Category: General

Ladies and gentlemen, I give you: Diebold!

“For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” [David Bear, a spokesman for Diebold Election Systems,] said. “I don’t believe these evil elections people exist.”

(Originally from here, if you can read it.)

Nope. Evil election officials don’t exist, and never have.

Diebold election machines are insecure and poorly designed. Why does anyone tolerate this?

No, not really. But have you ever wondered how people in the South could have twisted their heads into thinking that the institution of slavery, with all its brutality, could possibly be a good thing, or how some Southeners, even poor whites, could have been so heated in their defense of their “peculiar institution”?

I have. The antebellum South has always seemed deluded to me. Often, their struggle against the North was framed in terms of freedom, liberty, and so on, even as they denied freedom and liberty to a whole class of their people. But I’ve never been satisfied with this conclusion. Most of the time, “delusional” thinking on someone else’s part is more correctly described as ignorance on your part–ignorance of some factor that, while possibly incorrect, at least brings that thinking within the realm of rationality.

So this article on Winds of Change has been a revelation to me. Its context is more modern: how does modern American society preserve public virtue today? (Or, more pointedly, does modern American society preserve public virtue at all?) But it makes its point by reference to the different theories of public virtue which held in the North and South before the Civil War, and how those views are still expressed today, although in different ways:

But North and South diverged on how best to keep the tree of public virtue well-watered and flowering. The puritan republicans upheld personal morality as the solution: A virtuous people could not help but be a virtuous republic.

And the South?

Rigorous private moral virtue was not necessary in the agrarian republican model — and was little esteemed among men in the South. Instead, jealousy of power and careful attention to governance would keep the flame of public virtue alive. Govern well, put men of pure virtues and total leisure in power, guard against demagogues and tyrants, and live as well as you please.

Callimachus coins the phrases “totalitarian liberty” and “aristocratic liberty” to describe the respective approaches taken by the North and South. While the North sought to preserve public virtue by forcing private virtue on its citizens, in the South public virtue was preserved by an orderly class hierarchy. Slavery was essential to preserving this hierarchy, as the wealth of the higher classes was supported by the wealth of the lower classes.

And where did the South get this idea of public virtue? From history:

As odious as much of the old South is to modern attitudes, it had the approval of history. The Spartan, Athenian, and Roman republics — the principal examples available to the Founders — all were built on essentially the same social and economic model, with a mass of slaves at the bottom.

Thus, attacking the institution of slavery was seen as a way of attacking the foundations of the Republic at its base, drawing forth the stirring defenses of liberty you often see from such folks as John C. Calhoun.

They would have been right, of course, except that they didn’t notice the alternate path ahead of them. The North managed to preserve public virtue with a much flatter and less stratified view of society. The excesses of slavery didn’t look to Northerners like the bedrock of civil society; they just looked like needless brutality, certainly nothing that should be defended. And in the end, Northern victory did not bring about the end of democratic civil society, as so many Southerners thought it would.

But in all this moralizing, we have to recognize that the Southerners were right about some things, even if they were wrong about one particular detail. What if the North had been able to convince the South (without warfare) that industry could substitute for slavery in preserving that lowest level of society, and that it could do so without brutalizing whole classes of people? Perhaps today, we would have a better appreciation of some of those Southern values of days gone by: limited government, non-interference in personal affairs, and eternal vigilance as the price of liberty.

Once upon a time, there was Windows, MacOS, and Linux. MacOS was a joke, so we won’t talk about it for now. Windows was easy to use, but also not quite stable and quite insecure. Linux was more difficult to use, but was also a lot more stable and secure.

This seemed like an interesting correlation: more security leads to more difficulty, and vice versa. Was this necessarily so? Both sides said no; Linux users claimed they would achieve ease-of-use without sacrificing security, while Microsoft claimed they could eliminate the stability and security problems of Windows while still keeping it easy to use. And with that, each side went to work.

We’ve been seeing one side of that work–the Linux side–gradually manifest itself. There’s no question that Linux has improved tremendously in ease of use. As the new technology has been developed, it hasn’t really affected stability more than usual; the main problem is that the new usability features are in high demand, and thus are more likely to be deployed before they’re ready.

