Author: Jeff Licquia

Wow. Has it really been that long since my last post?

It occurred to me today, as I upgraded to the latest WordPress and watched the ongoing security nightmares, that going through this effort is only useful if I actually use the darned thing.

And I’ve been busy; yes I have. I’m now the webmaster for my son’s Boy Scout troop, using MediaWiki as a CMS with an eye to encouraging more parent and Scout participation in the site. I’ve been to Montreal and Salt Lake City, among other places. And I’m preparing to upload a Debian package for virtualenv, a cool alternative to OS virtualization in the Python space.

More later.

The whole Kathy Sierra incident is coming to a close, with an NPR interview and a call for a blogger’s code of conduct. (Details at the links; basically, Kathy wrote an innocuous blog about software development, and was harassed into quitting her blog by a few nasty commenters.)

The latter item has touched off a rant by Teresa Nielsen Hayden, about the necessity of moderation:

Bloggers can ban anonymous comments or not, as they please. The problem isn’t commenter anonymity; it’s abusive behavior by anonymous or semi-anonymous commenters. Furthermore, the kind of jerks who post comments that need to be deleted will infallibly cry “censorship!” when it happens, no matter what O’Reilly and Wales say.

Anyone who’s read ML for more than a couple of months has watched this happen. Commenters who are smacked down for behaving like jerks are incapable of understanding (or refuse to admit) that it happened because they were rude, not because the rest of us can’t cope with their dazzlingly original opinions. It’s a standard piece of online behavior. How can O’Reilly and Wales not know that?

By coincidence, I got mail from Charlene Blake recently. Back when I bought my current van, I explained some of the reasoning behind my choice: poor customer service from Toyota caused me to decide to buy the Honda. In that post, I linked to a petition and some other information Charlene had put out there. Little did I know that Charlene had her own little “fan club” who liked to search for references to her and troll their little hearts out, trying to stifle any criticism of Toyota by lies, intimidation, fraud, and other nasty stuff. At first, I tried to be civil, but the stalkers got so vile that I was forced to do some “censoring” to keep my site from becoming an anti-Charlene haven.

Well, it’s two years later, and they’re still at it. As far as I can tell, she attempted to get some advice on cyberstalking from counsel.net, and got a lot of abuse instead. Here’s a sample:

If you can dish it out, you have to be able to deal with the
push back. Evidently you can’t. Whining about those who
don’t agree with you won’t get sympathy from myself, and
undoubtedly most other folks who read similar pathetic
moaning from anyone!!
It is clear you are the kind of individual who always blames
others for your problems.
My advice–get a life!

Interesting legal advice, that.

Now, it’s possible that the fine folks at counsel.net just take a dim view of Charlene. You’d expect, though, that if these people were regulars at counsel.net, they’d have more posts on the site than just posts attacking Charlene. So let’s take a look at some of the names of the people who replied to her: Dave Nightingale, Garnet Williams, Roger Francis, Cheryl Martell, Marisa Decker, Vincent Gagnier, Bruce Coristine, Walter Matthews, and Rick Fasan. Right now, not a single one of those searches returns a post that isn’t about Charlene Blake. (Just in case they try to obfuscate the point with irrelevant posts elsewhere: try to find a post by any of those people on counsel.net that was posted before April 24, 2007.)

By contrast, here’s one other poster on that thread: CK in Delaware. The person’s Charlene comment shows up, but so do a number of other posts, some of which predate Charlene’s initial post. That’s what a regular (or something vaguely close to a regular) looks like. If any of the names above really were regulars, they’d have search results looking like CK’s.

(For the sake of completeness, there’s only one poster left besides Charlene: T. Tonary, a defender of Charlene, also appears to be a one-timer. Ironically, “Bruce” above accuses Tonary of being a shill!)

It would be funny if it weren’t so pathetic.

Charlene comes across to me as a tough woman; certainly she has to have backbone to have pursued this for so long and with such opposition. But why do the Charlenes and Kathys of the world have to put up with this stuff? People talk about “censorship” in regard to deleting nasty comments, and I suppose it is. But Kathy is no longer posting, and Charlene can’t seem to post anywhere without vicious stuff following her. It seems to me that Kathy and Charlene are the ones getting censored.

And if we’re going to have censorship, of one stripe or another, better it be the pond scum than Kathy and Charlene.

Sadly, even I have been made to participate in the anti-Charlene campaign, even if by accident. If you search for Charlene Blake on Google, my blog is the second link, and Google’s excerpt from my initial post linking to Charlene’s petition is from one of the troll commenters. If you don’t actually click the link, you get the impression that I’m trashing her in the main article.

Oh, well. Time to make amends.

AACS (the copy protection system for HD-DVD, Blu-Ray and other high-definition content) continues to crumble. In a nutshell, AACS adds layers to the process of decrypting movies on disc, and the layers are falling one by one. The previous cracks (see my report) opened individual discs and classes of discs; this crack opens all discs playable by a particular software-based player. It’s possible that the studios could revoke that player’s ability to play discs released in the future, but doing so now hurts customers who will have to update their copy of the player.

With all the news about copy protection failure, it’s worth reading some really good articles on why the efforts of multi-million-dollar companies continue to be cracked by smart teenagers. First, Cory Doctorow’s talk at Microsoft Research:

DRM systems are broken in minutes, sometimes days. Rarely, months. It’s not because the people who think them up are stupid. It’s not because the people who break them are smart. It’s not because there’s a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn’t a secret anymore.

Cory references another paper written by Microsoft employees, now called simply “the darknet paper”. It’s a little more technical, but explains the problem well:

We investigate the darknet – a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on existing networks. Examples of darknets are peer-to-peer file sharing, CD and DVD copying, and key or password sharing on email and newsgroups. The last few years have seen vast increases in the darknet’s aggregate bandwidth, reliability, usability, size of shared library, and availability of search engines. In this paper we categorize and analyze existing and future darknets, from both the technical and legal perspectives. We speculate that there will be short-term impediments to the effectiveness of the darknet as a distribution mechanism, but ultimately the darknet-genie will not be put back into the bottle. In view of this hypothesis, we examine the relevance of content protection and content distribution architectures.

Finally, on the business side, science-fiction publisher Baen Books has been leading the charge away from copy protection in the world of electronic books. Editor and author Eric Flint explains why in a series of articles on their web site; here are the first, second, third, fourth, fifth, and sixth articles on that topic. The sixth article is particularly good, as it explains Baen’s (and Flint’s) experiences with publishing online without copy protection:

The titles are not only made available for free, they are completely unencrypted—in fact, we’ll provide you free of charge with whatever software you’d prefer to download the texts. We make them available in five different formats.

And . . .

The sky did not fall. To the contrary, many of those books have remained in print and continued to be profitable for the publishers and paying royalties to the authors. For years, now, in some cases. Included among them is my own most popular title, 1632. I put that novel up in the Baen Library back in 2001—six years ago. At the time, the novel had sold about 30,000 copies in paperback.

Today, six years after I “pirated” myself, the novel has sold over 100,000 copies.

If you’re curious, I encourage you to check out the Baen Free Library for yourself.

Boing Boing (via Slashdot):

Arnezami, a hacker on the Doom9 forum, has published a crack for extracting the “processing key” from a high-def DVD player. This key can be used to gain access to every single Blu-Ray and HD-DVD disc.

Previously, another Doom9 user called Muslix64 had broken both Blu-Ray and HD-DVD by extracting the “volume keys” for each disc, a cumbersome process. This break builds on Muslix64’s work but extends it — now you can break all AACS-locked discs.

AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.

My HDTV threshold has been inching lower and lower over time, as issues get resolved: lower-cost HDTV monitors, useful broadcast TV, the defeat of the broadcast flag, useful Linux support in hardware and software. Still, it’s clear that my standing advice–don’t do HD yet–has been vindicated.

