Archive

Archive for the ‘Security’ Category

Court overturns first sale doctrine. Do something about it!

September 12th, 2010 Comments off

Ars Technica reports:

“The US Court of Appeals for the Ninth Circuit today ruled (PDF) on a long-standing case involving used software on eBay, and it came to an important decision: if a company says you don’t have the right to resell a program, you don’t have that right.”

Ars discusses the implications of this in some detail and I would strongly urge you to read their article. The conclusion Ars comes to is: “EULAs are binding, they can control just about everything you might dream up, and only Congress can change the situation.”

Unless the ruling is overturned by a higher court ,which in this case I think is the Supreme Court, then, yes, it seems only Congress can change it but remember, if you are an American citizen over 18, you control Congress.

The time is long past what we, as citizens, must take control first of ourselves and then of our Government. That means we need to vote.

But, even as we do that, engage in the political process, we also need to take other actions. We need to start voting with our wallets too.

Every product we don’t buy is a vote as much as those we do. Every service we cancel because we don’t like the terms is a vote. Every place we refuse to shop because we disagree with their politics or political contributions is a vote. Every measure we take to suck the profit out of transactions we have no choice but to participate in, is a vote. We need to do it, and we need to say in public that we’re doing it and we need to encourage our friends to do it.

Some examples of my ‘votes with my wallet’ in no particular order:

– I bought essentially zero music from iTunes until the DRM was removed. Less than half dozen songs and those under some duress because I could find those few songs in no other place and I won’t pirate music. Now I buy a fair portion of my music in iTunes. (Before you say “But Jon, it’s a digital download, you’re supporting the EULA-mongers” consider that nothing will stop the music industry from applying the same kind of hogwash to physical media.) I still try to find my music on CD where it’s remotely practical to do so.

– I refuse to buy Blu-Ray movies because the DRM is onerous and, for all practical purposes, uncrackable.

– I have skipped an upgrade cycle for my TV because I find HDCP offensive. My high end standard def TV does a more than adequate job of showing me every MPEG artifact in the massively over-compressed feed sent by my cable company. I don’t need to pay extra to see more blocking, smearing and ripping over more pixels. Especially true when so much of the content I watch would still just be up-converted SD.

– I won’t shop at WalMart or Sam’s Club at all and I stopped shopping at Target.

– I avoid purchasing software that is ‘node locked‘ to a specific computer or has phone-home copy protection. By avoid, I mean I have consciously and deliberately not spent, at client, employer and in personal purchases, well in excess of $250,000 (and I do mean well in excess) worth of licenses and upgrades because of it over the years. That’s meant skipping upgrade cycles, waiting for publishers to offer or negotiate non-node-locked license terms, finding competing alternatives, reducing the seat count etc. Yes, licensing terms must be a major consideration in your decisions as an I.T. manager when spending money. You don’t have to be a lawyer, but you need to know how to read contacts and work with lawyers.

– When I have no practical choice, I make it expensive for them. If a company insists on node-locking or making software phone home, they get a lot of tech support calls. I will spend zero time seeking self support or community support when the issue is caused by a copy protection scheme. If I’m burning my time on it, they’re burning theirs too. Period.

– I actively look for and support companies who don’t have user-hostile licensing or copy protection schemes.

– When I can’t avoid buying software from companies that do have user-hostile policies, I look for the lowest possible margin routes to buy my licenses. Bundles, cross-grades etc. Corporate Volume Licensing Programs, Educational or Non-Profit discounts (when legal and appropriate). Yes, for yourself or your client/employer, you do have to look for the cheapest sources but it’s a matter of degree and how much effort. Buying the el-cheapo product just so you can get a discounted cross-grade is above and beyond the call of duty but it sure does erode margin.

– I just don’t buy games other than inexpensive casual games from independent developers. Those, I buy a fair amount of.

– I do NOT pirate software.

– I support the EFF and have since the Blue Ribbon Campaign back when the web was still in hot debate over the blink tag and for a while with anonymous cash donations when I couldn’t be on record making political contributions.

– I buy shareware. I buy tools from small independent software publishers.

– I avoid cheap disposable junk.

