Blackmoor Vituperative

Never content to twist US law into pretzels, the media robber barons also attempt to use their power to make other nation’s laws as bad as those we have here….

In accordance with US trade law, the Office of the US Trade Representative (USTR) is required to conduct an annual review of the status of foreign intellectual property laws. This review, which is referred to as Special 301, is typically used to denounce countries that have less restrictive copyright policies than the United States.

The review process is increasingly dominated by content industry lobbyists who want to subvert US trade policy and make it more favorable to their own interests. […] One of the organizations that plays a key role in influencing the Special 301 review is the International Intellectual Property Alliance (IIPA), a powerful coalition that includes the RIAA, the MPAA, and the Business Software Alliance (BSA). The IIPA, which recently published its official recommendations to the USTR for the 2010 edition of the 301 review, has managed to achieve a whole new level of absurdity.

University of Edinburgh law lecturer Andres Guadamuz wrote a blog entry this week highlighting some particularly troubling aspects of the IIPA’s 301 recommendations. The organization has condemned Indonesia and several other countries for encouraging government adoption of open source software. According to the IIPA, official government endorsements of open source software create “trade barriers” and restrict “equitable market access” for software companies.

[…]

The Indonesian government issued a statement in 2009 informing municipal governments that they had to stop using pirated software. The statement said that government agencies must either purchase legally licensed commercial software or switch to free and open source alternatives in order to comply with copyright law. This attempt by Indonesia to promote legal software procurement processes by endorsing the viability of open source software has apparently angered the IIPA.

In its 301 recommendations for Indonesia, the IIPA demands that the government rescind its 2009 statement. According to the IIPA, Indonesia’s policy “weakens the software industry and undermines its long-term competitiveness” because open source software “encourages a mindset that does not give due consideration to the value to intellectual creations [and] fails to build respect for intellectual property rights.”

The number of ways in which the IIPA’s statements regarding open source software are egregiously misleading and dishonest are too numerous to count.

(from Big Content condemns foreign governments that endorse FOSS, Ars Technica)

“The IIPA — destroying your cultural future to line our pockets today!”

I picked up the TV series “Invasion” on DVD at Kroger, from a bargain bin. I am up to episode 5 or 6. This is a weird show.

There is clearly an alien invasion going on, but it’s not clear that the aliens are even aware that they are aliens. I had always assumed that pod people would know that they are pod people. But what if they didn’t know?

What if you were a pod person, and didn’t know it? What if you just felt… off, somehow?

I have said it before, but I will say it again: don’t take anything posted in this blog too seriously. It’s mainly a place for me to grumble harmlessly about things that are beyond my control, so that I can get it out of my system and go on with my life as the generally optimistic, upbeat person that I prefer to be.

Life is too short to be pissed off all the time.

Associate yourself with men of good quality if you esteem your own reputation; for ’tis better to be alone than in bad company.

(From George Washington’s Rules of Civility)

George Washington’s Rules of Civility is pretty cool, in a Victorian sort of way.

It appears that the Digital Rights Mafia and the media robber barons have successfully done in Britain what they failed to do in the USA in 2003 — bullied the broadcasters into allowing the robber barons to control not only the content, but the devices used to play that content.

In my latest Guardian column, “Why did Ofcom back down over DRM at the BBC?” I look at how lamentably credulous both the BBC and its UK regulator, Ofcom, have been in accepting US media’ giants threats to boycott the Beeb if it doesn’t add digital rights management to its broadcasts. The BBC is publicly funded, and it is supposed to be acting in the public interest: but crippling British TV sets in response for demands from offshore media barons is no way to do this — and the threats the studios have made are wildly improbable. When the content companies lost their bid to add DRM to American TV, they made exactly the same threats, and then promptly caved and went on allowing their material to be broadcast without any technical restrictions.

How they rattled their sabers and promised a boycott of HD that would destroy America’s chances for an analogue switchoff. For example, the MPAA’s CTO, Fritz Attaway, said that “high-value content will migrate away” from telly without DRM.

Viacom added: “[i]f a broadcast flag is not implemented and enforced by Summer 2003, Viacom’s CBS Television Network will not provide any programming in high definition for the 2003-2004 television season.”

One by one, the big entertainment companies – and sporting giants like the baseball and American football leagues – promised that without the Broadcast Flag, they would take their balls and go home.

So what happened? Did they make good on their threats? Did they go to their shareholders and explain that the reason they weren’t broadcasting anything this year is because the government wouldn’t let them control TVs?

No. They broadcast. They continue to broadcast today, with no DRM.

They were full of it. They did not make good on their threats. They didn’t boycott.

They caved.

Why did Ofcom back down over DRM at the BBC?

