Copyright Alert System to turn everyone into copyright cops?

The forthcoming Copyright Alert System ( Verge article on Copyright Alert System ) has a few kinks in it from the get-go, as well as some basic misunderstandings of technical constraints of the majority of end-users.
I'm not familiar with the technology that CAS will utilize to identify targets for ISP warnings, but the first potential problems will come at the identification stage. Unless the most egregious users are identified prior to warning letters going out, the ISPs should expect a large backlash from its installed base.
The system expects ISP customers to become copyright cops as part of their responsibility for having an Internet connection. This is an unreasonable expectation for unqualified, nontechnical, users of their service. Relying on the general populace to become learned about Internet technology as well as legal experts on identifying potential infringing content is a giant leap in expectations beyond just asking someone to pay their bill on time. Explain this all to my mother who still thinks her Operating System is Internet Explorer and who just learned last month about right-click menus.
That's just part of the problem with the system. Next up is the access control problem. When Verizon installed FiOS in my house, they put in a WiFi router with WEP security. Even with WPA (of the pass-key variety), cracking into my WiFi will take my neighbors less than an hour, and there's tons of tutorials on how to do it. While I may have secured my network further, others won't have been as fortunate. After just one CAS letter, my next door neighbor will likely be piggybacking on my less savvy neighbors. This can't be controlled, not with today's technology, and not without significant expenditure. Maybe it's time for me to hang out a 'will secure your wifi for food' shingle.
The one thing that really irritates me is the $35 charge they intend to foster on people who ask for account reviews - putting the onus on the accused to pay for their own defense. Maybe it's the legal eagle in my blood that says this flies in the face of what Americans consider fair and due process. I can see this being the first part of this agreement to make it fall all to hell.
Good luck, ISPs, I don't think you know what kind of failure you're setting yourself up for.
- Posted using BlogPress from my iPad

Location:- 0628 Massachusetts Av Nw,Washington D.C.,United States

Fear of Failure?

Fear drives a lot of things in life, but there is especially one fear that is ironic in its nature - the fear of failure. Being afraid of failing at something puts me in the 'frozen' mode. I am so afraid of doing something wrong that I don't take those first steps necessary to succeed, action itself. Like that last sentence, for example. It's terrible in its structure, and normally I would have erased it and started over. (I didn't only because I am self conscious about it due to the subject at hand). My Randomblings have become less rambling over the years, and turned into the Infrequent writings of Rich instead. Part of that is due to fear. Fear of saying the wrong thing, afraid of saying it the wrong way, or just being wrong in general.

This post has been sitting on my iPad for months waiting for me to finish my thoughts on this subject. Point more than proven......

- Posted using BlogPress from my iPad


- Posted using BlogPress from my iPad

Facebook's Real Value

This week, many people in the IT Industry have been asking "Where is FaceBook's value", trying to figure out why the company might have such a huge valuation on the stock market (where it's IPO valued the company at over 100 Billion Dollars(!)).

There's two ways to look at Facebook, with regards to its customers.  The first is the adage: "You're not the customer, you're the product".  That is, everyone signed on to Facebook is actually part of the social media empire's product line - that it turns around and sells to advertisers.  Arguably, it is the largest collection of personal taste and demographics information in the world.  I'm not one with the advertising industry, and I have no idea how long it might take to collect the amount of demo data that they have, or how much it can be sold for - but as a data set - it is of reasonable quality.  With that said, advertisers should be aware that people game the system.  That is, more than one account, relationships between people that aren't based on real relationships, but are instead people who are gaming the Facebook friend system for points in some Zynga game, and that people have a tendency to click on buttons on the web JUST to get free stuff.

Personally, my 'like' of Tide laundry soap was more likely based on a coupon giveaway than any real desire or care for the actual product.  About half of my 'friends' are actually just friends because I needed more Cityville neighbors, and I probably have 3 Facebook profiles.  Maybe I'm not indicative of the whole data set, or perhaps I am - but it certainly plays into the quality of the data, even if it doesn't eventually lead to wrong conclusions on the part of advertisers.  Oh yeah - just so you know, I've never clicked on a Facebook ad.  I don't even look to the right side of the screen.

So, what's the benefit of Facebook from the other side?  Well - Facebook has slowly and stealthily become something of an Internet authentication authority.  Signing up for membership on some new website?  It's likely made easier by a button that says 'Sign on with Facebook' on that site.  Why re-enter all of your demographic data when you can just authorize the site to go and get it?  The user convenience of a central authentication portal is pretty powerful, and Facebook has made it oh-so-easy for developers to integrate their 3rd party authentication into their websites.