– I recycle. I re-use. I give away or sell what I no longer need.

Finally, when I vote, I don’t stick to party lines and I won’t make party donations. I vote for the least available evil in any given race.

Do what you think is necessary so you can feel you were a net contributor to the ideals you hold dear. Don’t be $%^&ing LAZY.

Do I execute on these personal policies with 100% success? No.  Do I fall short of my own standards periodically? Yes. Am I trying? Am I doing much better than if I didn’t even think about the issues? Absolutely!

So, about this court decision? Call your representative. Ask them what they are going to do about this significant consumer rights issue. Poke at them. Do something about it!

“The world is a dangerous place to live, not because of the people who are evil, but because of the people who don’t do anything about it.” – Albert Einstein

Post to Twitter Post to Facebook

‘Tweet This’ Installed After Review

September 11th, 2010 Comments off

Tweet This seems a much more civilized way to allow users to Tweet and Facebook your WordPress postings than Share This which includes a lot of tracking functionality.

Again, while I can’t claim to be the highly trained codemonkey, I have learned from my very quickly fixed (less than an hour!) faux pas with Share This and have now added Tweet This to this site.

After reviewing the code, Tweet This seems to do send nothing to or via any third-party sites and, unless configured to use a third-party URL shortener, includes no traffic logging click-thru tracking or similar functionality. It doesn’t appear to load any external .js either.

So, unless somebody educates me to the contrary, I’m going to call this ‘safe’ and leave it deployed. I hope you find it useful.

– Jon

Post to Twitter Post to Facebook

Comments – How To

September 11th, 2010 1 comment

****** UPDATE: Easier to follow directions here: Account Info *******

So, I promised (threatened) to do a lot of dumb ^m^m… experimental things with running this blog.

One of the experiments is this. To comment here, you need to make an account. To do that, you simply try to log in and comment. When you get confronted with the log-in screen, you will see a link to Register. Click that, type in a a user name you want to use and whatever email address you are prepared to share with me. When done, an email will go to that address with a hideously hard to remember password and a reminder of your chosen user name. Come back, try to comment and when confronted with the log-in option, enter your chosen user name and the hideously hard to remember password and log in. When you log in, you’ll be able to create a profile and change your password. The suggestion to change the password will show up on the top of the profile page you land on.

Now, this is messy and it’s a pain in the @#$. The upside is, you only have to do it once and you will, thenceforth be able to comment. The downsides, that I can see now at least are:

  • That creating an account could be scripted, it could be a way my site is used for spamming people. If that happens, tell me. The spam will be one unwanted email with log-in credentials. No way. barring security glitches with WordPress, to control the content sent by the account creation script and no way, again glitches with WordPress to send more than one.
  • It’s a pain in the $%^.  Yeah, I know, another site you have to have an account on. I’m sorry. You don’t have to make an account. You don’t have to post comments. If you want to, this is how I am trying it for now.
  • You have to trust me a little. You are trusting me with the following info: Some email address that somebody can read. Doesn’t have to be your ‘real’ one but it does need to be one you can read at least one message to. The IP address, browser, referring page and platform you’ve used to access this site are logged by the server. That IP address can be reverse lookuped (I know, that’s not a word) and it can be geo-located and all of that info can be correlated to the email address you used. This is true for essentially ANY web site you access and make an account on. In most cases, you have to trust some enormous corporation whose business depends on making some use of that info to make money. In my case, you have to trust me. Or not. Rest assured, unless I am forced to by court order or have to for some legal reason, I’m not going to mess with you.

Regards posting comments. Unless you spam, break some law I know about, threaten me or others, disclose personal information about yourself, me or others, or say something a reasonable person could deem offensive for the sake of being offensive, I’m gonna leave up comments. If you make a cogent case that blog entry was utter horsepuckey, your comment will stay up. I may rebut. I may just comment myself or post myself saying I disagree with you or I found your comment offensive or I may just leave it as is. Again, you’re just going to have to trust me that I want to do the right thing and will try.

(Yes I need a privacy policy. Yes that will come.)

Post to Twitter Post to Facebook

Categories: Security Tags: