WebMink

Spare the rod, spoil the web - the Verisign Worm

Sometimes I ask my children to do things around the house. I'm not sure if that makes me an awful parent or not, but the looks I get from them (weary, hostile, weak, pathetic etc) suggest they think so as I ask them to tidy away plates, clear the room or do small maintenance chores. I love them so I cut them some slack, especially when they reply to me "Yes, Dad, I'll do it, leave me alone" after I ask for the sixth time.

I don't love Verisign one little bit. My customer experience with them has been uniformly dreadful, and Sitefinder is a gross imposition on the good will of the Internet amounting to a 'worm'. In case you haven't noticed it, Sitefinder is a nasty trick Verisign has played in abuse of their privileged status running the *.com and *.net internet domains on behalf of ICANN (the quango that administers the US parts of the Internet). Verisign has exploited a defect in the design of the domain name system (DNS) that means they are able to redirect all failed DNS access to their own web site. This means:
All mis-spelled web browser access goes to them
If you send e-mail and there's a temporary network failure at the recipient end, it gets diverted to Verisign according to some reports (although Steve Crocker of ICANN only alleges it makes the error messages unreliable)
Web services applications fail in a different and unpredictable way as connection failures may get diverted to Verisign
Filtering spam can fail because reverse look-ups of originators always succeed
... and so on - as bad as any other internet worm
Verisign applied this change without permission, without consultation, without warning and possibly in violation of their contract with ICANN.

ICANN asked them nicely to suspend the 'service', and Verisign just said no, flat. So yesterday ICANN said 'shut it down now or else' and Versign ungraciously said 'Yes, Dad, I'll do it, leave me alone' - CNET quotes this:
"Without so much as a hearing, ICANN today formally asked us to shut down the SiteFinder service," Russell Lewis said in a statement, "We will accede to the request while we explore all of our options."
That's not how I read it in ICANN's letter - Lewis seems to have been trained in the same school where Microsoft learned to say sorry. Anyway, as of right now and in spite of reports to the contrary, the worm is still there (test here) and it seems Verisign's "yes dad" is hollow. I don't beat my children, but in this case I'd remind ICANN, "Spare the rod, spoil the child".

Update: Looks like they went right to the wire - worm seems gone now at 2am (6pm PDT).

posted at 2:32 PM (UK) | Comment? (0 so far) | links to this post | |

Moore Profile

Today's Guardian has an excellent interview with Michael Moore ("The Capped Crusader") that is well worth reading in full. He comes across well - passionate and human.
For a start, he listens. Even though he is the one being interviewed, he is very ready to engage in a dialogue. Even though the opinions in his book are forthright, they are not finished. He is still thinking. And so - and this is rare among male opinion-formers of his age - he does not consider being challenged an act of insolence.
His passion can sometimes take him too far in what he says, but he's such rarity that it's forgiveable.
As an activist, polemicist and journalist, Moore occupies a unique space in the US media and politics. He does so not because he is dissident - America has many dissenting voices, even if most are rarely heard - but because of the combination of what he says, and the way he says it, on television, film and in books. He is a choir of one with little in the way of back-up vocals.
Turns out he's America's best-selling author right now (even if America's bookstores hide his books once the rush is over), so his views can hardly be the ranting of one lunatic. His critics may try to treat him that way, but I don't think it will stick. His politics are pretty obvious, as is his affection for Britain, but his criticism of Tony Blair is unrestrained:
"I hold Blair more responsible than Bush for this war. Because Bush doesn't know better, Blair does. Bush couldn't have gotten away with this without Blair. It is my challenge to the British public to get up off the couch and find another way."
I'm not sure I agree - I believe the war would have started a year sooner and been much worse for the world without the moderating influence of Blair on Bush. But my admiration for him remains. The Guardian also has some extracts from his new book, "Dude, Where's My Country" [US | UK | CA] (and I still think 'Bowling for Columbine' [UK | US | CA] is a classic, as is 'Stupid White Men', [US | UK | CA]). I just hope he can continue to harness his millions and provide the voice the 'decent majority' have been lacking in the US.

