email] address book and then send out a spam message to everyone,” Krstic explains. “The program can only work in its own area and has no functionality beyond that.

“For anything to be able to achieve that overall control, the attack would have to be written to the system kernel, and those are the hardest attacks to launch. Those vulnerabilities do exist, but they are patched very quickly. It would be difficult to get them to run bots.” However, there is an option to run Windows XP on the machine – which means, concedes Krstic, “they can be attacked. All of the connotations of Windows security apply.”

And FINALLY we have some common sense in writing.

OLPC will not be used to create huge botnets because it is running Linux. Botnets normally run on winblows, the OS so beloved by and the meat and potatoes of the computer illiterate fear-monger journalist.

Don’t install winblows, and there is no problem from botnets.

Next?

The Windows-based Intel Classmate also includes a nod at security. Countries buying it can opt for antivirus software, included for a higher price, but must negotiate that with AV companies themselves; and a hardware setting disables the laptop if it is not connected to an antivirus monitoring network for a certain period of time. This is to safeguard the machine from becoming part of a botnet, which can disable antivirus checking.

And there you have the whole security and journalist fear-mongering industry in a nutshell. It is all about selling software, and inducing people to buy it through fear.

In case you did not know, this is the Intel Classmate:


The Classmate PC powered by Intel for emerging markets worldwide

The World Ahead Program from Intel Corporation aims to enhance lives by accelerating access to uncompromised technology for everyone, anywhere in the world. Focused on people in the world’s developing communities, it integrates and extends Intel’s efforts to advance progress in four areas: accessibility, connectivity, education, and content.

It runs Winblows (requiring 2gig flash), or Mandriva (requiring 1gig flash [no surprise there ay?]).

The bigger problem in the long term may be the developing world’s choice of operating system. “Most of the machines we are shipping have Windows on them. That’s the operating system most countries want,” says Intel.

And do you wonder why? All these people, these government ministers are more computer illiterate than Guardian journalists, and they read the Guardian and take their lead from them and the other newspapers. They are also under massive bribery pressure to accept winblows:

Dear Steve,

Hi, this is Franois, from Mandriva.

Im sure we are way too small for you to have heard of us. You know, we are one of these Linux company who is working hard to make its place in the market. We publish a Linux Distro, called Mandriva Linux. Mandriva Linux 2008, our last edition, has a pretty good review and were proud of it. You should try it, Im sure youd like it. We also happen to be one of the Linux companies that did not sign an agreement with your company (nobodys perfect).

We recently closed a deal with the Nigerian Government. Maybe you heard about it, Steve. They were looking for an affordable hardware+software solution for their schools. The initial batch was 17,000 machines. We had a good deal to respond to their need: the Classmate PC from Intel, with a customized Mandriva Linux solution. We presented the solution to the local government, they liked the machine, they liked our system, they liked what we offered them, especially the fact that it was open, and that we could customize it for their country and so on.

Then, your people get in the game and the deal got more competitive. I would not say it got dirty, but someone could have said that. Your team fought and fought again the deal, but still the customer was happy with the CMPC and Mandriva.

We actually closed the deal, we took the order, we qualified the software, we got the machine shipped. To conclude, we did our job. And, the machine are being delivered right now.

Now, we hear a different story from the customer : we shall pay for the Mandriva Software as agreed, but we shall replace it by Windows afterward.

Wow! Im impressed, Steve! What have you done to these guys to make them change their mind like this? Its quite clear to me, and it will be to everyone. How do you call what you just did Steve? There is various names for it, Im sure you know them. […]

http://blog.mandriva.com/2007/10/31/an-open-letter-to-steve-ballmer/

So to claim that, “That’s the operating system most countries want” is just disingenuous. These government people do not know anything about operating systems; they just want the best possible deal, whatever it is, and if you offer them a PC running Linux, and explain why it is so good, they will accept it, just like the Nigerian government did.

These excuses are echoes of the ones we used to hear not so long ago, “Linux is not ready for the desktop” is the one that you have to strain to hear the most, as it has faded to almost nothing.

It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: “Some schools using the computers will have a teacher who is responsible for security on their networks, others will have an IT person.” As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings.

So in fact, there is no problem at all.

But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. “The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,” says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world – the World Economic Forum’s 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total – would act as a brake on the development of botnets.

Whoa!

What these journalists never do is challenge assertions made in their pieces. Lets find out EXACTLY what that last blockquothed text really means:

============================

The “stacheldraht” distributed denial of service attack tool

============================

David Dittrich
University of Washington
Copyright 1999. All rights reserved.
December 31, 1999

Introduction
————

The following is an analysis of “stacheldraht”, a distributed denial of service attack tool, based on source code from the “Tribe Flood Network” distributed denial of service attack tool. [Note that throughout this analysis, actual nicks, site names, and IP addresses have been sanitized.]

Stacheldraht (German for “barbed wire”) combines features of the “trinoo” distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.

For more information on trinoo and TFN, see:

http://staff.washington.edu/dittrich/misc/trinoo.analysis
http://staff.washington.edu/dittrich/misc/tfn.analysis

In late June and early July of 1999, one or more groups were installing and testing trinoo networks and waging medium to large scale denial of service attacks employing networks of over 2000 compromised systems. These attacks involved, and were aimed at, systems around the globe.

In late August/early September of 1999, focus began to shift from trinoo to TFN, presumed to be the original code by Mixter. Then in late September/early October, a program that looked a lot like the TFN agent, known as “stacheldraht”, began to show up on systems in Europe and the United States.

These attacks prompted CERT to release Incident Note 99-04:

http://www.cert.org/incident_notes/IN-99-04.html

Like trinoo, stacheldraht is made up of master (handler) and daemon, or “bcast” (agent) programs. The handler/agent terminology was developed at the CERT Distributed System Intruder Tools workshop held in November 1999, and will be used in this analysis instead of the stacheldraht specific terms. It is highly recommended that the CERT workshop report be read as well. See:

http://www.cert.org/reports/dsit_workshop.pdf

There is some competition to stacheldraht in the form of Mixter’s new version of TFN — Tribe Flood Network 2000, or TFN2K — released on December 21, 1999. For more on TFN2K, See:

http://packetstorm.securify.com/distributed/
http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html

Along with trinoo’s handler/agent features, stacheldraht also shares TFN’s features of distributed network denial of service by way of ICMP flood, SYN flood, UDP flood, and “Smurf” style attacks. Unlike the original TFN and TFN2K, the analyzed stacheldraht code does not contain the “on demand” root shell bound to a TCP port (it may be based on earlier TFN code than was made public by Mixter in mid-1999).

One of the weaknesses of TFN was that the attacker’s connection to the master(s) that control the network was in clear-text form, and was subject to standard TCP attacks (session hijacking, RST sniping, etc.) Stacheldraht deals with this by adding an encrypting “telnet alike” (stacheldraht term) client.

Stacheldraht agents were originally found in binary form on a number of Solaris 2.x systems, which were identified as having been compromised by exploitation of buffer overrun bugs in the RPC services “statd”, “cmsd” and “ttdbserverd”. They have been witnessed “in the wild” as late as the writing of this analysis.

After publishing analyses of trinoo and Tribe Flood Network on Bugtraq in December 1999, an incident investigator at another institution provided stacheldraht source code that was obtained from a file cache in a stolen account. (I would like to thank this investigator, and also thank the folks at SecurityFocus for providing the open forum that allowed this to occur.) This analysis was done using this captured source code (labelled version 1.1, with source file modification dates ranging from 8/15/1999 to 10/17/1999).

The Makefiles contain rules for Linux and Solaris, with the default being Linux (even though it appears that the code does not work very reliably on Linux). For the purposes of this analysis, all programs were compiled and run on Red Hat Linux 6.0 systems. As far as I am aware, the agent has been witnessed “in the wild” only on Solaris 2.x systems.

