Justin's Linklog – Page 99 – (Things I found interesting recently.)

Bad Blogger.com Security Model

Published March 22, 2005

Security: Hey user auth systems! If you’re going to require me to sign in, and publish my login as a signature to prove that I’m ‘me’, please do me a favour — don’t delete the account if it’s been ‘inactive’, and allow anyone to re-register that name without my knowledge!

I just tried to leave a comment on a Blogger.com weblog, to find that my user account at Blogger had been deleted. Re-creating a new account with the same name wasn’t a problem — the previous account data had been simply deleted outright. (Presumably they don’t do this to people with a Blogger.com weblog — I hope.)

The risks of this are pretty clear; given that I’d already established an identity (at least in comments on certain Blogger weblogs) as ‘justinmason23’, if an attacker were to have re-registered that identity before I did, they could impersonate me.

Massive topographical map of Ireland

Published March 21, 2005

Mapping: NASA’s Earth Observatory has put up a 4 MB high-res topographical image of Ireland. A rough calculation indicates that each pixel is under 0.1 of a mile on a side. It’s fantastic. ;)

Best of all, since NASA operate under the US’ enlightened copyright and licensing policies for government-funded data, it’s free — the masthead notes ‘Any and all materials published on the Earth Observatory are freely available for re-publication or re-use, except where copyright is indicated. We ask that NASA’s Earth Observatory be given credit for its original materials.’ Copyright is not indicated on this image as far as I can see. So go ahead and save a copy for future use, too.

(via EirePreneur in turn via Irish Typepad)

Open API for online group-based services maintainance

Published March 19, 2005

Web: I’ve been doing a little thinking about group-based networking and services.

Here’s the situation. Let’s say you have a small group of people, and want to offer some kind of online service to them (like a private chat area, mailing list, etc. etc.) That’s all well and good, but maintainance of ‘who’s in the group’ is hard. You need:

the ability to let other ‘admins’ add/remove people
a nice UI for doing so
a nice UI for people to request to sign up
possibly, multiple groups
privacy for group members
possibly, some public groups
decent authentication, username/password
the usual stuff that goes with that — ‘I’ve forgotten my password, please email it to my listed address’
did I mention a nice UI?

The traditional approach is to code all that up myself, in my copious free time presumably. Urgh, talk about wheel reinvention on a massive scale.

I’d prefer to use something like TypeKey, a web service that exposes an API I can use to offload all this hard work to. Initially, I was in the ‘ugh, Typekey 0wnz my auth data’ camp, but I’ve eventually realised that (a) they’re not quite as evil as MS, (b) they’re not quite as stupid as MS (deleting Passport accounts if you don’t log in to Hotmail, which is only one of the supposedly many services, including third party services? hello?!), and (c) it’s actually really convenient having a single-sign-on for weblog commenting after all.

Having said all that — TypeKey’s out. Unfortunately, it only does authentication, without dealing with group maintainance.

However, social networking services are all about groups and group maintainance.

Running through the options — LinkedIn, Friendster and Orkut are all grabby and gropy and ‘my data! mine!’, so they’re out immediately.

The next step was to take a look at Tribe.net, which seems kind of nice and had a good rep for open APIs — but as far as I can see, all they’ve got really in that department is FOAF output, and a simple server-side-include thing called TribeCast. I could list all the group members in a FOAF file, but without authentication, that’s pretty useless since anyone could claim to be one of the FOAFs.

That leaves Flickr, which has a great set of APIs. Using that is looking quite promising. If you’re curious, I’ve gone into detail on this at the taint.org wiki.

DCC no longer open source

Published March 19, 2005

Patents: DCC (Distributed Checksum Clearinghouse) is a venerable, and widely-used anti-spam system created by Vernon Schryver; we’ve supported it in SpamAssassin for yonks.

It now appears that DCC is now no longer open source software; it’s still free for personal and noncommercial use, but this clause has been added to the new license text:

This agreement is not applicable to any entity which sells anti-spam solutions to others or provides an anti-spam solution as part of a security solution sold to other entities, or to a private network which employes DCC or uses data provided by operation of DCC but does not provide corresponding data to other users.

So there’s talk that those commercial users should now license it — interestingly, from another company called Commtouch, not Vernon’s Rhyolite Software. (More info).

It appears that the license change is part of an agreement with Commtouch, owner of US Patent 6,330,590, a patent on the idea of hash-sharing antispam techniques. (I haven’t read the patent due to ASF and other policies so I can’t tell you what it really covers.)

It looks like we’ll be disabling DCC’s use in SpamAssassin by default, as we did with Razor, as a result. (Our policy is that the default ruleset used in SpamAssassin be usable by anyone who can use our software, so that the normal usage is open source by default, rather than subsets of the overall functionality.)

Greasemonkey: transcoding extension for Firefox

Published March 16, 2005

Web: Now this is very cool stuff: ‘Greasemonkey is a Firefox extension which lets you to add bits of DHTML (“user scripts”) to any webpage to change it’s behavior.’

In other words, you can rewrite any page viewed in Firefox, as it transits between the server and your client’s display; a form of transcoding.

Traditionally, transcoding is performed using a HTTP proxy which applies the transformation, or a specialised HTTP user agent which transcodes and outputs a whole new set of documents with the results.

That was all a little hacky for full-scale integration into your web browser, though, so Greasemonkey is a big improvement for that use-case.

Some good links:

And some demos:

Remember, these are single, sub-100-line JS scripts, running entirely locally in the user’s web browser. The last one gives you an idea of what coolness is possible…

My contribution: an ad-removal script for Metafilter. It took some 30 seconds of hacking to produce this — soooo easy. It’s a whole new world of site customisation and hackable filtering. You thought AdBlock was good, this is ever niftier ;)

Taxation: a Happy Ending

Published March 15, 2005

Tax: Following on from the previous entry, I’ve had a stroke of luck. It turns out that I did indeed quality as a US resident for tax purposes, and therefore could use Turbotax.

20 minutes later, both state and federal forms were e-filed with the very minimum of fuss — computers and the net illustrating their worth as labour-saving devices quite nicely. ;)

(Oh — also — a PSA for Google’s benefit: I’m pretty sure that form 6251 had incorrect instructions. It claims that the items it refers to in form 1040, can also be referred to in form 1040NR by the same numbers. In fact, parts of 1040NR are radically different in numbering than 1040. It’s a bug in the form!)

Taxation Ventage

Published March 14, 2005

Taxes: it’s that time of year again, when every inhabitant of the US, resident and ‘non-resident’, gets The Fear. Yep, it’s tax time. (Warning: this is a long and protracted vent.)