(From New column: Why is Ofcom ready to allow BBC DRM?, Cory Doctorow’s craphound.com

What the hell has happened to the once-great Britain? They gave us the foundations of our society — the rights of free men to bear arms, the rights of a jury to decide not only if a law was broken, but whether that law should be enforced at all, and the basic right of the governed to expect their government to treat them justly… all of this is due to our country’s British origins.

I have to say, I am a little disappointed with what’s become of them.

Religious conservatives argue the Founding Fathers intended the United States to be a Judeo-Christian country. But President Obama is right when he says it isn’t.

(From America is not a Christian nation, Salon)

I am no great fan of President Obama (nor was I of President Bush). But when someone is right, they are right.

OpenOffice.org 3.2 is now available, with a handful of new features and improved ODF compatibility.

If you haven’t migrated from MS Office to OpenOffice… what are you waiting for? Hello? It’s 2010!

The actual title of the article is “Six easy steps to make a super secure Linux server”, but I think that’s hyperbole. Even so, these are some basic steps that should be followed, and they do help make a server more secure.

1. Install latest security updates.
2. Disable root login via SSH
3. Disable or filter extra services
4. Remove active guest accounts and test accounts
5. Remove version notification
6. Hide application errors and PHP errors

(From Six easy steps to make a super secure Linux server, Technicant)

I have believed for a long while now that passwords need to go away. I have to wonder if this comically bad password policy is someone working within the system to get rid of them by making them even more absurd than they already are….

In “How does bad password policy like this even happen?” we addressed the deep question of what goes through someone’s head when he or she creates password policy that makes little or no sense and substantially damages security. The case in point was that of Nelnet, which had a comically bad password policy with restrictions that make no reasonable sense at all. For instance:

It can’t contain two separated numbers (i.e., Abc12ef34 would be invalid)

Perhaps the developers are deathly afraid that someone will have 4+7 in a password and somehow cause SQL to do something dangerous with it. If the database is so brittle as to be incapable of handling something like that, even when special characters such as plus signs are disallowed anyway (another golden example of bad policy at the same site), we can be reasonably certain that the offending organization should not be trusted with any private data anyway.

What can be worse than such ludicrous password policy?

How about a slightly less ludicrous policy that is almost as bad for security and comes with a completely absurd, even insane, explanation for why the password policy is so bad?

This is the case of American Express, evidently. A customer received a thoroughly crazy customer service email explaining the reasoning behind a password policy limited to eight characters, with special characters prohibited. The most unbelievable thing about this entire situation is that the email reads like it was written by a Nigerian scammer, but it came from the American Express “Email Servicing Team.”

Key phrases illustrating the lunacy of the explanation include:

• We discourage the use of special characters because hacking softwares can recognize them very easily. Presumably, this is meant to refer to keyloggers that might harvest passwords, but the fact of the matter is that detecting passwords is not dependent on the characters used. Key factors such as words (or non-word strings of characters) appearing out of context in the middle of other logged keypresses and time delays at either end of a single, relative short string of characters are much more important for identifying passwords than whether an asterisk is typed.
• The length of the password is limited to 8 characters to reduce keyboard contact. Some softwares can decipher a password based on the information of “most common keys pressed.” For commonality of keypresses to be used to statistically identify passwords, your passwords will have to be incredibly long. Otherwise, every time you type Xerox, the date or time, or an emoticon, someone trying to parse a keypress log is going to have to check to see if it is a password. Sorry — this part of the explanation is even less reasonable than the first quote.

This little gem of an email from Saturday has already spread like wildfire amongst online communities populated by people with an inkling of what “security” means, and the consensus is that whoever this person is, he or she does not not know what “security” is. One can only hope that this person is making things up to BS a customer, rather than actually expressing official American Express “security” policy.

The alternative is too horrible to imagine.

The FBI is pushing to require ISPs to keep records on every web site visited by every American, so that there will be plenty of evidence if they ever decide to persecute someone (and no, that is not a typo). Of course! Why not? It’s not like we have any right to privacy, or presumption of innocence, or protection against unreasonable searches. We are all just one stroke of a pen away from having our lives ruined: guilt and innocence are anachronistic relics.

I remember when you tell the “bad guys” in movies because they demanded “papers” any time someone was traveling or was suspected of, well, anything. Now try traveling in your own “free” country, or earning an honest living, without showing “papers”.

I am glad that I was able to see the USA when it was at its best: votes for women, equal rights for (most) minorities, being able to earn an honest living without showing “papers” or being submitted to humiliating medical tests, being able to get on an airplane without worrying if there is a bottle of shampoo in your carry-on luggage…

I hope I die before this whole thing runs its course. I am glad that I do not have children.