Sunday, January 20, 2008

Does the USA need a stupider motto?

Thanks to Terrifel from the Straight Dope message boards:

1956 was of course the worst year that the United States had ever faced. Wracked by turmoil and social upheaval, beset by enemies within and without, the nation thrashed about like a dying, constipated beast. Whole cities crumbled into ruin amid the chaos as American society teetered on the very brink of collapse. The horror of that time has made the name of Eisenhower synonymous with anarchy even to this day. My father would never talk about how he and his family survived those grim times.

Fortunately, in the very nick of time, legislators realized the true cause of the crisis: America's national motto wasn't stupid enough. Like all of the country's other woes, this disaster could ultimately be traced back to that most sinister of Americans, Thomas Jefferson. The same treacherous impulses that led him to betray his rightful King also inevitably prompted him to sabotage the fledgling nation by giving it the worst possible state motto: E pluribus unum. Not only was this an unforgivably pompous classical reference, its subversive message-- "out of many, one--" would result in a catastrophic tradition of escalating tolerance and unity that was doomed to tear the country apart in less than two hundred years.

Read more.

I think it is time to change the motto from "In God We Trust" to "Try And Stop Us". Or perhaps "Are You Looking At Me?".

I have my crash recovery back!

I tend to have a lot of browser tabs open. Not as many as some -- I work with one system administrator who regularly has 60-80 tabs open at once. But I'll frequently have a dozen or two.

So it's very frustrating when a browser crash or power failure knocks out all those tabs. Its not always easy to find them in your browsing history.

Some years ago, the Konqueror web browser introduced a Crash Manager that created a menu of any web sites you had open when the browser last crashed. Good stuff! You could open them all at once, or pick them one at a time.

Unfortunately, some time ago that feature was dropped from Konqueror as by default. I've missed it. A lot. Fortunately, Firefox now by default will recover from crashes by giving you the option to reload all your pages. Unfortunately, that's an all-or-nothing situation, and it doesn't help you if the crash was caused by one of those pages.

At long last, I've found how to put the crash recovery tool back into Konqueror. Its a two step process:

  1. You need to have the KDE Addons package installed. On Fedora, a command like sudo yum install kdeaddons should work. Or use one of the graphical package managers like "Add/Remove Software".

  2. In Konqueror, go to the Settings menu and choose Configure Extensions. Under the Tools tab, tick the Crashes Monitor checkbox.

Since I generally prefer Konqueror for 90% of the websites I visit, I think I'll be using it a lot more from now on.

Friday, January 18, 2008

Beer, glorious beer

In the mid-1990s, I went through a stage of making my own home brew beer. It was reasonably successful, but a lot of effort considering that I'm not a big beer drinker, so after a four or five batches, I stopped.

Fast forward to January 2006, ten years almost to the day since the last time I had brewed beer. While cleaning up my garage, I came across a dozen or so bottles of my home-brewed pale ale that I had forgotten about. I was under the impression that beer didn't age well beyond a year or two, so I started pouring them out into the garden. Being a little slow, I didn't notice until the fourth or fifth bottle that they still had a good head and they didn't smell bad. In fact, they smelled delicious.

After a nervous taste I soon learned that ten year old pale ale not only smells delicious, but it also tastes delicious. It had darkened in colour to a dark red-gold shade, and had a magnificent malt flavour. Those last half-dozen plus bottles went straight into the fridge, and I enjoyed them over the next couple of weeks.

Today I stumbled across what is surely the very last bottle of home brew. One last lonely stubbie of pale ale, bottled on 2nd of January 1996. If beer becomes magnificent after ten years, words fail to describe what it becomes after twelve. A process worth repeating perhaps?

The dissolute doctor

I stumbled across a blog -- alas, no longer being maintained -- from a British doctor, "Venial Sinner", who writes about the daily traumas of being a doctor in the British hospital system. Not a lot of humour there, except perhaps the gallows variety, but he writes good blog.

There's his frustration at seeing the only chance of identifying a mysterious disease disappear because of the interference of ignorant, judgmental, self-appointed god-botherers:

We have a single lead: an area of infective looking tissue on CT which we could biopsy and culture. Sharon cannot consent to the procedure; she does not currently have the capacity. In the morning, we spoke to her mother who agreed that the biopsy should go ahead all the same and that she would consent to this in place of her daughter (as the law allows).

That was the morning. By the afternoon everything had changed. Sharon's mother had some news. She had gone to the church and spoken with the Elders. The Elders has listened to the story, considered, and pronounced their verdict. Sharon had had no brain infection. God punishes those who live dissolute lives and Sharon had taken drugs. God does not like drugs. His punishment had been severe but he had heard the prayers of Sharon's mother and, being a good and merciful old chap, he had relented. Sharon would recover and all would be well. There was no infection and, ergo, there need be no biopsy. Sharon's mother, a devout Christian, swallowed it whole. She withdrew her consent for the biopsy immediately.

There's his example of how modern medicine can utterly fail to cure patients, and in fact make their life even more miserable and the common problem of patients with medically unexplained symptoms.

