RyuKent on Life

Following the last post about security problems, today we hear that at the hacker contest Pwn2Own Microsoft Internet Explorer 8 running on Windows 7 was compromised in less than 2 minutes. The setup runs DEP and ASLR which are anti malware defences designed to protect memory by restricting buffer overflow and randomly assigning memory addresses to make life hard for hackers.

Obviously all that hard work Microsoft put in to protect us ultimately provides very little real protection. Yet another example of how easy it is to run malicious code on our machines. The worry is that when we’re told we are running protected software that we believe this to be true and don’t take the basic precautions that are essential these days. Avoid going to dodgy websites where possible. Don’t download from untrusted sources. Always operate behind some kind of firewall. Don’t trust emails just because they come from addresses you know. I’d go so far as to say that we should only engage in online banking from a separate setup than we usually use for everyday browsing (i.e. chrome on Linux instead of our usual Firefox on Win7) though this is clearly not convenient for most.

And… don’t forget that iPhones aren’t safe either!

After the German government issued a warning that there was an immediate threat to the use of Firefox 3.6 allowing poisoned sites to compromise users’ machines, Mozilla have issued an emergency update to correct the problem. This comes as yet another example of how bugs in the browser put users at risk. Increasingly viruses and malware are being spread not by downloading infected software, but simply by visiting websites.

The question then must become, should we switch browsers if we consider this a problem. Of course it’s a problem but with users hopping backwards and forwards, do they really gain more protection and is it likely to cause more confusion ultimately leading to lack of security? In the long run it will be the browsers that successfully issue patches quickly and can be relied upon. If you’re going to stick with one, you want the software that will be updated automatically and you won’t have to switch from. By issuing a quick fix, Mozilla are no doubt proving they are tackling the issues head on.

The update was originally planned for the end of the month but considering the danger and bad press generated by such an official organisation in Germany urging users not to use the software, the patch was rushed through.

To make sure you have the most recent version, within Firefox, click on ‘Help’, then ‘Check for updates’. As of today, you should be running 3.6.2. This can be checked by selecting ‘Help’, then ‘About’.

TechRadar has posted some great quotes from Andrew Robinson on the ‘Building a Digital Economy’ paper. I want to share them with you.

“This is just the latest round in an industry-sponsored campaign of scaremongering that began with the infamous ‘home taping is killing music’ hyperbole in the 1970s and 80s… We are expected to believe that piracy damages paper pulp producers, accounting machine manufacturers and railway operators. Yet again, we are asked to swallow the lie that every download is a lost sale.

Most of the evidence available seems to indicate that more money is going into the creative industries than ever – those sectors and businesses that have embraced the internet and the distribution and marketing potential that it offers are flourishing and it is the other areas, if any, that are suffering.

Perhaps organisations such as the BPI should focus more on investing their resources in new, progressive, and genuinely innovative business models and content rather than on advertising campaigns complaining how their outdated methods are failing.”

The Digital Economy Bill will shortly be rushed through parliament and bring into force powers that would allow the government (or certain appointed non-government agencies) to cut off internet access to millions of upstanding citizens. The burden of proof would be shifted to a guilty until proved innocent approach and all this at the request of the large record lables and film studios. Ordinary people are to suffer. The worst part though is that despite restricting the freedoms and human rights of millions this law will not actually achieve what the companies who are pushing for it want…. to continue their ability to extort unreasonable amounts of cash from us consumers under an outdated and economically unsound model.

How long before our right to criticise government on line is removed. Have lessons in Iran and certain other dictatorships taught us how dangerous this road can be? The Guardian summed it up as follows.

“The High Court (in Scotland, the Court of Session) shall have power to grant an injunction against a service provider, requiring it to prevent access to online locations specified in the order of the Court for the prevention of online copyright infringement” – could be used to block sites like Wikileaks (which after all exists for the reposting of material from organisations – which those organisations could argue is copyrighted). My reading is that it could – and it’s no use government saying “oh, but we wouldn’t”. Bad law isn’t made good law by not being used badly; it’s made good by actually being well-drafted.”

