Robbart@large

According to an article on BBC News, a recent ruling in the EU may have set a precedent that may make laws like the Digital Millennium Copyright Act in the United States increasingly harder to pass.

A Dutch judge has ruled that details of how to copy Oyster cards used on London’s transport network can be published.

The ruling overturns an injunction to suppress the information won by NXP - makers of the travel smartcards used in London and many other cities.

The injunction was sought in June 2008 after Dutch researchers demonstrated how to copy cards and travel free on the London Underground.

Cracked cards

The security weaknesses in the Oyster card were discovered by Prof Bart Jacobs and colleagues from Radboud University, Nijmegen in March 2008.  The weaknesses centre around the chip, called the Mifare Classic, that sits at the heart of the contactless card system.

As well as being used on 17 million Oyster cards, the Mifare chip is also used in Hong Kong’s travel network, and is the basis of the Dutch Rijkspas smartcard.  Many organisations, including governments, use Mifare technology as a secure entry system for buildings.  Given the many millions of cards in use Prof Jacobs held off publishing details about how the information on the chips can be copied and used. It told the Dutch government and NXP about its work to give them time to harden systems against the attack.

Despite this, NXP sought an injunction to ensure the details of the attack would never be aired. The case went to court in Holland and now the court in Arnhem has overturned the injunction citing local freedom of expression laws.

In its ruling, the court said: “Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.”

In a statement, Radboud University hailed the ruling and said: “…in a democratic society it is of great importance that the results of scientific research can be published”.

I think that this is a very prescient ruling by this judge, and demonstrates that simply because the corporations of the world want to prevent free speech, doesn’t mean it can.

Here is my favorite statement:

In its ruling, the court said: “Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.”

Amen, brother!  This is why scientific discussion of encryption techniques is of the utmost importance, and definitely should not be allowed to be suppressed.

This is not the model for the United States. however.

In the US, the Digital Millenium Copyright Act (DMCA) is the driving force behind copyright enforcement, and protection of IPO.  In so far as encrypting technologies is concerned,

Section 1201 [of the DMCA] is being used by a number of copyright owners to stifle free speech and legitimate scientific research. The lawsuit against 2600 magazine, threats against Princeton Professor Edward Felten’s team of researchers, and prosecution of the Russian programmer Dmitry Sklyarov have imposed a chill on a variety of legitimate activities.

For example, online service providers and bulletin board operators have begun to censor discussions of copy-protection systems, programmers have removed computer security programs from their websites, and students, scientists and security experts have stopped publishing details of their research on existing security protocols. Foreign scientists are also increasingly uneasy about traveling to the United States out of fear of possible DMCA liability, and certain technical conferences have begun to relocate overseas.

These developments will ultimately result in weakened security for all computer users (including, ironically, for copyright owners counting on technical measures to protect their works), as security researchers shy away from research that might run afoul of section 1201.

Source: http://w2.eff.org/IP/DMCA/20030102_dmca_unintended_consequences.html

Computer Scientists can no longer research software to ensure it provides adequate protection without fear of violating the DMCA, and risk prosecution and jail time in the US.

In the US, we have seen legitimate research stifled, and progress thwarted all to prevent the mere DISCUSSION of an encryption algorithm, and it’s potential weaknesses.  There is nothing beneficial for us, the citizens of the United States, in the suppression of free speech.  We should never have allowed this law to pass in the first place.

But, I believe the Dutch judge’s ruling demonstrates exactly WHY discussion of these technologies is so important.  We have to assume that not only legitimate researchers are seeking to crack the various technologies used to protect our IP today.  Technologies such as Blue-Ray and HD-DVD, for example, use new encryption schemes to help prevent piracy.  But both technologies have already been cracked, their keys release on the ‘net. Can this encourage piracy?  Sure, since it provides hackers the vital piece of information needed to crack the encryption scheme.  But, it also demonstrates the weakness for all to see, and helps ensure that future protection doesn’t fall prey to the same problems.  It actually helps scientific research world-wide.

It’s all about history.  Those who don’t know history are doomed to repeat it.

Well, I can really say that THIS time, it has been a very long time in between posts… sorry about that.  I have about a dozen other sites I maintain, and I blog on a couple of others too.  Just a bit much, I suppose.

Last year, I bought a Mac.

It seemed to make sense at the time.  I needed a new computer, and all things considered, the Mac Mini seemed to meet most of my requirements.  It had enough ram (2gb), big enough hard drive (120gb), and had a small footprint.  It would need to be in a small space, so size was very important.  At the time, I felt that running windows or linux was important, so those were considerations as well.

The Mac met all those requirements easily.  Mac’s can run Windows now, with a program called “Bootcamp”.  It allows you to actually break your hard drive into two spaces: one Mac, one Windows.  When you boot up your Mac, you simply choose to boot Windows instead of Mac OSX, and voila!  Windows on a Mac.

Ah, but of course, it wouldn’t quite work out that way for me.

For some reason, boot camp didn’t want to allow me to repartition my hard drive.  It threw errors everytime it tried.  After about a month of trying, I called the much vaunted Apple tech support to get some relief.  I was told I would have to reload my computer to fix it.  Yes, you hear me right.  I would have to start over from scratch to get it fixed to run Windows.  Was it worth it?  No.  I actually have another computer sitting next to the Mac, a home built Windows XP machine.  It was getting long in the tooth (built in 2003), which is why I wanted a newer computer in the first place.  But, it still worked fine for the older games I had.  I did need to spring for a new video card, but other than that, it was perfect for Windows development (.NET & C#) as well as playing games and tinkering with other OSes, like I like to do.  So, I got it back up and running, and purchased an IOGEAR KVM switch from Bestbuy, so I could switch between them with simply a keystroke, and use the same keyboard, monitor, mouse and speakers.  Works like a charm.  I do have a 60 cycle hum in the background sometimes (which if I don’t need sound, I mute the speakers to avoid), but other than that, I have no complaints about the way everything works.

Now, for quite some time, I have written about the way it sucks to have to pay crazy coin to Microsoft to upgrade my computers from XP to Vista, and how I wasn’t going to do that.  So far, I haven’t had any reason to.  The Mac does everything I hoped it would do (minus the running Windows thing).  But, everything is not perfect in my Mac world.

When I first got the Mac, it was quite a learning experience.  I had time in a linux environment or two, so I knew how to use the command line.  But, the use of the interface is very different from Windows.  People converting I am sure have a tough time when they have to switch back and forth.  I know I do.

Probably the one thing I do ALL THE TIME when I use Windows, is cut to the clip-board so I can paste the item elsewhere.  That is something I cannot do on a Mac.  I have to copy the text, delete it, then paste it where I want.  It’s not nearly as effective, and it is certainly slower.  You cannot right-click on an item, and send it to your USB thumb-drive. And you cannot simply right click in a folder, and create a blank document.  You have to open the application you want the document created in, and then save it into the target folder.  What a pain in the butt.  And the friggin cursor controls while you are editing a line of text annoy the crap out of me.  I prefer the way windows works.  It just makes sense.  Home = beginning of the line.  End = end of the line.  CTRL-LEFT Arrow = left one word.  CTRL-RIGHT Arrow = right one word.  How simple is that?  It makes sense.  Once you get used to it, it’s a breeze.  But the Mac had to do things different.  Why is it really necessary to have to press the stupid Apple key/option, whatever?  CTRL-whatever works so nicely. It’s not like it was necessary to remap those to other functions.  Sometimes, I think Apple is different just because it wants to be.  There are some conventions that I believe make sense.  Those cursor editing controls are some of them.

There are other things, but those were the most difficult things to get used to (don’t get me started on Finder).

Now, I know there are ways to change OSX to add functions that enable those features.  Quicksilver, for example, is a tool that not only allows you to teach the Mac to respond to certain keystrokes a certain way, but it’s a pretty awesome launcher.  QS will certainly enable the functionality I described above, if you know how to make it do it.  And there are other plugins that you can buy that enable similar features.

I didn’t believe that OSX was going to be like Windows.  I don’t want it to be.  Matter of fact, I don’t really like Windows all that much.  And I don’t like the Linux windows managers either (Gnome/KDE).  Most of them are just too cumbersome.  But, I do think each of them offers something different and unique.  If I could take the best features of all of the available desktop environments, I could perhaps make an ideal desktop.