On learning that the new Polish government was cracking down on homosexuals, and that the Party Boss had declared that "The affirmation of homosexuality will lead to the downfall of civilization. We can't agree to it.", Venial Sinner remarked:

Downfall of civilisation, you say? Goodness, sounds bad. Who’d have thought it? You start off by letting two men hold hands in the street and before you know it the whole of mankind is poised to plunge backwards into benighted barbarity.

Cheers doc, where ever you've got to.

More nonsense about Open Source vulnerabilities

Computer World is claiming that Red Hat Linux and Firefox are "more buggy" than Microsoft Windows.

That at least is the conclusion you are supposed to draw from the article's title, the summary and the opening paragraph:

Windows not that bad after all
By Matthew Broersma, Techworld

Secunia has found that the number of security bugs in the open source Red Hat Linux operating system and Firefox browsers far outstripped comparable products from Microsoft last year.

So they say. But if you read on to midway down the second page of the article, you get a very different picture:

Red Hat [Linux] was found to have by far the most vulnerabilities, at 633, with 99 percent found in third-party components. ...

Windows had only 123 bugs reported, but 96 percent of those were found in the operating system itself.

So let's see how that works. Red Hat Linux, which ships with multiple hundreds of third party applications, almost all of which are non-critical and don't even get installed, has about six vulnerabilities in the operating system. Windows, which ships with a handful of applications, has about 118 vulnerabilities in the OS. According to Computer World, an OS with six vulnerabilities is more buggy than one with 118 vulnerabilities.

Yeah, right. Sure it is. Just how much advertising does Microsoft do with Computer World?

The article goes on:

In the browser field, Firefox led the way with 64 bugs, compared to 43 for Internet Explorer, and 14 each for Opera and Safari.

However, in an examination of zero-day flaws - reported by third parties before a patch was available - Secunia found that Firefox tended to get more patches, sooner, compared to IE.

Out of eight zero-day bugs reported for Firefox in 2007, five have been patched, three of those in just over a week. Out of 10 zero-day IE bugs, only three were patched and the shortest patch time was 85 days.

You got that? The shortest time IE was vulnerable to known security bugs was nearly three months, compared to just over a week for Firefox.

But IE only looks as good as it does because ActiveX bugs are counted separately: IE had no fewer than 339 ActiveX bugs in 2007. If you include them in the count for IE, as you should, then you're comparing 382 for IE versus 64 for Firefox.

You almost -- almost -- have to admire the journalist's gall in trying to push a whopper of this size. Sadly, this sort of behaviour is very common: half-truths and deceptive statements in paragraph one, the actual facts buried deep in the article. That way you're not lying, because all the facts are there.

The people doing this know that there is a strong correlation between the number of readers and how close to the top of the article: for each extra paragraph you bury something under, you reduce the number of readers by a surprisingly large percentage.

I've written about the tendency of the IT press and security industry to make misleading if not dishonest comparisons between Linux and Windows before.

Thursday, January 17, 2008

Don't mess with the geeks

What happens when a clueless US senator pretending to run his own MySpace webpage hires clueless web developers to do the job for him?

In an attempt to prove how 21st century he is, 70-year-old Senator John McCain hired web developers to create his MySpace page. Unfortunately, they hotlinked to the wrong person's files.

When Mike Davidson learnt that McCain was "stealing" his bandwidth, he decided to play a little joke on the Republican senator:

'I think the idea of politicians setting up MySpace pages and pretending to actually use them is a bit disingenuous, so I figured it was time to play a little prank on Johnny Mac.'

Davidson replaced the image referred to in McCain's profile. However, the new image was a lot less prosaic: it described a political about-face by McCain on the subject of gay marriage and a penchant for partnerships between passionate females.

'The only thing necessary to effectively commandeer McCain's page with my own messaging was to simply replace my own sample image on my server with a newly created sample on my server. No server but my own was touched and no laws were broken. The immaculate hack.'

McCain should consider himself lucky that the image wasn't redirected to Goatse Man.

The article is a little sensational, describing it as "the perfect cybercrime" despite admitting that no laws were broken -- except possibly by McCain, who I'm sure had no authorization to use Davidson's computer resources.

Speaking of hotlinking from MySpace, those of you running your own Apache webserver might find this little rewrite rule handy:

RewriteCond %{HTTP_REFERER} ^http://([a-z0-9]+\.)?myspace\.com/ [NC]
RewriteRule (.*) [redirect,last]

WARNING: I don't run my own webserver, and consequently I haven't actually tested this. No warranty is given. Use at your own risk. If it blows up your computer and eats your dog, don't come crying to me.

The jazz club versus the collections agency

SGAE, the royalty collection agency that operates in Spain, recently sued a jazz club for failing to pay royalties on music played. The club responded by stating that they only played royalty-free Creative Commons music, and magistrate Luis Sanz Acosta ruled in their favour.

The royalty collections agency's evidence was poor at best. Especially noteworthy was the recording they claimed was made in the jazz club but was actually recorded elsewhere. The judge was not amused.