There may even be a business model in it for Facebook eventually - perhaps charge people for strongly authenticated Facebook identities (ones that use OTP token devices) and extend the service to places like banks, utilities or bill-pay services.  Or, start charging web developers for Facebook integration - frankly, I'm surprised they haven't started doing that already - although free is the fastest way to build your userbase.

Eventually, Facebook is going to have to figure out how to turn a profit that's big enough to hold it's stock price afloat.  What are your thoughts on how they will monetize their application platform?

Politics is ugly

The Republican primary isn't even over yet - but Republican allies (womensrights@obamasaliar.com) are sending cell phone text message SPAM to anyone they can get their hands on (phone number-wise).  I hope and pray that this won't catch on - but I'm afraid that it will.  Will my cellphone now be bombarded with pointless text message spam about who said what?  (Today's message is: Subject: Dems on Women Obama ally Hillary Rosen criticizes stay at home mom's like Ann Romney. Listen 312-569-0397).

Who cares what Hillary Rosen said about a billionaire's wife?  I mean, really!?! Seriously?!  and you need to send this to my cell phone, interrupt my day with political posturing?

Text messages on my cell phone are normally limited to two things - my son needs something and can't get a-hold of me, or someone at work needs something and wants to tell me something important.  The stupid phone beeps at me, and demands my attention - so I have to drag it out of my pocket to see what it says - because it's usually important.  It was the last communication medium I had left that I could rely on being something important rather than be more junk about politics or someone wanting to sell me a car warranty.  I suppose those messages will be next, though.

I would go so far as to say this is 'dirty politics' - smear campaigns are insulting and stupid - and my GOD, man, it isn't even MAY, much less voting season.

Life Movements

March 1st, 2012 - Refinanced the house yesterday - Got a very good deal from an awesome lender. If you're ever in the need for a good lender, talk to Mike Lyons @ Embrace Home Loans. He hooked me up with 3 loans over the past year as we bought and refinanced property. He's a good worker, and is always there to answer questions - and he'll go out of his way to find answers when he doesn't know them. I emailed him at 11:30 one evening, and he answered within a minute. Other times, he'd reply "I'm at dinner, but I'll get back to you later this evening.." - hardest working man in the home mortgage industry. Seriously - no jokes here.

Shaved off the beard last night for spring. Baby face me has a double chin again - time to hit the exer-bikes and the Zumba routines on the Wii.

Turned the water on at the house and the back deck water attachment at the house came loose. I had to turn the spigot off again. We crawled under the back deck and got spider webs all over ourselves trying to figure out what happened. Looks like it's attached to an extension of the water line in a rubber hose attachment, and the connection came loose - maybe expansion/contraction from the winter. I'll have to climb under there with my gardening clothes this weekend.

I've got to cut out 2 6'x6' areas for the garden this weekend - it's going to be a lot of digging, but the neighbor has a roto-tiller he said I could use to get it started. We planted seedlings for lettuce and cabbage and they're already sprouting like mad 5 days later. The race is ON!

Might and Magic - The Encrypted Files

Back in 1986/1987, I owned a Commodore 64 computer.  I love to play the video games of the day, especially the dungeons/adventure based games of the era.  One of these games was Might and Magic.  The game came in 4 disks, which you loaded in depending on where you were in the world.  The game was loaded from Disk 1, and once the game got going, you might switch to another disk when asked.  As you might imagine, that meant there was a relatively large amount of content for the day.  

After playing the game for a while I bored of following the game - as it was a very long adventure and became sort of repetitive.  However, I wanted to see later aspects of the game, and get the feeling of power that larger and better weapons and armor might give me over the challenges within the game.  It was at this point that the aspect of the game changed for me.  No longer was it a role-playing game based in the middle ages; now it was a computer-based game - me against the original programmers.  I wanted to edit my character files on the disk to see if I could change the items in my inventory to something a bit more favorable.

I started up a disk editor.  On the Commodore 64, diskettes were broken into track and sector, and the file system was serial in nature.  Starting at track 18 (from what I recall) and sector 00, the first two bytes of the track and sector pointed to the next track and sector in the sequence.  Starting up and looking at this first track, everything seemed normal, and I began analyzing the disk contents.  When I followed the link to the next sector, however, I got a bit of a surprise.  There was a word that had begun on the last few bytes of the sector I had just left, but the word did not continue on in this sector.