-r

If you are the RIAA or the MPAA, representing the movie studios and music companies, how do you protect your digital ass(ets)?

Fact: Any commercial intellectual property you download off of a P2P site that you don’t have a right to is illegal in the US, according to existing US copyright laws. Rights are exclusively held by the copyright owner. If they didn’t expressly give you the right to download it, you don’t have the right.

Fact: Downloading any content that has to be unencrypted (DVD’s or other media that use DRM (digital rights management) is a violation of the DMCA (The US’s Digital Millennium Copyright Act)). The DMCA makes it a criminal offense to reverse engineer DRM for any purpose other than education (under VERY specific circumstances).

However, not everything you download via the filesharing networks is illegal. Independent artists, for example, can use P2P networks to share their music. Movie studios can release movie trailers for the public to view. If you download a song that an independent artist shares, it’s totally legal. Since the artist owns the copyright to the work, it’s his decision on whether or not it can be freely distributed. If you download a movie that some guy ripped off of the DVD the day it came out, it’s illegal.

Recently, several new networking technologies have made the MPAA and the RIAA quite nervous. These networks don’t provide a unified “front” or company to sue and close down or to issue a Cease and Desist orders to. The very nature of these networks is that they are “de-centralized”, making the sort of take down that the RIAA is famous for impossible. There is no one place to go, no one company to sue, to take the whole network off-line. As opposed to a hub and spoke model (like older filesharing networks), where the hub was essential to the success of the network, todays networks are more like big spider webs. No one point brings the entire system down. Bittorrent is one such network, as is the Gnutella network.

Which brings us to Media Defender (MD)- a company dedicated to mitigating the effects of internet leak. Think of MD as the front line of defense for the RIAA and MPAA.

According to their website:

MediaDefender, Inc. is the leading provider of anti-piracy solutions in the emerging Internet-Piracy-Prevention (IPP) industry. We provide services that stop the spread of illegally traded copyrighted material over the Internet and Peer-to-Peer networks. Our solutions have been adopted as practical, proven methods to thwart Internet piracy and to drive consumers to pay for digitized content distributed through authorized channels.

MD uses a variety of techniques to make it impossible for pirates to successfully steal music or movies. One such method is simply sharing a corrupt file that looks like the music or video a user is looking for. By flooding the various P2P networks with bad files, users intent on downloading these files will likely give up as each file they download is not the file they thought it was. These techniques have been fairly successful. But hackers are never very far behind any technique developed to hold them back. As users report the files as being bogus, the IP addresses used to disseminate the bad files get filtered out of users searches, typically leaving behind the desired files, but sparsely populated with bad files. Some of theses P2P programs automatically filter out the IP’s of known Anti-Piracy rings. Which only forces MD and it’s ilk to acquire more and more IP addresses, et al. The cycle is vicious.

MD reportedly has over 6,000 servers engaged in this shadowy business of deceiving digital thieves. It uses a variety of methods to entice users to download the bad media, which they use to track the users activities. Each file downloaded from the MD servers has a unique signature that can be used to monitor the file it moves through the various networks, as well as the user, and the networks they are using. This kind of information has been used by the RIAA to successfully sue users who have been accused of illegally downloading and sharing music. According to Wikipedia, MD clients include Universal Pictures, 20th Century Fox, Virgin Records, HBO, Paramount Pictures, and BMG.

Pirates are notorious for how they deal with companies the like of MD. Leading the charge is a website called torrentfreak.com, known for bringing the latest news about BitTorrent and everything that is closely related to this popular filesharing protocol. They reported that MD was behind the video upload service called “miivi.com” whose sole purpose was to trap people into uploading copyrighted material, and bust them for doing so. However, in comments made to Ars technica, Media Defender’s Randy Saaf dispelled their claims, claiming that it was an ‘accidentally un-secured internal project’.

Not satisfied, it seems that MD has been infiltrated and internal company emails have been released to, SHOCKER, the P2P networks. They are spreading faster than a 0 day worm.