Now the other side of that work is starting to come into focus with the recent betas of Windows Vista. So far, it seems that things are not going well:

Let’s say you have a 250GB external USB drive packed with music files, videos, pictures, and backed-up documents. When you plug it into your new computer, Vista assigns it the drive letter F:. You have no trouble viewing those pictures and playing those music tracks. But as soon as you start organizing your files into new folders, Windows Vista begins prompting you for permission to perform file operations. You have to click Continue, switch to the Secure Desktop, and then click Continue in the Consent dialog box to complete each operation.Why? Because the default permissions on that external drive give Full Control to the Administrators group, but only Read permissions to Users. And remember, you’re running with the process token of a standard user, unlike Windows XP, which gave you full credit for logging on as an administrator.

This sounds like a major blunder, but it’s not. Long-time Linux users will recognize the problem immediately: how do you secure removable media like USB sticks or CD-ROMs? We went through several iterations of that problem before coming up with a sensible solution: by default, the user who inserts media has full permissions to work with that media, and no one else should. It doesn’t sound like Microsoft has been learning from our experiences so far.

Slashdot has an article on Vista’s new security system, which has motivated some interesting analyses in the comments:

• The new Windows ‘protection’ scheme will browbeat the user until they disable the security system (in some way or another). That way, when the inevitable virus and spyware hits the system, Microsoft can wash their hands and say that it’s all the user’s fault for making use of their computer bearable.

• Here are the simple solutions all the windows experts are missing:Set yourself up as the owner of all files on the drive.
  Set full permissions to all files to the “user” group.

  Oh gosh gee. I don’t know how we could have been so stupid. Please forgive us for doubting the security, power, and flexibility of Microsoft operating systems.

  Dear Microsoft “experts”: You just permanently lost the user privilege security argument, and you probably don’t even know why.

• “Granted, I have to set the ACLs on both directories and registry settings, but it’s never been very hard.”Your Momma.

  As in, ask Your Momma to do that.

• From that review, it seems that running as a regular user will be easier under Ubuntu today than under Windows whenever it is released. There’s no excuse for that.

It’s interesting to note that Mac OS X–the successor to the previously-dismissed MacOS–is now cited as a model for implementing usable security, and that they’ve done so by building on a Unix base.

Yesterday, I finally achieved a goal I’d been working on for a long time: getting MythTV to display on our family room TV.

So what changed that made the impossible possible? One thing changed: the video card in the computer by the TV. It’s now a cheapo NVidia GeForce 4 MX card, instead of a super-expensive (at the time) ATI All-In-Wonder Radeon.

Windows users aren’t used to the troubles Linux users often endure getting hardware to work. When it works, it usually works very well, better even than in Windows. When it doesn’t just work, it’s usually a huge effort to get working, and sometimes there’s just nothing you can do except dump the hardware on EBay and get something else.

When I bought the ATI card, I had been reading some enthusiastic reviews of the card. ATI was, at the time, the most Linux-cooperative graphics card company, and while no support existed yet for the card’s cool TV recording and TV-out features, everyone assumed it would be just a matter of time.

Well, it’s been several years since then, and ATI was in the process of changing the way they did Linux support. The documentation they normally released to open-source driver writers never came. There were efforts to reverse-engineer the card, with varying success. Soon after, ATI announced that they would be providing their own proprietary driver for newer cards, making their Linux support worse than NVidia’s. (NVidia also does proprietary drivers, but the drivers are at least decent and support all of the card’s functionality; with the ATI drivers, for example, you can’t have both accelerated 3D and accelerated video support at the same time.) Video capture was not, and still isn’t available; ATI actually sends people to the reverse-engineering project above for that. And my card was too old to be supported by the proprietary driver.

To get an idea of the impact of ATI’s new Linux support policies, check out this page, which documents video input for ATI cards based on the older Mach64 and Rage chips, with this page, which documents video input for ATI cards based on the newer Radeon chips. The process for older chips is simple, as Linux driver support goes: download the module, build it, load it, use it. By contrast, the Radeon process has sections for “conservative”, “advanced”, and “adventurous”, where “adventurous” means “using TV-out”, and everything depends on using their special program for doing video input. Forget about using MythTV with this.

So, after months of very frustrating episodes of trying to get TV-out working on my ATI card (never mind video input), I finally broke down and bought the NVidia card. Total time to get TV-out working on the NVidia: about three hours, most of which was occupied in getting my thick S-Video cable past a metal bar in my case.

Lessons learned: avoid “do-everything” integrated hardware in favor of single-purpose hardware; never, ever, buy hardware without knowing that it will work that day; and stay away from ATI, at least for now.

Every so often, I see computer setups with multiple monitors hooked to a single computer, usually set up as a single very long desktop. You move the mouse to the edge of one monitor, and keep moving; the mouse then jumps to the other monitor. This can be really handy for some specific goals; for example, there’s no better way to create an immersive experience for a simulator. Most of the time, though, multi-monitor is used just to give the user a bigger screen.

I don’t generally have a problem with screen room. (Virtual desktops are very handy in that regard.) But I do have a problem controlling several computers, and switching between sets of keyboard, mouse, and monitor to use them.

So I was very intrigued when several people began blogging their experiences with Synergy, a little utility that links the desktops of several computers together into one, such that the desktops look a lot like multi-monitor. It even handles cut-n-paste across the desktops; I can cut or copy on one machine, sweep my mouse across to the other computer, and paste. It’s cross-platform, too, running on Unix/X11 systems, Windows, and Mac OS X.

So right now, I’m typing this blog entry on my main workstation’s keyboard, but into a browser running on my laptop. And instead of having a zillion tabs on my browser to keep track of pages I want to reference in my blog, I can just zip over to my workstation’s browser with a flick of the mouse, get to the page I want, copy the URL for it, zip back over to my laptop, and paste it into my blog post. Sweet.

If you find yourself using more than one computer at a time, you should check Synergy out.

It’s been a busy several weeks, centering around my brother’s wedding last Saturday in North Carolina. Before it, I was busy doing my part and traveling, and after it, I’ve been catching up on work. Less importantly, I’ve been catching up on TV shows I recorded on MythTV while I was there, including a series that looked fascinating: 10 Days That Unexpectedly Changed America.

A few of their choices for those ten days weren’t surprising, such as the battle of Antietam during the Civil War, the passage of the Civil Rights Act, and the Gold Rush. Some were a little strange, like Shay’s Rebellion and the assassination of President McKinley. And some were, to put it mildly, weird: the appearance of Elvis Presley on the Ed Sullivan show, for example. This was a large part of the appeal of the series. Speculating on the importance of Antietam wasn’t nearly as interesting to me as satisfying my curiosity about how Elvis was so earth-shaking.

Now, I’ve watched four of the shows (the Gold Rush, the Homestead strike, Elvis, and the Scopes evolution trial). They’re well-done, and I haven’t seen any evidence so far that the shows were seriously inaccurate. But at least some of them are disappointing: three of the four so far, to be exact.

Let’s take the show about the Scopes trial as our first example. The popular view is that Scopes, and his celebrated lawyer Clarence Darrow, lost the trial but won the publicity war, and that celebrated prosecutor William Jennings Bryan, broken in spirit from his loss, died a short time later. Admirably, the show casts doubt on the received wisdom, noting Bryan’s ambitious plans for the future and the suppression of the teaching of evolution that spread after the trial. But throughout the show, the trial was portrayed as a battle between faith and reason. Or, to show my take on the show’s bias, between superstition and progress.

This is a hot button for me. Perhaps that’s a topic for another post; for now, I’ll just point out that science’s successes within the physical sphere have been nearly matched by its failures everywhere else. Science, religion, history, and other disciplines have their places in the realm of rationality. It is currently fashionable to crow about the folly of allowing religion to trespass into science’s territory, but pointing out the reverse is not nearly so popular. This was a huge part of Bryan’s message, and the show does not do it justice, portraying it as a reaction to progress instead of as a warning the modern world might have done well to heed.

The same kind of bias was also evident in the show about the Homestead strike. I don’t think the terms “Left” and “Right” mean much regarding political discourse, but to the extent they do, the Homestead strike show was quite leftist. The strike was not just a famous labor dispute, supposedly, but a referendum on what the show called “corporatism” versus the rights of workers, one that supposedly echoes today in the crimes of Tyco and Enron (both of whose corporate headquarters made an appearance in the show). The workers, in resorting to violence, were merely defending their way of life against men (Frick and Carnegie) who sought to profit from their destruction. The workers’ treatment of the Pinkerton army was merely an expression of their fears, whatever the Pinkertons thought they were promised in the cease-fire.

In saying this, I don’t mean to downplay the abuses of the robber baron age. But the acts of the union at Homestead were every bit as shameful, and the show seemed to minimize this, portraying them as merely controversial. To tie acts like this to the supposed corporatism of today, without recognizing the efforts (and successes) of later union leaders to help their workers without resorting to violence, is deceptive. Not to mention that for every Enron, we can find a Total-Fina-Elf, a Nestlé, or a Cotecna, all in the part of the world considered most sympathetic to workers’ rights.

So what was going on? I don’t think those shows were some kind of intentional whitewash; they were more of an inability to transcend one’s biases. Which brings me to Elvis.

The Elvis show was fun, no doubt, but it seemed quite pretentious. Most of the history was correct, but the small errors were telling: for example, the idea that Elvis was the first pop megastar ever (and not Frank Sinatra), or that this was the first time sexual mores were being questioned (Roaring ’20s, anyone?), or that this was the first time black music was being accepted by whites (again, the jazz of the ’20s). Too much effort was made to link Elvis to the rebellious, liberal Sixties.

Every era tends to see its own time and its own causes as the center of history. But this is a tendency to be recognized and avoided, not embraced as transparently as these shows seem to. Certainly, I could name perhaps a half-dozen events with far more historical impact on America than the Ed Sullivan show ever had: the Dred Scott decision, the failure of the League of Nations in the U. S. Senate, the impeachment of President Nixon, and September 11 come to mind without even thinking. Why were they excluded, and Elvis included? Perhaps the Homestead strike marked a strong shift in labor relations, but why link it to Enron, over one hundred years later, in an attempt to give it relevance? And why link the evolution debate to an overhyped trial in Tennessee, instead of to the Supreme Court decisions reversing the anti-evolution laws and generally strengthening the wall between public schools and religion?

I suppose I’m being too sensitive. The shows are really not that bad; I learned something from them. (By the way, they’re all showing again tomorrow on the History Channel.) But I get tired of seeing history tied to the yoke of the current media barons and their prejudices.

I observed previously that we should avoid HDTV because, among other reasons, the next-generation HD DVD security standards isn’t supported by any equipment currently manufactured.

Well, that hasn’t changed, but at least one studio is promising to be nice:

At a technical briefing last week, Sony said that it will not use the Image Constraint Token to downsample the video output on analog HDTVs.

Why not? Well, the next-generation DVD space has been split into two standards: Blu-ray and HD-DVD. Right now, it seems that HD-DVD has a slight edge. And who is the prime mover behind Blu-ray? Sony. So this is a move to try and edge out HD-DVD in perceived quality.

Of course, the other studios could make the same pledge to counter Sony. Surprise: they have, all except Warner.

This is good news, at least in the short term. Of course, the technology still remains in the spec, and there’s no guarantee that the studios won’t turn the downsampling on in future movie releases.

When it comes to my data, I tend to be a control freak. I run my own domain. All of the servers that run it were built by me, in my own house, and only I have administrator access on them. I run my own E-mail servers, my own Web servers, and even my own instant messenger service. If I cannot run a service on my own systems, I tend to prefer doing without it instead of using a hosted service; this is particularly a problem for me in the shared calendar space, where the options are either hosted, hideously expensive and heavy, or broken.

Why? It’s simple: self-preservation wins, every time. Who besides me has a stronger interest in my privacy? Who else feels more pain over lost or inaccessible data? No one does. So if I’m going to trust you with my data, there must be some very high benefit, or the data in question must be unimportant, or something else must be true that overcomes my suspicions.

The conventional wisdom has been that I’m behind the times. The current trend is “software as a service”, where sophisticated Web sites take the place of local apps. E-mail and map software are examples people are familiar with, but there are others: photo management, bookmark managers, even full office suites. I’ll go so far to admit that some online software is way better than the alternatives, such as online map sites, but I tend to be suspicious by default. This makes for some good-natured ribbing from my boss, when I bemoan the sad state of some immature technology I’m fighting with that’s available as an online service.

Lately, though, Ian has been hearing the siren call back towards paranoia:

A friend of mine managed to get himself locked out of his Yahoo account, and after hours on the phone with Yahoo support, he seems unable to convince the Yahoo bureaucracy he is who he says he is so they will let him back in. He even offered to fly to Sunnyvale to present his driver license. Apparently, the zip code Yahoo has on file is different than the zip code he’s had his entire life, and the support staff say they can’t unlock his account until he gives them the right answer, which he’s already doing. (Apparently, the best one particularly dim bulb in Yahoo customer service could come up with is that he call back each day with a different guess till he gets it right.)

The indirect response he got was, well, disappointing (censored for language):

How about getting a clue? All I can think is “what kind of %@#$% doesn’t backup his CRUCIAL data?!” Seriously. Gmail is a free beta service.

(Jeremy Zawodny is a Yahoo guy, and he was responding to a similar incident posted elsewhere, not to Ian’s friend.)

To which Ian responds (again, edited for language):

Isn’t the whole point of software-of-a-service that you can just put your stuff “in the cloud” and let someone else (you know, someone with hundreds of millions of dollars of computing infrastructure and thousands of employees and—presumably anyway—some sort of backup policy) take care of it for you so it “just works”? Isn’t that what Google, Yahoo, etc. have been trying to sell us? It’s certainly compelling to me, which is why I’ve been moving in that direction myself. Interesting, though, that when they screw up, they call us %@#$% for following them. I guess that’s what the cop-out “beta” moniker is designed to do—put all your stuff here, but if we screw up, don’t blame us, you %@#$%, it’s a free beta service!

It’s not often that such an opportunity arises to call your boss something unprintable in public and get away with it… but my impeccable sense of decorum forbids me. Alas!

Seriously, I was as surprised as Ian to see Jeremy’s response. Why do I not have a Yahoo account? Because I don’t trust Yahoo to be as careful with my data as I am. You’d think Yahoo would want to convince me otherwise; after all, I frequently dole out advice on things like this to hundreds of potential Yahoo customers. Apparently, there’s some advantage to confirming my paranoia, however many people I scare off software-as-a-service using that confirmation as ammunition.

Such as my wife, who just discovered the wonder that is Yahoo Calendar. Her enthusiasm was easily curable, however. I doubt she’ll be the last to take the cure.

UPDATE (2006-03-17): Yahoo isn’t the only one having problems with reliability and customer service.

When people have asked for my advice regarding which HDTV thingie to buy, my general response has been very simple: don’t.

If there’s some feature that you absolutely must have, and you’d be OK with your purchase even if you couldn’t do any of the cool stuff they’re promising for the future, then maybe HDTV is for you. Maybe.

Why so pessimistic? So-called “digital rights management” schemes hadn’t been hashed out completely yet, and it’s not clear that you’ll actually be able to use your year-old technology until it is. Given the concern the vendors have shown to protect the interests of their customers, and the effectiveness of their quality assurance efforts, I have not believed any of the promises regarding whether equipment bought today will work with the promised new technology of tomorrow.

It appears, now, that most of the DRM story has been figured out, and we have a basic idea of what some of the new HDTV player technologies are going to look like. And what do we learn about older HDTV equipment?

We learn, first of all, that no computer video cards on sale today support the standards, despite advertising to the contrary. One company has already begun to backpedal on their former advertising promises. Did you buy a Media Center PC for the HDTV support? Are you planning to? Check your specs carefully, or you may find yourself watching a lot of low-definition television on it soon.

Next, we learn (via Slashdot) that the new HD DVD players will send a degraded signal to HDTV monitors that don’t support their DRM standard. How many monitors sold today support the new standard?

In other words, even if you bought a HDTV monitor yesterday, your HD movies will only look slightly better on it than regular DVD once the new formats come out. For full HD movies, you’ll have to buy a new monitor, one that isn’t on sale yet.

So, at least for the foreseeable future, do what I do: buy standard analog TV and video equipment. Because of the huge installed base, no one will dare making those old standards obsolete for a long time yet. And for higher quality viewing and listening, use a computer and a computer monitor.

RSS has no future. Don’t believe me? Just ask its creator, Dave Winer (link added by me):

It’s possible that a new format, based on RSS 2.0 could be an improvement, but any person or group attempting to do that must not in any way claim the exclusive right to do so, nor should it in any way attempt to interfere with the stability of the RSS platform. No one has the right to do that. RSS 2.0 is what it is. You can extend it through namespaces, that certainly is one way forward. You can take the format and make a new format as an evolution, but you must not call that RSS. That set of constraints has served us well.

Tim Bray (a major player in the Atom syndication format) agrees:

Those of us who thought there was basic, important work that still needed doing in the area of syndication formats had three choices; RDF-wrangling in the RSS 1.0 context, namespace-wrangling in the RSS 2.0 context, and putting a new name on it; to use Dave’s words, “make a new format as an evolution”. Thus, Atom.

Also see Dave’s response when a group of vendors decided to try and resolve some of the issues with RSS:

Tomorrow I will talk individualy with all the corporate members of the
“board” and ask them to resign.

See also Burningbird’s bleak, yet entertaining take on the whole mess, and her call for clarity.

No standard can survive without changing. RSS is showing a complete inability to change, even to fix long-standing interoperability problems; how can we expect it to adapt to new ideas in the future? If the Bugzilla developers can’t figure out a way forward except to drop RSS support in favor of Atom, how can anyone else expect to figure things out?

The big problem: Dave Winer sees leadership outside of himself as a threat. Much of the effort being put into fixing RSS is coming from Rogers Cadenhead, who has been quite respectful of Dave’s place in the RSS community. Dave’s response comes from the depths of paranoia:

Rogers, I need to get out of the RSS morass, and back to work on new stuff. Could you make your group less of a threat to harmony in RSS-land? Be a sport and listen a little, give a little. You can make a contribution without being Lord Master God of RSS. (I don’t want to be that either, I just want to be a friend of RSS and be respected for having played a major role in creating it, and having a pretty good idea about what it is and isn’t.)

For an idea of how respectful Rogers has been, here’s part of his comment to the above post:

I see no desire to discount your role in RSS or your ongoing efforts to be a leader in this community. But we disagree over whether your current position — leave the existing spec untouched — is a tenable one for the future.

This legendary stubbornness is now starting to descend into a disconnection from reality. Check out, for example, this post by Rogers Cadenhead, in which he documents one of the problems he’s trying to fix in great detail. Winer’s response?

Another one — if it ain’t broke, don’t fix it.

Amazing.

Well, it’s not that bad. But (via Slashdot) it does appear that Skype will be crippling its software on non-Intel systems:

The latest version of Skype’s Internet-calling software can host up to 10 users on a conference call, but only if your PC has a dual-core processor from Intel, Skype and Intel announced Wednesday.

There’s nothing technical about the restriction. There’s nothing Intel’s dual-core chips can do that AMD’s can’t; in fact, AMD has been rated as slightly faster than Intel. This is purely a marketing agreement.

I wonder, though, if this won’t backfire on Skype. Gizmo advertises free conference calling that can handle more than ten callers, and they don’t care who makes the chips that run your computer. People who buy AMD computers because of the lower cost and better performance might be persuaded to give an alternative service a try.

Well, that’s interesting. Promise to post more often, and your server power supply will decide it’s time to stop working.

I’ve also discovered that I have expiration on my DNS domain set way too low, as my backup stopped serving names for my domain within 24 hours of the outage. It’s interesting how you never discover these things until it’s too late to fix them.

Well, this has been an interesting month. I’ve mostly made the transition to working at home, and have even managed to do something useful in the new job, which is a good thing.

I’m also learning, in a small way, the Secret To Blogging ™, which appears to be: don’t be so picky about every post being a prose masterpiece. So, perhaps, we’ll see more, less polished posts in the future.

Things keep getting worse and worse over the Sony music CD security problems that came out a while back.

Sony has now promised to recall all the CDs protected with this software, and offer exchanges for people who already bought the CDs. But the software they send people to uninstall their hack stays on the computer once the job is done, and it turns out that the uninstaller also bypasses all security checks in Internet Explorer, giving remote hackers the ability to do anything to your computer that they want. Users who have the Sony software should wait for anti-virus and anti-spyware vendors (like Microsoft) to add XCP to their virus signatures. (Be warned, though; Sony may be claiming otherwise regarding Microsoft’s perception of the Sony software.)

The original album which prompted the scandal is getting hammered in the Amazon reviews section; their manager is on record begging for a recall to repair the band’s reputation.