In the US, every worker is required to prepare and file their own taxes, in detail. Nowhere outside of India can do bureaucracy quite like the US, as far as I can tell — even the brits have embraced simplicity to a greater degree — so this is no trivial undertaking; however, they do have a few outs, if you’re eligible.

Naturally, given my luck, I’m not. ;)

Now, I’m no slouch when it comes to form-filling; I’ve had to deal with messy forms many times before. But these are masterpieces. Check out this gem:

The ATNOLD is the sum of the alternative tax net operating loss (ATNOL) carryovers and carrybacks to the tax year, subject to the limitation explained below. Figure your ATNOLD as follows.
Your ATNOL for a loss year is the excess of the deductions allowed for figuring AMTI (excluding the ATNOLD) over the income included in AMTI. Figure this excess with the modifications in section 172(d), taking into account the adjustments in sections 56 and 58 and preferences in section 57 (that is, the section 172(d) modifications must be separately figured for the ATNOL). For example, the limitation of nonbusiness deductions to the amount of nonbusiness income must be separately figured for the ATNOL, using only nonbusiness income and deductions that are included in AMTI.
Your ATNOLD may be limited. To figure the ATNOLD limitation, you must first figure your AMTI without regard to the ATNOLD. To do this, first figure a tentative amount for line 9 by treating line 27 as if it were zero. Next, figure a tentative total of lines 1 through 26 using the tentative line 9 amount and treating line 27 as if it were zero. Your ATNOLD limitation is 90% of this tentative total.
Enter on line 27 the smaller of the ATNOLD or the ATNOLD limitation.
Any ATNOL not used may be carried back 2 years or forward up to 20 years (15 years for loss years beginning before 1998). In some cases, the carryback period is longer than 2 years; see section 172(b) for details. The treatment of ATNOLs does not affect your regular tax NOL.

That pretty much appears as-is; there’s no additional explanation of those acronyms elsewhere, it’s just a big block of jargon. Obviously not intended for human consumption. There’s also this:

Medical and Dental. Enter the smaller of Schedule A (Form 1040), line 4, or 2.5 % of Form 1040, line 37.

That seems well and good, and according to the instructions, the 1040NR is 100% compatible with the 1040. Except Schedule (Form 1040NR), line 4 is:

Gifts to U.S. Charities. Gifts by cash or check.

What do charity donations have to do with medical and dental expenses? WTF? (I suspect the compatibility claim is incorrect.)

Last year, I hit up H&R Block for their help; it saved a lot of hassle, but was pretty expensive, costing over $200. Overblown TV advertising alert: of course there was no great refund, despite what their ads claim. However they did recommend that I donate old clothes to thrift stores, keep the receipts, and claim that back as a tax contribution. I’m serious. Given my wardrobe, that should net about $10.

This year should be a lot simpler, since I’m just a US nonresident working visa holder doing nothing but paying plain old income tax — so I was intending to just fill out the forms myself.

I think I’ll tick that idea off my list and check out the online options.

All I can say is, no wonder quite a few US citizens seem to think that government involvement is something to be minimized if at all possible. There are alternatives though — I’d happily take an Ireland-style ‘nanny state’ which will compute my tax liabilities for me if I so choose. It’s not like I’d be in a position to argue with them anyway, aside from the common case of hiring a tax attorney, if we disagree; so why not let the government do the heavy lifting? ;)

(PS: the good news is it now appears I may qualify as a resident. This means Turbotax.com is a viable option… yay!)

Back in the US, and Daniel’s interview

Published March 8, 2005

Misc: So I was travelling last week — a very productive trip to the UK visiting the main work dev office, and getting a little socialising in too while I was at it. A pretty good trip overall, especially since I seem to have figured out how to use my frequent flyer miles effectively to get great seats! ;)

Here’s a good interview with SpamAssassin PMC chair, Daniel; well worth a read if you want to see what we in SpamAssassin think about the state of the onion in spam-filtering.

In not-so-good news, it seems Charlie McCreevy has managed to push the software patent directive through, despite massive EU Parliament unhappiness. Third time around at the Fisheries meeting, naturally; and there’s some serious questions about the legitimacy of the procedural rules invoked by the Commission in refusing to take the directive off the A-item menu. Now that’s what I call democracy…

It can still be defeated, but it’s an uphill battle now — for it to be thrown out in the second reading at the European Parliament, it’ll need a two-thirds majority of all MEPs (not just the MEPs present), reportedly.

In the meantime, thanks to the FF and PDs’ bullying tactics, Ireland’s small but growing pool of homegrown software developers are being ignored, and the Irish software industry looks more like a lame import operation for the likes of Microsoft. Our reputation is dragged through the mud for a few multinationals, and the rest of Europe resents us for it. Wonderful.

BTW, even if it does pass, there are ways to fix it — directives must be implemented into national law in each country. This means that Ireland could still write their implementation of the directive to exclude software inventions (even the ones where it’s supposedly a patent on hardware like ‘a CPU connected to a hard disk, with such-and-such software running on the CPU’). However, given McCreevy’s obvious bias in favour of getting this specific text into place, how likely is that going to be?

RFID Scan Detector

Published February 23, 2005

RFID: Over on Adam Shostack’s weblog, in a comment on an entry regarding the plans to mandate remotely-readable RFID passports, Martin Forssen brings up a great idea:

What I want is a device which beeps every time somebody scans me for RFID-tags. I assume this would be fairly easy to construct since the scanner must send a signal of some strength to activate the chip.

I wonder if that’d work? A keyfob, for example, something similar in size to the dinky Chrysalis Wifi Seeker I have on my keyring, would be perfect. It’d be probably pretty cheap to make, would make a great geek toy, and be quite educational too. ;)

Amazing quotes from Michel Rocard

Published February 18, 2005

Patents: So the Conference of Presidents has ratified the JURI decision to throw out the flawed software patents directive text. Phew! That’s a lot more pressure on the European Commission. Charlie McCreevy could still carry on his attempt to steamroller European democracy on this one, but it looks likely that he wouldn’t get away with it now — possibly facing sanctions as a result.

Found in a Slashdot comment — an amazing quote from Michel Rocard (former French Prime Minister, now European Deputy), recounting a meeting with Microsoft representatives on the software-patent issue:

“We never could (speak) a common language with the companies representatives we met – in particular those from Microsoft. Speaking about (the free circulation of ideas), free access to knowledge, was like speaking chinese to them. In their way of thinking, everything that is not usable for immediate profit ceases to be an engine of growth. They don’t seem to be able to understand that an invention which is a pure spirit creation (sic) can’t be patented. It’s simply terrifying. Many of us, at the Parliament, agree to say that they never have know such a pressure and such a verbal violence during their parliamentary work. It is a huge case.”