[…]

http://staff.washington.edu/dittrich/misc/stacheldraht.analysis

Stacheldraht was only seen in the wild on Solaris 2.x systems so saying, “The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,” doesnt really apply to OLPC, and futthermore, all of the above happened in 1999. The question to ask here is, “have there been any botnets running on Linux since 1999?”. Journalists would no doubt add that seven years in internet time is an eternity, but we wont sink that low here.

“It doesn’t take any bandwidth to control or make a botnet,” Lovet says. “Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.”

‘Huge cyber-weapon’….this is the language of fear-mongering. Its good in science fiction, but inappropriate in a newspaper, in an article about OLPC, an entirely noble and beneficial effort, which will transform the lives and brains of millions of people.

Of course, there are those in the west whose worst nightmare is a third world population weaned on logic, able to programme and organize, immune to stupidity and because of all that, free. No more Kwashiorkor bellied pickininnies to plaster in their papers and opine about. A REAL tragedy.

That leads us to the subtext of this article. OLPC will breed the next generation of 419 scammers, all fluent in Python and UNIX, which is the very backbone of the internets. It would sound like this coming out of their mouths:

“We are breeding a whole new generation of internet cybercriminals by providing OLPC to so many people” an expert from G-Secure said, “this army of highly skilled black hats will dominate any future internet if we do not take preventative measures now.”

Heh…’Black Hats’!!!!

For the botnet herders – the people who create and control botnets – there would also be kudos in staking a claim in a new area. “We have seen botnets involved in landgrab exercises in the past,” says Greg Day, a security analyst for McAfee.

McAfee, another anti-virus vendor. You have heard the rumor that Anti-Virus companies fund the creation of viruses so that they can keep the fear level up and artificially sustain their vampiric subscription business model right? Nah, its just a ‘conspiracy theory’.

Just as alarming for Mark Sunner, chief technology officer of Messagelabs, which monitors email traffic on behalf of the government, is that the machines could be used as a recruiting ground for criminals.

Its alarming is it? Just what EXACTLY is the scenario that is ‘alarming’ in this case? Perhaps when this man says ‘recruiting’ he is referring to recruiting the newly trained up Python programmers who are willing and able to be turned to… the Dark Side. ROTFL!

Herd goats, or bots?

“You can imagine a whole swathe of internet boiler-rooms being created among people who can make more money from internet crime than herding goats,” says Sunner, who points to the fact that Africa already has the highly technologically literate Nigerian 419 group, one of the oldest cyber-crime organisations.

and BANG there it is, said out loud. These people are more inclined to be criminals than the millions of children with laptops in the west. Of course, this came from the mouth of a Government contractor, the types that know all about criminality from the inside.

As for the subheading, what do YOU make of it?

The latter are very dangerous, says a former head of the UK’s now disbanded West African Organised Crime Unit. “They are organised like a business. They are already building most of the bogus bank sites on the web. If you ship computers to Nigeria then a lot of them will inevitably make their way to 419. I mentioned this to someone who is still monitoring 419 and they said ‘you might as well shut down the internet and go back to pen and ink’.”

Which is exactly what they want for these people, to shut down THEIR internets and cut them off from the rest of the world. Note that this ‘alarming’ situation is so bad that the ‘West African Organised Crime Unit’ is now closed down, and that they talk about bogus bank sites, not sophisticated botnets. This article is a hodge podge of nonsense, a fear bouillabaisse for the computer illiterate cuisine eaters that dirty their hands on that shitty paper. And let us not forget that 419 only works because there are gullible, greedy westerners who fall for it day after day. 419 is social engineering, not software engineering Unsurprisingly, these nincompoops cannot make the distinction; its all ‘cybercrime’ to them.

Sunner, meanwhile, notes the dangers that the machines represent to Africa’s own emerging internet infrastructure. “There are a lot of viruses are already heading for Africa and China and the consequences of spam can be terrible if you do not have much bandwidth,” he says.

As this very article says, in the only part of it that is sensible, OLPC cannot be used to send out spam because:

“You cannot have one program loading from the internet that can then go to your [email] address book and then send out a spam message to everyone,”

so OLPC cannot be used as a zombie machine to send out spam. Insert joke here about how Zombies come from the west indies in any case, not west africa.

Both Intel and OLPC point out that the laptops will often only have intermittent connectivity. That might lower the risk of getting infected – or the chances of getting security upgrades.

Bullshit. OLPC and Intel Classmate are not gong to get ‘infected’ by anything as long as they are running Linux. If they do, it can be fixed quickly. The risk mentioned here is extremely low, and the fixes easy to roll out. This is a non issue, full stop. The long term effect of OLPC will be to educate millions of people around the world, and any problems along the way will be temporary.

But the bleak picture may be avoidable, says Rolf Roessing, a security expert for KPMG. “If we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too.”

[…]

http://www.guardian.co.uk/technology/2008/feb/07/olpc.security

The picture is not at all ‘bleak’; bad journalism as in this article is the most bleak part of this story.

OLPC is going to change the world, in a good way, and there is nothing that negative spinning, fear-mongering journalists and ‘no darkie computer programmers’ racists can do about it. Both of the latter groups, and the ‘security’ companies are on the wrong side of history. The internet is going to reach everywhere, it will be beneficial. Deal with it.

IT is already in Africa, and the last thing that the people who live in the sovereign countries on that continent need is to copy the ‘security’ model of broken monopoly OS, fear-mongering, security company subscription. Thankfully, the Pandora’s box is already open. Linux has a strong foothold, and it will completely dominate the desktop in all of the target countries. This will happen not only because it makes sense, but because the absurd anti copying policies of Micro$oft will drive people to install other operating systems that can be freely and easily copied without any pain or risk of the customer coming back to say, “my computer is broken”. Additionally, the users of OLPC 15 years from now, having grown up with open systems will reflexively reject any OS that tries to lock them down with DRM, false security models and bullshit.

Computer security grew in the west not because of a ‘loss of innocence’ but because of a lack of computer literacy and the winblows monopoly. Now that those things are breaking, despite the efforts of scumbags on every side, as people dump windows and move to linux we will see fewer problems and a more healthy working environment.

The question you want to ask yourself is this; do you want to be a part of what made the magic happen, or do you want to be aligned with the enemy?

More lies about the eternal enemy

Tuesday, February 5th, 2008

This article smells very bad. Lets take a sniff…

Al-Qaeda group’s encryption software stronger, security firm confirms

By Ellen Messmer
Network World
02/01/08

Shame on you for propagating this nonsense.

Al-Qaeda support group Al-Ekhlaas has improved the encryption software it now provides to its online members, according to one security researcher who examined the software, known as “Mujahideen Secrets 2.”

Al-Qaeda support group, also known as ‘NSA’.

Anyone who is smart enough to know how to write an encryption algorithm and a package to deliver its functionality, and who is responsible for keeping people secure, knows that it is far better to use an off the shelf set of tools rather than build your own application and algorithm from scratch.

If ‘Al-Qaeda’ was real, and someone in their group knew about encryption, all they would need to do is settle on standard tools to keep their communications secure; they would never risk, or waste time trying to create from scratch, using their own proprietary system.

Mujahideen Secrets 2 has added the ability to encrypt chat communications, which the first version lacked, says Paul Henry, vice president of technology evangelism at Secure Computing. Henry says he got the software through a contact in the intelligence community.

OH REALLY??!?!? a contact in the ‘intelligence community’???!!!!

It is OBVIOUS to even the most casual observer that the way to infiltrate a group like this, that is paranoid about security, would be to infiltrate them and then provide them with a ‘secure’ way of chatting that logs all of their communications. You could do this even if the clients were secure; all you would need to do is control the chat server.

I assure you that all of the people, even those that are casually interested in cryptography understand this. They would immediately recommend open source publicly available tools to do this job. For example, if you want to have one to one encrypted chat, you use Adium. If you want encrypted email, you use GNU Privacy Guard. If you want to shred files, manage keys, recipient keys, encrypt attachments and files there is no better tool than Enigmail. Any tool that is not peer reviewed cannot be trusted. This tool, by its very nature, is untrustworthy; this whole story doesn’t sound right.

