Blackmoor Vituperative

Never content to twist US law into pretzels, the media robber barons also attempt to use their power to make other nation’s laws as bad as those we have here….

In accordance with US trade law, the Office of the US Trade Representative (USTR) is required to conduct an annual review of the status of foreign intellectual property laws. This review, which is referred to as Special 301, is typically used to denounce countries that have less restrictive copyright policies than the United States.

The review process is increasingly dominated by content industry lobbyists who want to subvert US trade policy and make it more favorable to their own interests. [...] One of the organizations that plays a key role in influencing the Special 301 review is the International Intellectual Property Alliance (IIPA), a powerful coalition that includes the RIAA, the MPAA, and the Business Software Alliance (BSA). The IIPA, which recently published its official recommendations to the USTR for the 2010 edition of the 301 review, has managed to achieve a whole new level of absurdity.

University of Edinburgh law lecturer Andres Guadamuz wrote a blog entry this week highlighting some particularly troubling aspects of the IIPA’s 301 recommendations. The organization has condemned Indonesia and several other countries for encouraging government adoption of open source software. According to the IIPA, official government endorsements of open source software create “trade barriers” and restrict “equitable market access” for software companies.

[...]

The Indonesian government issued a statement in 2009 informing municipal governments that they had to stop using pirated software. The statement said that government agencies must either purchase legally licensed commercial software or switch to free and open source alternatives in order to comply with copyright law. This attempt by Indonesia to promote legal software procurement processes by endorsing the viability of open source software has apparently angered the IIPA.

In its 301 recommendations for Indonesia, the IIPA demands that the government rescind its 2009 statement. According to the IIPA, Indonesia’s policy “weakens the software industry and undermines its long-term competitiveness” because open source software “encourages a mindset that does not give due consideration to the value to intellectual creations [and] fails to build respect for intellectual property rights.”

The number of ways in which the IIPA’s statements regarding open source software are egregiously misleading and dishonest are too numerous to count.

(from Big Content condemns foreign governments that endorse FOSS, Ars Technica)

“The IIPA — destroying your cultural future to line our pockets today!”

I picked up the TV series “Invasion” on DVD at Kroger, from a bargain bin. I am up to episode 5 or 6. This is a weird show.

There is clearly an alien invasion going on, but it’s not clear that the aliens are even aware that they are aliens. I had always assumed that pod people would know that they are pod people. But what if they didn’t know?

What if you were a pod person, and didn’t know it? What if you just felt… off, somehow?

I have said it before, but I will say it again: don’t take anything posted in this blog too seriously. It’s mainly a place for me to grumble harmlessly about things that are beyond my control, so that I can get it out of my system and go on with my life as the generally optimistic, upbeat person that I prefer to be.

Life is too short to be pissed off all the time.

Associate yourself with men of good quality if you esteem your own reputation; for ’tis better to be alone than in bad company.

(From George Washington’s Rules of Civility)

George Washington’s Rules of Civility is pretty cool, in a Victorian sort of way.

It’s 06:00 Sunday morning. I have been laying awake for an hour.

I had a job interview Friday at one of the more prestigious companies in Richmond. It doesn’t matter which one. Toward the end of the interview, they mentioned the section on my resume toward the end, where I state:

I will consent to pre- or post-employment drug testing only if I am or will be directly responsible for the lives of others, or if I must obtain and maintain a security clearance from the Unites States federal government.

The interviewer said that a humiliating invasion of my personal privacy (i.e., “drug testing”) was a requirement for the position, and that I wouldn’t be offered the position unless I consented to it. Note that I hadn’t actually been offered the job, but if I were offered the position, consenting to this debasement would be a condition of my employment.

I really want that job. I still do. It would be a great opportunity for me, with a great company, doing exactly what I want to do. I grudgingly said that I would consent, if offered the job.

I have hated myself ever since saying it. If I am offered the job, and if I consent to this pre-employment rape just to get a paycheck, I will hate the company and every moment I work there.

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…”

Has this phrase become meaningless? If it doesn’t apply to your most intimate of medical information, then what good is it?

I am going to start lobbying the General Assembly, to ask them to create an Employee Medical Privacy Act. The legitimate business interests of an employer do not extend to the private medical information of their employees and prospective employees. This grotesque and despicable invasion of Virginians’ privacy has gone too far. The practice has become so commonplace that only action by the General Assembly can protect us from it. If they won’t protect us from this vile and humiliating practice, then they need to be voted out of office and replaced with people who will.