In addition, he takes aim at the Irish Presidency’s tactics:

“To adopt it formally, there is an expeditious procedure — the (A-item) at the Council of Ministers, where the it is adopted without discussion. The Irish and Dutch presidencies attempted this tactic three times, twice at meetings of the (Fisheries Council)! This is simply scandalous.”

Blimey, he’s really pissed off. Great! Go Rocard! ;)

See here for the original interview (in French), and here for a bad Babelfish translation.

In happier news — take a look at some pictures from the presentation of 30,000 verified signatures (and flowers!) from people around the world, thanking the Polish Government for their repeated stands against the flawed directive in December.

Continuations in perl

Published February 16, 2005

Code: Ugo Cei: Building Interactive Web Programs with Continuations quoting Phil Windley:

This leads to the question: what if I could write programs for the Web that were ‘structured’ in the programming sense of that word? The result would be Web programs that were more natural to write and easy to read. You’d no longer have to maintain the state of your program outside the language and the data could be kept in variables, where it belongs. The answer is: you can.

I hate the ‘save all state’ model imposed by developing for the web, and have been hoping for a way to do this for a while — and now I know what it’s called ;)

It seems Seaside is the leading continuations-based web-app framework, using Smalltalk, and (as Ugo noted) Apache Cocoon has it too, but there’s a whole load more. Can you tell I haven’t been following web-app development techniques much recently?

Never mind those other languages, though — Continuity looks promising as a Perl framework based around continuations. Perl 6 will reportedly have native continuation support, and Dan Sugalski gives a good write-up of how they’re implemented and their ramifications there.

BillG threatens to shut down Denmark’s tech sector if he doesn’t get his way

Published February 15, 2005

Patents: Børsen: Bill Gates threatened to kill 800 Danish jobs if Denmark opposed software patent directive:

Danish financial newspaper Børsen reports that Microsoft founder Bill Gates threatened the Danish government in connection with software patents. According to the article, Gates told Rasmussen and two Danish ministers in November that he would kill all 800 jobs in Navision, a Danish company acquired by Microsoft in 2002, unless the EU were to quickly decide to legalize software patents through a directive. Denmark is a country with only 5 million inhabitants and a relatively small high-tech sector to which the loss of 800 jobs would have significant implications.

Lovely — a blunt blackmail attempt. The article goes on:

It would not be the first threat of its kind. A group of large corporations including Philips is reported to have previously threatened European governments to outsource all of their European software development jobs to low-wage countries unless the EU were to allow patents on software through the directive that is currently being worked on.
In January, leading Polish daily Gazeta Wyborcza reported on a letter addressed by the Polish subsidiaries of Siemens, Nokia, Philips, Ericsson and Alcatel to Poland’s prime minister Marek Belka … it is said to have indicated that the respective companies would reconsider making investments in Poland if the Polish government upheld its resistance to the legalization of software patents in the EU.

Again, note the FUD-busting on this point. I notice that Florian Mueller of NoSoftwarePatents.comhas a a good one-liner response along the same lines — ‘The country in which you develop a technology has nothing to do with where you can take out patents.’ He goes on:

If they move jobs to Asia, they won’t get a single additional patent, neither in Asia nor in Europe. If you warn politicians of consequences that are directly related to a legislative issue, that’s acceptable. If you threaten with causing damage that has no factual connection whatsoever, then it’s blackmail. Plain and simple.

Software Patent Legalisation And Its Effects On Research And Development

Published February 11, 2005

Patents: an interesting FUD-busting point from the FSFE-IE mailing list today. Malcolm Tyrrell wrote:

Why does the following point keep coming up? Do I misunderstand the issue, or is this just plain nonsense: (quoting this ENN article)
‘Indeed, the big businesses that backed the directive — such as Philips, Nokia, Alcatel and Microsoft (…) also say, in somewhat ominous terms, that without patent protection, big companies will be less inclined to spend cash on European R&D projects, because the governments of Europe cannot offer any guarantees that commercially useful technology will be protected. In the US, those much-needed safeguards are in place, patent supporters note.’
I presume that these big companies will obtain patents in all territories where patents are available, regardless of where the R&D is performed. Unless they are threatening this merely as revenge (and I would think that there responsibility to their own shareholders precludes this), there would be no more or less reason to do R&D in Europe whether software is patentable there or not. Am I wrong?

He’s right; in my experience, software patents are applied for world-wide, in as many regions as possible (and as funds and time permit) — and there’s very little barrier for an inventor in one country to obtain patents in other countries (apart from money to pay for all those billable hours).

However, Fergal Daly had a more interesting additional point:

‘As far as I can see you’re right and in fact this is a plus for Europe, as labs in Europe would be free to use other people’s patents during their research, whereas in other regions they would have to license them before they could implement them, even for private use.’

He’s right, too, as far as I can see. This would be quite a big win for European R&D, since it would also mean they could develop an algorithm similar to a patented algorithm, as long as the patented technique was only implemented in software inside their European labs. This would be illegal to do anywhere else in the world where software patents were legal, hence is a competitive advantage over their international competitors.

In addition, it would mean that in the scenario where a product is produced using a patented algorithm, but the algorithm doesn’t appear in the final product, that would allow them to perform production in Europe without paying the license fees that would be payable elsewhere.

In summary — the ‘patents needed for R&D’ line is FUD, and the reality is in fact the opposite!

Open APIs, Open Source, And Giving Away The Crown Jewels

Published February 11, 2005

Tech: Bit of a long essay, this one.

World+dog have been linking to this interview with Flickr’s Stewart Butterfield on the O’Reilly Network, so I wasn’t going to bother. But I came across a great illustration of what I think is a very important point:

Koman: In the write-up for your web services session at ETech, you say, Capturing the creative energy of the hive can be scary. It requires giving up some control, and eliminating lock-in as a strategy. Tell me some more about that.
Butterfield: Ofoto is a pretty good example. I don’t want to pick on them too much, but they create a pretty artificial kind of lock-in. When you upload your pictures to them, you might upload a three- or four-megapixel image, but all you can get back from them is a 600-pixel image; if you want to get the original back, you have to buy it on a CD. There’s no way to get it out because if you got it out, then your friends and family could get it out and print it out at home, and they’re in competition with Lexmark and HP as well as the other online photo services. So that’s one aspect of it.
There’s also a tendency to want to capture all the value that’s being generated or will potentially be generated by new business. What I mean by that is, we don’t explicitly allow commercial uses of the API yet, but we definitely plan to. And we know that there are people working on products based on our API that we want to do, but outside developers will get to it first. What letting go in that context means is letting go of all the control you have over users by being the one who owns the database, because other developers can generate businesses and products that hook into you, and that takes some value away.

