Category: Technology

That old copyright song

Post author By Shelley Powers
Post date January 18, 2006

My cable connection started working without problems yesterday, just in time for me to attempt to connect using DSL later today. I’ve also been attempting to take photos of the bald eagles wintering in our area, but have run into interesting complications, which I’ll write about later.

In the meantime, thanks to Halley Suitt for pointing out this rather amazing sleight of hand trick from John Palfrey at Harvard on copyright law, RSS feeds, and his new enterprise, Top Ten Sources.

Mr. Palfrey, the Berkman Center at Harvard holding the copyright of RSS is completely beside the issue, and only serves to obfuscate the discussion–as does raising the specter of the Big Bad Media companies. In addition, I’m very confident that I hold the copyright on my writing regardless of the medium in which I publish the writing, unless I grant that copyright to another. The fact that what I write appears in a RSS feed does not change how copyright laws work. No matter how much you wave the Web 2.0 wand, it does not change copyright law.

People who provide syndication feeds do so in the assumption that the feeds will be picked up in personal aggregators. A personal aggregator is nothing more than what amounts to a ‘reader’ for the content. Whether you read my content in your personal aggregator or via a web browser (point being moot since I only publish partial feeds), does not violate the copyright law because you’re not re-publishing or copying that material in its entirety. The personal aggregator becomes nothing more than a variation of a web browser.

To the techs out there: am I right, or am I wrong? Isn’t a personal aggregator, whether web-based or desktop-based, nothing more than a variation on a browser, in that it renders web-based material for an individual’s personal consumption?

However, re-publishing the content in its entirety for mass consumption without permission is a violation of copyright law. No ifs, ands, or buts about it. In addition, at least in the US, copyright is granted automatically on a work and one does NOT need to re-publish copyright information in one’s feed, unless one wants to. Now, people can and should include Creative Commons licenses that allow one to re-publish content if they don’t care that this happens. But if they do, and no commercial re-publication is allowed, this means that sites such as Top Ten Sources cannot re-publish the material if the site is run as a commercial for-profit enterprise.

To the legal beagles out there–point blank: am I right? Or am I wrong? No, ‘gentlemen of the court’ niceties; no A-list deference; no but it’s Harvard obfuscation; no Web 2.0 bullshit. As clearly and precisely as possible: am I right, or am I wrong?

Tags copyright

Internet

Glowing in the Dark

Post author By Shelley Powers
Post date January 18, 2006

Recovered from the Wayback Machine.

Today has been spent trying to achieve a glow of health in both my cat and my connectivity.

I took Zoë to the specialist located in the other side of town. Come Monday, she will be admitted to a special NRC (Nuclear Regulatory Commission) sanctioned room, get a shot of radioactive iodine in the butt, and then have to spend four days until she ‘cools’ down enough to come home. We will, then, of course, keep her 3 feet away from us at all times for two weeks–not letting her sleep with us, only cuddling a couple of minutes at a time. Of course.

I also spent a considerable amount of time today trying to get the SBC DSL modem/wireless router working. After talking with two very knowledgeable help people, we got the three lights glowing a nice steady green, a working ethernet connection (which is quite fast), but, unfortunately, determined that my modem does not have wireless. They are sending me a new one. In the meantime, when my Charter fails, I can turn on the ethernet portion of the DSL.

Between cat and connectivity I have not accomplished much this week and am behind in my work. I don’t mind the cat–Zoë already worked her magic on the new vet, who agrees with me that she is an adorable little princess. But I can’t cuddle my cable or DSL modem and neither has a soft furry neck to scritch, so I do regret the time expended on both of them.

Tags Zoe

Internet

That connecting thing again

Post author By Shelley Powers
Post date January 11, 2006

Recovered from the Wayback Machine.

While we debate the merits of DRM as compared to the evils of DMCA, I am having connection problems.

Currently I have Charter Pipeline, through a Netgear M314 wireless router to my machines. I am having problems with DNS lookups that are failing more frequently, though I am still connected to the Internet. I’ve checked my modem using the modem software, and it seems to be functioning. Ditto on the Wireless router.

I’ve heard of timeout problems with the Mac OS 10.3.x and DNS lookups, but I have problems on my Windows box, too, and problems with 10.4.x.

By the nature of the problem and the fact that it worsens at night, I am making an assumption that the problem exists at Charter. If so, the solution would be to consider going DSL.

