Posts by copsewood

Rumours of the death of copyright exaggerated

“The internet is slowly but surely killing the whole concept of copyright,”

Only 1 aspect of copyright is being obsoleted by the net: the right to control distribution. This doesn't prevent artists through their collection societies getting paid when music is used commercially, e.g. through broadcast, in restaurants and in shops. If the lobbyists employed by these societies and other media concerns started cooperating with the net rather than trying to fight it, they wouldn't be trashing the case for artists to benefit from commercial sales of bandwidth, blank media and playback devices by trying to prevent use of what the content creators help to sell.

Prior to home taping and the cheap photocopier, informal distribution wasn't affected by copyright law anyway. The attempt to do this is a recent innovation which started with home taping. When copyright law only covered printing presses and few existed, hand copying and memorising work (e.g. of sheet music) was never controlled. You can still copy a book out legally using pen and paper if you have the time and a high proportion of books were legally distributed by informal hand copying outside of copyright a couple of hundred years ago.

Aspects of copyright unlikely to be challenged are the rights to benefit from commercial exploitation of work and moral rights to be acknowledged as the author of work you have created.

Big brother icon, because privacy is a human right but copyright isn't. Your copyright doesn't extent to steaming open your neighbour's communications.

nanobrew versus manufactured beer

I do know an American who brews serious ale, because I sent him my recipe. Not that the sg 1070 (about 8% by volume alcohol) ale I brew in a 25 litre bucket before bottling it is for sale. But at that strength, you need a longer maturation in the bottle than a commercial brewery would afford. Also, top quality beer has to be naturally conditioned, but few people know how to pour it properly nowadays, and beer with yeast at the bottom of the bottle hasn't been available commercially for decades.

Apart from better beer, the other advantages of nanobrew include no tax and more energy efficient bottle reuse multiple times, as opposed to massively energy-wasteful bottle recycling.

we used to have rights

Such as innocent until proven guilty and the right to silence. The RIPA obligation to handover keys violates these 2 principles by obliging a suspect to cooperate in the collection of evidence for the purpose of their own prosecution.

The possibility that a few guilty people might be locked up on account of this who otherwise wouldn't be doesn't justify locking up otherwise innocent people who refuse to cooperate in this procedure. How long it will take a case of someone who is innocent and does not cooperate to get before the European Court of Human Rights based on violation of the ECHR (European Convention on Human Rights, section 8 right to privacy and section 6 right to a fair trial) is an open question.

Separation of data and code

There shouldn't be a risk on any widely used operating system or platform that when an application or user attempts to read data, that code which arrives with the data gets executed outside of a very tightly sandboxed environment. In a more ideal world market forces would prevent operating systems or platforms (e.g. Windows or Flash) which blur this boundary from existing. In a monopoly ridden (i.e. closed source) world, users of such platforms (e.g. Windows, or Flash on Linux) have to put up with or mitigate the growing number of exploits which arise as symptoms of this architectural disease. Having to run security updates every week is patching the symptoms, and not curing this disease.

software isn't cheap

"While ostensibly free, to make projects like Linux work for its purposes, Facebook heavily customizes them. While the company may not buy as much software, it ends up writing or customizing quite a bit of code."

Except where they are using Affero GPL code, Facebook are not under any obligation to contribute back. But if they don't, they'll find maintaining their changes cheaper against a rapidly moving mainstream project (e.g. Linux kernel) if they do contribute back and maintain their improvements and facilities as part of the mainstream. Many companies pay open source specialists to do this work for them e.g. Canonical, Suse or Red Hat, simply because working effectively within the wider development community to obtain the cost benefits of fork avoidance can require significant expertise.

Because software isn't cheap, whatever improves reuse is worth looking at, and this is the real strength of the open-source development model.

it's uncool to give away all your privacy

http://en.wikipedia.org/wiki/Google_Chrome#Usage_tracking states:

"Chrome sends details about its usage to Google through both optional and non-optional user tracking mechanisms."

See also

http://blog.chromium.org/2008/10/google-chrome-chromium-and-google.html

DNSSEC PKI and choice of electronic neighbourhood

With DNSSEC derived certification of identity, the value of an electronic address based on domain reputation may well start to change. I have to communicate with students in a very guarded fashion when they use Hotmail email addresses, in comparison with being able to be more open with them when they use the email addresses my university provides. This makes sense because I obviously can't trust the identity of a Hotmail address, but to receive a reply to a university address a student has to have access to the password and account issued by the university to the student.