On the legal front, Sony may be facing criminal charges in Europe, both for their copy protection and their predatory pricing. There’s a chance that Sony could be criminally liable in the USA as well if their virus infects government computers.

Effective charity is, sometimes, a problem. On the one hand, compassion for others is part of the highest law for Christians, and a great virtue in nearly all religions. On the other, we want our charity to actually help people, and not support the destructive conditions or behavior that made them poor.

Our charity can also be a way for us to impose our will on someone. I once heard of someone who had bought cattle for a poor group in Africa; his intent was to help them start a ranching business that would provide them with sustainable food sources. This didn’t work too well, because the people receiving the cattle tended to butcher them almost immediately. The person had a very good idea about solving this group’s problem, but it was more his idea than theirs, and when they didn’t seem to agree with him, he stopped helping them.

So it was very, very interesting to read (via Marginal Revolution) about Kiva, a loan clearinghouse for developing nations.

In world terms, Americans are filthy rich. Income that’s below the poverty line here is more than some whole African villages make. So, say the Kiva people, if we’re so rich, let’s use our riches and become capitalists for small businesses in developing nations. They list businesses that are applying for loans, along with the amount, and you give some or all of the amount of the loan to Kiva, who then issues the loan once the full amount has been donated. As the business repays the loan, that money is repaid to you, and you can receive regular updates on how the business is doing. (Some of this information is available on their active loan page.)

This is definitely charity, and not an investment. There is a vetting process for the loan, and repayment rates appear to be high, but businesses can fail in Uganda as easily as here (more easily, in fact). Plus, you don’t get interest on the loan. (The borrowers sometimes do pay interest, which goes to cover Kiva’s expenses.)

Kiva seems to deftly solve a lot of the problems with traditional charity. The borrower has to apply for the loan, and come up with his/her own business case, so the risk of imposing one’s will on the recipient is low. Since the borrower has to pay the loan back, the borrower is not made dependent on chariable giving. By building up local business, the measure improves the local economy, which should eliminate the causes of poverty instead of just treating the symptoms.

Right now, they’re out of businesses to sponsor due to high interest in the site. But please keep an eye on them, and think about sponsoring a business once one becomes available.

Here’s a scary story for Halloween. You might be able to read it here; if not, go to the main blog page and look for the last post of October 2005. Or, read the Slashdot story on the matter.

Sony is evidently releasing music CDs now with digital rights management software on it that secretly installs when you try to play the music on your Windows-based computer. The purpose of the software is supposedly to control how many copies you can make of the songs.

To this end, it cripples your CD player, making it impossible to create digital copies of any songs. It also hides itself in a way that makes it easy for hackers to hide anything they want on your system. It replaces part of the operating system with itself (and does a poor job of it too, making your system more crash-prone). For whatever reason, it slows your computer down while reading information about the other software you’re running on the machine. Oh, and if you try and remove it, either manually or via some anti-spyware program, it disables the CD drive completely, making it impossible to play other CDs, play CD-based games, install new software, or even fix your broken computer.

If you’re a techie, you can fix all the crap these CDs put on your computer by following the instructions in the article above. Quick recap, in case the article goes away: stop all processes with $sys$ in the name, delete all $sys$ files in Command Prompt (you won’t be able to find them anywhere else), reboot, run RegEdit as the LocalSystem user, look for lower and upper filters containing $sys$, delete them, reboot.

If none of that makes sense to you, and you can’t find someone who can understand it, you’re probably going to have to reinstall Windows to get your system back. Linux users are unaffected. No word on how Apple handles this.

Need I mention that you should avoid buying CDs from Sony? If you absolutely must, be sure never to play the CD on your computer. (You can turn off AutoRun if you feel daring; this may help you prevent getting infected from the CD.)

Oh, by the way, the album in question in this case was Van Zant’s latest, Get Right With The Man. (heh!) It’s also been reported on Amazon that Healthy In Paranoid Times, by Our Lady Peace, has the same problems.

What lesson does this teach us? Follow the law, respect Sony’s rights, buy a legal copy of a copyrighted work, and you’re just a sucker, since Sony gets a free pass when it comes to returning the favor. As “Alan” on Slashdot posted:

I’m glad I get my music off of p2p networks and don’t have to worry about trojans and rootkits and that evil hacker stuff!