The home-grown Mujahideen Secrets 2 encryption software, based on open source RSA code, can encrypt binary files so they can be posted on ASCII-text-based bulletin boards and Web sites.

‘Pics or it didn’t happen’. Without looking at the source of this programme, it is impossible to say how good this software is, and once again, there are other, better more secure tools to do this.

Lets think about the sentence above. If you are going to post an encrypted binary on an ascii bulletin board, you need to encrypt it to the members of that board, using the private key of each member. If you cannot control who is on your board, i.e. you have a single infiltrator, your enemy will have access to the file and the list of recipients. The whole point of posting files on a board is to distribute them widely, and so you do not want to encrypt them in this way; if you want to send encrypted binaries to multiple people, you send the file by email, encrypting the file for each recipient individually. Once they get on your board in the scenario provided by this ‘journalist’, your enemy can get a hold of the file, at any time after it was posted, and then list the keys needed to decrypt the file, giving a list of all the nicknames of the recipients of the file. Sending

“They have improved the operation of the graphical user interface and it will now encrypt chat communications,” says Henry, who adds that the Arabic translation suggests the software is encouraged for use by Al-Ekhlaas members to evade U.S. government efforts at surveillance.

This sentence is the exact OPPOSITE of what the truth is; it is software encouraged by U.S. government to aid its efforts at surveillance of Al-Ekhlaas.

Tampa-based ISP NOC4Hosts and Rochester, Minn.,-based SiteGenesis in January found out their operations were being used to host the Al-Ekhlaas Web sites where Mujahideen Secrets 2 can be found. Both hosting firms pulled the plug on the Web sites after receiving specific technical information about the content.

From whom?

This week another Web hosting company, CrystalTech Web Hosting in Phoenix, shut down sites linked to the Al Qaeda-link support group.

Once again, these people could, if they were real, host their websites anywhere in the world. They would not host thier sites in Minnesota or Pheonix. This is just utter nonsense of the first order, and those sites were most probably ‘honey pots’ set up to get this Back Orifice ‘Jihad Edition’ into the hands of dweebs that want to help the CIA operaton ‘Al-Qaeda’ who they will then use as patsies to carry out false flag attacks, all under the guise of ‘Radical Islamo Facscism’.

“As soon as we found out, we brought the IP sites down,” says Bob Cichon, president of CrystalTech Web hosting, who blamed a reseller for it happening. “We’re a very large host and it’s hard to track everything.”

Its not your fault Bob.

In its analysis of Mujahideen Secrets 2, Secure Computing has noticed that the software appears to violate copyright law.

“Typically with open source, they still require a copyright notification,” Henry says. “There’s no copyright notification whatsoever here.”

So, the latest supercrime of Radical Islamo Facscists is not blowing up buildings and making them fall in defiance of the laws of physics, NO, we can prosecute them for violating the GPL.

Another notable thing is that the public-key signature in Mujahideen Secrets 2 leaves a tell-tale sign that the Al-Ekhlaas home-rolled software produced it. The encryption itself is strong at up to a 2,048-bit key length, and like the previous version, provides e-mail and file encryption using public-key certificates.

All contents copyright 1995-2008 Network World, Inc

http://www.networkworld.com/news/2008/020108-al-qaeda-encryption.html

Once again, if any of this is even true, there are only a handful of people who are capable of understanding how to best fulfill the requirements of encrypting chat and instant messaging, and then the subset of people who can actually pull this off in a software client is even smaller. No one in their right mind would do this in a ‘home-rolled’ package…unless your home is the NSA.

Everything that this journalist claims could be done with off the shelf packages, and in fact, it would be safer to do it with off the shelf packages.

Lets say that the above report is true, and these packages are out there. The only way you can know that the package has not been tampered with is if you can check the signature against it. GPG does this so that you know that you are getting an un-tampered with binary or source. Publicly available tools give you a high level of confidence that your communications will not be susceptible to a ‘man in the middle attack‘. By settling on those tools, rather than rolling your own, you get a higher level of trust. And everyone who understands how this works knows that.

Rolling out your own tools, from whatever angle you look at it, is insane. It is clear that this whole story is a glimpse into some secret operation to recruit patsie jihadies. In that respect, it is fascinating.

What will be even more interesting is to read a report from a trusted peer, who would, amongst other things, run a packet sniffer to see if and where this sneaky piece of infiltration-ware phones home.

Is this a warm up article for another attempt to crack down on freely available encryption tools?

Security Breakdown: fear-mongering from The Grauniad

Thursday, January 17th, 2008

This year computer users will be more exposed to cybercriminals than ever before. It’s not just because online crime is so attractive to identity theft gangs but, ironically, because the computer security industry that is supposed to protect users has deteriorated – from one which shared everything about newly discovered weaknesses to what some within it now call a “protection racket”.

It may sound alarmist,

[…]

http://www.guardian.co.uk/technology/2008/jan/17/computersecurity

SNIP!

Yes, it IS alarmist, and yet another example of computer illiteracy at The Guardian.

The fact of the matter is that you can…anyone can… download and install Ubuntu and be free of this ‘problem’.

The fact of the matter is that writers like Sean Hargrave are a part of this ‘protection racket’ because they steadfastly refuse to acknowledge and spread the information that there are perfect alternatives to Winblows; i.e. Ubuntu, which Dell are now delivering on their machines pre-installed. By stopping people from dumping Windows, Hargrave is protecting the Windows monopoly and monoculture which is the source of all these problems, and many others.

There is no longer any excuse not to run Linux instead of Windows. It outperforms Windows in every way, and has everything you need that you find on Windows (office suite) but for FREE. Its user interface is now more sophisticated than Aero on Vista, and since you can buy it pre-installed, that problem is gone also.

The reason why The Guardian doesn’t like linux is because they are an old economy newspaper. They are against the free music, free publishing, and free software movements, and every time they have an article about anything to do with any of the aforementioned subjects, they always take the stand of ‘the man’.

The answer to this is not fear-mongering articles with pictures of devils menacing the lone Guardian believer in his C02 neutral hovel. The answer is ‘go open source’; then the secrecy that unscrupulous companies use to gain commercial advantage is erased and everyone benefits…unless you are in the pockets of the people who sell the crappy products that you are complaining about.

And then there is the ‘problem’ of having nothing to fearmonger about once Windows is dead. But then people like this always find something to try and scare everyone about.

I think we need a new category: ‘fear-mongering’.

RIP RIPA

Saturday, December 15th, 2007

Text of article: http://www.news.com/8301-13578_3-9834495-38.html

A federal judge in Vermont has ruled that prosecutors can’t force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury’s subpoena that directed Sebastien Boucher to provide “any passwords” used with the Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Link to court opinion: http://www.volokh.com/files/Boucher.pdf

Orin Kerr’s this-ruling-is-wrong post: http://volokh.com/posts/1197670606.shtml

Link to Michael Froomkin’s old law review article touching on this: http://osaka.law.miami.edu/~froomkin/seminar/papers/anon/intlaw_paper.html

The most basic principles of a free country make RIPA bad law.

This is another example of why america was such a great country and why its Founding Fathers are so rightly revered; its constitution was so perfectly written that its provisions work on technologies and scenarios two hundred and thirty years after it was devised.

I can imagine a scenario where an american with a laptop containing a PGP encrypted volume ‘invokes The 5th’ somewhere in the world and the out of jurisdiction court accepting this – they accept american jurisdiction for everything else, like carting people off to torture prisons, so why not the Fifth Amendment?

This is REAL

Monday, December 10th, 2007

Ladies and gentlemen…

This is a REAL jacket that is being seen in all the big cities.

It’s like something straight out of a 2000AD street scene….astonishing; true dystopian fashion, sci-fi reality leaking into now…or has ‘the future’ arrived? If so, then what on earth comes next?