I started looking around the disk for plain text content, and I couldn't find any except on that first sector!  The whole disk was encrypted!  I checked the other three disks and they too were encrypted. Well, this was a new challenge for me - I'd never seen a program that encrypted the disk contents as a method of protection.  I had wanted to edit my game characters, but I wasn't goingg to be able to do that if I couldn't read the contents in the first place. Luckily for me, I had done many cryptograms when I was younger, so I was familiar with both the Caesar shift cipher as well as replacement alphabets.  

I made the assumption that the computer would have to use some type of formula to easily translate the disk contents, and I had some known plaintext to work with due to the string content that bled from one sector to the next.  One of my character names had ended mid-word at the first sector, so I made the assumption that it must continue into the second sector. Having some math background and being obsessed with the new challenge, I quickly got to work, figuring out what the shift would need to be for my name to continue uninterrupted.  I came up with a value fairly quickly, and went about testing it on the new sector's contents.  

Plaintext quickly became apparent throughout the sector's encrypted bytes!  I had done it - I'd figured out the proper byte shift with just one incomplete word of known plaintext.  Pleased with myself, I continued on to the third sector....but alas, it wasn't going to be so simple.  The shift value was no longer presenting me with any known text.   While most of the file contents were gobbledy-gook, on sector 2 of the file, I had at least been able to make out some plain words (names of my party characters).  Lucky for me, I had another plaintext that had only partially translated at the end of sector 2, so I figured out the shift value that would get me the plaintext continuation into sector 3.  It worked!

So, now I had two different shift values for two different sectors.  I continued on to the fourth sector and accomplished the same, but I ran out of luck when it came to the fifth (IIRC).  No more known plain text bordered the two sectors.  I'd either have to guess at 255 values for shift and try them all, or come up with another way.  At this point, I figured that the shift values had to follow some kind of pattern for the computer to be able to figure out what the next shift value would be.  

I got out some more graph paper.  It occured to me that the value would have to have some constraints, to be able to have values between 1 and 255 - and I had just finished a trigonometry class, so the sin() wave was looking like a good bet to me.  I plotted the 3 shift values I had, and plotted 0 for the first track and sector.  I used the sector value itself for the x variable and set about plotting a formula that would give me the known values. I tested the formula on subsequent sectors and sat up for hours working on it.

Into the next day (after little sleep) I had cracked at least part of the puzzle.  I don't recall what happened that led me to use more than sin() waves.  I do know that in the end, there were three parts to the formula, and that the equation used track, sector and disk number to determine the shift offset.  I had decrypted the disk and determined the encryption algorithm, based on sin(), tan() and a constant based on one of those values.  

I modified a disk editor program to decrypt the disk as it edited it, and re-encrypt when writing the modified values back to the disk.  I manually edit my character's inventory to have item numbers that I did not already possess, and started up the game.  Success!!!!

I never played Might and Magic again after that weekend.  The game had become boring - especially compared to the game I had just played - battling not the trolls and wizards of lore, but battling the developers who relied upon in-house encryption to protect their secrets.  I will never forget that weekend and the dozens of pieces of graph paper that littered my floor amongst the empty bags of chips and soda cans.

Weekend Messing Around with CityVille/FaceBook

Load-Divs bookmarklet 1 - javascript: {divs=document.getElementsByClassName("UIActionLinks_bottom"); i =-1; punder=0; }
Open Next Div - bookmarklet 2 - javascript: {i=i+1;if(divs(i).parentElement.children(1).children(1).text == "CityVille") {button_me=divs(i).getElementsByTagName("button")(0); if(button_me.name == "like") {button_me.click(); elem_me=divs(i).getElementsByTagName("a"); if(punder) punder.close(); punder=window.open(elem_me(0),'myscript','width=400,height=500',left='-400'); punder.blur();} }}


The left=-400 doesn't work like I wanted it to - it can be left out...it's a fragment of 'try this' that is left over from playing.

Natural Rights vs Granted Rights

In Colorado, a woman being charged with fraud has been compelled by a judge to decrypt her hard drive. The woman, in arguing against this action claimed that the Fifth Amendment protected her from self-incrimination. The judge found against the woman, stating that since she had already admitted to the existence of the electronic documents, she could be forced to produce them.