What is especially satisfying is that the magistrate displayed a good understanding of "música libre" and the Creative Commons -- no doubt far better than the SGAE, which stands to lose financially if significant numbers of Spanish musicians drop out of their cozy little system. Monopolies never really understand the people who opt out.

For those who are unaware of how the royalty system works, it goes something like this:

The collections agency collects royalties on the musician's behalf, based on an estimate of how many times his or her work is played. Once the money is collected from (e.g.) the radio stations and bars, once a year the agency pays it to the musician, assuming:

  • The royalty is more than a certain minimum amount.

  • The agency can find your bank details, and don't confuse you with somebody else and pay your royalties to them.

  • You have filled out all the paper work they insist on.

  • They remember to actually make the payment.

If any of those conditions (especially the last) are not fulfilled, you have to wait for the next year's pay run to see a cent. If you specifically ask, they'll offer to try harder to remember to pay you next time. In the meantime, they get to collect the interest on your money for another year.

Naturally this does not apply to musicians who can afford more lawyers than the collections agency, but since musicians generally only get into such a happy state by collecting royalties, there are far fewer of them than outsiders to the music biz usually imagine.

Monday, January 14, 2008

Buy our product or we'll sue you

Two US companies have issues cease and desist letters to Microsoft, Apple, Real Networks and Adobe, warning them to stop not using their Digital Restrictions software.

That's right. Buy our product or we'll sue.

The manufacturers of the DRM software, Media Rights Technologies (MRT) and, claim that their product makes water not wet "effectively controls access to copyrighted material", and therefore failing to use their snake-oil product is illegal under the Digital Millennium Copyright Act:

[The DMCA] makes illegal and prohibits the manufacture of any product or technology that is designed for the purpose of circumventing a technological measure which effectively controls access to a copyrighted work or which protects the rights of copyright owners. Under the DMCA, mere avoidance of an effective copyright protection solution is a violation of the act.

How's that again? If you fail to use DRM, that's the same as circumventing the DRM software that you would have used if you had used any.

(Or, to put it another way, if you give a sandwich to your friend without charging him money, you're guilty of being an accessory to theft, because your friend effectively stole from you the money he would have given you if you had asked for any, and therefore you assisted him in his crime. And if your brain hurts about now, you're not alone.)

That's a rather... unusual... interpretation of the DMCA. It's almost certainly a publicity stunt, and unlikely to go any further, but it isn't that far removed from media companies' efforts to outlaw open formats and mandate ineffective and restrictive technologies.

Friday, January 11, 2008

Would you invest in this company?

Anti-virus computer software company MacAfee has recently warned investors that they enter into legally-binding agreements without understanding those agreements.

Naturally McAfee didn't quite put it that way. Instead, they warned investors that their ability to "commercialise products" based on open-source software -- that is, software which other people have created and published under an open-source licence -- might be at risk if they are forced to obey the licence, since they're not sure what their obligations will be.

Well, here's a thought. Maybe they could read the licence and find out? There are poor quality licences that are ambiguous and incoherent, but the GPL is not one of them. And despite McAfee's wishful thinking that the GPL has never been tested in court, it has, successfully. The reason the GPL rarely makes it to court is because the infringers generally settle out of court and promise to obey the GPL.

It really shouldn't be that difficult for McAfee and others like them. If you want to use open source software in your products, then you have to follow the rules in the licence you have to use that software. That's no different from closed-source licences you might get from Microsoft or any other software company. If McAfee warned investors that they might not be able to use Microsoft's software in their products without obeying the agreement they have with Microsoft, everybody would laugh at them. But put open source in there, and suddenly folks are bewildered -- do they have to obey this agreement or not?

I'm not the only one wandering if McAfee's comments indicate that they are infringing the GPL. Zdnet's Dana Blankenhorn also suggests they're asking to be sued.

McAfee also raises the specter of open source software infringing other copyrights or patents. Naturally it is difficult to tell whether open source software infringes, but that's because recognising infringement is very difficult. Every sizable software project will invariably infringe patents, because the software patent system is seriously broken. Whether software infringes patents has nothing to do with whether you can see the source code or not. It isn't even a barrier to whether patent holders will find out about the infringement. If McAfee were honest, they'd warn their investors that to the extent they licence closed-source software from third parties, they are at greater risk because they have less ability to recognise patent infringement.

Tuesday, January 01, 2008

Refuse to be terrorized

As the clock ticks over to 2008, now is the moment to say enough is enough. It is time to refuse to be terrorized any longer. Repeat after me:

I am not afraid.

Watch this video:

or see it directly on YouTube.

(While I like the video's message very much, I fear that the dry recitation of statistics and facts will not grab people's emotions in the same way that fear-mongering does. But I am encouraged by the fact that there are people who are refusing to be terrorized.)

And from here:

I am not afraid of terrorism, and I want you to stop being afraid on my behalf. Please start scaling back the official government war on terror. Please replace it with a smaller, more focused anti-terrorist police effort in keeping with the rule of law. Please stop overreacting. I understand that it will not be possible to stop all terrorist acts. I accept that. I am not afraid.

Thanks to Bruce Schneier and Bex from the Argonist. See also what the terrorists want.