posted at 4:50 AM (UK) | Comment? (0 so far) | links to this post | |

Friday, October 3

Wednesday, October 1

Interference Patterns

Sometimes two orchestrated press stories can combine to reveal interesting facts about what's mentioned in neither. Two such news stories just caught my eye. The first talks about how the fall in music sales is speeding up:
The International Federation of the Phonographic Industries (IFPI) says sales fell by 10.9% in the first half of 2003, but by just 7.1% in 2002. The body blames the fall on commercial piracy and unauthorised internet music sharing.
Seems IFPI and RIAA haven't been co-ordinating their PR and the truth has been slipping out between their releases, because the second talks about how successfully the RIAA's campaign of mindless law-suits has been:
Kazaa usage has fallen 40 percent since the spring, when the Recording Industry Association of America began suing students who ran on-campus file-swapping networks. Kazaa, the most popular file-swapping service, had 17.4 million U.S. unique visitors in March, according to Nielsen//NetRatings, a consulting company that monitors Web traffic. In August, Kazaa users had dropped to 10.4 million, and the numbers are still falling
Let's just summarise for those missing the point: The recording industry blames file-sharing for its forthcoming demise and weeps over the accelerating loss of customers during a period when the use of file sharing is successfully being crushed by their soulless prosecution of 12-year-olds, grandparents and musicians for wanting more music.

So the question arises: why, if it's all because of file-sharing, did the fall in sales accelerate at a time when file-sharing was reduced? Possible answers that spring to mind include customers not getting to preview products so not buying them, customers deciding that an industry which sues its fans for liking their product needs to be avoided, or some other systemic fault in the music industry that's nothing to do with what other people are doing on the internet and everything to do with what the recording industry isn't doing on the internet.

posted at 10:43 PM (UK) | Comment? (0 so far) | links to this post | |

Tuesday, September 30

Choice - Missing the point

The Massachusetts open technology decision is covered in CNet with a little more information. Why exactly do editors add misleading and wrong headlines to cover these articles? Do they want to prevent readers getting the real point? As John Lettice points out, the headline over the original article I cited used the phrase 'open source' without any cue from the text of the article, and this CNet story actually has a wrong headline as proprietary software has not been 'banned'. According to CNet,
The policy says in evaluating new technology purchases, the state will give preference to open-source software and products that adhere to open standards
Lettice also points out the ugly miss in the BSA's thinking. They obviously read the headline instead of the story and reacted to it. To re-iterate, all that's happening is that Massachusetts is preserving "the freedom to choose again". Companies that restrict that freedom will have to demonstrate a value that compensates for the failure to preserve choice. Nothing to complain about there, BSA. Unless, that is, you are in the pocket of someone who hates free choice.

Update:Some lobbyists (CAGW, who lobbied hard for states to stop suing Microsoft) seem to have fallen into the same trap of reading the headline and lashing out against open source (despite the fact their web site uses FreeBSD and Apache) - very prompt, I wonder why they are doing it? Or have CNet and AP both got it wrong?

posted at 11:54 PM (UK) | Comment? (0 so far) | links to this post | |

Swatting Flying Monkeys

Downhill Battle has launched a system to allow people to contribute to the defence funds for people sued by the RIAA. I believe one should pay the musicians and their support networks for the music one wants, but the RIAA is a luddite acting indiscriminately, heavy-handedly and not in their members interests. Their action seems to involve no research of the actual people involved and they make no distinction between using peer-to-peer as a way to shoplift and as a wired 'preview' booth or for other legititate uses (take Moby's view for example [via Boing Boing] - go, Moby!).

The RIAA plan seems to be to mindlessly threaten people who will be too scared to fight and thus to build up a body of precedent to support their delusions. Hopefully sooner or later they will target someone who can actually afford to defend themselves. But in the mean time I am supporting the fund and encourage you to do so too - to quote Adam Eisgrau, "We don't condone copyright infringement, but it's time for the R.I.A.A.'s winged monkeys to fly back to the castle and leave the Munchkins alone." [thanks, Mitch]

posted at 2:31 PM (UK) | Comment? (0 so far) | links to this post | |

Monday, September 29

Freedom To Choose Again

No-one really mentioned the news on Friday that the US state of Massachusetts has taken a strategic decision (independently of its struggles with Microsoft) to mandate open standards in future IT acquisitions [thanks, Flip]. This is something of a landmark for two reasons.

Firstly, it presents a state-level decision to value openness - the freedom to choose again - above just purchase price, like the city of Munich did in Germany. This is as it should be - why should the current administration be able to dictate the procurement decisions of the following administrations by mandating solutions that can only be sustained by one vendor?

