Quotulatiousness

August 21, 2012

Verity Stob learns to love IPv6

Filed under: Humour, Technology — Tags: , — Nicholas @ 08:45

A love story, of sorts:

Somewhere in the near future…

There were more than 50 people in the room, so it was hot and airless, and it smelled of stale sweat. Government-sponsored crisis posters, tatty and torn, were sticky-taped to the yellowish walls. One urged its readers: ‘Don’t let your selfishness come between little Johnny and his Wikipedia’, another enquired: ‘Do you NATter with your Neighbours? Don’t squander the nation’s resource!’

(The latter effort was illustrated with a carefully posed photo of a beaming, bosomy Minister for IT Conservation encouraging a weedy-looking Everybloke to plug his laptop into her generously exposed router socket. The photo had recently acquired a pleasing piquancy. This same Minister had been caught selling a bunch of government-owned IP addresses, supposedly earmarked for use in schools for the next generation of Olympic heroes, to the International Bank of Fatcat and Taxhavenia.)

Under the flickering fluorescent lighting, a shuffling, miserable queue of the desperate and the hopeless zigzagged towards the bullet- sound- and Windolene-proof glass of the counter. At the front of the queue was me.

The official behind the glass pursed his lips, flicked my carefully filled-in paperwork to one side with disdain, and leaned forward to speak into his goose-neck microphone…

August 8, 2012

How British libel laws work (and why Jimmy Wales is wrong about them)

Filed under: Britain, Law, Media — Tags: , , , , — Nicholas @ 09:54

Tim Worstall explains that Jimmy Wales misunderstands what British libel laws really mean for publishers (and bloggers) in other countries:

The libel law of England and Wales is rather different from many other countries, yes. It’s a lot harder to defend against a charge there, damages are higher than in most other jurisdictions and so on. However, that isn’t the important point. What drags you into that jurisdiction is not where your servers are. Nor where the people who prepared the material, where it was uploaded nor where the company is located. What matters is where was the person reading it located?

Please note, this applies to us all. In all jurisdictions the result is the same. It applies to corporate websites, to blogs, to Wikipedia, to everyone. It is a generally accepted legal rule that publication of digital information takes place where it is read, not where it is “published”. The general logic is that at one point there is a copy on the server somewhere. Then, someone downloads it into a browser window in order to read it. At this time there are two copies, on in the browser, one on the server. This creation of a second copy is therefore publication. And that publication takes place in the jurisdiction of the reader, not anywhere else.

[. . .]

Thus Wikipedia not having servers in the UK, not being a UK corporation or charity, does not protect it from English libel laws. None of us are so protected from them, we are liable under them if as and when someone in England and Wales reads our pages.

[. . .]

But as I say, it is still true that jurisdiction on the internet depends upon where the reader is, not the producer or the servers. It’s not a happy thought that we’re now subject to 200 off legal jurisdictions every time we post something but it is true.

July 12, 2012

Säkerhetsbloggen does some preliminary analysis of Yahoo’s 453,000 leaked passwords

Filed under: Technology — Tags: , , , , , — Nicholas @ 10:01

As we’ve noticed before, there are lots of really, really bad passwords in use:

Recently, Ars Technica reported about a leak by “D33ds Company” of more than 450.000 plain-text accounts from a Yahoo service, which is suspected to be Yahoo Voice.

Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account.

[. . .]

Total entries = 442773
Total unique entries = 342478

Top 10 passwords
123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Other bits of password-related idiocy are here.

July 10, 2012

Does “Rule 34” have an exception after all?

Filed under: Cancon, Humour, Media — Tags: , , , — Nicholas @ 09:58

Kathy Shaidle may have found the only known exception to Rule 34:

Since women (and not a few men) obviously love a man in uniform, where is all the porn featuring the Royal Canadian Mounted Police?

Dirty cops are an X-rated staple, and “the UPS guy” has almost driven the once-ubiquitous “mailman” out of the porn business.

Even Nazis get to go where Mounties fear to tread. Those sleek black (Hugo Boss-designed) SS getups can get under even the most surprising skins: During the Eichmann trial in Israel, “Stalag” porn became Über-popular sexual samizdat.

