Posts by James

When the smoke clears ...

If this goes all the way, we might be in an interesting situation, at least in America, where this is an issue ... you offshore pirates can continue going about your business ..

1) The Internet broadcasters will be reduced to royalty-free or public domain music (certain classical music releases come to mind) and independent musicians hawking their own wares. "Commercial" webcasting, i.e. meatspace radio replacements, will be knocked off.

2) As a result, traditional radio broadcasters will regain nearly the position the held pre-webcasting, and advertising revenues will soar as iPods and iPhones and Zunes add radio reception capability. Maybe the Walkman will make a brief comeback ... oh wait ... that's the iPod with radio support ...

3) Of course, the US Government will mandate that all radio broadcasts be digital-only (no more rabbit ears) by 2012, as they are doing with television broadcasts, at which time the radio stations will fall into the webcasting category, forcing them to pony up the fees associated with the current legislation, and driving them into bankruptcy.

4) Finally, commercial music artists will revolt against the pricing scheme and beg the US Government to cancel the program, at which point the artists will once again have a broadcast medium to promote their physical recordings and touring schedules ... just like traditional radio has done for decades.

At this point, commercial webcasting will re-emerge, and the artists will start complaining about "lost royalties", all over again.

The moral of the story: Radio and webcasting are PROMOTIONAL VEHICLES, not end-point sales items and should be treated as such. Killing the goose won't make the golden eggs she used to lay any more numerous.

Just business...

This only applies to the NASCAR Sprint Series of racing. AT&T has already changed its logo in the (Anheuser) Busch Series and the (Sears) Craftsman Series (trucks), and if they ran a car they could do the same for the Weekly Racing Series, the Touring Series, and the Elite or Grand National Divisions.

They're just bitchin' because they couldn't outbid Sprint/Nextel for the rights to be THE premium sponsor for the 2008 racing season for what used to be the Winston Cup Series (changed to the Nextel Cup Series in 2004). The poor company can't piggyback on all of Sprint's advertising ... boohoo.

I mean ... why bother with all of this time-consuming court doggerel? It's only a $700m-for-one-year deal. Just outbid them for 2009 and force the fans to buy a whole lot more gear with yet another Series logo!

Hmmm ...

By James

Posted Tuesday 14th August 2007 07:05 GMT

That wasn't me! I guess El Reg's registration system doesn't check for dupes ... hhrrm.

But I do agree with Michael re: owning and governing the Internet (see, I capitalize "Internet", not like the "other" James). I do not believe it is any government's responsibility to police the Internet or, in this case, software tools. They are far too ignorant (I mean that in a nice way) to hope to understand the implications of any rulings they may make. In addition, legislators tend to read the Executive Summary, but not the details of any proposal, which is anathema to such a detail-oriented construct.

Let's leave governing the Internet to the governance bodies already in place, who are working hard to do what's right for the global network. Let's leave pronouncements about "good" and "bad" software to those who use them.

Go ahead and continue to prosecute anyone who uses those tools for evil purposes, but banning the tools themselves is ridiculous ... and I'd say that to any legislator who asked.

But ...

Are the Teskes Lutherans?

@leslie

Oh great ... THANK YOU for the instructions. The whole eavesdropping plan is no good now that you have taught the terrorists how to get around it. Either you're WITH us or AGAINST us! Or with THEM, or something like that ...

It's a good thing you posted that little tutorial today ... because it will be illegal to post anything like that by December ... or at least by the time GWB leaves office. Thank your lucky stars the tapping scheme can't read comments.

Now ... where did I put those napkins ... ?

@Dr. Bontchev

"You can even "Run As" a DOS command prompt or Explorer, in which case anything you launch from there will run as admin too - the equivalent of opening a root shell window."

Thanks. Proof that su is not the same as "Run As..." And if you re-read my comment, I was addressing "Install as Administrator", which is even less like su. As you may realize, the above statement illustrates one of the problems with the Windows multi-user environment, and one which is the process invoked by a couple of new exploits for XP/Vista boxes.

I suggest you grab a copy of Ubuntu and, hell, give Xandros a try if you like the Windows experience. Your not very well-informed about the nature of Linux, and you're surely misguided if you think that user-friendliness comes at the expense of security, just because MS has blundered its way to its present market-dominant position.