A campaign has been set up to try and stop the law from being rushed through. Rushed because the corporate sponsors know that this is the only way for them to sneak through a deeply unpopular bill that seeks only to benefit their outdated corporate kingdoms.

“There’s plenty to oppose in the Digital Economy Bill, it gives the government the ability to disconnect millions. Schools, libraries and businesses could see their connection cut if their pupils, readers of customers infringe any copyright. But one group likes it, the music industry. In a leaked memo a few days ago they admitted the only way to get the bill through would be to rush it through without a real parliamentary debate. Let’s stop that happening”

To assess this law we must consider a number of points. 1 – Is this law needed. 2 – Does the law benefit society. 3 – Will the law work. 4. Is there an alternative? Let me address these points.

1. The justification for this law is that billions of pounds worth of copyrighted material is being pirated and therefore billions of pounds of revenue is being lost to the major entertainment companies and that this is indeed terrible for the UK economy. Let’s analyse this. First, the kind of figures circulating are based on the value of the pirated material should the downloader have paid the full retail price for that item. I’m sure it doesn’t take a genius to realise that the average 14 year old who downloads 1000 mp3s a year and 30 films would not otherwise have spent well over £1000 on media. They do not have this money, they’ve never had it, this is not money lost. Implementing the bill will not create this income from nowhere.

Falling CD sales are all very well and recent evidence has even suggested that downloaders actually spend 20% more on music than people who don’t illegally download, but if you look at the total amount spent on entertainment, it is a different picture. We now spend a higher proportion of our income on entertainment than we did 20 years ago. The pattern of spending has just shifted. Sure people don’t spend as much money on CDs, but we buy other things. The computer games industry for example has exploded into a multi-billion pound industry over the last 10 years. Despite the internet. We spend more on live music than we ever did and a 14 year old’s pocket money is increasingly spent on mp3 players and mobile phones. This is not money lost from the economy, simply redirected to what’s popular at the moment. Times change and the laws of economics direct revenues to those companies that competitively provide popular products. We don’t need laws to protect outdated models. We need laws to facilitate efficient markets that reward innovation.

2. Does the law benefit society? Clearly not. If it did, then why could it not be debated properly supported by the people. Why does it have to be rushed through by a few companies who seek to protect vast profit empires? Why are they spending large amounts of money lobbying the government and courting Peter Mandleson on private yachts?

If this law was introduced, the average person (63% of the population use the same internet connection as an illegal downloader according to the BBC. I suspect higher) would potentially put themselves at risk of having their internet connection terminated or crippled. Many of these people rely on the internet for studying, banking, accessing public services, communicating and some for almost all social interaction. Is cutting off a connection to all these things proportional a response to someone who has downloaded and enjoyed a music track they would never have originally paid for or in many cases will go out and buy anyway precisely as a result of having downloaded it? Will a small amount of extra revenue for the record labels really compensate our society for this?

The argument is sometimes posed that the music industry is declining. Panorama, though slightly one sided in their approach did produce a particularly interesting quote. “It’s not the music industry that is in decline, it’s the record labels.” Are artists really suffering. While there are examples of labels cutting back on the money they invest, there are also numerous artists who’s careers have been created precisely because of the internet and filesharing. What we are seeing is simply a shift from one model to another. Is it really fair that a few artists should become millionaires? Would it not be more sensible for large record labels to be removed from the equation and a larger number of artists be able to interface more directly with their fans? Will implementing this bill really improve the life of most musicians to a greater extent than it will inconvenience the general population?