So this slightly put-out Canuck wonders: What’s wrong with the RCMP, eh? Their uniforms are pretty sharp, too. And Due South fandom was rabid.

Yet there’s a distinct Mountie-porn void, one that violates a law of the Internet — “Rule 34” to be exact, which declares, “If it exists, there is porn of it.”

July 6, 2012

This might be damage that even the Internet can’t route around

Filed under: Law, Liberty, Media, Technology, USA — Tags: , , , — Nicholas @ 12:50

Tim Worstall on the worst-case interpretation of a recent legal decision in the US courts:

… we now have a ruling that websites are a place of public accommodation under the Americans with Disabilities Act. If this ruling holds then this really will break the internet and web as we have come to know it.

The case is discussed here.

    The case involves a Cyberlaw perennial: are websites obligated to comply with the Americans with Disabilities Act (the ADA)? In this case, the desired accommodation is close-captioning for Netflix-streamed video. If websites must comply with the ADA, all hell will break loose. Could YouTube be obligated to close-caption videos on the site? (This case seems to leave that door open.) Could every website using Flash have to redesign their sites for browsers that read the screen? I’m not creative enough to think of all the implications, but I can assure you that ADA plaintiffs’ lawyers will have a long checklist of items worth suing over. Big companies may be able to afford the compliance and litigation costs, but the entry costs for new market participants could easily reach prohibitive levels.

[. . .]

The place of publication is where the reader is, where the browser through which the site is being viewed. Thus would mean that any foreign website which an American might want to read (say, my personal blog) would become subject to the rules and restrictions of the ADA. And believe me, the 6.7 billion people who are not Americans are not going to put up with that. We might all ignore the law, or we might try and ban access from the US (or more alarmingly, ISPs might be told to do so). Or possibly be subject to the tender ministrations of an ambulance chasing lawyer.

July 5, 2012

What do software developers and predatory bankers have in common?

Filed under: Business, Technology — Tags: , , , , , — Nicholas @ 09:02

In his regular column at The Register, Matt Asay points out that using another company’s API can be a quick and easy way to get going, but it carries significant risks:

In tech today, it has become a truism that “if you’re not paying for it, you’re the product”. Somehow we have applied this wisdom to consumers without recognising that the same principle applies to enterprises and their developers. Recently, however, Netflix and LinkedIn have reminded us just how precarious it is to build on someone else’s platform — or API.

Paul Graham, one of the founders of Y Combinator, has described APIs as “self-serve [business development]”. It’s a great story: open and document your API and watch a thousand businesses bloom, bringing you cash and legitimacy. All of which may be true, if done correctly.

But the other side of Graham’s “business development” is the difficulty of predicting the business planning on the other side of the API. Twitter was pretty free with API access in its early days when it was seeking adoption rather than income. Now that the company has grown up and continues to tighten its grip on how and where users interact with tweets, Twitter terminated its tweet syndication partnership with LinkedIn and has promised to clamp down even more tightly on how developers use its API. Twitter is doing this because it can, as professor Joel West points out, but also because it must: its advertising business depends upon it.

So where’s the banking similarity come in?

There’s one other thing to consider, as venture capitalist Bill Davidow opines in The Atlantic, and that is the very real possibility that this API mercantilism is a sign of how the technology world is changing, and not for the better:

    At both Hewlett-Packard and Intel, where I next worked, money was important — but it wasn’t the top priority. The goal was to do the right thing and do it well. If you did that, over time, rewards followed and shareholders supported your efforts…

    Many other things have changed in the valley over the past five decades. I’ve become increasingly concerned about one thing that is seldom discussed: the valley is no longer as concerned about serving the customer, and even sees great opportunity in exploitation. We are beginning to act like the bankers who sold subprime mortgages to naïve consumers…

Or sold developers subprime APIs?

