<$BlogRSDURL$>
Top Gun Party Blog
Saturday, April 24, 2004
  Gmail
eWeek: Google's Brin Talks on Gmail Future

Boy, Gmail has made a lot of headlines lately. To review: Google, everyone's favorite search company and prototypical good-guy company, has announced an email service known as 'Gmail' which is not yet publicly available. The Gmail service allows 1GB of storage per user, a phenomenal shift in free email service. There are a few additional shifts: emails are not guaranteed to be removed from the system when deleted, and they are examined based on content to deliver relevant advertisements; this is an extension of Google's filtering of search queries, the Adwords system, which makes them a ton of money and makes advertisers happy (since the click-through rates are so much higher) and even makes users happy (since they might actually want to follow the ads). In principle, if you're going to have ads displayed while you read your email, they might as well be relevant, right?

But behind the scenes something else is going on: a computer is reading your email, analyzing it to determine related topics, and possibly storing that information, collecting it across many emails and web searches, and identifying you on the basis of your online communications. This is a violation of privacy, a serious enough one that there are active attempts in California to deliberately legislate against it.

I don't really know what to say here. I'm not an especially private person - I don't particularly care what people know about me. I don't care about public security cameras or anything like that. I've said it before and I'll say it again: If someone really wants to watch me scratch my ass, they're welcome to it. Now, I respect that others aren't quite as open, and may feel truly violated thinking that their correspondence is being read. But Gmail is a free service. It's not as if Microsoft was collecting this sort of information about all Windows users. You can not use the service. Now, you may send an email to a Gmail user, even possibly without your knowledge (thanks to email aliases), and perhaps information can be collected about you as the sender... but that seems like a stretch. The email already is unencrypted and could be picked up and traced to you anyway, if someone really wanted to.

In other words, relax, people. Sheesh. 
Monday, April 19, 2004
  Linux legal protection
Start-up launches Linux legal protection | CNet News

A group called Open Source Risk Management is offering insurance against lawsuits directed to open-source software users. They're vendor-neutral though they have support from a number of different entities. According to CNET they have examined the 2.4 and 2.6 Linux kernels and determined that there are no copyright violations. How they go about making such a claim is unclear, since they (like the rest of us) don't know exactly what SCO is claiming to own. But it's an interesting concept nonetheless. 
Sunday, April 18, 2004
  Insecure personal computers
EarthLink finds rampant spyware, trojans
linked from yclipse

This article discusses a report by Earthlink and some company called Webroot Software that determines that "an average of almost 28 spyware programs are running on each computer. In addition, more than 30% of the scanned systems contained either a Trojan horse or "system monitoring software". The article seems a little thin to me, and I would be a lot more comfortable with the premise if the original report hadn't been released in part by an ISP that touts free anti-spyware software (especially when Ad-Aware is free to anyone using any ISP). I suppose I could try to track down the full report to determine their methodologies for what is essentially a computer survey, to see if they scanned enough computers, if they were only able to scan computers outside firewalls (which are a subset of all computers more inclined to be insecure because all secure computer users run firewalls that prevent such scanning), and to see what to them constituted "system monitoring software" and what share of that 30% it represented, since a lot of system monitoring software could be deliberately installed by the user (parents monitoring their children's activity, for example) or by the user's employer (to monitor work usage).

But despite the questions I have with the details of the report, I am well aware that too many personal computers are incredibly insecure and there isn't a whole lot that can be done about it. Sure, there are tools to make them secure, but it's not realistic to expect people to update them. Even I, a fairly responsible computer user, ignored the 'your virus updates are 30 days old' window this morning. Meanwhile there are people with high-speed internet connections who aren't running firewalls or virus scanners, and who open VBScript attachments in emails.

I don't know what can be done about this. A (very) small part of me is hard-core conservative and wants to institute some sort of user licensing to hold people accountable for their improper computer usage in the same way people are held responsible for their own automobile driving. In order to justify such a system we would need to show that individual computer misusage actually has significant damaging effects on the rest of society. I'm not convinced that we're there yet, but I think we'll get there. Even if we don't want to be so hard-core as to use legislation or governmental regulation, the ISPs could make it part of the user policy, which seems somehow less offensive.