This is a point that still, to this day, most people miss.

The traditional viewpoint is that, if you’ve got something, you hoard it, and ensure you’re the guy who makes the money from it. So you do what Ofoto do — you keep the full-resolution images, and charge for access to them; or you don’t publish APIs, and keep the data to yourself; or in the world of source code, you hold onto the source so no-one else can see it, because it’s your ‘crown jewels’. Then, the idea goes, you can ensure that you’re the only one who can do prints, or add a feature to the source, or whatever.

But the problem is, you’re not always the one with the idea; or alternatively, every feature request has to go through you, and be implemented by you, on your time. And in the meantime, your users are considering the big question — ‘do I want to get locked in, here? what if he goes out of business? am I a small customer who’s going to be ignored?’

In fact, I’ve been guilty of this myself. When I started writing open-source software, I used the GPL as a license, which prohibits commercial use (mostly) — except by myself or through my explicit permission. I had no intentions of making it available for commercial use, because I couldn’t see the commercial uses.

But that was me being short-sighted — soon, people starting asking if they could license the code for commercial use, or hire me. I realised that I didn’t have the time, or inclination, to go the whole hog, and risk my livelihood on a piece of software — especially risky since I didn’t think that software could support me alone.

So when I wrote SpamAssassin, I picked the Perl dual license, a license that did permit commercial use, while still being an open-source license. By now, there are quite a few commercial versions of SpamAssassin, all making money (I hope!), I’m getting paid to work on SpamAssassin, and everyone’s happy ;)

Perhaps I should have kept commercial rights to myself. But I have no doubt that doing so would have ensured SpamAssassin remained a small-time solution, and would not have received the number of contributors, committers, and patches it has by now. (for example, Matt Sergeant, who was an SpamAssassin committer, joined the project explicitly to use that code in MessageLabs‘ product.)

Plus, at the time, there were already quite a few commercial competitors — and there’s a lot more to being a commercial success than the simple things required to be an open-source success; I’d be dubious that SpamAssassin would have been able to compete as a purely-commercial play, and I’m not sure I’d have been keen to risk my livelihood to do so, anyway. (I’m not really dot-com CTO material, anyway. I like hacking code too much.)

I think things have worked out well: the software’s better, I’m earning a livelihood from open-source software regardless, and the software’s usable for more people. As usual, Larry Wall was right ;)

A highlight (or low-light) from the world of spam bounces

Published February 7, 2005

Spam: recently, I’ve been getting a lot of spam bounces; that is, messages sent by people’s autoresponders, in response to forged spam claiming to come from my domain. (I have an SPF record, but these autoresponders naturally don’t bother to check that before replying.)

I have a SpamAssassin ruleset which catches these, and it gets rid of the vast majority — but the odd wierd one gets past. This one caught my eye before I deleted it:

On October 5, 2004, I will be going to the Illinois Department of Corrections for approximately 18 months. If you wish to contact me, please snail mail me at: (address deleted)
Your letters will be forwarded to me and I will reply as soon as I receive them! Thanks…and please do write! Mail is vitally important! :-)

… ouch. Good luck to this guy, whoever he is…

Spamhaus article on ISPs hosting spam gangs

Published February 4, 2005

Spam: Should ISPs Be Profiting From Knowingly Hosting Spam Gangs? — a new article up on Spamhaus.org, well worth a read. Some snippets:

So where is this stealth proxy spamware sold and distributed from? For Send Safe the answer is, www.send-safe.com, hosted by MCI Worldcom.
… MCI executives have refused to stop providing service to these gangs, insisting that the sale and distribution of stealth spamming software is not against MCI’s policy.
… It’s no surprise therefore that MCI has consistently occupied first place in Spamhaus TOP 10 World Worst Spam Service ISPs chart, with over 200 spammers and spam gangs on the MCI network in full knowledge of the security managers and the General Counsel.
… MCI Worldcom’s official position on the issue is that MCI can’t stop their spam gangs selling proxy hijacking spamware from MCI’s network as that would be ‘censoring’ the distribution and sale of illegal proxy hijacking software.

interesting Antarctic factoid

Published February 3, 2005

Antarctic: It seems that Ernest Shackleton, during his exploration of Antarctica, relied heavily on ‘Forced March’ tablets:

Reportedly ‘sold over the counter at Harrod’s until 1916’, these were primarily cocaine-based.

EU Software Patents law back to square one

Published February 2, 2005

Patents: FFII are reporting that ‘the Legal Affairs Committee of the European Parliament (JURI) has decided with a large majority to ask the Commission for a renewed referral of the software patents directive. With only two or three votes against and one abstention, the resolution had overwhelming support from the committee, and all-party backing.’

Michel Rocard MEP gave a very strong speech at the meeting with the Commissioner. Apart from noting several “inelegancies” by the Commission, such as not taking into account any of the Parliament’s substantive amendments in its recommendation to the Council, he also took issue with the Dutch and German governments ignoring their respective parliaments, the Irish Presidency’s sponsorship by Microsoft and the attempted ratifications of the political (dis)agreement at several fishery Council meetings.
He mentioned that at a meeting with the Polish government, the industry players confirmed that the Council text allowed pure software patents, and wondered how the Commission could continue claiming the reverse. He was also curious about how the Commission’s perfectly tautological definition of the concept “technical” could help in any way to distinguish between what is patentable and what is not. Despite his own abstention when voting on the restart later that day, the fact that almost everyone else supported it is probably his personal achievement.
The Commissioner made clear that “any agreement will need to strike a fair balance between different interests”, and that “a constructive dialogue between the Council and Parliament will be vital for an agreement”. He does have the option to deny a new first reading. But given the strength of feeling in the Parliament and the concerns of so many member states in the Council, the Parliament request looks like the best way to achieve a clean way forward for this Directive that everyone has been looking for.

This is good news for the anti-swpat side. Nul points for the Irish Commissioner, Charlie McCreevy, who ‘had in the morning assured the JURI Committee that the Council would finally adopt its beleaguered Common Position text. He announced that “the Luxembourg Presidency has now received written assurances concerning the re-instatement of this issue as an A point at a forthcoming Council”. Given that A points are to be adopted without discussion, this left no possibilities for renewed negotiations in the Council’.

interesting sysadmin talk next week in Dublin

Published February 1, 2005

Networking: Donal Cunningham, president of SAGE-IE, mails to note an interesting talk on in Dublin next week:

The System Administrators’ Guild of Ireland and Dublin University Internet Society present…
What : From the ground up; a greenfield deployment in Liberia
Who : Comdt. Kieran Motherway, Corps of Comms. and IS, Defence Forces
Where: Walton Lecture Theatre, Arts Building, TCD
When : Tuesday the 8th of February, 7 p.m.
Why : The Irish Defence Forces deployed to a greenfield site in Liberia in 2004, and had to build Comms/IT infrastructure from the ground up. Comdt. Motherway will talk about the Irish Army’s experiences with this deployment, and just how far removed from an air-conditioned, climate-controlled comms room you can get…

Sounds like fun, and I know a few taint.org readers will be interested ;)

Building a Freevo

Published January 27, 2005

Freevo: so I’m planning to build myself a PVR, of the home-built, running Linux with mythTV or Freevo, mini-ITX variety.