Over 700mb of MD’s internal emails, dating back over 6 months have been leaked to the internet by a group called the “MediaDefender-Defenders”. Contents of the emails was varied. It contained hundreds of IPs and logins to their servers, lists of their decoy/entrapment trackers, decoy strategies, the effectiveness of their fake torrents (in many cases with a breakdown of success, title specific), high and low priority sites, .torrent watchlists, information on their monitoring of competitors, pictures of their weekend trips and even the anti-piracy strategy for dealing with The Simpsons Movie leak.

MediaDefender-Defenders stated: “By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services,” and “A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account”.

The contents of the emails have given us an X-Ray view of the way the company works, what it does, and insights into the way they infiltrate the various services. But, some of the contents of the emails allow employees of the company to come under direct attack, including social security numbers and home addresses.

MD is under attack. They can’t hide anything as the entire insides of the company have been exposed for all to see.

My question is: why?

I hate the RIAA and MPAA for their strong armed approach of dealing with the fans. But I cannot condone attacking the individuals directly, nor attacking them at their home. These people are just doing a job. Releasing these emails should be considered act of corporate espionage. It should be dealt with the most severe penalty available.

The pirates are, after all, breaking the law.

Of course, anyone reading this blog might already know that this is a WordPress blog. I really like what the folks over at Wordpress.org have done. In addition to creating a really nice blogging system, they have made this software easily extensible, by the use of “plugins”.

A WordPress plugin is a program written by a user that adds functionality to your WordPress blog that wasn’t already there, or improves upon the existing functionality. Most plugins are free. You can get more information on WordPress plugins here:

http://wordpress.org/extend/plugins/

I thought it might come in handy if I were to post about some of the plugins I use.

Here are my top five favorite plugins:

1. PlugInstaller - This plugin allows you to install plugins without having to FTP them up to your server. It adds an “Install/Uninstall” link to your plugins maintenance area that allows you to install your plugin via uploading the plugin (if you downloaded it), or by fetching the plugin directly from the URL you provide. Way cool, and a MUST HAVE.
2. Wordpress Video Plugin - This plugin make it easy to embed a video in your blog.
3. Subscribe To Comments - Wordpress doesn’t have this feature built in, hence the existence of this plugin.
4. Slashdigglicious - Adds those nice social bookmarking links at the bottom of each post.
   
5. MyDashboard - A nice replacement for the ridiculously heavy default dashboard page.

There are many things about WordPress I like. I really like how extensible it is. One of these days, I might try my hand at making a plugin too. We’ll see.

All Allzah functions are currently online and operational.

And it’s time to do something I really don’t want to do: BOYCOTT ALL COMMERCIAL MUSIC.

I don’t know what else to do. The music companies really don’t care about the consumer anymore. They are like Mc Donalds (known for not caring about it’s employees because there’s always someone else to take your place); there’s always another consumer to buy their crappy music, even if you decide to stop. And that gives them all the power they need.

Some of the things that the Musicians, the RIAA and the music companies do just astounds me.

At every turn, it seems that the music industry has become very combative towards the consumers expected to pay top dollar for their wares. Musicians, such as Metallica, sue their fans. The RIAA sues the fans, accusing them of illegally stealing music without evidence, forcing the fans to pay fines under threats of being taken to court.

Now, the music companies feel it safe to sue you if you have even a snippet of one of their songs playing in the background of a video you post online. Imagine what that might do if it translated to other mediums. You know that wedding video, where at the reception you are dancing to “Doing The Butt”? Well, that is a copyright infringement, punisheable by 5 years in prison, and a $250,000 fine.

There’s this case, where a user who posted a concert video to YouTube that included a ten-second segment of audience members attempting to do the Electric Slide was sent a DMCA take down notice for copyright infringement by Richard Silver, alleging he owned the copyright. The video in question follows:

There is this case, where Universal Music Group (UMG) has sued nationally syndicated columnist Michelle Malkin due to her online criticism of one of its controversial artists. The video in question follows:

Even something as simple as selling CD’s on eBay is no longer safe.

More and more cases simply demonstrate their loathing of you and I. The music companies despise us.

How did it get to be so bad? One reason things have gotten out of control, is just how much power copyright and intellectual property law in the United States has given the music companies. Under federal copyright law, a mere allegation of copyright infringement can result in the removal of content from the Internet.