One other solution is centralized security management, letting the ISP's scan consumer computers as they connect to the internet and keep them up to date before allowing them to connect. I expect this is technologically possible, though the increased prevalence of WiFi makes it more difficult. But it causes a lot of other problems. People may be forced to use certain operating systems or forbidden from using certain programs that constitute security risks.

I suppose we could always hope for an infrastructural technology overhaul in the same way people consider using micropayments or authenticated sending to fix the spam problem. Perhaps we can program internet routers to detect and block virus or spyware information transmission. I'm skeptical about whether this process can be successful and fast enough to be both effective and transparent. We'll see. 
Friday, April 09, 2004
  The other "Digital Consumer"
DigitalConsumer.org

I just found this site today. I think I'll continue to keep my blog name unless/until they find me and yell at me. 
  Responsibility for software security
This article from Network World fusion was also in today's ACM Technews. This article targets what will be an increasingly interesting, active issue in the future. It demonstrates the shifting of responsibility for secure software from the customer (who currently is expected to download software updates to maintain software security) to the producer (who wrote the bugs in the first place). The National Cyber Security Partnership (who I had not heard of before reading this article) determined that software manufacturers ought to accept more of the responsibility, proposing "liability and liability relief, regulation and regulatory reform, tax incentives, enhanced prosecution, research and development, education and other incentives" to help achieve these goals.

I'm all for this. Government regulation is a very serious concept that is probably taken too lightly. But software tends towards monopolies, so the other alternative, using the market and consumer choice to encourage good practices, is not likely to help much. The possible punishments/incentives are interesting. Obviously assigning liability to the software developer is the biggest and best (especially to a future lawyer such as myself), the Holy Grail of motivation. I don't think companies need or should get any tax incentives or other financial rewards for compliance... then the focus would be only on expending enough effort to reach some fixed goal of compliance, not on really putting in the effort to make sure the software is secure.

It is unfortunately true that software is very difficult to make perfect. If this does go further, I expect a fuzzy boundary between sufficient and insufficient security efforts. 
  Web interoperability standards
W3C Advances Specs for Web Interoperability from ACM Technews
Full article from Internetnews.com

Standards are a wonderful thing for the technology user. I'm sure that developing and using standards has some flaws, such as increasing development time and cost, restricting features, reducing variety, etc. But overall when a standard exists and related products must be based on the standard to survive, it creates a wide open market for competition and inevitably favors the consumer.

The ACM item and Internetnews.com article discuss the Document Object Model (DOM) Level 3 Core, an API (application programming interface) recently approved by W3C (the World Wide Web Consortium, a body that exists to discuss and develop standards for the WWW). I don't know much about DOM, so I won't try to detail the significance or lack thereof of this release. I just want to point out that there are efforts to standardize the way web pages are written. Those of us who prefer non-Microsoft browsers (I use Netscape or Opera most of the time - I intend to use Mozilla's Firefox once it hits 1.0) are well aware that the current state of standards for the WWW is pitiful. There are too many sites that are written for IE and only partially or not at all tested with other browsers. But if IE conformed to a standard, and web pages were written for the standard, then we would have an open market.

I do ask myself, though, even if there were a single universal standard for every type of web programming, why would Microsoft feel a need to meet it? I suppose in the long run if IE used one style and every other browser used another, it would likely destroy IE, but I'm not convinced of that entirely. 
  More Microsoft Maleficence
This is ridiculous. Microsoft has announced the "Microsoft Authorized Refurbishers program" to allow companies to give away computers with MS corporate licenses to charities without violating the EULA. Certainly that's a good thing to do with old coporate computers. What ticks me off is that a special "program" is needed in the first place, and that they charge a fee for it, to cover "materials and program operations" (like they need to do anything for the operation). Once you buy a piece of software, it's yours, and if you want to give it away, fine. Obviously we can't just let anyone make copies of any software and give them away for free, because that would seriously damage the software industry (though OpenSource works pretty well under that model). But a license that prevents donating to charity without paying a fee is completely ridiculous.