3. This brings us to the next question. Will the laws work? We have already seen a shift widespread encryption over bittorrent (most people are unaware when they just upgrade their software). There are a number of cheap or free services available that can potentially mask an IP address or show the downloader as located outside the jurisdiction of this government. The internet has no boundaries and attempting to impose laws which do will only drive people to safe havens where they cannot be touched. Sure some site may be taken down, but we have seen time and again that every time one disappears, 10 rise up in it’s place. History teaches us that before digital restrictions have effectively been put in place, clever software designers have already rendered them useless. Why bother spending money on something that is essentially in vain.

Then there is the matter of using the law to restrict internet access. As it has proved impossible to restrict downloading of copyright material alone, we must have our very connection to the outside world crippled, or worse that of our family or people who live in the same house affected. Imagine being told that you could not use your car to drive to work because someone else in the house had been caught speeding on a road that had no signposts and that there was no conclusive evidence that they were speeding in the first place.

Would a letter through the post telling you your son had downloaded 1000 mp3s from pirate bay cause you to go out and spend the £800 on music CDs that these tracks would have cost? That is the suggestion! How can any sane person really believe that this system will save the record industry?

Do you really think that if you give a court (or worse an agency) the power to have a meeting and block a web address that it will stop internet piracy? Given the obvious answer of no, is it really a good idea to write a blank cheque allowing the powers that be the facility to restrict our freedom of information when the reason behind this power is simply to stop the unstoppable?

4. What are the alternatives? The head of the recording industry association would have you believe that this is the ‘last rung’. As if without forcibly cutting people off from their internet access music and film is doomed and that nobody would consider paying for entertainment any more. In my mind this is the biggest lie that has been peddled to the government.

Look at Sky’s satellite TC. You pay per month, you can watch as much as you want. You wouldn’t bother copying it and sending the video to your friend because very few people would bother with the hassle when it is cheap enough and easy enough for them to have sky too. Content creators who create popular content are rewarded very well. Revenue is also generated through advertising. This is a very successful enterprise providing large sums of money to the industry for the last 2 decades or so and proof that there’s a perfectly viable alternative.

People are willing to spend a certain proportion of their income on music and film. They just want a reasonably way of doing it. There is an industry that can be supported and it doesn’t need letters, accusations and access to the outside world and basic services cut to enforce it. What’s wrong with a system where people pay a reasonable amount monthly and can access what they want with the more popular content rewarded with proportionately higher slices of the profit. This leads artists to create what people want. Money isn’t wasted in a futile attempt to restrict consumers and innovative companies can compete for the best platform to make a profit from. People would pay for this type of service because they already do, just in other forms.

People are still willing to pay for live music and though cinema is in decline, large screen TV buying with subscription channels are becoming more and more popular. I pay a fixed fee for unlimited text messages on my mobile, a fixed fee for my television licence, I can sign up to a fixed fee for unlimited DVD rental. I don’t see TV production companies going out of business. The electronic games industry is flourishing. Our creative economy is not on the brink of collapse. I’m not the only one who thinks this. Big businesses like Virgin, BT, Sky, TalkTalk are all against the bill. So what some record labels go out of business? What other company who refuses to accept reality wouldn’t.

Please visit http://www.38degrees.org.uk/page/speakout/extremeinternetl and register your opposition to this bill!

Despite the fact that there is an official Delicious extension for Google Chrome in the pipeline and available in Alpha here, I am still looking for a decent plugin that actually works.

Recently I’ve tried a number and it seems they are all missing the ability to search through your existing bookmarks easily, like you can do in Firefox with the official plug in there. Some of the worse ones don’t even allow you to use keyboard shortcuts to bookmark. This is a real turn off for me as I hate having to use time consuming mouse movements which slow me down and are fiddly on a track pad.

At the moment, Chromium Delicious Plugin seems to be the best option. It allows quick bookmarking with CTRL+M and is very lightweight. For searching through your bookmarks, it’s possible to use Chrome itself.