And that is WAY too much power. Intellectual Property laws in the US are far to restrictive. Obviously, in a “fair use” scenario, there is NO reason you shouldn’t be allowed to have a personal, not for profit video online with a sound track.

And how about DJs? Do they have to pay royalties everytime they play a song at a dance or wedding? They bought the music, and are playing it… but that’s it. Perhaps if the music industry has it’s way, that too will end.

So where does it stop? Is it going to get to the point that if I overhear a song played in someones car, I have broken the law? Or if I hear your boombox, that YOU will be in violation of the law?

At some point, the only way it can stop is with one of two things happening.

1) We consumers decide to stop purchasing their music. Stop buying iPods. Stop buying CD’s. We boycott Radio. In short, we hold the Music Industry hostage. At some point, they will have to deal with the fact that they can’t afford to lose the only thing that allows them to give new artists $1 MILLION dollar bonuses (consumers), and either work to correct it, and die claiming that they are right.

Or,

2) The music industry destroys all avenues for the consumer to procure music in a way that allows us to do with it what we please. In other words, they prevent us from downloading it. They prevent us from burning or ripping it. They prevent us from streaming it to our computers. They force us to listen to it on their terms only. They force the consumer to use Digital Rights Management that makes it impossible to use the music for anything than what THEY deem is proper.

I don’t know of any other possible outcomes. If we consumers are going to allow things to progress as they are, the Music Industry as a whole will simply not allow you, the consumer, any control whatsoever on how, when, and where you listen to their music.

However, there is some good news. Someone has taken the first step, and her name is Tanya Anderson.

Previously, I posted about another woman, Debbie Foster, and her defense, and how the RIAA wanted to just drop their suit when fought back, leaving her to pay her lawyers fees for their unjust, unlawful and frivolous attempt to extort money out of her.

Tanya Anderson has continued were Debbie left off, taking it to the RIAA with a counter-suit that has all sorts of implications on the RIAA, and it’s tactics. As my previous posts have demonstrated, I feel that the RIAA use scare tactics that are in fact illegal to enforce copyright law in the United States. This suit promises to force the RIAA to really have to consider once and for all if suing your consumers is really the right way to do business (of course not).

Please Note: It’s only fair that I let you know that I have recently purchased Van Halen tickets, for their Nov.1st show here in D.C. That will be my last purchase of any commercial music or related product.

Good Luck, Tanya!

According to an article published today on MSNBC.COM, the Russian based website, allofmp3.com is set to resume operations as of August 31.

The U.S. Dept. of Commerce considers Allofmp3.com, “the world’s highest-volume online seller of pirated music”, and made it’s closure a key point in bilateral trade negotiations for Russia’s accession to the World Trade Organization.

However, the Cheryomushki Court in Moscow issued a ruling earlier this month that Denis Kvasov, allofmp3’s former head, was not guilty of intellectual property theft, and had not violated Russian copyright laws.

According to Russian law, the site can pay 15 percent of its profit to ROM, the Russian Organization for Multimedia & digital systems. ROM is a non-commercial partnership that traffics in licensing and payment for digital media.

Huh?

The RIAA must be REAL pissed about that. Russia has a very different idea of intellectual property.

Last year, the RIAA filed a lawsuit against allofmp3.com for $1.45 TRILLION DOLLARS. In June, Russian authorities had the site taken down prior to the World Trade Organization talks. This was apparently just a ploy to ease trade discussions during the WTO talks. And since allofmp3.com operates in Russia, they are under Russian jurisdiction, far outside the bounds of US intellectual property law.

And with that court ruling, it’s clear that Russian law places no value on IP as it’s enforced by the United States.

But, is that a good thing?

As much as I hate the RIAA and the MPAA’s mafioso tactics, I do believe that the artists should be paid. I really hate the way the record labels screw the fans and the artists with their strong armed tactics.

But the way Russia has approached it, NOBODY gets paid.

I don’t think I agree with that.

I think Russia NEEDS to get legit, and make arrangements to pay the artists properly, royalties and all.

It only serves to make other countries unwilling to trade with Russia until they rectify their IP issues.

And in the end, it’s us, the fans that ultimately pay.

We pay by having to deal with DRM and high priced music.

We pay every time we buy a new CD for $20, or download MP3’s for .99.