And let’s not forget that wearing a mask in public is illegal in some countries; how long do you think it will be before some jackass somewhere calls for these hoodies to be outlawed?

Whilst trawling around for a suitable image to vividly demonstrate this hoodie in a sci-fi context, I cam across this astonishing image:

I do believe that is a photo of Patti Smith, next to Jerry Cornelius as drawn by Moebius!

Snarfed from here.

Parisians…’they love Patti Smith’ It’s true!

Shrink down

Thursday, November 15th, 2007

If you have an iPod Touch or an iPhone and you surf over to BLOGDIAL, you will see that we have a special theme installed that switches the blog to shrink down mode. Thanks to these incomprehensibly cool people for releasing the theme and plugin.

I’ve used many types of mobile phones over the years (including SAT phones), starting with a Mitsubishi MT3 followed by a few Nokis’s in the middle after a break, then a Sony Ericsson P-800, and finally a Sony Ericsson P-990i.

I say ‘finally’ because that is the last of that type of phone I am going to buy. Uless they really clean up their act, ie, adopt the Linux based open platform and give me a compelling reason to switch. That means total out of the box transparent integration with whatever boxen I am using, no hassle no excuses no bullshit. The Sony Ericsson P-990i is a buggy slow piece of garbage, with an OS that is a step BACKWARDS from the P-800. It doesn’t play nice with anything, the battery life is short and frankly I am astonished that they released it at all.

The iPhone is a different matter entirely. Not only is it very fast, beautifully designed and rock solid, but when it is jailbroken you can run just about anything on it.

The camera is shitty, you cannot transfer files by bluetooth out of the box from another device to it, it doesn’t record video, and lots of other things are either primitive or missing but then, this is the first version of it, and even in this state it is the best mobile phone ever. Oh yes, and there is Apple trying to lock it down every time they release an update for the firmware…but that’s part of the fun!

The most important missing element is the ability to select files and then transfer them by bluetooth or wireless. Once someone comes up with that, then it will be really exiting; people will be able to transfer music and videos between devices…and all sorts of cool things can happen.

Imagine setting the iPhone free to create ad-hoc mesh networks like the OLPC does then you could do all sorts of cool social networking things as well as file sharing. I’m sure it will all come to pass shortly. This platform is going to be so widely deployed that these apps are absolutely inevitable.

The idiocracy is here!

Tuesday, November 13th, 2007


An “SMS Keyboard” for Conventional Computers

A novel product has been launched which offers a mobile phone style keyboard to replace the more conventional QWERTY keyboard for computers. It is aimed at people who have become so comfortable with sending SMSs that they are not able to use a conventional computer layout any more. The cre8txt keyboard connects directly to a PC running Windows and provides quick character entry via the mobile phone style key layout.The company who sell this keyboard have also developed a software program which converts “txt slang” into correct English. The cre8txt software comes with over 140,000 words in a cre8txt English wordbank and SMS Slang translator. Users can add their own words and SMS slang at anytime.The Design Registered and patent pending invention is being brought to the market by a group of education technology specialists and edutainment experts with over 76 years of experience between them. They have been working on the project for two years.

[…]

http://www.cellular-news.com/story/27359.php

You’re fucked up, you talk like a fag and your shits all retarded.

Yes indeed.

That is a quote from the film, Idiocracy where in the future, thanks to bad breeding, everyone on earth has a moron level IQ.

The keyboard above is a very clever device, and the people who put it together are smart guys. What it does however, is stop people from learning English by allowing them to use a shorthand language to input real English words into a computer. If you have a device that does your thinking for you, then you suffer. How long will it be before this is the only keyboard find attached to a computer in schools? Thinking about it, you could argue that speech to text software is just as bad, but in fact, it is not, because speech to text software doesn’t involve a intermediary form of ‘sub-english’ that needs to be translated before you get the words on the page.

All of this brings us to the most important point; what to do about breeding.

The people who are facing the facts about uncontrolled breeding are considered monsters today, but I wonder how many people would change their minds and soften their hostility to selective breeding if they knew that an overpopulated ‘Idiocracy’ future was coming?

The documentary Endgame spells out the plans of some people to control the breeding of everyone on earth, after exterminating 80% of the population. What that great piece doesn’t address is what will happen if these bad guys are stopped, and things are left exactly as they are.

Here is an interesting report ‘The Report of The Commission on Population Growth and the American Future’ from The Center for Research on Population and Security, published March 27th, 1972. Just from the titles under each chapter it looks like disturbing reading.

I would like to read some thoughts about how either the current ideas that population growth at its current level is by some method sustainable, or alternatives to controlling population growth that do not involve brutal culling ending in THX-1138 style hive living.

O & btw u rly wnt to c tht thx clp up thr.

Pronoun Problems at Ordnance Survey

Thursday, October 4th, 2007

These maps cost us 110m. We can’t give them away for free

Were Ordnance Survey to lose its sales income, the quality of its data would decline, says Scott Sinclair

The Guardian Technology section’s Free Our Data campaign believes that Ordnance Survey’s core mapping, along with other public-sector information, “should be made freely available to the knowledge economy” (Digital Norway sweeps away barriers to information sharing, September 27).

At the same time, any moves we make to widen access, such as launching a new website for people to share walking routes, are simply seen as not good enough. You quote an Ogle Earth blog attacking us for “entering a market niche that is serviced much better and for free by the private sector” (Government opens data channel as Ordnance Survey takes a walk, September 20).

It is no surprise that the spotlight in this campaign is often on us. Mapping is incredibly popular and has a whole range of uses. The ambulance that arrives at your front door in the middle of the night, the sat-nav that takes you to your remote holiday cottage, and the local-authority call centre that lets you report the location of an abandoned car all rely on Ordnance Survey.

But in repeatedly calling for our core information to be given away, the campaign ignores the fact that someone still has to collect supposedly “free” data, and that it needs to be supported by an appropriate infrastructure. Out-of-date or poor-quality data is useless.

It cost Ordnance Survey 110m to collect, maintain and supply our data last year, but we are not “paid for by taxes”, as the campaign often claims. Instead, we depend entirely on receipts from licensing and direct sales to customers for our income – we receive no tax funding at all.

If we are successful, we can cover our costs, encourage widespread licensing through partners, and stay focused on providing value for users. Under licence, there are many examples where our data is free at the point of use. This does not mean there is zero cost.

Many local-authority websites and free-to-air services from private-sector companies embed Ordnance Survey information. We offer an emergency mapping service that helped in the response to the summer flooding. More than 30,000 university students and staff download free mapping from us.

We make a free OS Explorer Map available for every Year 7 pupil in Britain. Around 4 million children have benefited from this, making it the biggest initiative of its kind in British schools. We also provide free access to GPS survey control data over the web – vital for utilities and the construction industry.

Underpinning all of these examples is accurate and up-to-date information, which requires investment. Experience from around the world, and even from our own history between the world wars, shows that underinvestment can lead to a severe deterioration in quality.

The key aim of the Free Our Data campaign is to force us to give everything away. We believe this would seriously threaten the quality of our information at a time when more people are relying on more of it in more ways than ever before.

Scott Sinclair is head of corporate communications at Ordnance Survey

corporatecommunications@ordnancesurvey.co.uk

Guardian

Looks like Scott Sinclair has Pronoun Problems

First of all, the facts:

Ordnance Survey (OS) is an executive agency of the United Kingdom government. It is the national mapping agency for Great Britain,[1] and one of the world’s largest producers of maps.

[…]

In recent years there have been a number of criticisms of Ordnance Survey. Most of these centre on the argument that OS possesses a virtual government monopoly on geographic data in the UK.[2] Although OS is a government agency it is required to act as a “trading fund” or commercial entity. This means that it is totally self funding from the commercial sale of its data whilst at the same time being the public supplier of geographical information.