Cisco “updates” consumer routers to allow tracking of internet usage, automatic bricking for terms & conditions violations

Filed under: Law, Liberty, Technology — Tags: , , , , , , — Nicholas @ 08:08

If you have a modern Cisco or LinkSys router on your home network, you may have just given up a significant amount in the last “update” the company distributed. ESR has the details:

For those of you who have missed the news, last a few days Cisco pushed a firmware update to several of its most popular routers that bricked the device unless you signed up for Cisco’s “cloud” service. To sign up, you had to agree to the following restrictions:

    When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); internet history; how frequently you encounter errors on the Service system and other related information (“Other Information”).

So in order to continue using the hardware you bought and paid for and own, you have to agree to let Cisco snoop your browser history and monitor your traffic — a clickstream they would of course instantly turn around and sell to advertising agencies and other snoops. Those terms are so loose (“including but not limited to”) that they could legally read your email and sell that data too.

Disgusted enough yet? Wait, it gets better. The cloud terms of service also includes this gem:

    You agree not to use or permit the use of the Service: (i) to invade another’s privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another’s rights, including but not limited to any intellectual property rights; (iv) to upload, email or otherwise transmit or make available any unsolicited or unauthorized advertising, promotional materials, spam, junk mail or any other form of solicitation; (v) to transmit or otherwise make available any code or virus, or perform any activity, that could harm or interfere with any device, software, network or service (including this Service); or (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.

Translated out of lawyerese, this gives Cisco the right to brick your router if you use it to view anything Cisco considers pornography, or do anything that it might consider IP theft — like, say, bit-torrenting a movie. Or even if you send anything it considers unsolicited advertising — which doesn’t have to mean bulk spam, see “any other form of solicitation”?

The sum of these paragraphs is: “We control your digital life. We can spy on you, we can filter your traffic, we can cut off your net access unilaterally if you do anything we don’t like, and you have no recourse.”

The idea of replacing your router with one that can load and run an open source rather than proprietary system just became a lot more enticing (such things do already exist, although not for all routers).

June 18, 2012

New proposal: HTTP Error Code 451 to indicated “content censored by authorities”

Filed under: Government, Law, Liberty, Media, Technology — Tags: , , — Nicholas @ 14:04

Kevin Fogarty at PC World looks at a new HTTP error code proposal:

A high-profile Google developer has proposed that the Internet Engineering Task Force (IETF) that it endorse a new HTTP Status Code to warn readers the page they’re looking for has been censored by authorities, according to TheVerge.

Tim Bray, who co-invented XML and works as Android Developer Advocate at Google, is submitting a proposal that pages censored by someone other than the owner of the site or of the user’s local network display the error code “451 Unavailable for Legal Reasons.”

The number in the code is a reference to Ray Bradbury’s “Farenheit 451,” which describes a dystopian future in which book burnings and the censorship of unacceptable material is routine. Google already highlights search terms that may return censored results, in some countries.

The wins and losses in the C-11 copyright reform bill

Filed under: Books, Cancon, Law, Liberty, Media — Tags: , , , , — Nicholas @ 10:14

Michael Geist on the good and the bad aspects of bill C-11 which will probably pass third reading today in the House of Commons and be sent to the Senate for approval:

There is no sugar-coating the loss on digital locks. While other countries have been willing to stand up to U.S. pressure and adopt a more flexible approach, the government, led by Canadian Heritage Minister James Moore on the issue, was unwilling to compromise despite near-universal criticism of its approach. It appears that once Prime Minister Stephen Harper made the call for a DMCA-style approach in early May 2010, the digital lock issue was lost. The government heard that the bill will hurt IP enforcement, restrict access for the blind, disadvantage Canadian creators, and harm consumer rights. It received tens of thousands of comments from Canadians opposed to the approach and ran a full consultation in which digital locks were the leading concern. The NDP, Liberals, and Green Party proposed balanced amendments to the digital lock rules that were consistent with international requirements and would have maintained protection for companies that use them, but all were rejected. [. . .]

Since the Conservatives took power in 2006, there were effectively four bills: the Pre-Bill C-61 bill that was to have been introduced by Jim Prentice in December 2007 but was delayed following public pressure, Bill C-61 introduced in June 2008, and Bill C-32/C-11, which was introduced in June 2010 (and later reintroduced in September 2011). The contents of December 2007 bill was never released, but documents obtained under the Access to Information Act provide a good sense of what it contained (a call was even scheduled on the planned day of introduction between Prentice and U.S. Ambassador David Wilkins to assure the U.S. that digital locks were the key issue and would not be altered). This chart highlights many of the key issues and their progression over the years as the public became increasingly vocal on copyright:

Issue Pre-Bill
C-61 (2007) 		Bill C-61
(2008) 		Bill C-11
(2012)
Fair Dealing Expansion No No Yes (education, parody, satire)
Format Shifting No Limited (only photographs, book,
newspaper, periodical, or videocassette) 		Yes (technology neutral, no
limit on number of copies, includes network storage, and no reference
to contractual overrides)
Time Shifting No Limited (no network PVRs,
Internet communications) 		Yes (C-61 limitations removed)
Backup Copies No No Yes
User Generated Content Exception No No Yes
Statutory Damages Cap No Limited ($500 cap for
downloading) 		Yes (Max of $5000 for all
non-commercial infringement)
Enabler enforcement provision No No Yes
Internet Publicly Available
Materials Exception for Education 		Yes Yes Yes
Public Performance in Schools No No Yes
Technology Neutral Display
Exception in Schools 		No No Yes
Limited Distance Learning
Exception 		Yes Yes Yes
Limited Digital Inter-Library
Loans 		Yes Yes Yes
Notice-and-Notice Yes Yes Yes
Notice-and-Takedown No No No
Three Strikes//Website Blocking No No No
Internet Location Tool Provider
Safe Harbour 		Yes Yes Yes
Broadcaster Ephemeral Change No No Yes
Expanded Private Copying Levy No No No
Commissioned Photograph Change Yes Yes Yes
Alternate Format Reproduction No No Yes

[. . .]

Public engagement on copyright continuously grew in strength – from the Bulte battle in 2006 to the Facebook activism in 2007 to the immediate response to the 2008 bill to the 2009 copyright consultation to the 2010 response to Bill C-32. While many dismissed the role of digital activism on copyright, the reality is that it had a huge impact on the shape of Canadian copyright. The public voice influenced not only the contents of the bill, but the debate as well with digital locks the dominant topic of House of Commons debate and media coverage until the very end. Bill C-11 remains a “flawed but fixable” bill that the government refused to fix, but that it is a significantly better bill than seemed possible a few years ago owes much to the hundreds of thousands of Canadians that spoke out on copyright.

Legal pratfalls ensue

Filed under: Law, Liberty, Media, USA — Tags: , , , , , — Nicholas @ 09:33

Scott H. Greenfield at the Simple Justice blog on how the legal equivalent of “two 12-year-olds rolling in the mud” morphed into a lawyer beclowning himself in an epic fashion:

But Matthew Inman, who does the Oatmeal, put the lawyer Charles Carreon’s letter demanding $20k on the web, with his own special touches, in a masterful response, one aspect of which was that rather than succumb to Carreon’s demand, he would raise some money for charity.

[. . .]

Three things to note: First, Carreon started suit in his own name, not that of his client, which suggest that this is for the wrong done him by the mean children of the internet. Second, he’s sued not only Inman, apparently for “incitement to cyber-vandalism,” but the Indiegogo, which handles charitable collections, as well as the two charities to whom Inman’s collection goes.

This is nuts. For a fellow who foolishly stepped in shit, he’s doubled quadrupled down. My guess is that he’s included the charities as stakeholders or beneficiaries of Inman’s actions, and wants the money collected to go to him rather than to fighting cancer or saving bears. He wants money collected to fight cancer to go to him instead. It’s unthinkable [that] anyone could do such a thing.

May 15, 2012

Nerd politics: problems and opportunities

Filed under: Government, Liberty, Politics, Technology — Tags: , , , , , , — Nicholas @ 00:08

Cory Doctorow in the Guardian on the current state of “nerd politics:

In the aftermath of the Sopa fight, as top Eurocrats are declaring the imminent demise of Acta, as the Trans-Pacific Partnership begins to founder, as the German Pirate party takes seats in a third German regional election, it’s worth taking stock of “nerd politics” and see where we’ve been and where we’re headed.