So far I’m still at the hardware planning stages, but the price looks good — around $455 (plus shipping) for a working, thoroughly hackable, silent, set-top PVR system.

(Silence is a key aim here — last thing I want is something noisy taking over the room. But silence typically seems to cost the dollars, once you get into Shuttle gear and the like.)

If anyone wants to follow along, or provide some tips — I’m going to track progress (very slowly) on this wiki page. Like all wiki pages, it’s editable — although you’ll need to create an account to edit pages there (sorry, anti-spam measure).

BTW, lately, there’s been a lot of talk about using a Mac mini as a media center. So I took a quick look — but wow, it’s pricey! $499 + $329 for an EyeTV 200 tuner? Dude, that’s over 800 dollars, not include shipping or sales tax. Given whatever extras turn out to be appropriate, I wouldn’t be surprised if it hits double the mini-ITX’s price.

January 24th: a day of partition table misery

Published January 25, 2005

Tech: January 24th, besides being the date the first Apple Macintosh went on sale, is supposedly the day of maximal post-xmas misery. Well, it certainly was for me today.

I decided to power on my old desktop to set it up as a back-room fileserver, and twiddled the partition table accordingly to nuke a few unused Windows partitions and maximise usable space.

Somehow or other, some component of my system decided that it would henceforth be non-bootable. It seems some BIOSes don’t like partition tables where a high-numbered logical partition have a lower starting sector than a boot logical partition, or something… GRUB just errored out with an obscure ‘Error 17’, which apparently means that it couldn’t find its boot partition any more.

OK, so I needed a boot disk. But I had 1 laptop with a CD/DVD drive but no floppy drive, and a desktop with a floppy drive but no CD drive (due to hardware failure)… and the original linux boot floppy was long gone, seeing as I’d hardly booted this machine in the duration of two house moves. Argh.

A dinky little Cruzer mini 128MB USB flash drive saved the day. (R)ecovery (I)s (P)ossible is a tiny Linux distro that fits into 27MB, well inside the USB drive’s limits; it has an exceptionally helpful and detailed README detailing exactly what needs to be done to create a bootable USB flash drive from its ISO image, using just the generic linux toolchain.

Together with fdisk and parted’s ‘rescue a lost partition’ mode, I was able to get the mangled partition table back into shape, mount the boot disk, change the fstab and grub configuration file, and reboot into a working system. phew!

Many thanks to Kent Robotti, who’s done a great job with RIP.

On the other hard — no thanks to whoever came up with the arcane rules behind the IDE partition table… argh.

OpenStreetMap.org

Published January 21, 2005

Map: much interesting geowankery going on in London, where they suffer under the same Ordnance Survey monopoly as we do in Ireland.

This message to their mailing list notes a quote from IKONOS of $1,172.50 USD plus shipping for a 1m Color Geo referenced satellite image of central London, covering 67 square kilometers.

Given ‘enough processing’, data extracted from that map becomes a Derived Work, and have no copyright restrictions. ‘Processing’ includes ‘vector extraction, classification, etc.’

Now, I worked it out — central Dublin city centre covers about 3km x 4km. At the named rates for London, that works out at an inexpensive $210! Looks like it was imaged in September 2003.

There’s something interesting for a local geohacker to add to their list of projects ;)

(There’s also some old Landsat-7 data that may be usable.)

‘Spam Kings’ review

Published January 20, 2005

Spam: Before xmas, I received a copy of Brian McWilliams‘ new book, Spam Kings.

It’s a great book — full of behind-the-scenes details on how the spammers operate, how they get away with it on the sending end, how they try to evade filters on the receiving end, and how they’re fundamentally running the usual simple scams that have been around since before email spam came into existence. Well worth reading.

In addition, Brian’s continuing to write about spam and spammers at the Spam Kings weblog, and will be giving a talk at this year’s MIT Spam Conference, tomorrow.

Anyway, pick up a copy if you’re interested in the spam problem — this is one of the best books I’ve read on the subject, and this kind of information is essential for an understanding of the people we’re up against.

Echo chamber goes crazy about ‘nofollow’

Published January 19, 2005

Blogs: Just to expand on a linkblog posting I made yesterday, Google’s search team have announced support for a new piece of Google functionality; they’ll fix their crawlers to ignore links with a rel="nofollow" attribute, for PageRank calculations, the idea being that spammers will stop blog-spamming once they can’t get PageRank out of it.

The blog world has been all aflutter:

Google Blog
MSN Search
SixApart
Dave Winer
Robert Scoble: ‘now we can link to things without raising their search engine whuffie’
burningbird: ‘I remember something like this being discussed before’

BurningBird is right, to a degree. In fact, it’s been solved before.

Here’s a taint.org posting from November 2003 where I point out that by using a trivial Javascript URL one can link to another page without conferring PageRank. The format is:

javascript:document.location=target

The result looks like this, and work in any browser with a basic JS engine, from IE 3.02 and Netscape Navigator 2 onwards. I’ve been using it for my referrer logs, among other things, for over a year. I wrote a patch that implemented it for external links in the Moin Moin wiki software.

Amazingly, despite my plugging this idea at virtually every opportunity, it seems nobody noticed! At least, nobody among the people who (it would seem) should be looking into comment spam, thinking about how to deal with it, etc.

Disappointing — the echo chamber keeps talking to itself, once again. Maybe I’ll stick with dealing with email spam instead ;)

Ah, whatever. Anyway, this is a nicer fix; relying on JS isn’t a good thing. So nice work, Google.

(PS: worth noting that while this is a good plan, comment spam won’t be going away any time soon, as Mark Pilgrim noted. Still, here’s hoping it’ll help in the long term…)

IPC::DirQueue 0.04 released

Published January 19, 2005

Perl: at last, a perl-related posting! I’ve released IPC::DirQueue 0.04; details of what’s changed (summary, a couple of bugs fixed) are at that link.

BTW, thanks to Ask and Robert at perl.org, who are providing free SVN repository and list hosting for CPAN modules! And don’t overlook the fact that the mailing list/newsgroups each have their own RSS feed, woot!)