UPDATE (2005-11-02): Publicity is starting to mount; see the Washington Post blog, for example, which quotes virus researchers on the problem. Sony will now help you remove the code, but only if you call them, tell them about your computer, go to their Web site, install still more software on your computer, get an E-mail once their software has proven that you’re worthy of it, and install yet more software on your computer. I expect this will not prove to be sufficient for most people who experience problems.

UPDATE 2: Via PC Pro, we find Sony’s site for this software. Check the system requirements; in particular, if you follow Microsoft’s recommendations for securing your system, you can’t play this CD. Also, a Slashdot journal-ist provides this link to the rootkit’s original author and this Google search for other CDs that hack your system when you try to play them.

UPDATE 3: Sony has yielded to the pressure and released the removal tool.

UPDATE (2005-11-06): More from Mr. Russinovich: his experiments with using Sony’s removal tool, which appears to do very little in the way of removal. Also, Mark reports that hackers are now using the Sony rootkit to hide their own cracks, despite Sony’s insistence that this was not possible.

UPDATE (2005-11-14): And Sony caves completely after getting an indirect lecture from the White House.

UPDATE (2005-11-16): More here.

Daylight savings time is at an end. For most of us, this means that it’s time to set your clocks back an hour. For Indiana, it means that it’s time to rearrange our lives so we can leave the clocks alone. New times for TV shows, radio shows, out-of-state meetings, etc.

So remember, everyone: Indianapolis is now on the same time as New York, even though it’s been on the same time as Chicago all summer.

Boy, am I glad we’re not doing this anymore.

Our dear daughter is in volleyball this year, and at today’s practice, the coach distributed team pictures. They’re good pictures, with the usual team and individual shots. But on the envelope, this:

Did you know? Professional photographs are protected by copyright laws. It is illegal to scan or reproduce Lifetouch portraits. If you need additional prints, please use this reorder form. Thank you for respecting our work.

As I understand the law (and, I should warn you, I’m no lawyer), this is wrong, and a little reflection will make this obvious. Scanners and copiers are everywhere. I’ve seen scanners on sale for less than $20, and those all-in-one scanner-copier-printer-fax copyright violation factories are big sellers. They even put copiers in libraries, right next to piles of books that are nearly all “protected by copyright laws” too. And yet, all those librarians manage to stay out of jail for contributory copyright infringement, somehow. Is the FBI hitting the chain electronics stores yet, looking for suspicious OfficeJet buyers?

While the doctrine of “fair use” has been taking a beating in recent years, what with the recording industry suing grandmas who never owned computers for song swapping on the Internet months after their funerals, it’s still the law of the land. Most personal uses of copyrighted material fall under it, which is why it’s legal to tape TV shows on a VCR, copy encyclopedia pages and magazine articles in libraries, and sing “Happy Birthday” at your kid’s birthday party. If Lifetouch was right, all of those things would also be illegal.

The idea behind the scam is to increase the cost of scanning via a little fear, and encourage people to order the pictures “legally” to avoid the risk of the Copyright Police raiding their houses mid-scan.

Of course, they will have to increase the cost of scanning a lot more to cover the inconvenience of ordering from this outfit. Check out their company web site. See any online ordering link? Nope. The only way to order more pictures is to write on the back of the envelope the pictures came in and send it snail-mail to Chattanooga, Tennessee. Too bad my dad (who inspired my daughter to try volleyball after taking her to an Illinois volleyball game last year) can’t order any pictures without a magic envelope. I guess we’ll just have to scan in a few to send to him over E-mail.

I wonder which approach would make them more money: lying to their customers to scare them into ordering, or making it as easy as possible to order?

UPDATE (2005-10-20): It’s been pointed out to me in the comments that I’ve been vague at best about Lifetouch’s rights, and about fair use. First of all, Lifetouch does have a valid copyright in those pictures. Second, while fair use covers many purposes for copying a picture, it doesn’t cover them all. My example about scanning a picture and sending it to Dad may be illegal, depending on the financial harm done and a lot of other factors (see a lawyer for details). My point was not that it was legal, but that it was easy, and that lots of people will ignore the threats in the envelope if ordering prints is too much of a pain.