Right click on the address bar, then select “Edit search engines”. Click on add and use this following string as the URL

http://delicious.com/search?p=%s&chk=&fr=del_icio_us&lc=1&atags=&rtags=&context=userposts|@@@@|

Note that the @@@@ will need to be replaced by your username. Call the entry Delicious and use the keyword “d”. This way if you want to search through your bookmarks, just hit CTRL+L then type “D ?????” where ????? is your search string. This is quite a nice integrated approach.

Lets hope there’s a decent official one coming out soon.

I’m currently loving the new Google Chrome extensions. Today I’d particularly like to plug Furigana Injector. This great little plugin adds furigana to kanji on websites.

It can be downloaded within Chrome at this address. With an increasing number of top quality extensions now available, the battle between Firefox is going to get interesting. With Chrome’s superior speed and seemingly faster development we will see people switching left right and centre.

This is a quick note to tell the world how much I appreciate good customer service and especially that offered by O2 broadband. Having previously suffered at the hands of Tiscali who have fittingly joined the evil that is Carphone Warehouse, I was presently surprised to be treated like a human by the O2 team.

Little things like receiving texts when you order is going through and being able to check the status online made all the difference. They checked that I was on the right package and genuinely seemed to care. This is a commodity that is becoming all too scarce in this country. People just simply don’t take pride in their jobs any more and don’t care about customer service.

Sure, everybody wants cheap, but at what cost? Having being conned into a terrible deal with Tiscali where by my 10 days cancellation period expired before my service was even connected (it took 2 weeks) I can safely say that I will never get involved in another year long contract with a company that doesn’t take customers seriously.

Which brings me ironically back to O2. Has anyone else noticed that at around 9am and 5pm, despite having great signal strength in the London Bridge area, it is simply impossible to use the 3G network? I mean yesterday it took me over half an hour to send a text. Checking train timetables on my iPhone just didn’t work. I’m not alone here and it is definitely not a handset issue as everywhere else is no problem.

Clearly O2 have overstretched their network. I’m n0t sure if they can do anything about it because of the limit in spectrum available, but I would seriously consider changing networks (when Orange and Vodafone become available) based on this. There’s no point in having a phone that you can’t use. Have emailed them and will await the reply. I look forward to posting it here.

This morning I got an extremely annoying email telling me that Google Checkout has stopped accepting Maestro cards and that I should register another type of card to carry on using its services. Actually I was quite angry. Maestro is one of the most common cards in use in the UK and certain banks do not offer an alternative unless you change your account. How many people will change their whole bank account just to use another website?

It was also quite annoying that there was no explanation. After digging around a bit, I did find answers. Apparently Maestro is now insisting that all transactions use SecureCode. This is the system that asks you to use the predefined password when making a purchase. Unfortunately it is really not very secure as you can quite easily reset your password using a date of birth which can be acquired from a whole host of social networking sites, but that is another story.

Verified by Visa, which is the Visa equivalent is still optional. The SecureCode system takes away a lot of the responsibility of the card company covering the cost of fraud as it is much harder to claim that your card was stolen when they also know your password. Google didn’t want to put users through this extra step and probably didn’t want to pay the higher fees and so, to avoid loosing revenue and potentially putting themselves at greater risk of liability in the case of fraud, decided that they could just stop accepting the Maestro and stick with Visa. In the long run, perhaps it is unlikely they will lose much business and have probably calculated they stand to lose less than if they had taken on the more arduous terms MasterCard were imposing. It seems unlikely that they would have inconvenienced so many users without carefully considering it.

It has also been suggested that SecureCode is not compatible with a number of services such as WAP and as such would limit the channels payment could be accepted by. I don’t really accept this as a good reason for dumping the service though as you could just restrict maestro users on that channel and allow everything else, while still allowing us to use the standard web based system as normal.