Prescient tsunami spam

Published January 19, 2005

Spam: I was just looking back through the archives here on taint.org, and noticed this entry from December 2 last year:

A huge 300 ft. high ocean wave is moving towards your continent. Your and many other cities are in a real danger. Approximate wave moving speed is 700 km/h. cmoym eaaa yypbzz
Please read more about this catastrophe here: (link)
We are strongly urging you to evacuate yourself and your family as soon as possible, even though you may live far away from your city. The tsunami will reach the continent in approximately FOUR hours.

It appears that the spam was a phish attack — the site in question is full of Internet Exploder exploits. It was ‘targeted’, at least as well as such things ever are, at Australian readers. AUSCERT issued a warning about it at the time.

But how’s about that for timing? Spooky! What did those phishers know?

eWeek’s ‘Spammers Upending DNS’ article

Published January 13, 2005

Spam: eWeek recently published an article entitled ‘Spammers’ New Tactic Upends DNS’ , which notes that:

One .. technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning.
By doing this, spammers hope to avoid stiff CAN-SPAM fines through minimal exposure and visibility with a given domain. The ruse, they hope, makes them more difficult to find and prosecute.
The scheme, however, has unintended consequences of its own. During the interval between mailing and registration, the SMTP servers on the recipients’ networks attempt Domain Name System look-ups on the nonexistent domain, causing delays and timeouts on the DNS servers and backups in SMTP message queues.

This had me stumped when I read it, since an email from a nonexistent domain is a pretty reliable spamsign (it’s used in the NO_DNS_FOR_FROM rule in SpamAssassin, for example, which hits about 2% of spam), has been a rule in the default ruleset for several years, and there’s no sign of that behaviour in our spam traps.

After some discussion, Suresh Ramasubramanian came up with this explanation of what’s really happening:

Verisign now allows immediate (well, within about 10 minutes) updates of .com/.net zones (also same for .biz) while whois data is still updated once or twice a day. That means if spammer registers (a) new domain he’ll be able to use it immediatly (sic) and it’ll not yet show up in whois (and so not be immediatly identifiable to spam reporting tools) – and spammers are in fact using this “feature” more and more!

That does sound a much more likely explanation, and matches what’s been seen in the traps.

So: WHOIS, not DNS.

IBM Pledges 500 U.S. Patents to Open Source

Published January 11, 2005

Patents: wow, this is amazing news! ‘IBM today pledged open access to key innovations covered by 500 IBM software patents to individuals and groups working on open source software. IBM believes this is the largest pledge ever of patents of any kind and represents a major shift in the way IBM manages and deploys its intellectual property (IP) portfolio.’

Even better, they are hoping to begin a ‘patent commons’ for other companies to join, and the OSI definitions of which licenses are judged ‘open’ apply.

More details:

Of course, it would be better if it were also safe for commercial software development. But this is a valuable bulwark against Microsoft-style patent tactics.

Web-browser style history for the command line

Published January 11, 2005

Code: Here’s something I came up with recently — it’s actually an evolution of the idea of pushd and popd, as included in BASH. To quote the POD docs:

cdhistory is a perl script used to implement web-browser style “history” for UNIX shells; as you use the cd command to explore the filesystem, your moves are remembered, and you can go “back” through history, and “forward” again, as you like.

Download the perl script here.

Annoying anti-arab Republican talking points, pt. xxviii

Published January 6, 2005

Politics: This moronic comic from Pat Oliphant came up in my comics page the other day, and, after a few days of hearing this particular talking point through the usual propaganda channels, I just saw it again. It pissed me off enough that I took a look at the stats.

Naturally, it’s bullshit. The top 50 governments pledging tsunami aid, per GDP:

Qatar (#2)
UAE (#5)
Kuwait (#9)
Bahrain (#10)
Saudi Arabia (#15)

Given that the USA’s at #29, and the UK at #22, I think the arab states are coming up with a pretty good result there.

I guess it’s hard to look beyond today’s talking points when you’re still drawing cartoons at the age of 70.

A Firefox Extension plug

Published January 5, 2005

Web: Urgh, I still have this damn cold I picked up in Ireland… sniffle cough etc. More vitamin C needed!

Anyway, just a quick plug for a very deserving Firefox extension, one I haven’t seen mentioned widely. It’s pretty common, when you wish to print out a web page, that you wish you could get rid of the obnoxious extra-wide sidebar tables, gigantic ads, or other extraneous parts of the page. Well, now you can:

Nuke Anything is a Mozilla/Firefox extension which offers two great features in the right-click context menu:

Remove this object: this will remove the object you’ve right-clicked on — a table TD, paragraphs, images, IFRAMEs, etc.
Remove selection: more usefully, this allows you to select exactly what you want to remove with a left-button drag, then right-click to remove it.

It’s really useful. I almost never print anything out these days without scrubbing off a few unwanted sidebars ;)

HOWTO: invalidate a patent application with prior art

Published January 4, 2005

Patents: here’s an interesting technique I heard recently. (credit: I’m not sure who told me about it, but I think it may have come from or via John Levine.)

If you become aware of a patent application (note: not an issued patent!) for which you are aware of possible prior art, you may be able to help invalidate it, or at least ensure any resulting patent is narrow enough to be relatively sane. Here’s how.

If you have knowledge of techniques that you believe may be prior art, you can send them on to the filers or the patent examiner. At this stage, the onus is on them to prove that the technique is not prior art for the application (once it’s granted, the onus would be on you to prove that it is).
The filer also must indicate techniques that they are aware of, that may be prior art, during filing; so CC’ing a public forum with a copy of whatever you send to them, may at some point in the future help indicate that they did not do this.

Of course, you have to go find the patent application number, the contact addresses of the filers, and the contact address for the patent examiner to do this ;) But it beats posting a whinge to Slashdot.

An unnamed patent agent comments:

‘I believe an examiner is not under obligation to review art sent directly to them, but certainly the applicant and his agents are required to report any art they come across. That means the inventor as well as the law firm representing them.

You should include a cover letter that you saw their application (give details), and that you believe that what you are sending them is prior art, and that now that they have it, they are obligated to report it to the PTO. The same can be done to their counsel.

Probably, anything sent should be sent with some sort of delivery confirmation, and to make sure that the sending of the prior art is of public record, create a Web site where all sent art is listed, along with destination and confirmation information. This would help show inequitable conduct should the patent later be asserted and the art you provided not be shown as of record in the examination.

Mind you – I have not heard of these being done before (bombarding listed inventors and their agents with prior art, forcing them to have to disclose it), but I think it’s a great idea. One caution – if you send too much, you over inundate the examiner, and then really good art could get overlooked during examination.