Big brother centralised control through government PKI doesn't need to be such a great problem using DNSSEC as the PKI, given each domain has a chance to create it's own security policies and people have choice between domains or can register and run their own. With DNSSEC you get the certificate as part of the process of domain registration. Those wanting to trust an ID will have to check the reputation of the ID provider (based on a certification chain), and people wanting to be believed are then likely to drift away from the cheaper and less reputable domain names and will prefer to use domains which identify their users a bit more carefully before creating an address.

Absolute power corrupts absolutely

Similar stories were coming out of IBM when they were losing their grip on the mainstream computing market in the late eighties. Because Microsoft is driven by the needs of the Windows and Office cash cows, this sacrifices the needs of the games, mobile phones and Internet services developers into choosing approaches consistent with another family of products.

For example, it's very unlikely that anyone proposing a Linux or even open-source based mobile phone or games console would get very far in Microsoft, regardless of which methodology is more effective in that development space. Large vertical corporations become inefficient to the point of becoming ineffective, due to over centralised control stifling innovation and initiative at ground level. The former Soviet Union was a classic case of this kind of hubris prior to its inevitable collapse.

Not the first time

This isn't the first time someone has tried to sell a significant engineering artefact it turned out they didn't own:

http://en.wikipedia.org/wiki/Victor_Lustig#Eiffel_Tower_scam .

The difference between the claimed "intellectual property" SCO was offering and the alledged scrappage rights to the Eiffel Tower which Victor Lustig offered in 1925, is that the US courts have demonstrated willingness to spend years considering SCO's equally bogus case despite the evidence of ownership being almost as contrived.

All electricity is subsidised

Hydroelectricity was subsidised by the families displaced from flooded land losing homes and communities. Nuclear was subsidised by the generators not having to insure against making a whole region radioactive e.g. as with Chernobyl, and by offloading the cost of long-term waste management. Oil, coal and gas is subsidised by generators not having to pay the C02 pollution cost. That's your and my house insurance against extreme weather going up because the actuaries reckon that extreme weather is becoming more frequent, or if you've been flooded recently, they remove flooding cover from the policy and the risk and cost is then yours. Yes it's true, governments in their relatively recent wisdom have imposed a renewables obligation on the electricity supply industry because the first 2% of wind power will cost more per KWh generated than when wind is providing 20-30% of UK electricity demand, due to wind industry tooling up, R+D, training and other investment costs.

Given that no energy sources come into being without the political will and the subsidy that follows what's new ?

Balance needed

A good way to go after crime is to follow the money. For serious international crime this does need cross border police cooperation. Mass data transfers should not be needed to find out where a particular payment ended up. They also won't give you the information needed for law enforcement, if a couple of drug dealers meet in the toilet of a Caribbean casino and identical briefcases, one containing a large quantity of chips are transferred. So if these data transfers are neither necessary nor sufficient, what are they for ?

imperfect competition

Where there is competition in provision better information about what your current and other potential ISPs are doing to prioritise traffic can only improve it. The main purposes of regulation here has to be to ensure transparency and to prevent competition deteriorating through corporate cannibalism leading to cartelisation.

Where there is deficient competition, e.g. in rural areas with little broadband provision, the effects of a monopoly and the role of regulation is another story entirely. The neutrality debate arose from memory of the behaviour of the late nineteenth century US robber barons who used rail monopolies to create monopolies in other areas of business e.g. steel by being in a position to decide which products would get moved and which would get delayed. Microsoft did something similar more recently in the applications market prior to the regulators getting up to speed to limit what they were allowed to get away with.

Rail and telecom monopolies are a natural phenomena, because the investment needed to place rail lines or phone exchanges can't be multiplied by competitive providers and practical use of rail capacity is too inflexible for competitive service provision (ref. UK rail privatisation) to be very effective. In connection with the UK phone network, smart regulation has opened up competition over a singular network infrastructure by forcing the provider (BT) to wholesale capacity to many different ISPs.