How much longer? Some of the HDTV options for MythTV recording can do both standard-definition and high-def. If we accept that the HD stuff has to be watched on a computer, I might very soon move to HD recording for local TV channels.

But for now, it seems the major hurdle is HD cable, an area where the technology is still in transition. The current standard is largely a bust, the new standard being rolled out still doesn’t allow certain capabilities (menus, picture-in-picture), and the new standard is due to be eclipsed by yet another standard in a year or so. It’s also clear that reality has yet to set in; for all the consumer confusion and hassle, HD content doesn’t seem to be lacking at the BitTorrent sites.

So, continue to be careful. If you want to be able to do something with your new HD equipment, make sure you can before you leave the store. The HD powers-that-be have yet to honor any promise about future capability, and have broken some of those promises. So if it doesn’t work on the day of purchase, be ready to live without it forever.

As for me, current capabilities (and current prices) are almost at the level I’m looking for. But I haven’t bought yet.

UPDATE (2007-02-14): According to Ars Technica, this crack is still not complete; while all Blu-Ray and HD-DVD discs available today are cracked, the studios could protect future discs by revoking the keys of the software player used in the crack.  To translate that into non-technical English, users of that player would be required to update their player, and discs made after a certain date would not be crackable–until a new software player’s device key is extracted using the same method.

Oh, the pains of being an early adopter: Google to charge businesses for Google Apps

But it’s not just small companies who have been champing at the bit to make use of Google’s services, as organizations such as Disney, Pixar, and the University of Arizona are eager to sign up to have hundreds of thousands of accounts managed online by Google. The service was offered for free to businesses during Google Apps’ beta period, but will apparently be going live with subscriptions “in the coming weeks,” according to BusinessWeek. It’s still murky as to how much Google will charge organizations for the service, but the fee will reportedly amount to “a few dollars per person per month.”

Now, it is true that all references to pricing refer to business use; there’s no word yet on whether they will charge noncommercial users. And even if they do, a few dollars per month per user isn’t bank-breaking.

But I wonder how well Google will handle the transition. Will some GAFYD customers get cut off if they aren’t paying attention? Will traditional domain hosting get a rush of new customers fleeing? Will Google’s competitors?

I’ve been slowly, slowly warming to this idea of hosted apps. Google Reader took over from Liferea for online news and blogs after I got tired of the latter’s bugs, and Google Calendar works a lot better than the various hack-fests I’ve tried to get local shared calendars working. But I think I’ll stick with hosting my own domain for now, at least until I get a better sense that the providers have the costs figured out.

If you see this post, you’re seeing it from my new online host, a Xen virtual server served by RimuHosting. So far, it’s been pretty reliable.

I picked RimuHosting based on price and suggestions I saw from John Goerzen. I also tried VPSLink, the hosting provider he decided to switch to, but have had many of the same problems he had.

More later.

I’ve been a bit difficult to reach recently. Part of that has been general busyness, including attending the FSG Printing Summit in Lexington, KY, but that wasn’t helped by my former employer switching offices. They had generously allowed me to continue hosting there after leaving, but I had been lax in searching for alternative arrangements.

This was made worse because I had centralized too much of my online presence there, with no backups, so when they took everything down to move to the new office, I effectively disappeared from the Internet for a time. So if I’ve seemed a bit uncommunicative lately, that’s probably why.

Ian has been filling my head with tantalizing visions of replacing my hosted boxes with online apps. I think I’m going to give some of these a spin, but I’m not convinced yet. It seems to me that the lesson to learn–don’t put all your eggs in one basket–argues equally well either way.

Ladies and gentlemen, I give you: Diebold!

“For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” [David Bear, a spokesman for Diebold Election Systems,] said. “I don’t believe these evil elections people exist.”

(Originally from here, if you can read it.)

Nope. Evil election officials don’t exist, and never have.

Diebold election machines are insecure and poorly designed. Why does anyone tolerate this?