Separately, please keep in mind that the claims in a published application have probably not yet even been seen by the examiner at the PTO. These are the claims that the applicant would love to have the examiner accept, but until prosecution of the application actually commences (and completes), there’s no way to know what claims will ultimately result.’

Update: some good additional points:

‘The prior art must have been published or been publicly available at least as early as the earliest priority date of the patent. The priority date is either the filing date, or the filing date of a parent application. This information can be found on the cover page of a patent.

A patent’s scope is covered by the claims. The claims define what the invention is. All other material in the patent is supporting material, and usually non-binding. In order to be anticipatory (the best kind) prior art for a particular claim, the piece of art must contain or described every element of the claim you are seeking to invalidate. Note that dependent claims add additional elements that the prior art needs to contain if you want to invalidate the dependent claims as well.

Prior art which is not anticipatory may be used in combination with other art or knowledge at the time to show obviousness. This type of art may have some impact during prosecution of a patent, but if a patent has already been issued, obviousness is a real uphill battle to fight in the courts. Few patents have been invalidated because of obviousness in trials.’

Another attorney notes: ‘You can actually send it anonymously if you want. Just keep the certified receipt to prove they got it. As long as they know it exists, the onus is on them to disclose it to the PTO.’

‘It’s best to send them something printed out or on tangible media, along with a brief note explaining what it is and most importantly, when it was first publicly available. Certified means using certified mail or FedEx or something where you have a valid receipt.

As far as (discovering) who the (filer’s patent lawyers) are … it’s usually listed on the patent applications. you can search the USPTO website for them.’

And a report that this technique is now in use: ‘some patent attorneys are reporting that this approach is a valid one that people have started using.’

Update 2: More assent from another unnamed patent lawyer:

‘Anyone who wishes to do so can send a letter to the Patent Office letting them know of any prior art of which they are aware. The Patent Office will then place it in the application file. Anyone who cares about this patent will surely order up a copy of the application file from the Patent Office, and will come into possession of whatever you sent.

Later you can see whatever you sent them. Go to
http://portal.uspto.gov/external/portal/pair and plug in the serial number (for the desired patent). Click on “image file wrapper”.’

It’s the right thing to do for any patent or patent application.’

Verizon.net blocks the world

Published January 3, 2005

Spam: I’m still catching up, but this is just plain hilarious. Pure, solid-gold, insanity. Verizon.net, the ISP branch of the US telco, has decided that the easiest way to fix their spam problems (uh, spam-receiving problems, that is), is now blocking inbound email from non-U.S. IP ranges:

A little birdie with insider knowledge has confirmed that Verizon is blocking all international IP space from RIPE, APNIC, and more, and is only unblocking specific domains, based on their IP address, when complaints are made and escalated.
According to the source ‘the security team management thinks this is going to stop their inbound spam problems.’
Well, it may stop their inbound spam problem, but it’s also going to stop that pesky ‘wanted email making it to their customers’ problem.

A quick check from my Ireland-hosted colo box does indeed indicate that this is still the case, and I can’t connect to relay.verizon.net (206.46.170.12):

  : jm ftp 1...; telnet 206.46.170.12 25
  Trying 206.46.170.12...
  telnet: Unable to connect to remote host: Connection timed out

Back, in the flurry of a mini-tornado

Published January 3, 2005

Meta: Back. Not even ‘mini-tornados’ at Dublin Airport can keep me away — although it gave it a damn good try, with a 3 hour delay, a missed connection, and an overnight stay in Chicago. Arggh.

Mail: I generally leave the laptop at home when on vacation, to do some proper winding down. Not sure it was a great idea this time, since I was joe-jobbed by some pretty extensive spam runs recently, resulting in over 30,000 bounces sitting unread in my email when I got back.

Thankfully, Tim Jackson’s bogus-virus-warnings.cf SpamAssassin ruleset (with a few updates) got most of them, with only a few hundred getting past. I should really hack on making those more complete, but some of the bounces are really obscure; along the lines of ‘Hi from J Random Luser, Esq.! I no longer use this address because it gets too much spam! Please send to this new one instead: jrluser98@example.com!’, generally without any obvious identifying headers that indicate it’s an autoresponse.

Sigh — each of those messages is just utterly random, and I can’t see much recourse but to come up with some nasty phrase-based content filtering rules, which I was hoping to avoid. But 29,500 hits isn’t bad ;)

I’m not sure they’d be suitable yet for use as default SpamAssassin rules, since they now generally just match any kind of bounce message, not specifically joe-job or virus-forgery blowback. But that suits me just fine — I can live without bounces, as long as I don’t have to suffer the bounce blow-back.

Science: Good news from New Scientist — they’re opening up their archives! NS has consistently the best science journalism around, and I’ve been a subscriber for years. But until recently, they had a lousy approach to their website — most of the useful stuff, like the archives, were walled-off, subscriber-only features; a classic case of missing the Clue Train. Well, here’s an archive search for ‘spam’ — pretty impressive, and most of the short articles are available in full, with only the full text for features and opinion pieces requiring a login.

In addition, they’ve added a massive batch of RSS feeds. Sadly, no full article text excerpts, however. But still — getting the clue, eventually — this way they may actually get links on the web, in place of the mangled and chinese-whispered versions of their articles republished in the UK newspapers…

Ireland: Due to monopolistic pricing of Irish GIS data, consumer GPS maps of Ireland’s road system are appalling, and this page collects a few great demos — for example, MS Autoroute quintuples the distance from Galway to Roundstone! That’s a major tourist route, BTW. I knew it was bad, but not that bad…

Anyway, I’m still waaay behind, but slowly catching up.

Xmas hols

Published December 22, 2004

Meta: I’m back in Dublin for a couple of weeks over xmas, so I won’t be updating this weblog very much. See you in January!

BTW I flew back via Chicago, which is obviously the stopover of choice to Dublin from Silicon Valley — surrounded by 1 iBook per every 8 passengers. ;)

PS: looks like they forgot Poland!

An Open Letter to Sound System Developers

Published December 16, 2004

Linux: after about 3 months of tweaking and twisting, performed by someone who’s been using UNIX for over a decade, I’ve finally got sound working the way I want it on my Linux desktop. In other words, I can hear sounds made by Flash applets, and I don’t have to shut down the best music player on the platform every time another app wants to make a sound.

This is pretty clearly absurd.