In practice competition will be non-existent in some areas and less than perfect in others so a further purpose of the regulator will be to monitor the extent of abuses where competition is imperfect. This monitoring also needs many eyeballs, so what the ISPs do in connection with prioritisation, quality of service and traffic shaping has to be put in real time into the public domain.

customer expectations

The problem here is partly that mobile phones have traditionally been controlled by the phone company. If you have your phone on a contract or PAYG you expect the thing to work and the phone company to be able to make it work or you don't pay the phone company to use it. The phone company has to keep the thing operating on the correct frequencies and transmit power levels or the phone violates wireless regulations and creates unwelcome interference. So the part of the phone that talks to the phone mast becomes a liability if it is software controllable, but in a manner which the mobile phone company doesn't control.

We now have mobile phones which run a selection of apps more like a traditional PC where the user of the PC is likely to expect to use software of their choosing as they see fit. But most mobile phone customers are probably not going to change the expectation that the mobile phone company are responsible for it all working or they don't pay the mobile phone company.

For other users it is possible to have computers with mobile phone functionality where the part of the mobile which runs applications either is sold and stays unlocked or can be unlocked or rooted, while the part which handles the wireless frequencies and power levels remains under the control of the mobile phone company. What is needed here is clearer understanding by the mobile phone companies of the needs of the minority of customers who want control over their systems, and clearer language describing these products so those buying them know exactly the level of support expected by the supplier and the area of their own responsibility in relation to malware and potential costs.

LOL

I was the front end of a cow with a wonderful cardboard head in a carnival parade once, years before streetview. Not sure my older brother ever fully got over being the back end.

Follow the money

Anyone who wants less criminal spam should welcome balanced measures here which don't prevent identified entities from proxying for genuine privacy needs. All the domain registrar should need is the account number and originating bank sort code from which the payment for the domain is made, so if a registration is linked by an investigation with criminal behaviour the police should find tracing the money gives better information than the IP address of a fast fluxing mobile internet connection or one used by an Internet cafe.

Retaining payment details securely shouldn't increase the cost to the registrar of registering a domain as this is likely to be done for sound business reasons anyway, so that a returning customer doesn't need to give all their credit card details every time for a repeat purchase. The lawmakers can hardly complain if the Internet industry can't cough up the information they want if the banking industry can't either, unless they admit that the banks are above the law. This may limit payment options for domain registration, though I doubt many registrars accept cash anyway, and even if they did there's no reason they couldn't insist on cash presented in person with ID and a transaction charge commensurate with the increased cost.

Try before you buy domain registration should have been stopped a long time ago. So if there is always a payment involved, and no reason for the payment not to be traceable, I don't see much reason for plods chasing ISPs for secure customer ID rather than banks.

tools for the job

GUIs for things you do infrequently or that inherently require a human being to be in full attendance e.g. games. Command lines where verbs, adverbs, nouns, pronouns and adjectives give greater flexibility of control, more rapid selection of multiple objects and an easier route to learning how to automate something where the bottom rungs of the ladder haven't been kicked out of the learning curve.

Probably the main difference between humans and animals is verbal communication so we all have the inherent ability to learn new languages, if this isn't stamped out of us at childhood soon after we have learned out first verbal language. Frankly I'm too lazy not to do command lines - get the computers to do the repetitive work, because that is primarily what computers are supposed to be for.

a fishy tale

I met a bloke once who told me a bucket of pirhana fish were discarded, presumably by a pet owner unable to afford his butcher's bills, just downstream of the power station condenser outlet on the river Severn at Ironbridge once. The water there was so warm they loved it. In order to kill them off they had to turn off the power station for a few days.

Did this trojan get downstream ?

It would be worse had this trojan got into the quality assured and cryptographically signed off RPM and APT software installation packages for the Linux distros out there that most Linux users actually use. If it did, that would be more serious than a single developer of a single program which isn't widely used getting hacked. Linux users/admins who install from .tgz files distributed by upstream projects should know that they don't get the same verified and integrated supply chain quality assurance if they obtain software from developers directly. The fact that it is more difficult to install from developer .tgz files is good, because those doing this should know more about what they are doing. Nothing new here about trojans, but no-one in the Microsoft world gets the extra security provided by the distribution packagers if they use 3rd party applications obtained directly from the developer