The Guardian newspaper has a long-running “Free Our Data” campaign, calling for the raw data gathered by the OS (not to mention data gathered on its behalf by local authorities at public expense) to be made freely available for reuse by individuals and companies, as happens, for example, with such data in the USA,[3] although the campaign rarely makes any comparison between the quality of the OS data and the quality of the data available from these free sources.[citation needed]

On the 7 April 2006 the Office of Public Sector Information (OPSI) received a complaint from the data management company Intelligent Addressing[4]. Many, although not all, complaints were upheld by the OPSI, one of the conclusions being that OS “is offering licence terms which unnecessarily restrict competition”. Negotiations between OS and interested parties are ongoing with regard to the issues raised by the OPSI report, the OS being under no obligation to comply with the report’s recommendations.

[…]

http://en.wikipedia.org/wiki/Ordnance_survey

Ordnance Survey is run by HMG. But the taxpayers do not pay for it. That is completely wrong. Either ORdnance Survey goes private and competes like everyone else, or it belongs to government and government pays for it, and the data is made available to anyone who wants it.

The ‘110m’ Scott Sinclair is whining about is 10m more than HMG are going to spend on Gardasil every year, and orders of magnitude less than they are spending on the immoral illogical and murderous Iraq invasion. There is money for this essential service.

There is absolutely no reason why something as important as Ordnance Survey should not be totally financed by the public, and the public given free access to all the data.

If ‘These maps cost us 110m’ and we pay for them, then they will belong to US since WE will have paid for them.

You say, “any moves we make to widen access”.. YOU are an EMPLOYEE of the state, and that means that YOU WORK FOR THE TAXPAYER in ordinary circumstances. It is not for YOU to say what YOU will and will not withhold from YOUR EMPLOYER.

You say, “The key aim of the Free Our Data campaign is to force us to give everything away. We believe this would seriously threaten the quality of our information at a time when more people are relying on more of it in more ways than ever before.”

This is nonsense, and you have deliberately missed a step. Giving away the data will not “seriously threaten the quality of our information”, underinvestment is the cause of that, by your own words. If the investment stays the same and the data is given away, the quality remains high and the benefits to everyone go through the ceiling because there are no artificial barriers to getting the data.

Better luck next time.

Unfortunately, the position of OS is rather odd; it is a state run organization that is not funded by the state. Once that flaw is fixed, then they will not have a leg to stand on.

What this man should be doing, to be on the right side of history, is joining the campaign; the argument about no money causing the map quality to deteriorate is valid. What he should be saying is, “we would love to give it away, but until HMG funds us 100% we cannot cut off the licensing model, otherwise our data quality will suffer”. This is an entirely reasonable line of argument and approach. He would not look like a luddideish, buggy whip cracking data hoarder and maybe the campaign would actually be able to pull it off.

More fear-mongering from dead tree merchants

Thursday, May 24th, 2007

Robert Verkaik, another computer illiterate drone for a dead tree merchant, a ‘law editor’, writes about Google. Quite why these people never get their screeds vetted by someone who understands the internets is beyond me….here we go:

Google, the world’s biggest search engine, is setting out to create the most comprehensive database of personal information ever assembled, one with the ability to tell people how to run their lives.

This is exaggeration. Being able to ASK FOR ADVICE is very different to being ‘told how to run your life’. That’s what HMG does.

In a mission statement that raises the spectre of an internet Big Brother to rival Orwellian visions of the state, Google has revealed details of how it intends to organise and control the world’s information.

Nonsense. Big Brother refers directly to TOTALITARIAN GOVERNMENT, of the kind being cooked up in the USUK. You DO NOT HAVE A CHOICE with Totalitarian Government, you DO have a choice not to use Google, or any of their related services, and you can still have complete use of the internets. Google can never ‘control the world’s information’ this is just an ignorant lie.

The company’s chief executive, Eric Schmidt, said during a visit to Britain this week: “The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’.”

Sounds interesting; that is what this article should have been about, not a bunch of fear-mongering computer illiterate trash.

Speaking at a conference organised by Google, he said : “We are very early in the total information we have within Google. The algorithms [software] will get better and we will get better at personalisation.”

Google’s declaration of intent was publicised at the same time it emerged that the company had also invested 2m in a human genetics firm called 23andMe. The combination of genetic and internet profiling could prove a powerful tool in the battle for the greater understanding of the behaviour of an online service user.

Really? That sounds like a pretty wild proclamation! Instead of just taking your word for it, JACKASS, lets find out what its REALLY all about:

23andMe is a privately held company developing new ways to help you make sense of your own genetic information.

Even though your body contains trillions of copies of your genome, you’ve likely never read any of it. Our goal is to connect you to the 23 paired volumes of your own genetic blueprint (plus your mitochondrial DNA), bringing you personal insight into ancestry, genealogy, and inherited traits. By connecting you to others, we can also help put your genome into the larger context of human commonality and diversity.

Toward this goal, we are building on recent advances in DNA analysis technologies to enable broad, secure, and private access to trustworthy and accurate individual genetic information. Combined with educational and scientific resources with which to interpret and understand it, your genome will soon become personal in a whole new way.

Hmmm sounds very vague, and not at all threatening. What is FAR MORE CLEAR and ABSOLUTELY THREATENING, and HERE NOW, is the DNA database operated by the UK government, the biggest in the world, which violates millions of people who have done nothing wrong. How can you call Google sinister when they have nothing up and running, and FAIL to mention that the UK already runs an Orwellian and human rights violating Police State DNA database of its own RIGHT NOW?

If you are a brain dead, computer illiterate, dim-witted journalist, well, then its easy, and while you attack Google for something that they are only talking about, your own government is committing violations, in your name and with your money, that you fail to mention in this appropriate context.

You are pathetic.

Earlier this year Google’s competitor Yahoo unveiled its own search technology, known as Project Panama, which monitors internet visitors to its site to build a profile of their interests.

I wonder if the Independent uses Web Analytics to see what people are clicking on at their piss poor website?

Lets have a look shall we?

On the very page where this screed sits, there are four ads.

One of then was served by DOUBLECLICK, which is about to be bought by Google.

They also have a devices by OVERTURE (Yahoo Search Marketing).

ROTFL you can’t make this stuff up!

Clearly The Independent takes advantage of Web Analytics just like anyone else who has a website does; does this make The Independent evil? Of course it does not. What DOES make The Independent evil is that it spreads lies, FUD (Fear Uncertainty and Doubt) in order to sell newspapers.

THAT is what we call evil.

Privacy protection campaigners are concerned that the trend towards sophisticated internet tracking and the collating of a giant database represents a real threat, by stealth, to civil liberties.

I am sick and tired of these ‘Privacy protection campaigners’ who never offer any solutions and who do not write any software. We have never EVER been in such a powerful position when it comes to protecting our privacy, and if some of these people spent less time whining and more time contributing to projects that everyone can use to not only protect their privacy, but have more privacy than anyone who lived in the 20th century during the era of the telephone, we would all be in a less dangerous situation. That means educating people about the tools you can use to protect your privacy, contributing to these software and hardware projects, and less complaining and alarm bell ringing without action. Oh yes, they might even try using these tools themselvs. Liberty, for example, does not publish a PGP key. It makes you wonder doesn’t it?

That concern has been reinforced by Google’s $3.1bn bid for DoubleClick, a company that helps build a detailed picture of someone’s behaviour by combining its records of web searches with the information from DoubleClick’s “cookies”, the software it places on users’ machines to track which sites they visit.

HA HA HA!! ‘cookies’ in DOUBLE QUOTES.

The Independent has set SIX cookies on my machine, one of them from Hitbox, who do real time Web Analytics. You FAIL IT. Not only does The Independent use Web Analytics, they are so stupid, that they PAY for the service instead of using Google Analytics!

Advice to ALL newspapers in the UK; always call a geek to fact check these articles BEFORE you publish them. That way you will not look like TOTAL IDIOTS.