HSBC are rumoured to be moving over to Visa too. It seems Maestro is not so popular as it used to be. Perhaps the charges have become proportionally uncompetitive. RBS / Natwest will still offer it as standard though. I think it very unlikely anyone will want to move banks. If a significant number of people have to stop using the service, competitors such as PayPal could well take some of Google’s business. In PayPal’s case, you can fund transactions using direct debit, thus avoiding the card issue. IT remains to be seen whether Google too will start offering this service. Personally, I would like this as you could incorporate the correspondence logging system of Google with the convenience of PayPal. In my opinion and through experience, Google checkout offers better customer service.

Something that has always annoyed me is that there are so many video standards out there and that they are nearly all proprietary systems owned and pushed by one company or another and inevitably restricted in one way or another. Or worse, expensively licenced.

Another thing I hate is that because of this lack of any real standard, it has become necessary for a while to either have a number of different players installed or as the case usually is now, for them to be packaged up inside a flash interface, each with a different UI, none with the easy ability to access the underlying file to download or manipulate and all relying on having flash installed.

I love Flash when it’s doing its Flash thing, but I hate not being allowed it on my iPhone and I really think that Flash is not what videos should be. There is a reason why all websites are not just large Flash files. There is a reason why all website images are not Flash files. Flash has been used to get round the inconvenience of not having a decent standard for video, but really is second best to an ideal solution where all browsers have the inbuilt capacity to play, download, even edit, tag and scan a universal video format.

So along comes HTML 5. Everyone’s happy, we are on the verge of reaching a consensus about OGG Theora and Vorbis for our standards. And Apple and Nokia ruin it. They moan about the fact that the company who created OGG Xiph.org being able to patent it. Yeah, but it is still an open standard. It is still open for people to implement in the way they want. It is still free to adapt and use in every possible device without licensing issues. It is pretty good as far as quality is concerned. What else currently offers such greatness?

I’m convinced the companies who are blocking it’s adoption are doing so merely to srve their own self interest. Apple wants you to use quicktime, they control quicktime. You have to pay them to use it and download their software with their annoying ‘lets install Safari’ crap. But why should I use quicktime on my settopbox, on my Linux desktop. Why should I pay to use restricted software when a perfectly good open and free standard is available? Sure it might be organised by one organisation but it’s a hell of a lot better than what I’d have to live under were I to try and use MP3 or Windows media format.

I think it’s really sad that we’ve lost a great opportunity to move the internet forward to a universal standard that would mean people don’t have to install a whole load of crapware applications designed to peddle other paid services. An opportunity to have all internet videos to work on the iPhone instead of proprietary YouTube only. An opportunity for a thousand developers to make a thousand embedded devices that would all play the same videos. There are people who are simply not skilled enough to deal with the mess that internet video gives us right now. How many grannies understand that you need to download RealPlayer to play real videos and that won’t work in Windows Media Player which they need to play Windows Media files which won’t play on their DVD player. This is unnecessary!

According to TechRadar, iPhones for official release in China are to have their WiFi facilities disabled. Apparently it is because the authorities would rather that people’s internet access is monitored and controlled through one centralised source. I think this is a shame.

Aside from my view on the monitoring and controlling, I really don’t think this makes technical sense. First because people already have access to iPhones that have been imported from other countries and there is no sign that these will become illegal. Secondly, access will still remain from other devices to the the WiFi hotspots that iPhone users will be denied. These hotspots will be connected to the internet through a normal Chinese ISP which will surely be running the same great firewall software that the authorities will want to run on the mobile network’s servers.

If you are the kind of person who needs to avoid this or don’t want to be tracked, surely you will opt for an imported iPhone without the WiFi disabled, or some of the numerous other mobiles that do have it and you can buy in China. Also, what extra do they really get from restricting people to the 3G internet? Will there be extra monitoring or restricted access? If so, won’t people just wait to go home or pop into a web cafe to post or access the data they cannot on their iPhone. Surely in this kind of restricted regime, you have to block all access or none. The people who need it, will always know of the easiest method to get access and use that anyway. In the mean time, the majority of normal users will suffer significant loss of functionality just to try and prevent what is ultimately impossible to restrict.