CNet News: Microsoft offers charity-friendly license 
Wednesday, April 07, 2004
  Support the DMCRA!
ACM Technews

This is exactly my point, and the concept underlying the title of this blog. Fair use rights in all of high technology are being ignored in favor of strict content prevention. Not only is it offensively restrictive, it's not even successful, at least not yet. The Technews item and the DMCRA (see Rep. Boucher's site, or support the issue through the EFF) focus on digital media issues, but there are similar concerns in many other high tech subjects. The legislators are swayed by campaign contributions and the arguments of businesses anxious to prevent technology from eroding at their foundations. We need to speak more clearly and loudly on this. 
Tuesday, April 06, 2004
  The Future of Telecommunications
One nation under Internet Protocol

This is a neat article that deals with the future of combining media services under a single connection - running television, phone, and internet service over the same cable. Running cable TV and internet over the same cable connection is common, and the article observes that the cable company could add free phone access over the same cables without difficulty. There is quite an established business in landline phone service which is falling under attack through Voice over IP and increased cellular phone usage; it's clear to me that those businesses have nowhere to go but down, unless their models change dramatically.

I sat on a plane next to a Verizon employee who told me about their attempts to run fiber optic cable past the corner of every house in the US. It's expensive, but it's a brilliant plan, because fiber is clearly a better technology than coaxial cable, and if it's already at the corner people can pay a linkup fee, hop on the line, and get all their services that way. Verizon is definitely in a position to morph and continue to be a huge player in the telecommunications market.

But I ramble. My real thought is that there is enormous potential in the merging of media services. Forced open access to these future universal high-speed connections (like the current forced access to phone lines) means that all the service providers will compete in a vicious market, since distribution costs will be zero. There will be some hiccups, though. Service providers will use expensive packages to force consumers into purchasing unwanted products and services. The government will charge random regulatory fees for no clear reason. But I think the possibilities outweigh these by a healthy margin. 
Monday, April 05, 2004
 
Subscription Software Is Sweet

Motley Fool has an article about companies which are shifting into subscription-based software licensing models. They say that IDC has predicted that half of all software vendors will switch to a subscription model within 12 months. The author also seems to support the concept, referring to it as cheaper and less risky for the purchaser.

A subscription-based software model makes financial sense for businesses, I suppose, but from the consumer perspective it's even further away from the property model. The software is being rented instead of purchased (though "purchased" is a strong term given licensing restrictions on use). But really, we have a copy of the software in our possession, and we should have the right to use or abuse it in perpetuity as long as we're doing so within our own controlled environment. I suppose there will always be technological workarounds for this, but using these puts one in the same legal position as the people who just download the software for free, and the two violations are completely different in character. 
 
eWeek: Microsoft, Sun Reach Settlement

Microsoft is paying Sun $1.6 billion dollars, and they're pledging to work together over the next 10 years. I mention this here because, with Sun's current financial issues, this could be step one towards a future buyout. I don't really know if Sun has anything Microsoft wants, though, and that would get in the way. But too often when two goliaths that had opposed each other decide to work together it ends up being bad for the consumer. 
 
Wired article about overgenerality in software patents:

Wired News: Dodgy Patents Rile Tech Industry

One same patent from article: "[A patent] that gives Amazon.com the right to charge other website operators for using browser cookies that store data structures". This has been a concern for some while now. It actually hurts both sides of the equation, consumer rights and the desire to encourage innovation. The point of a patent is to reward a company for its research and development efforts and for making its innovations publicly available by granting an exclusive use right for a limited time; when patents are granted for such obvious technologies, even if they were the first to use it, there is no benefit to society, there is only market strangulation. 
Hosting and Toasting one: Richard Owen William Morgan.

ARCHIVES
04/01/2004 - 05/01/2004 /


Powered by Blogger