The Independent has now learnt that the body representing Europe’s data protection watchdogs has written to Google requesting more information about its information retention policy.

The multibillion-pound search engine has already said it plans to impose a limit on the period it keeps personal information.

Once again, the EU is bringing in or has brought in data retention legislation which is far more important and which should be noted in this section, because it is done COMPULSORILY whereas Google is VOLUNTARY and no one is compelled to use Google.

A spokesman for the Information Commissioner’s Office, the UK agency responsible for monitoring data legislation confirmed it had been part of the group of organisations, known as the Article 29 Working Group, which had written to Google.

It is understood the letter asked for more detail about Google’s policy on the retention of data. Google says it will respond to the Article 29 request next month when it publishes a full response on its website.

The Information Commissioner’s spokeswoman added: “I can’t say what was in it only that it was written in response to Google’s announcement that will hold information for no more than two years.”

YOU CANT MAKE THIS STUFF UP!!!!!

So, they wrote a letter, ostensibly on behalf of the citizens they represent, and CANNOT REVEAL THE CONTENTS OF THE LETTER.

I know who I trust more… GOOGLE. They do not hide what they are doing, unlike these people from ‘the Article 29 Working Group’ (who publish their docs in PDF format for the most part), one previous head of the group being Gran Persson no experience in computers whatsoever. The current head, Peter Schaar is at least qualified; what a pity he does not subscribe to openness! At least there is someone in there who knows what they are talking about. Sadly my german (and my time) are limited, otherwise, I would hunt down the rest of this committee.

Ross Anderson, professor of Security Engineering at Cambridge University and chairman of the Foundation for Information Policy Research, said there was a real issue with “lock in” where Google customers find it hard to extricate themselves from the search engine because of the interdependent linkage with other Google services, such as iGoogle, Gmail and YouTube. He also said internet users could no longer effectively protect their anonymity as the data left a key signature.

I subscribe to FIPR, and paid for that subscription.

Ross is wrong about this. Cambridge University should have a huge software development programme, where they release useful tools under the GPL, and contribute to existing tools to help protect people’s privacy.

It is absolutely useless to complain about iGoogle. Anyone can create tools for the Web. Writely was bought by google. It was written by some coders because they had a cool idea. If you think that Google being in charge of everyone’s docs is a bad thing, then you should organize your own tools that has strict privacy policies in place that protect the user, release it for free under the auspices of the University, and DO SOMETHING ABOUT IT.

It has never been easier to create these tools, and it has never been easier to deploy them. There is no excuse anymore. We can have privacy if we want it, and companies having plans that we object to doesn’t mean that we have to put up with them. We can make our own tools, release them and supplant Google. YouTube did this; they utterly demolished Google Video, and there were only a few of them that put it together. Google itself destroyed InfoSeek and the other first generation search engines. Recent history makes this perfectly clear; we do not have to put up with any objectionable services, and there is no company so big that it cannot be beaten by a few geeks with some free software.

“A lot of people are upset by some of this. Why should an angst-ridden teenager who subscribes to MySpace have their information dragged up 30 years later when they go for a job as say editor of the Financial Times?

I have written about this before; in the future, everyone will agree that what happened in the past is the past. This is the only way that we will be able to live in a world where people leave (either willingly or unwillingly) details of their past thoughts and actions available for all to see. Everyone will understand that, “what I say NOW is what matters, nothing else”.

But there are serious privacy issues as well. Under data protection laws, you can’t take information, that may have been given incidentally, and use it for another purpose. The precise type and size of this problem is yet to be determined and will change as Google’s business changes.”

Once again, the UK is trying to dismantle these laws; THAT is far more important and horrifying than an unexecuted PLAN from Google, and if the UK dismantles its data protection laws, does that mean that Google will be excluded from taking advantage of the changes? In any case, all Google have to do is change their terms of service to allow them to use your data in the ways that they need to; you can then decline if you so choose. Compare and contrast this with the policiy of the UK, where you have NO CHOICE TO REFUSE. Take for example your NHS medical records; they are the property of the Secretary of State, and before you can get them removed from your doctors computer, you have to have permission from The Secretary of State. With Google, if you want to delete your account and all the private, personal, sensitive and confidential data you have put there, all you have to do is close your account, and its all deleted permanently.

Which one is sinister to you?

A spokeswoman for the Information Commissioner said that because of the voluntary nature of the information being targeted, the Information Commission had no plans to take any action against the databases.

At last, some common sense.

Peter Fleischer, Google’s global privacy Ccunsel, said the company intended only doing what its customers wanted it to do.

Unlike the murdering government of Bliar, that ignores the wishes of the electorate every single time.

He said Mr Schmidt was talking about products such as iGoogle, where users volunteer to let Google use their web histories. “This is about personalised searches, where our goal is to use information to provide the best possible search for the user. If the user doesn’t want information held by us, then that’s fine. We are not trying to build a giant library of personalised information. All we are doing is trying to make the best computer guess of what it is you are searching for.”

Simple. Too simple for the fear-mongers and jackasses of this world.

Privacy protection experts have argued that law enforcement agents – in certain circumstances – can compel search engines and internet service providers to surrender information. One said: “The danger here is that it doesn’t matter what search engines say their policy is because it can be overridden by national laws.”

[…]

The Independent (a VERY STUPID newspaper)

Then by all means, write a big article about that, which is a clear abuse, and don’t shoot the people who are merely trying to give you a useful service FOR FREE!

You ungrateful SWINE!

So Sue Me!

Wednesday, May 23rd, 2007

I recently built a new box to serve all my music and movies. It running Ubuntu Feisty Fawn, with all the ‘Silent Bells and Whistles®™‘: 1.2TB of disk space (western digital, 400, 400, 300), Intel Pentium E6300 1.86ghz core 2 duo, new style patented Zalman CNPS9700 LED figure of 8 copper CPU fan with blue led, ABit IB9 motherboard, 1gig OCZ DDR2 high speed memory, DVDR, CDR, Zalman Fatal1ty Champ1on case, Asus EN7600GS Silent Nvidia display card, Antex Truepower power supply.

I have dumped Fedora permanently…its just not worth the hassle. I have transfered all of the data from my legacy drives that were on NTFS and FAT, so we are now 100% Microsoft free.

Which brings us to the recent M$ FUD about Linux infringing 200+ M$ owned patents.

It is, of course, utter bullshit.

We all remember Darl McBride and the baseless attacks on the license under which you are free to use Linux. For months SCO refused to show the sections of the source that it claimed were infringed.

Now Microsoft is claiming that patents it owns are being infringed by Linux, but like SCO, it will not list which patents are being infringed. Microsoft is so terrified of distributions like Ubuntu that they are resorting to these infantile and pathetic tactics to try and scare people off of dumping their bloated garbage for Stuff That Actually Works®. Dell is now shipping Ubuntu. This means that it wont be long before they stop selling computers with Vista; why should they ship Vista when they can deliver a superior product that costs them nothing, and which enhances their hardware offerings far more than Vista does?

Eventually they will build a team that customizes Ubuntu with their own branding. It is a perfect solution for them. Microsoft are in a blind panic over this, which is why they have put out this nonsense media attack instead of going straight to court with the facts.

It has to be pointed out also that even if they did go to court and demonstrate that indeed, Linux distributions infringe, say, their patent on notifying when the other person is typing in an instant message session, these insane and bogus patents only have force in the USA. The EU doesn’t recognize software patents; that means that every linux distro can distribute a fully working OS that doesn’t infringe on the 235 M$ patents but which has an installer that retrieves the missing parts of the OS from servers in the free world. Ubuntu already does this in a seamless and effort free way for codecs that are illegal to distribute in a Linux OS in the USA.