As expected, I believe that there's some room for improvement on both sides of this case. I believe the judge is incorrect in his judgement that a person can be compelled to produce any evidence, even though I understand why he could come to this conclusion based on current case law (which I believe to be flawed). I also believe the defendant is wrong on several counts. One obvious count being that she has even openly discussed the case at all [she admitted to the existence of the documents!].



The Bill of Rights are not meant to be a list of rights that are given by men to men. The Declaration of Independence and the Bill of Rights are linked by a core concept - a concept that we are 'endowed by [our] creator with certain unalienable rights'. The Bill of Rights embody into law that those natural rights, which we possess by our very existence, shall not be infringed by government.



In declaring independence from England, the United States of America stated that they had the right to abolish government which deprived them of these natural rights and form a new government to protect them from that deprivation. We would do well to remember this during the execution of our own government over ourselves, as we protect individual rights, we protect the rights of ourselves.



Take the First Amendment (as this lady should have). It states that we have freedom of speech (and as been held up many times - freedom of something also can mean freedom FROM something - thus the right to remain silent). This is not a right that was handed from the government to the individual. It is an ability, a natural extension of the person-hood, that the government may not take away. A person can not or should not be compelled to speak. I personally would go so far as to say that the government has no right to compel a person to act in any way, shape or form - which leads to a discussion about the right to sit-in on public by-ways.



This ability to remain silent is a very simple right to utilize - just shut your mouth. The government has certain guidelines whereby they can hold you against your will for the purpose of investigation and non-interference, but they have guidelines - and you can sit in a holding cell while they rummage through your belongings. This is definitely the tactic to take in any criminal investigation. Note that the fifth amendment also applies here, in that the government may not deprive you of 'liberty' without due process of law.



The right against self-incrimination was and is an extension of the right of freedom of speech. Reading through history, it seems to me that the point was to ensure the spoilage of evidence obtained through coercive measures.



In this particular case, where the government knows that there is evidence against the defendant, and they are attempting to 'force' her to produce access to that evidence, I think they're mistaken in what they claim can be done. To compel her to produce the necessary information, they would have to lock her up forever. At some point in that time, she will likely forcefully or absentmindedly forget the information she's been asked to produce, and there would be no route to obtain the information. She could claim immediately that she no longer remembers what the key to the information is. Depending upon password complexity and the amount of time between when she's used it last, it may even be a believable claim. How can locking someone up forever to compel them to provide detailed evidence be proper due process?



The government should utilize the woman's previous statements as evidence of the documents. A jury should be directed what assumptions they should make regarding the fact that she does not wish to produce them -- allowing negative connotations toward what they think the documents might contain. There is already case law that allows for these assumptions.



To go further than this? I think we've begun a slippery slope..

 Al:

  Why do you think IP isn't already protected?  Why is MORE federal legislation needed to protect what Copyright law already protects (and for far TOO LONG - but that's a different argument).  I don't understand what it is that makes 'the Internet' such an evil, dastardly place that it requires its own legislation to prevent what our countless other laws are already in place to prevent.

  Criminalizing civil matters only costs our government more money, money that we don't have any way.  Would you rather the police be chasing down a Chinese DVD pirate or chasing down street criminals in Detroit and Chicago?  Spending federal dollars on making sure someone doesn't listen to an Al Jolsen record on his iPod or spending federal dollars on making sure corporate criminals on Wall Street aren't pocketing all of my 401k money?

  I'd suggest you spend your efforts more wisely - while I'm not in Minnesota, and I can't vote for you - you may just lose the audience that cheers you on every time you rip Comcast a new one for lying.

Peace out

Rich Gautier

On Fri, Jan 20, 2012 at 7:34 PM, Al Franken <no-reply@alfranken.com> wrote:

Dear Rich,
As you may know, Senate Majority Leader Harry Reid has decided not to bring the PROTECT IP Act (the Senate’s version of SOPA) up for a vote next week. And since I’ve heard from many of you about this issue, I wanted to take a moment to share why I support copyright protection legislation – as well as why I believe holding off on this bill is the right thing to do.
As someone who has worked hard to protect net neutrality, I understand as well as anyone the importance of keeping the Internet free from undue corporate influence. There are millions of Americans who rely on a free and open Internet to learn, communicate with friends and family, and do business.
At the same time, there are millions of Americans whose livelihoods rely on strong protections for intellectual property: middle-class workers – most of them union workers – in all 50 states, thousands of them here in Minnesota, working in a variety of industries from film production to publishing to software development.
If we don’t protect our intellectual property, international criminals – as well as legitimate businesses like payment processors and ad networks – will continue to profit dishonestly from the work these Americans are doing every day. And that puts these millions of jobs at serious risk.
That’s reason enough to act. But these criminals are also putting Minnesota families in danger by flooding our nation with counterfeit products – not just bootleg movies and software, but phony medications and knockoff equipment for first responders.
We cannot simply shrug off the threat of online piracy. We cannot do nothing.
I have supported the approach Judiciary Committee Chairman Patrick Leahy has taken in crafting legislation to respond to the threat of online piracy – and I appreciate his leadership on this important issue.
But I’ve also been listening carefully to the debate – and to the many Minnesotans who have told me via email, Facebook, Twitter, and good old fashioned phone calls that they are worried about what this bill would mean for the future of the Internet.
Frankly, there is a lot of misinformation floating around out there: If this bill really did some of the things people have heard it would do (like shutting down YouTube), I would never have supported it.
But that doesn’t mean we shouldn’t take seriously the concerns people have shared. And if holding off on this legislation gives us an opportunity to take a step back and try to bring everybody back to the table, I think it’s the right thing to do. This is a difficult issue, and also an important one. It’s worth getting this right.
I strongly believe that we need to protect intellectual property – and protect the free and open Internet. I think most people, even those who have expressed concern about this particular bill, agree. And it’s my hope that we can now build a stronger consensus around how to accomplish these two important goals.
Thanks for reading. And for those of you who have written to me about this issue (even if it was an angry letter), thanks for being honest with me. I’ll always return the favor.

Al

Getting Sick of 'Cloud Computing' term

I [or rather, my PC] was part of the Distributed.Net 'cloud' that first cracked a DES key in under 24 hours* via brute-force.  That effort involved computing power from PC desktops to a large specialized computing platform built just to contribute to the effort.  Computers have come a long way since then, and with it, the term 'cloud computing' has evolved.  Being in technology for 25 years, you see buzzwords come and go, and along the way, they can have a tendency to change their meaning, or get usurped by well-meaning (or profit-minded) marketeers.  Unfortunately, 'cloud computing' is just one of these buzzwords with an original meaning that had so much more importance than how the word is used today.

The original references to 'cloud computing' had a lot more to do with looking at the Internet [or Intranet] as a single unified entity, where the available resources of the entire network could be shared and made available for specific use, not reliant upon the existence of a single computer, router, or data center.  Like the distributed.net client, large, previously unsolvable problems, could be addressed and solved by the available resources in the cloud.  Like P2P technologies such as FreeNet, documents could be kept online in distributed caches that were always available and structured so that node failure would not affect availability except in extreme cases.  Idle CPU, GPU power would be used to evaluate expressions endlessly to delve into the mysteries of mankind, like the Folding@Home project or the Optimal Golomb Ruler project.  Network connectivity could even be shared to provide multiple endpoints for load-testing, or geo-distributed network analysis.

Even the spammers get it -or rather, maybe they're the first and only ones to get it.  Worm software today installs dispersed clients on vulnerable machines that are used to attack computers in Distributed Denial of Service (DDoS) attacks, send out SPAM email from every corner of the globe and extend the network for hackers and thieves.  They use idle time on computers, provide multiple caches for malware to be distributed throughout the network, and use network dispersity to reach every corner of the globe.  Criminals and their malware have already moved into the real cloud.

Meanwhile, in corporate and consumer industry circles, when someone discusses the 'cloud', they mean something different.  They mean a service - what used to be called an Application Hosting Service (AHS).  This isn't what cloud computing was meant to be - a third-party data center (or multiples thereof).  All of the big boys have a cloud service, Microsoft, Apple, Google.  There's even second-tier cloud service providers, such as SugarSync and DropBox, whose cloud offerings rely on the cloud offerings of others [DropBox relies upon S3 - the Amazon storage cloud offering].

As an idealist and a technologist, I am depressed, but not surprised, that the term 'cloud computing' has lost its way - probably because true cloud computing relies upon a concept of shared resources that our capitalist economy doesn't incentivize.  There's no simple way to transfer bits of money to each and every entity that provides resources in the cloud. [Well, there's BitCoin - but cloud-money may be too late to the horizon and you can't spend it at WalMart yet...]

Well, that's my rant of the day.  As usual, no solution - just randombling.

* [publicly, at least]