So here’s my open letter to the developers of the various systems (GStreamer, aRts, ALSA, EsounD polypaudio, et al):

Please DO do some testing with crappy sound hardware. I don’t care if your sound system works great with a SoundBlasterLive 2006 with the kryptonite connectors, I have a laptop, for god’s sake. That means software mixing is essential, because cheapo hardware doesn’t do hardware mixing.
As an extension: please DO include software mixing by default. ALSA’s pretty good in general, but having to hack out 55 lines of hand-tweaked config file before software mixing works, is insane. (Especially when the Wiki documenting that is full of notes that some of the magic numbers may not work on your hardware.)
Please DO use existing APIs if possible. That means esd. I’m looking at you, aRts. At least the latest sound project, polypaudio, looks like it’s getting this right.
I DON’T care about network transparency, realtime response, or having a wah-wah pedal effect built into my sound server. That’s just silly. Use a modular architecture to allow that in future, but concentrate on getting the basic stuff working first!
Please DON’T hardcode output device or output ‘sink’ names into the source. Looking at the kgst component of KDE here.

Meh.

Anyway, here’s the scoop on what I had to do to get software mixing working in both GNOME, KDE, and Firefox, on my Thinkpad T40 running Debian unstable. Once I figured out the magic incantations, it now seems to be working without stutters or hangs.

Sometime in the next few months, of course, I plan to upgrade to Ubuntu Linux, and all bets will once again be off ;)

BSA’s Spam Statistics

Published December 15, 2004

Spam: The Business Software Alliance, a UK anti-piracy body representing many of the major software vendors, recently issued a spam-related press release which got a lot of attention in the UK press (they have great press contacts!).

To quote John Graham-Cumming’s newsletter on the subject:

1 in 5 British Consumers Buy Software from Spam: that’s according to a survey by the Business Software Alliance. I find that a pretty surprisingly high number and considering it comes from an advocacy group that tries to get people to buy legitimate copies of software I expect it’s not totally accurate. The one thing I find really surprising from the survey are these two statistics: 23% of spam is read by the person receiving it and 22% of people have bought software. Apparently, 11% of people surveyed like the idea of buying through spam because the software is cheaper.

It’s still an interesting figure, but the BSA has come up with some pretty suspect statistics in the past, so pinch of salt applies. As jgc points out, the BSA have a vested interest in making the problem sound worse than it may be in reality.

Still, the survey PDF can be read here, and is worth a look.

EU Software Patent tricks — very fishy antics

Published December 13, 2004

Patents: This is really absurd — according to this ZDNet UK article, it now looks like the EU Council is considering railroading the EU software patent directive through, by hiding it as an ‘A-item’ in a Fisheries Council Meeting the week before xmas:

Laura Creighton, the vice-president of the Foundation for a Free Information Infrastructure (FFII), is concerned that the EU Council could be contemplating passing the directive without discussion in an unrelated meeting.
‘Before today it was possible for generous people to look charitably at this text (the proposed patent directive) as an example of a tragic mistake, not malice,’ said Creighton in a statement on the FFII Web site. ‘But not with this last-minute manoeuvring.’
‘Only the most committed opponent to the democratic process would believe that the proper response to the widespread consensus that there is something profoundly wrong with the Council’s text is to race it through with an A-item approval the week before Christmas in a Fisheries Council Meeting. The bad smell coming from Brussels has nothing to do with the fish.’

Reportedly, A-items are dealt with by asking the assembled councillors if they have any objections to any of the outstanding items. They’re not listed in detail at the meeting, so this way the directive can be passed in what is effectively a submarine (boom boom!) manner.

In a Talkback to ZDNet UK’s earlier story highlighting the issue, Cox wrote: ‘I too was mysteriously overlooked despite having written to my MP and received an answer.’ …. Cox, who has previously been invited to speak on software patents at the EU, said the Patent Office apparently fears ‘every word I have to say about their plans’. He went on to add: ‘Unfortunately with all the underhand game playing both in the EU council of ministers and in UK government and patent circles it isn’t the slightest surprise.’

Here, the patents at issue were less valuable to companies that actually produce Web services products than they were to firms that produce nothing but lawsuits and licensing threats. In other words, patents like these have become worth more as weapons than as protections for companies competing in the marketplace.
Many have compared these new patent licensing firms to terrorists, and in some ways, the analogy is apt. When the Soviet Union collapsed, one of the biggest worries was that rogue military personnel might sell off one or more of the USSR’s nuclear missiles to a terrorist group. Securing those weapons became a top priority. The reason was fear — fear that the terrorists, who had little to nothing at stake in terms of world peace and national stability, would use the missiles to extort or manipulate the world political climate. Unlike the United States or China, which could be retaliated against and which had a stake in stability, terrorists were essentially immune from attack, and thrived on instability.
With the patents of bankrupt dot-coms, the dynamics are similar. Rogue licensing firms buy up these patents and then threaten legitimate innovators and producers. They have no products on which a countersuit can be based and no interest in stable marketplaces, competition or consumer benefit. Their only interest is in the bottom line.
While profit itself is often a worthy objective, it is not always synonymous with innovation. Every dollar a tech company pays to patent lawyers or licensing firms is one less dollar available for R&D or new hires. Thus, many companies that offer new products end up paying a ‘tax’ on innovation instead of receiving a reward. When this happens, it’s a signal that the patent system is broken. Forcing companies to pay lawyers instead of creating jobs and new products is the wrong direction for our economy to be headed and not the result our patent system should be promoting.

playing around with Google Suggest

Published December 10, 2004

Web: Google Suggest, a drop-down list of suggestions — with hitrates! The one letter hits are interesting, too.

“spam” hitrates, the top 3 (aside from “spam” itself):

“spam filter”: 6,400,000 results
“spamcop”: 1,570,000
“spamassassin”: 1,350,000

in the top 3. getting there!

unfortunately, you have to get as far as “justin ma” before my name shows up, so not doing too great in that competition. ;)

too busy worrying about patents to care about copyrights

Published December 3, 2004

Patents: oh, this is painfully ironic.

patents4innovation.org is a PR site set up by EICTA, a consortium of several pro-software-patent multinational companies, to put some PR money into lobbying for the legalisation of swpats in the EU. I’ve mentioned it before in the context of another boo-boo. Well, here’s the next one.

According to FFII, they recently took a Creative-Commons-licensed article from another website, and:

republished it without the required attribution to the author
translated it, creating a ‘derived work’, against the terms of the license
and then failed to notify readers of the licensing terms, as required

In other words, they managed to infringe the terms of its copyright-based licensing in multiple clauses.

No wonder they claim that patents are required to protect people’s inventions. It seems they just don’t understand how copyright-based licensing works ;)

(The article’s been taken down from the p4i site, but not before the boo-boo was spotted by an eagle-eyed FFII’er.)

Justin's Linklog Posts