There is now nothing that Microsoft can do about the explosive spread of Desktop Linux. They should have done what they always used to do; ‘embrace and extend‘. If they had rolled their own distribution they would now control the perception of Linux. All desktops in the world would run MS Linux (or Redmond Linux) and they would then be able to sell Office and other proprietary binaries to the punters on their own brand of Linux. Now, they cannot do this. It is too late for them to dump Vista and change tactics…or is it? They could easily offer their own badged versions of Ubuntu and Open office, and then sell them just like they sell their junk OS Vista. What is for certain, is that the tactics they are using now will not stop the march of the penguins. It will only make things worse for them.

Bill Gates is often called a generous philanthropist. This is actually not the case. When you give away something that you have in abundance, in this case, money, it has no real meaning in terms of generosity. Money for Gates has no value. He is giving away literally nothing, since his money has no value to him.

If he were a true philanthropist, if he were truly generous, and was making a true sacrifice, he would give away his dominance of the desktop for the good of humanity, since every M$ OS since Winblows 3.1 has been a menace to society. By adopting Linux, The Cathedral and the Bazaar Open Source and the Gnu Public License he would be actually performing an act of sacrifice, and helping the world by giving away something that means everything to him – power.

This does not mean that Microsoft would stop making money; indeed there is no reason to suppose that they would not be able to maintain their profitability; they can still sell Office and all their other gunk, only it would all run on a stable platform instead of bloated garbage. Its a no brainer. They would also be able to steer the way the Linux world works by contributing code. The fact of the matter is, corporate types are as thick as shit, and they would rather buy Linux from M$ than take Ubuntu for free. M$ would be able to maintain their position, neutralize the linux threat, take advantage of ‘owning’ a better OS…its pretty obvious.

But I digress.

Gates is no generous Philanthropist, that is for sure, and it doesn’t matter how much money he gives away or what it is worth to other people. His actions in this pathetic patent infringement threat show what his true nature is; venal, evil and against humanity, and no amount of good works will balance this out.

If you run Linux, or get your email from a server that runs Linux, you should sign up to be sued by Microsoft:

Why I am offering to be sued

I believe that Microsoft is hurting competition on the desktop, which affects me directly as a consumer of desktop software. I believe it is for the good of society for Microsoft’s patent claims to be tested in a court of law. If Microsoft wins, then so be it. If Microsoft loses, then the rest of us can get on with creating innovative business models for desktop software. I am not challenging Microsoft this way because I hate Microsoft. I don’t admire their software, nor do I admire their business models, but I am not challenging them because I want to sink their ship or damage their business or harm their reputation. I am really only interested in seeing whether their claims have any merit, which I think is probably not the case.

The other reason that I am offering to be sued and encouraging others to offer to be sued is that we will have the chance to show the world how many people really use Free Open Source Software directly on the desktop. Of course, all of us use Free Open Source Software when we use Google or YouTube or Wikipedia or Yahoo or the Internet Archive, because all of these companies use Free Open Source Software as an important part of delivering their services. And if Microsoft’s threat just hangs like a dark cloud over all that innovation, we will all be the worse off for it. But I am talking about us uniting on one list to show the world how many institutions and individuals use Free Open Source Software.

Maybe this list will never go anywhere. On the other hand, it will be fun to try!

So c’mon, Microsoft. If I infringed your patents, show me. After all, I am one of the members of a distributed team of film makers who is trying to document the real world digital tipping point that is probably pushing you to rattle the litigation saber anyway, and I am attempting to use all Free Open Source Software tools to do so. If you can shut me up, all the better for you!

And that is why.

Illegal Numbers

Wednesday, May 2nd, 2007

Publishing this number is illegal in the USA, because it’s something of a commercial secret used to protect copyrights:

09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0

or, decimal if you prefer:

13,256,278,887,989,457,651,018,865,901,401,704,640

or get it on a t-shirt (from the USA).

This number is the HD-DVD encryption key. If you know how to do it, it’s possible to decrypt HD-DVD disks with this key, making them copyable, downloadable or whatever. As you might expect, there are lawsuits abound over the pond at the moment.

[…]

Snarfed from Coofercat

All multimedia files on a computer can be represented as numbers or sums of numbers.

That means that you would have to make the publishing of numbers or certain mathematical operations illegal to protect peoples’ copyright.

That is clearly insane.

Numbers belong to everyone, and all possible numbers and sums and mathematical operations pre date the very existence of man. None of them are novel or new, and hence, none of them can be copyrighted. If your movie inevitably divides down into a simple sum, that is just the tough luck of numbers.

The only way to protect your movie from pristine copying over the internets is to distribute it on 35mm film to cinemas. If it is never digitized then it will never exist as a number that can be copied and which can never be protected.

The REALLY REAL reason Google bought YouTube

Monday, April 9th, 2007

Now that YouTube has money behind it, Google can expect legal action from a whole bunch of people… some of it justified.

That was truly insightful, at least for me.

Google’s core business model revolves around “fair use” and similar provisions of copyright law. I think they are most vulnerable in this area– look at Belgium. So Google needed to buy YouTube for a couple of reasons related to this.

The first is because YouTube’s business model also revolves around many of the same “fair use” provisions, and if YouTube loses its upcoming court cases, the fallout could fatally poison Google’s business model. It would be very hard for Google to immunize itself from any judgments against YouTube that changed the interpretation of copyright law. Purchasing YouTube allows Google to directly counter such an attack with all its resources. It also decreases the likelihood of such an attack, since all the ambulance chasers who were smacking their lips in anticipation of an easy meal from YouTube’s carcass are now slinking away, looking for easier prey that won’t be able to fend them off for years with delaying tactics.

The other reason that occurs to me is that the most important part of strategizing any conflict is choosing your battlefield carefully. Google is under constant threat of serious litigation over copyright concerns. Google has just bought a battlefield where these litigations can be played out, that is comfortably distant from the fields of green where Googles’ cash cows graze.

I expect that Google is developing the muscles it needs to directly influence copyright legislation, and I expect it is also going to be increasingly influential in copyright litigation as well (intervening with friend of the court briefs, etc). This all seems to be part of Google’s mission statement: [google.com] “Google’s mission is to organize the world’s information and make it universally accessible and useful.”

[…]

Scribd

FireGPG: Use GPG with Gmail!

Saturday, April 7th, 2007

FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of a text in any web page using GnuPG.

[…]

http://firegpg.tuxfamily.org/index.php?page=home&lang=en

Its about time.

If you use this with Gmail, no matter what happens, no one can read your email on the server. Not that Google will do that of course.

Quite why Google didnt do this themselves is a good question. They have the expertise, and the understanding to do it. Certainly the Bad Guys® would discourage them from releasing a tool like this to all Gmail users; it would mean email messages going dark to ECHELON, and then the sky falling.

New 20 pound note

Wednesday, March 28th, 2007

Interested in the facts behind the new twenty pound note? You need to listen to these two clips:

[…]

http://mises.org/money/2s5.asp

We can have ‘win-win’ on security vs. privacy, says Academy

Monday, March 26th, 2007

People think there has to be a choice between privacy and security; that increased security means more collection and processing of personal private information. However, in a challenging report to be published on Monday 26 March 2007, The Royal Academy of Engineering says that, with the right engineering solutions, we can have both increased privacy and more security. Engineers have a key role in achieving the right balance.

One of the issues that Dilemmas of Privacy and Surveillance – challenges of technological change looks at is how we can buy ordinary goods and services without having to prove who we are. For many electronic transactions, a name or identity is not needed; just assurance that we are old enough or that we have the money to pay. In short, authorisation, not identification should be all that is required. Services for travel and shopping can be designed to maintain privacy by allowing people to buy goods and use public transport anonymously. “It should be possible to sign up for a loyalty card without having to register it to a particular individual – consumers should be able to decide what information is collected about them,” says Professor Nigel Gilbert, Chairman of the Academy working group that produced the report. “We have supermarkets collecting data on our shopping habits and also offering life insurance services. What will they be able to do in 20 years’ time, knowing how many donuts we have bought?”