Since the earliest days of the information wars, people who care about freedom and technology have struggled with two ideological traps: nerd determinism and nerd fatalism. Both are dangerously attractive to people who love technology.

In “nerd determinism,” technologists dismiss dangerous and stupid political, legal and regulatory proposals on the grounds that they are technologically infeasible. Geeks who care about privacy dismiss broad wiretapping laws, easy lawful interception standards, and other networked surveillance on the grounds that they themselves can evade this surveillance. For example, US and EU police agencies demand that network carriers include backdoors for criminal investigations, and geeks snort derisively and say that none of that will work on smart people who use good cryptography in their email and web sessions.

But, while it’s true that geeks can get around this sort of thing — and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers — this isn’t enough to protect us, let alone the world. It doesn’t matter how good your email provider is, or how secure your messages are, if 95% of the people you correspond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions.

[. . .]

If people who understand technology don’t claim positions that defend the positive uses of technology, if we don’t operate within the realm of traditional power and politics, if we don’t speak out for the rights of our technically unsophisticated friends and neighbours, then we will also be lost. Technology lets us organise and work together in new ways, and to build new kinds of institutions and groups, but these will always be in the wider world, not above it.

May 11, 2012

Britain’s government websites under attack

Filed under: Britain, China, Government, Technology — Tags: , , , — Nicholas @ 09:06

Perhaps I’m just cynical, but I had expected that any government website would need to be “hardened” against attack. The British government’s many official websites have indeed been undergoing attacks for quite some time:

The British Ministry of Defense has admitted, for the first time, that it is under heavy attack by hackers. It was also revealed that some of these attacks had succeeded. The good news is that the military is becoming more aggressive and imaginative in dealing with Cyber War defense. China was not directly accused of being behind any of these attacks, but it was mentioned that there are now discussions underway with the Chinese on the matter. All this is an old problem.

Last year, Britain went public to report a higher number of Internet based attacks. The report noted that the emphasis was now on economic assets. This included technology and business plans. For example, the Foreign and Commonwealth Office was under heavy cyber-attack for several months, apparently in an effort to obtain secret details of government plans and techniques for supporting British exports. Government Internet security officials were making all this public to encourage British firms to increase their Internet security.

All this was nothing new. Two years ago Britain’s domestic intelligence service, MI5, went public with numerous charges of Chinese Internet based espionage. MI5 accused China of using both agents and hacker software, to obtain secrets from specific companies and government organizations. This approach had Chinese personnel approaching specific British businessmen at trade shows, and offering gifts, like a thumb drive loaded with hidden hacker software that will load itself on to the victim’s PC and seek out valuable information. Internet based attacks, traced back to China, continue to send real looking email that has an attachment containing another of those stealthy hacker programs that seek out secrets, or even quietly take over the user’s PC. Three years ago, MI-5 sent alerts to major corporations warning them of similar attacks and advising increased security of their data.

May 2, 2012

We must make internet freedom the new “third rail” of politics

Filed under: Government, Liberty, Politics, USA — Tags: , , , , , — Nicholas @ 08:05

L. Neil Smith on the most recent attempt by the US government to get formal control over the internet:

After many previous attempts on the part of different groups for a variety of reasons, the United States House of Representatives has passed a bill that could result in the destruction of freedom on the Internet.

And the erasure of the First Amendment.

I won’t bother you with this week’s misleading acronym for such an atrocity. This specimen is likely to fail in the Senate — because it doesn’t go nearly as far in muzzling each of us as that “parliament of whores” wants it to. The Faux President declares he will veto it, but we’ve heard that before from a criminal imposter who couldn’t move his mouth to speak the truth if his life depended on it — because he couldn’t recognize the truth if it came up to him and pissed in his ear.

What I will tell you is what a lifetime of fending off similar assaults on the Second Amendment — and the unalienable individual, civil, Constitutional, and human right of every man, woman, and responsible child to obtain, own, and carry weapons — has taught me. I know what has to be done now, and what will happen if we don’t do it.