Try a Mac!

Cash and Christianity?

I'm not sure ... did the buyer indicate which religion they invest in? Maybe they'll be using it for evil ... like maybe some sort of voodoo ritual. In which case, it should be readily apparent who's visage (if any) is represented, once they start limping or speaking in tongues or whatever ...

Anyway, it's highly unlikely that an image of Jesus would manifest itself on a Lutheran garage floor. Typically, He prefers foodstuffs like tortillas and toast from the homes of Catholics.

I'd say, "Cash, Christianity and Crazies."

Zones v. KVM

Solaris Zones users, what were your issues with using KVM, compiled into the Linux kernel since 2.6.something? I ask because we're using KVM just fine, although that drop of drool you may have seen indicates a strong desire to convince the wallet-holders to move over to Solaris.

Too Early

It's way too early for MS to submit OOXML to any standards organization. It's specs will change with every service pack, and the next generation of Office will likely use something called OOXML that is significantly different than the current, incredibly bloated implementation.

Two Things

First, it makes me giggle uncomfortably when the OSI claims SugarCRM isn't an "open source" software because they didn't go through OSI's license mechanism. SugarCRM fits every definition of "open source" ... except for the one OSI uses. Talk about "closed".

Second, what is this penguin ritual? Does it involve herring?

FaceTime & MS

While they may be running Microsoft Servers (haven't probed them ... yet), at least they're using Apache for serving web stuff.

OMG!!! THEY'RE USING APACHE v.1.2.42 !!! Way past time to upgrade, boyz.

Good thing they are focused on IM "greynet" anti-virus/anti-malware and not web server security ...

Targeting with a cellphone

Oh, great idea, that.

Anything that can be hacked, will be hacked. Our government (USA) can't keep track of its own emails, and now they want to expand their expertise into remote-controlled war weapons? This isn't even something as regulated as the plutonium and nuke parts being tossed around on the black market, thanks to our Pakistani friends. What are they using ... Windows 6.0? Symbian? iPhones?!

Thanks very much. I'll sleep much better now.

MS as Standard

"Since Microsoft is the market leader, with a proven monopoly on the desktop, the behavior of their clients and servers is the standard against which all other implementations are measured."

In much the same way as "tastes like dog crap" is a standard that chefs worldwide seek to rise above. I guess there's always someone at the bottom of the pile, otherwise there would be no pile at all.

"Stored" up for debate

"information that is fixed in a tangible form and to information that is stored in a medium from which it can be retrieved and examined"

RAM does not store data "fixed in a tangible form", and nor is it "a medium from which it can be retrieved and examined", therefore it is not required to capture that information. This is a last-ditch attempt by federal attorneys to get data from Torrentspy using barely-understood (by them) vehicles. It's not going to be codified, in the end. They can demand that log files be retained in the future, but, as "Backdated subpoena" suggests, there is still the matter of relevance to the current set of laws governing information search and seizure, which would also need to be revised to accommodate anything like this new legislative attempt.

I was going to post along the lines of what J.A.Blackley said ... re: "lost" emails from the RNC servers. That, plus the nature of volatile memory plus the intriguing ideas posted by Morely Dotes all spell failure for this legislation.

Ratings

While participation in the ratings system is voluntary, there are two primary issues involved with using it:

1) Who Watches the Watchmen?

The ratings boards are independent organizations that do not need to follow any sort of standards, except what they determine for themselves. What used to get an X movie rating, "The Last Tango in Paris" comes to mind, may now get an R rating ... depending on the board's whim. Similarly, a video game that gets an AO rating could get an M rating, next year ... depending on that board's whim. It's a big part of the movie business to deal with the ratings board, and probably the same for the video game industry, and to modify the content of the film/game to gain the desired rating.

2) No rating = limited distribution

Despite the "voluntary" nature of the ratings system, without a rating a movie will have extremely limited distribution options, as almost every major showcase demands a rating. Similarly, video games that are unrated will not be carried by the big distributors. As such, it is usually imperative for a movie or game producer to get their product rated according to their target market simply so their product gets distributed, and makes a return on the investment. DVDs released post-big screen obviously can tap an additional market of fans looking for "extras" that might be found in an unrated version, even though the "unrated" version may only include a couple of scenes that were excluded from the film release for plot or continuity reasons.