Another issue is that, in the future, there will be more databases holding sensitive personal information. As government moves to providing more electronic services and constructs the National Identity Register, databases will be created that hold information crucial for accessing essential services such as health care and social security. But complex databases and IT networks can suffer from mechanical failure or software bugs. Human error can lead to personal data being lost or stolen. If the system breaks down, as a result of accident or sabotage, millions could be inconvenienced or even have their lives put in danger.

The Academy’s report calls for the government to take action to prepare for such failures, making full use of engineering expertise in managing the risks posed by surveillance and data management technologies. It also calls for stricter guidelines for companies who hold personal data, requiring companies to store data securely, to notify customers if their data are lost or stolen, and to tell us what the data are being used for.

“Technologies for collecting, storing, transmitting and processing data are developing rapidly with many potential benefits, from making paying bills more convenient to providing better healthcare,” says Professor Gilbert. “However, these techniques could make a significant impact on our privacy. Their development must be monitored and managed so that the effects are properly understood and controlled.” Engineering solutions should also be devised which protect the privacy and security of data. For example: electronic personal information could be protected by methods similar to the digital rights management software used to safeguard copyrighted electronic material like music releases, limiting the threat of snooping and leaks of personal data.

The report also investigates the changes in camera surveillance – CCTV cameras can now record digital images that could be stored forever. Predicted improvements in automatic number-plate recognition, recognition of individual’s faces and faster methods of searching images mean that it may become possible to search back in time through vast amounts of digital data to find out where people were and what they were doing. The Royal Academy of Engineering’s report calls for greater control over the proliferation of camera surveillance and for more research into how public spaces can be monitored while minimising the impact on privacy.

The public will be able to find out more about this report and have their say at a free evening event at the Science Museum’s Dana Centre in London on Tuesday 27 March.

“Engineers’ knowledge and experience can help to ‘design in privacy’ into new IT developments,” says Professor Gilbert. “But first, the government and corporations must recognise that they put at risk the trust of citizens and customers if they do not treat privacy issues seriously.” […]

http://www.raeng.org.uk/news/releases/shownews.htm?NewsID=378

And by engineers, this report had better be talking about software engineers, because it is precisely these people who are teh (yes, ‘teh’) architects of the solutions that can either enhance our lives or completely enslave us.

I am talking about Phil Zimmerman, Dr. David Chaum, Whitfield Diffie and all the other cryptographers and developers who have been working on this since the early 90’s. The software already exists to create an information ecosystem based on anonymity and authorization; the problem is that the legislators and to a certain extent the vendors are computer illiterates who have never even heard of Public Key Cryptography, let alone understand what it really means and what it can do to secure documents while keeping our information private.

Chaumian Ecash is a perfect example of this. Had it come about at the right time, we might all be using a version of PayPal that was actually cash like, i.e., anonymous, secure and instant on a peer to peer basis. Instead and for the moment, we are stuck with the reviled PayPal which is the complete opposite of a cash like system, that is very large, but also reviled, where there is no privacy at all.

Like I demonstrated with my system for a better passport, there are better ways to improve document security. This thinking can spread to all other areas of authentication and transacting so that we can keep our privacy and also have all the benefits of remote transacting and databases.

An idiot writes

Monday, March 26th, 2007

If you have 2 decades experience that a product is rubbish, should anyone care that you get frustrated after buying a new version and it turns out to be rubbish? Yet Again.

Dear Bill Gates

First, the apology. Having complained here on 6 February that your new Vista operating system was driving me bonkers, it would have been polite to give you an update before now.

gates203_afp.jpgAnd had I been a little less self-obsessed, I would have commiserated with you for the wobble in your share price a few weeks ago when your chief executive warned that Wall Streets estimates of revenues from Vista in the coming year were over the top (though analysts still expect Vista to generate comfortably over $15bn of sales in the year from June 2007).

15 billion dollars for a broken, pointless product that doesn’t meet any user expectations. There’s one born every minute, and Bill Gates has persuaded them all to buy Windoze.

But in delaying my progress report, I gave you the benefit of the doubt. I assumed that Vista would soon become compatible with the assorted tools of my trade, so I could write you a belated note of congratulation.

In fact my Vista experience has gone from bad to worse. One of your engineers has informed me that my HP iPAQ PocketPC will never be compatible with Vista, even though the software it runs is Microsoft software. Hey ho. Thats an expensive and serviceable bit of kit written off prematurely.

Hey Ho?!! Bleet bleet.

Your engineer has however held out the tantalising prospect that Olympus may produce new drivers such that I would eventually be able to transfer sound files from my digital voice recorder to my new Vista laptop. But so far, those drivers are proving a bit elusive and my digital recorder may also become redundant.

Fool me once, shame on you. Fool me twice, shame on me. Fool me repeatedly over decades, expose me as a lobotomised sheep with blinkers and an addiction to being fooled.

But as economists say, theres no point in obsessing over spilt milk. However, heres what almost sent me over the edge this weekend.

I installed Office XP on my new laptop, and have been puzzled and irked that Outlook will not save sign-on passwords. It means I have to type in my passwords every time I check my e-mail accounts for new mail.

For weeks Ive been investigating possible fixes to this annoying glitch. But yesterday I came across an explanation from someone called the Microsoft AppCompat Guy, on Microsofts discussion forum for General Windows Vista Development Issues.

This is what AppCompat Guy says: This was a difficult deliberate choice. During the development of Vista, it was discovered that the password storage algorithm used by Outlook was too weak to protect your data from future, potential attacks. Both the security and application compatibility teams decided that protecting your data outweighed the inconvenience of having to retype your passwords. As the appcompat representative, I can assure you this was not a decision we took lightly

vista203_pa.jpgSo just to be clear, Microsoft has created a new operating system that isnt properly compatible with a best-selling, still perfectly useable version of its own software. Which of course provides quite a powerful incentive for me to spend up to 99.99 on upgrading to Microsoft Outlook 2007 except that in my current mood, Id rather stick pins in my eyes.

“quite a powerful incentive for me to spend up to 99.99 on upgrading to Microsoft Outlook 2007”

WHAT!??!?! After paying for a broken product (for no good reason) which mothballs your perfectly good hardware, you are willing to pay MORE money in the vain hope that it will be OK in the end. Baa!

Ladies and gentlemen, this is “Robert Peston, the BBC’s business editor. This blog is my regular take on the business stories and issues that matter.” Would you trust this man to make a single good busines edition, when he repeatedly proves himself to be an imbecile, incapable of rational business thought in his personal spending habits, cannot evaluate product cost vs benefit, and does not appear to have looked at alternatives. And then wants to apologise for having slightly bad thoughts about the product.

Here he goes again:

In a way youre to be congratulated. Vista should provide a significant boost to Microsofts cash flow, from sales of the basic operating system and sales of new versions of other Microsoft software, like Outlook, that are presumably designed to work brilliantly with it. Also therell be incremental revenue for the whole computer industry, as customers like me are forced to replace accessories like my HP PDA, which has been Vistad into obsolescence.

NOBODY has ‘forced’ him to replace his version of XP with Vista. Nobody has forced him to use windows at all. It is only the fault of him (and millions like him) who are M$addicts, too stupified to see the alternatives.

To put it in personal terms, the 650 I spent to replace a dead laptop may lead me to spend a further 400 or so, just so that I can continue to do with my laptop what I expect to be able to do with it.

All of which sounds like good news for you and the IT industry in general.

Except that Im left with the uneasy feeling that Ive been ever-so-elegantly mugged. Presumably theres no connection between your recent sales downgrade and what you might call the negative goodwill generated for customers like me.

Hasta la vista, as they say

That ‘negative goodwill’ has got him spending over 1000 quid on stuff he doesn’t need, and probably won’t work as he requires.

What a business! Never underestimate the stupidity of the general public. Or of BBQ editors, by the look of it.

Adderuppa Now Testing

Tuesday, March 20th, 2007

Adderuppa, a new app to help you keep track of time is now online: www.adderuppa.com. While its being tested out, you can try it for free. Please let us know what you think of it!