We pay because we are suckers, and have a lot of disposable income, and are way too willing to just deal with the high prices.

Wow, what a pain it’s been. Sorry for my absence, but A LOT of things have been going on…

Things started in January, after Windows Vista was released. I had downloaded Vista RC1 and tried it in December. It was interesting, but I really didn’t like some of the ways they were changing the interface. All in all, I was very lukewarm to this update. THEN, Microsoft released it, and after tallying up how much all of my computers would cost to upgrade to some form of Vista ($920!!!), I decided enough is enough, and went whole hog into Linux land, where I have been happy ever since.

After a few months of using Linux on my primary computer, it was harder and harder for me to justify using a Windows based web host for Allzah. After all, like Linux, the open source community is largely a NON-Windows affair. And having Linux at home, I have become more interested in PHP and MySQL (among others). Our web host only offered us one FREE WordPress blog, and if I myself wanted to run another one, I would have to pay extra for that privilege. This was the straw that broke the camels back.

I decided to break away from using ColdFusion. I really like ColdFusion. I use it all the time at work. And yes, it was a tough decision. But, I am frankly tired of being the only person who can support this effort. I do it all day, and I am just not interested in coding all the time anymore. I saw a lot of very well supported open source software, written in PHP and using MySQL (WordPress, for example ). Using FREE and OPEN SOURCE SOFTWARE (FOSS), I wouldn’t HAVE to write it all myself anymore. Yay!

I started a slow move, first getting the cheapest Linux Virtual Private Server (VPS) that my web host offers. And I put this domain on it. Things seemed easy enough. I was coping well enough with the administration tasks. I was learning Linux, and applying it all at the same time.

So, once more, I decided that “it was time”, and upgraded yet again, to the next higher Linux VPS plan. I knew the lower plan couldn’t handle the sundry domains we host.

For the past two weeks, I have been dealing with this decision. I has been a royal pain. I have had to deal with all sorts of issues. Like, for example, an issue that kept me from blogging for over 2 weeks.

See, I would pull up the little WordPress post a blog screen, and it would eventually time out. It wouldn’t allow me to post anything. I looked at permissions. I looked at files. I was running out of ideas. FOR TWO WEEKS I HAVE LOOKED FOR A SOLUTION.

Well, that was my blog, and I could live without blogging… but THEN I discovered that Heather’s blog wasn’t working right either. Not the same issues, but not working just the same.

So, I concentrated on her blog. Same deal, checked permissions, checked files, etc. Nothing.

And then, miraculously, I tripped upon an web page that described some issues that resulted from bloggers moving their blogs to a new host. Could this be?

It turned out, that my problems were DATABASE related. For some reason, when I exported my database from my old host, and imported it into my brand spanking NEW host, it didn’t add any of the “auto increment” flags on the data tables. This is bad.

A quick glance at a new blog I stood up here and I had my proof: Autoincrement on the primary index of every table.

So, I added them to all the tables, and voila! One fixed blog.

Well, I hope this is the end of the troubles…

I need a break.

-r

Hello people, and thanks for taking the time to read my blog today.

A while ago, I switched over to Linux at home (see previous articles about PCLinuxOS). This was in preparation for moving from our ColdFusion based shared host, to our very own Virtual Private Server (VPS). This is in essence a server dedicated to just MY domains. It will allow us a lot more flexibility in our day-to-day operation. Not to mention, I am now the tech support for the box… which makes me nervous. But, I think I’ll be ok.

In any case, using Linux at home has helped me in my transition. I have learned all of the commands I need to use to manage my server, as they happen to be used at home as well. Repetition has it’s perks.

In any case, currently, we have the domains robbartatlarge.com and heathebartlettart.com now hosted on this box. We will be adding functionality, such as a eCommerce store, and a Photo gallery soon.These will be open source, free PHP based solutions.

In addition, both our blogs (blog.robbartatlarge.com, blog.heatherbartlettart.com) are hosted on this box.

It’s all about options. When you run your own box, you control WHAT is on it, and how it’s configured. You decide it you want to run a CMS tool, and how it should be locked down. And, you can decide how many other people can use it (unlike a shared server).

Well, I am off to bed. Later, I will blog about some things to think about, if you are considering your own VPS.

-r