First, don’t be relieved or satisfied if this particular bill doesn’t pass this time. Others will be introduced, one after another, until they wear down our resistance, unless we make every attempt cost them something they can’t afford to lose. We must make our freedom to communicate a political “third rail” and aim for nothing less than total eradication of the very notion of censoring the Internet in any way.

April 30, 2012

Twitter’s “Red Guard” of flag-spam abusers

Filed under: Media, Politics, Technology — Tags: , , , — Nicholas @ 12:56

Some nasty tricks being played by some Twitter users, abusing the report feature that is supposed to help cut down on spam posts to attempt to shut down opinions they find offensive:

Shortly after their video “If I Wanted America to Fail” went viral, Free Market America found themselves kicked off Twitter, a popular social media resource that allows users to post very short messages. After a few hours of confusion, their account was reinstated.

This past Sunday, the Twitter account of Chris Loesch, husband of conservative pundit Dana Loesch, was abruptly shut down. After a massive outcry, and the creation of a Twitter topic called “#FreeChrisLoesch” that swiftly became one of the hottest “hash tags” on the network, Chris’ account was reactivated… for a couple of hours. By Monday morning, he was gone again, after his account was restored and removed several more times.

What did Free Market America and Chris Loesch do to warrant suspension? After all, people like Spike Lee and Roseanne Barr flagrantly, openly, defiantly violated Twitter’s terms of service, and put human lives in jeopardy, by distributing personal information about George Zimmerman, the shooter in the Trayvon Martin case. Their accounts have not been suspended. What violation of Loesch’s compares to using Twitter to target someone for assault by an angry mob — and, for that matter, sending the mob to the wrong address?

These suspensions were apparently the work of “flag spammers,” digital brown shirt gangs that make coordinated attacks to silence conservative voices by abusing Twitter’s spam flagging feature. Al Gore coined the term “digital brown shirts” to describe the online squadrons supposedly unleashed to “harass and hector any journalist who is critical of the President.” Of course, he was talking about President Bush, and there weren’t any actual “digital brown shirts” at the time, but this is precisely the sort of behavior he was describing.

April 28, 2012

Charles Stross analyzes the economic and technical arguments for removing DRM on ebooks

Filed under: Books, Business, Economics, Media — Tags: , , , — Nicholas @ 00:08

A post at Charles Stross’s blog from earlier this week, when Macmillan announced that they were removing DRM from their ebook lines:

After I recommended that the major publishers drop mandatory DRM from their ebook products, I realized that my essay had elided a bunch of steps in my thinking, and needed to reconsider some points. Then I realized that it’s not a simple, straightforward argument to make. Consequently, I ended up writing another essay, although I’ve tried to summarize my conclusions below.

First, my conclusions:

1. The rapid current pace of change in the electronic publishing sector is driven by the consumer electronics and internet industry. It’s impossible to make long term publishing plans (3-10 years) without understanding these other industries and the priorities of their players. It is important to note that the CE industry relies on selling consumers new gadgets every 1-3 years. And it is through their gadgets that readers experience the books we sell them. Where is the CE industry taking us?

2. Dropping DRM across all of Macmillans products will not have immediate, global, positive effects on revenue in the same way that introducing the agency model did …

3. However, relaxing the requirement for DRM across some of Macmillans brands will have very positive public relations consequences among certain customer demographics, notably genre readers who buy large numbers of books (and who, while a minority in absolute numbers, are a disproportionate source of support for the midlist).

4. Longer term, removing the requirement for DRM will lower the barrier to entry in ebook retail, allowing smaller retailers (such as Powells) to compete effectively with the current major incumbents. This will encourage diversity in the retail sector, force the current incumbents to interoperate with other supply sources (or face an exodus of consumers), and undermine the tendency towards oligopoly. This will, in the long term, undermine the leverage the large vendors currently have in negotiating discount terms with publishers while improving the state of midlist sales.

Now the details:

« Newer PostsOlder Posts »

Powered by WordPress