Requiring that certain classes of video games only be sold to people over 18 years of age has never been part of the game industry's structure, unlike in the movie industry where R and X ratings pose similar limitations. This new requirement is what is being fought over, as the game industry seeks to retain their options for releasing whatever the heck they want and forcing parents to become involved, rather than making it a legal requirement enforced by shop owners. Currently, any kid can purchase an AO-rated game without any approval from anyone but the shop owner. If the proposed regulation goes into effect, the shop owners would need to begin "carding" their younger customers who want to buy a restricted game, and they would be subject to legal penalties (fines and possible operating license restrictions) if they didn't conform, just like in a liquor store or with cigarette sales.

Cal-cu-la-tor?

What is this cal-cu-la-tor you mention? And why would anyone in a modern office environment laugh about how much the new Q looks like one? Do they have these cal-cu-la-tors?

Reminds me of trying to teach my programming students what a teletype machine is/was ... "It's like a network-connected typewriter" ... um ... "It's like a really noisy keyboard that spits paper out of its head" ... um ... "Y'know ... paper ... like what you use in a copy machine" ... um ...

Novell?

Having Novell in the OIN is kinda like having one of those robot-moths in there. Watch what you say, OINsters, or Big Daddy will make a note and put you on Microsoft's short list of "people we can sue because we want to".

Ouch!

"Guy Lunardi, senior product manager at SuSE, confessed that Novell goes into companies and fingers the Linux guinea pigs one-by-one."

See ... that's why I object to Lenovo's SuSE choice ... too invasive.

SuSE???

One step forward ... two steps back.

Oh well. At least Lenovo Linux Laptop purchasers won't be under threat of patent violation lawsuits from Microsoft. I guess that's some piece of mind, even if they're stuck with SuSE.

(Of all the distros, they pick SuSE. Pussies.)

Re: Register editor sleeps ...

"The unnamed worker involved has left VeriSign.."

"The employee involved in this incident has since left VeriSign."

You're right ... it should have read "Verisign worker lefts"

EmployerSafe

As an employer, I'll subscribe to that software when it can utilize RFID.

Until then, I am forced to hang out in the pub every Friday and catch the miscreants in the act, myself. It's a terrible strain on my liver, but what else can I do?

Re: Illegal hacking tools?

They're talking about paper clips.

And possibly toothpicks ... I don't know how sturdy they are.

Okay, maybe cocktail swizzlers, too. It's hard to say what a skilled hacker could do with weapons like these that aren't quite as optimized for the task as a paper clip would be.

NOD32 and other notes

Did NOD32 get the VB100 ranking with the 64-bit version of Vista? I know it's good, but the article was only speaking to the 64-bit tests.

I also like NOD32, AVG Free and Clam AV ... on XP (when I have to run it). Our Vista users can't complain enough about it.

Re: Paranoid delusions (@Mr. Moyle)

You're only paranoid if they're NOT out to get you. Your comments reflect generational MS practices where they maliciously insert code (or fail to document it) in attempts to cause competitors' products to shine less than brightly than their own. Netscape comes to mind (Did anyone really believe that MSIE3-4 functioned better than Netscape on an even playing field?)(and yes, I can cite the Finding of Fact in that big ol' case).

It does bear repeating that of the 20 products submitted for testing, only 6 produced the false positives. And it's not at all surprising that MS 64-bit anti-malware product did so well ... even if its consumer-level (32-bit) product continues to be crap.

I strongly agree with those who recommend AGAINST "upgrading" to or purchasing a new system with any current version of Vista on it. Wait until the first service pack, at the very earliest, or just stick with what's working for you and ignore Vista completely. It's easy to do ...

UPnP Update Fixes

iChat:

"Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat ... This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat."

mDNSResponder:

"Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Mac OS X implementation of mDNSResponder ... This update addresses the issue by removing UPnP IGD support."

UPnP IGD support is removed only for mDNSResponder ... which provides packet destination resolution for iChat and other similar peer-to-peer services (on NAT'd networks).

Welcome to the real world, Apple! Now that you're finally getting a little press, you can expect a lot more attention from everyone, including snarks. Congratulations! You'll get plenty of opportunity to demonstrate the superior security of OSX in the coming months/years. Looking forward ...

robots.txt

robots.txt has no place in law, and there is no compulsion to follow its suggestions.

If one places a curtain over one's bedroom window to keep passing law enforcement from peeking in and arresting the occupant while in the act of some sort of illegal fetish, and the wind blows the curtain aside long enough for said officers to get a look, then it's perfectly legal (in the US) for the officers to then proceed to act under the "plain view" doctrine. The simple fact of hanging the curtain does not protect the criminal. While the officers are forbidden from moving the curtain, themselves, if an "accident" disables the curtain's protections, then there is technically no curtain ... and no protection.

Regardless of whether the defendants had included robots.txt (the curtain), IA grabbed their site and offered it to the plaintiffs without extraordinary effort.

If anything, this should have been about the rights of IA to permanently store copyrighted content without the permission of its copyright owners ... which brings us to Google's cache ...

Agree with A J Stiles

Your list seems appropriate and attainable.

The backlog of patent applications will definitely have an impact on the quality and the expediency of the prior art review process. And I also agree with some posters that any patent (like a trademark) should either be local (national) or worldwide with an appropriate scope of review (and application cost) for each. If you choose the less-expensive, faster process associated with the smaller market (national), then you should not be allowed to attempt to enforce the patent in the larger market (worldwide).

Re: VM is the future

[why have Intel and Cisco already invested over 400 Million in VMware]

You said it yourself: "Invested"

It's a cash-shuffle ... they throw money into a much-hyped technology, ride the hype wave, and cash out. It doesn't matter whether VM is, in fact, the future ... as long as the hype holds up long enough to turn a profit. No harm, no foul, big profits for the shareholders. VMWare is the big gorilla on the scene, and backing Xen doesn't make as much sense from the financial point of view.

I would feel more confident about VM becoming the future if there were more competitors offering solutions that worked well.

Apple is very, very lucky

Patching 2 vulns in Safari, 2 in WebKit and 2 in OSX? Sounds like the only reason Mac users are allowed to be smug about the paucity of invasions has been a string of good luck. The popularity (if you can call it that) of the iPhone will surely turn some nasty attention their way, and soon they may find themselves scrambling to keep up with the flood, as MS customers do. Security through arrogant obscurity is no way to protect your userbase.

US wants what it has not got

1) $700,000 = standard prosecutorial procedure

Because, in the US, the nature of the "punishment" is tied to the "costs" involved with the crime, either for repairing damage or lost as a result of the crime, American prosecutors ALWAYS inflate the monetary amount. As such, $700k reflects 35 sysadmins spending one week (40 hours) changing all the passwords (that they know about) and cleaning out rootkits at the going Federal sysadmin salary of US$500 per hour. Of course, those same sysadmins only see somewhere around US$80 per hour in their paychecks, but that doesn't matter ... the gov't believes that they SHOULD be making $500/hour, they just don't have it in the budget.

2) Extradition request is bullshit

McKinnon sits IN THE UK, and commits a crime by accessing computers in the US. Ergo, he is committing a crime IN THE UK. Can anybody actually believe that he committed the crime in the United States? The United States doesn't think so.

Let's take as an example another high-visibility computer-related crime: Online gambling. If a person sits IN THE USA and "illegally" "accesses" an online gambling site whose server is located in the Maldives, he is committing the crime IN THE USA. Otherwise, the offshore court systems (Togo, Maylasia, the Maldives, etc.) would be overwhelmed with processing all of our "criminals". What if the individual sat IN THE MALDIVES and accessed those same sites? Not illegal, no crime.

Just because the UK and the US have similar anti-hacking statutes in place does not mean that the crime was committed in the US, nor that the US has anything other than a civil action against McKinnon. They can feel free to sue him for the $700k, but it's up to the UK to criminally prosecute him, if in fact the UK believes that a crime has been committed (which I guess it does).

Any way you slice it, this is an example of the US occupying the bully pulpit at the expense of common sense.

Back to the drawing board ...

@Michael:

I'd heard, "There is no great genius without some touch of madness."

On another note ... there have been a lot of studies coming out recently about marijuana use and psychosis/schizophrenia. Is it possible that a bunch of the test subjects were lefties, and therefore at higher risk of becoming psychotic, even without smoking dope?

Sounds like this new study will make others go back and re-do their pot research ... which is probably good news for those that took part in the first round ...

Carnivore didn't work out...

Operation Carnivore:

http://www.law.duke.edu/journals/dltr/articles/2001dltr0028.html

Revealed to the public in 2000, this particularly nasty and indiscriminate piece of software was supposed to by the key element in finding crooks by sniffing their packets and dumping suspect communications (but not innocent ones!) into a database for the Feds to analyse. It seemed like it would have been perfect for post-9/11 domestic spying on Internet users, but the proof wasn't in the pudding.

It bombed after several years of crappy, bug-riddled performance.

As a result, our illustrious leaders decided to go back to the old "sniff 'em all and let God sort 'em out" method, which is where the warrantless wiretapping comes in. The only real problems are (a) they are sniffing everyone's dirty underwear and (b) they still can't figure out what constitutes a suspect communication. This leads to harrassment and privacy invasion issues.

Not to mention they've changed the actor who plays the role of God several times.

Re: Metaphorically...

[ Your metaphor makes no sense. The people looking at the website had no idea that there was supposed to be a level of protection between them and what they were looking at. If there's no barrier there, and you don't know there's supposed to be a barrier there, how is it your fault if you see whatever barrier's supposed to be protecting? ]

robots.txt = curtain

The law firm looking for evidence = cop passerby, ignorant of curtain's existence

HA = flagrant diddler caught when the flimsy curtain (robots.txt) they thought would protect them form prying eyes ... didn't

What doesn't make sense? I agree with the court.

robots.txt is a voluntary pseudo-standard used by website owners who wish to communicate their suggestions/preferences for automated crawling of their server-available content.

IA had some kind of technical issue that voided the robots.txt suggestions/preferences. IA did not break any laws because adherence to the suggestions contained in robots.txt is not codified into any law.

The law firm did NOT know the HA content they viewed was *supposed* to be protected, and they did nothing extraordinary to gain access to that content.

Ergo, they did not violate the DCMA by viewing it in the Wayback Machine.

Case closed.

It doesn't matter that HA *thought* robots.txt would protect them. Adherence to its suggestions/preferences is strictly voluntary and clearly cannot be counted on in a pinch. HA was foolish to rely on its voluntarily-applied protections.

A great example of ignorance, maybe

[OSI projects are not sustainable in a real business world]

Really? Microsoft caves and you describe that as an example of OSI's failure?

So if the USA pulls out of Iraq, that's a sign of al Qaeda's failure?

El Reg uses Apache servers (#1 server choice in the world by a substantial margin, BTW). So does CNN.com, Reuters.com, YouTube, Ask.com, CraigsList, NASA and most other commercial and non-commercial sites.

OS isn't dead ... it just smells funny.

(Was that enough flaming?)

GPLishness

[Continuing to blown the GPL horn is going to drive companies away from GPL software to alternatives with less *repressive* licenses.]

Such as ... ? BSD? Apache? Surely you don't mean GPLv3!?

If a developer cares enough to note which version of which license applies to a piece of software that they are about to use/incorporate/appropriate, GPL still looks pretty good when compared to typical proprietary licensing ... even v3 looks pretty good. If other, less *repressive* licensing is involved, good deal! Personally, I prefer LGPL. I simply cannot rationalize GPL or any other similarly (or more) *repressive* license when my company needs something that will end up being proprietary. Complaining about the restrictions in the GPL is silly. Either you can live with its restrictions/re-publication requirements, or you roll your own.

Blowing the GPL horn is important if anyone is to understand and accept such a licensing system, just as it is important to read the EULAs in each piece of software you install. Nobody is going to shy away from GPLd applications unless they'd rather pay for a closed version from someone else.

Quickies

1) Overheating the machine by repeatedly placing it "under the couch" while powered on undoubtedly contributed significantly to all of the problems faced by the writer. It may have indeed been a "lemon" machine, but there is no evidence for that in this article. Simple consumer abuse could easily account for everything mentioned. Not an Apple/Macbook issue.

2) Dell offers Vista, XP Pro and Linux on its systems with full support. However the best Linux laptops I've ever run have come from Linux Certified.

Good luck, Mac users!