Now, normally DSL does not have the downstream speeds of cable, but checking in my area, depending how far I am from the station, it would seem that SBC Yahoo DSL is actually faster than cable (though Earthlink DSL is slower). And SBC also has faster upstream. It’s also over 50% cheaper for six months, and only requires a six months commitment. SBC does tack on a federal fee, which it admits it is passing on and is not required by law to be paid by the customer.

I currently have ‘free’ cable television with my upstairs televisions because Charter did not disconnect the upstairs video connection when I went pure broadband connection only. The repairman did not have a splitter when he made the disconnect, so he disconnected the lower connection, but left the upper untouched. However, the company has also raised the cost on the broadband connection to the point that judicious shopping for DSL and a Dish could provide replacements for both television and broadband at only a small additional cost–and the Dish provides additional goodies.

But every time I make a telecommunication change, something goes wrong. I do have customers to support; I am gainfully employed via my home computers; I can’t afford downtime.

Questions to you, wise readers:

Is there anything in my setup that you can see could be causing the frequent DNS lookups and failures? I literally go from access to Flickr one moment, and then failed lookup of flickr.com the next. I am unable to work now about 30% of the day because of this problem.

Any problems with SBC Yahoo DSL, other than the phone support is in China? How about Dish?

Technology

WMF Patch

Post author By Shelley Powers
Post date January 6, 2006

Microsoft has released a patch for the WMF bug ahead of schedule. Per Ken Camp:

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Published: January 5, 2006

Version: 1.0
Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

From Ken – GO PATCH

Ken has a link to the patch page. You should also have the patch available from automatic updates if you have this enabled for your OS. Remember to uninstall the third-party patch, first, if you installed this. You can do this through the Program add/remove from the Control panel.

Technology

Serious Windows security flaw

Post author By Shelley Powers
Post date January 2, 2006

Recovered from the Wayback Machine.

Thanks to Ken Camp we’re warned about an extremely serious Windows vulnerability.

The flaw, which allows hackers to insert malicious computer programs into seemingly innocuous image files, was discovered last week.

But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it.

Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

There is no official Microsoft patch, and until there is, I’m keeping my Windows 2000 dual boot firmly fixed on Ubuntu. If you’re running XP there is an unofficial patch.

In the meantime, if you’re running an unpatched Windows machine, I would strongly suggest that you not follow any links that appear in my or anyone else’s comments — even if the person writing the comment seems to be someone you know. Anyone can use any name with a comment (even someone else’s name), and I don’t filter links.

All you have to do is open one email, IM, or web page with an infected image — or use something like Google Desktop, which indexes such.

Ad Makers are exploiting this vulernability to infest your machines with spyware.

But before you click that link–you sure you want to do that?

A weblogger named Jesper who says he’s a Senior Security Strategist in the Security Technology Unit at Microsoft wrote unofficially on workarounds et al on this issue.
His view of the unofficial non-Microsoft kissed patch is: don’t use it.

Again, it is risk management. If you have extremely high security requirements, you may want to go so far as using something as drastic as an unofficial patch. However, in that situation you are probably not willing to trust a third-party packaged patch anyway. The unknown risk of issues with an unofficial patch is pretty high. The cost of implementation ranges from low in a very managed environment, to very high in an unmanaged environment. If your risk and the cost of the attack is very high then you may want to consider the unofficial patch, but I cannot in the best conscience recommend it right now.

This after listing a bunch of options that even he admits won’t likely protect a computer, especially with the new malware exploits. He’s speaking privately, though, and not officially so we have to factor that in our interpretation–except we have to assume that since he’s a ’security consultant’ he’s fully aware of the impact of his position on people reading his words.

Some folk would say this is the power of weblogging; this real company people writing to real weblogs saying real things. To that I say, “Bullshit!” This is the weakness of weblogging — no one says anything directly. It’s all a game, and those of us who are forced into the game are stuck trying to figure out the rules before we get swept from the board.

Jesper isn’t condemning the patch because he knows it to be flawed or unworkable, but because it isn’t Microsoft. Pure and simple. And he’s doing so as one of us, which is supposed to what? Increase his credibility?

Well, since Microsoft is the one who put out the code, and has downplayed the vulnerabilities (”We have determined that an attacker would have no way to force users to visit such a malicious Web site”–this from a weblog entry), as well as be less than concerned about putting out a timely fix (”we will release a fix via our regular monthly security release…Have a Happy New Year!”), I have to wonder who exactly it is we are supposed to trust?