Secondly, it is a decision to mandate open standards - interfaces, file formats, protocols and executables - rather than just open source. That may sound radical, but one can build relatively closed systems using an open source methodology - the word 'open' in 'open source' does not magically deliver the freedom to choose again. That freedom is best delivered by open standards in the areas I've listed above, with a reference implementation or 'gold standard' implemented openly by a community. Open Standards + Open Source = Freedom, and Massachusetts is boldly and wisely leading by example and preserving its freedom to choose again.

posted at 6:47 PM (UK) | Comment? (0 so far) | links to this post | |

Sunday, September 28

Orwellian E-Tags

"Larry Downes teaches technology law and strategy at the University of California-Berkeley School of Information Management and Systems. He has no affiliation with the bar code industry." Larry is also either naive or engaged in an attempt at obscuring the real problem with RFID and its use with EPC in commerce when he writes in USA Today that we shouldn't fear "the new bar codes". He says:
The first generation of bar codes has helped do that for nearly 30 years. But if misguided privacy alarmists have their way, the benefits of the next generation of bar codes may be denied or delayed.
Misguided? Trying to call RFID tags carrying EPC codes "the next generation of bar codes" is a misuse of language of Orwellian proportions, using a known-harmless term to label a known-problematic technology. Over on the Interesting People list, Andreas Krisch makes this clear in his posting, which I'd recommend you read if you're not aware of the technology behind RFID, EPC and PML (there's a longer analysis in The Register). Andreas points out the real issue:
If the RFID-Tag is not destroyed or better removed at the checkout the consumer can easily be recognised by the EPC of her T-Shirt. With this unique identifier the retail shops are easily able to i.e. track the buying habits of their customers.
For 'T-shirt' read "any purchase" - the European Central Bank is even thinking of putting RFID tags in banknotes. The innocuous term 'bar code' seems wrongly applied to RFID/EPC/PML. To read a bar code I have to get access to the item. To read an EPC from an RFID tag I need just to get within radio range of the chip. Maybe a term like 'e-tag' for this technology grouping is more appropriate.

To be clear, the privacy problem with e-tags is the same as the one with national identity cards and other pervasive, public, unique IDs - triangulation. The problem of triangulation lays not in the nature of nor the intent behind the ID tags being used - e-tags, date of birth, social security number, vehicle registration - but in the ability to gather and cross-relate them with information gathered by other means. Any ID then becomes a 'key' on which to recall any of the other data.

Sadly, even the breathless activists Larry is criticising (not linked from the article as usual - CASPIAN and Stop RFID) don't really understand this it seems. The scheme itself is, as Larry points out, pretty innocuous in isolation, just like bar codes. Larry points this out when he says:
Many think of companies as amoral, profit-hungry beasts that will do anything to promote their own selfish interests. In the case of EPC, the early signs suggest an impressive cooperation aimed at making the transition as smooth as possible and of sharing the benefits of new technology as widely as possible.
But it's not the use that companies themselves will put the technology that's the problem. Unique EPCs that can be remotely read via radio and then checked against a server to retrieve XML-formatted summaries of their usage history provide the ideal means for orthogonal uses of the identifier. E-tags are not the only source of concern for those of us who believe privacy matters (and that includes my boss by the way - his quote asking you to "get over" lost privacy was in a context trying to make people face this very problem). But the ability to covertly gather EPCs from RFID chips that haven't been disabled or removed makes them much more worrying.

Here are some examples, all thankfully from my imagination so far.
A political campaigner could read the e-tags of items carried by opposition supporters at a rally and then covertly track and undermine their activity.
A paedophile could gather e-tags from clothes, sports gear and stuff near a school and then watch for passers-by elsewhere.
Investigators could engage in covert 'electronic tagging' by accumulating the e-tags of items suspects owned and then use covert readers to track the suspect.
TIA has not gone away, it's just hiding. E-tags could be a very handy hook on which to hang the work of this and MATRIX without needing a warrant (not that that seems to be much of a problem these days anyway)
So Larry does get one thing right - that consumers "must be able to permanently stop the transmission of data to or from tags once they leave the store." But this needs to be more than a voluntary guideline - it needs to be a requirement from the start. Larry finishes by saying "EPC isn't dangerous. Ignorance is." Larry, naivety is even worse.

posted at 10:35 PM (UK) | Comment? (0 so far) | links to this post | |

AdSense Quirks

Well, stung by criticism from Stephen Noels, I have avoided using the word ßlog and refrained from ßlogging about ßlogging ever since, even if his criticism missed the irony of my original postings and thought I was seeking A-list-dom rather than asking who gave anyone the divine right to be kingmakers (which was the point of the postings he didn't like).

Nonetheless, Google AdSense still treats this page as if it was all about ßlogging and places advertisements related to that topic on the page. So I have decided to try excising the word completely from this page for a while and see if it changes. The frame that opens for external links is now called "SP" rather than you-know-what, the banner is just "Webmink" and I'm using an obfuscation that must be driving my German friends crazy. I wonder if it will make a difference?

Later: The ads that appear next to this posting on the archive page focus on R.S.S. - looks like AdSense picks up the ornaments when it doesn't like the other page contents.

posted at 4:10 PM (UK) | Comment? (0 so far) | links to this post | |