In the meantime, I am going to contact that employer on Monday, and tell them that although I would love to have that job, that I will not and will never submit to being humiliated and debased as a condition of employment. If more of us stood up and said this, this despicable practice would end. But because most of use aren’t standing up against this obscene invasion of our most intimate private matters, it won’t stop until the government of Virginia puts a stop to it.

Frankly, I do not expect that to happen. But someone has to try, and I don’t see anyone else trying, so I guess I will have to be the one to start.

It appears that the Digital Rights Mafia and the media robber barons have successfully done in Britain what they failed to do in the USA in 2003 — bullied the broadcasters into allowing the robber barons to control not only the content, but the devices used to play that content.

In my latest Guardian column, “Why did Ofcom back down over DRM at the BBC?” I look at how lamentably credulous both the BBC and its UK regulator, Ofcom, have been in accepting US media’ giants threats to boycott the Beeb if it doesn’t add digital rights management to its broadcasts. The BBC is publicly funded, and it is supposed to be acting in the public interest: but crippling British TV sets in response for demands from offshore media barons is no way to do this — and the threats the studios have made are wildly improbable. When the content companies lost their bid to add DRM to American TV, they made exactly the same threats, and then promptly caved and went on allowing their material to be broadcast without any technical restrictions.

How they rattled their sabers and promised a boycott of HD that would destroy America’s chances for an analogue switchoff. For example, the MPAA’s CTO, Fritz Attaway, said that “high-value content will migrate away” from telly without DRM.

Viacom added: “[i]f a broadcast flag is not implemented and enforced by Summer 2003, Viacom’s CBS Television Network will not provide any programming in high definition for the 2003-2004 television season.”

One by one, the big entertainment companies – and sporting giants like the baseball and American football leagues – promised that without the Broadcast Flag, they would take their balls and go home.

So what happened? Did they make good on their threats? Did they go to their shareholders and explain that the reason they weren’t broadcasting anything this year is because the government wouldn’t let them control TVs?

No. They broadcast. They continue to broadcast today, with no DRM.

They were full of it. They did not make good on their threats. They didn’t boycott.

They caved.

Why did Ofcom back down over DRM at the BBC?

(From New column: Why is Ofcom ready to allow BBC DRM?, Cory Doctorow’s craphound.com

What the hell has happened to the once-great Britain? They gave us the foundations of our society — the rights of free men to bear arms, the rights of a jury to decide not only if a law was broken, but whether that law should be enforced at all, and the basic right of the governed to expect their government to treat them justly… all of this is due to our country’s British origins.

I have to say, I am a little disappointed with what’s become of them.

Religious conservatives argue the Founding Fathers intended the United States to be a Judeo-Christian country. But President Obama is right when he says it isn’t.

(From America is not a Christian nation, Salon)

I am no great fan of President Obama (nor was I of President Bush). But when someone is right, they are right.

OpenOffice.org 3.2 is now available, with a handful of new features and improved ODF compatibility.

If you haven’t migrated from MS Office to OpenOffice… what are you waiting for? Hello? It’s 2010!

The actual title of the article is “Six easy steps to make a super secure Linux server”, but I think that’s hyperbole. Even so, these are some basic steps that should be followed, and they do help make a server more secure.

1. Install latest security updates.
2. Disable root login via SSH
3. Disable or filter extra services
4. Remove active guest accounts and test accounts
5. Remove version notification
6. Hide application errors and PHP errors

(From Six easy steps to make a super secure Linux server, Technicant)

I have believed for a long while now that passwords need to go away. I have to wonder if this comically bad password policy is someone working within the system to get rid of them by making them even more absurd than they already are….

In “How does bad password policy like this even happen?” we addressed the deep question of what goes through someone’s head when he or she creates password policy that makes little or no sense and substantially damages security. The case in point was that of Nelnet, which had a comically bad password policy with restrictions that make no reasonable sense at all. For instance:

It can’t contain two separated numbers (i.e., Abc12ef34 would be invalid)

Perhaps the developers are deathly afraid that someone will have 4+7 in a password and somehow cause SQL to do something dangerous with it. If the database is so brittle as to be incapable of handling something like that, even when special characters such as plus signs are disallowed anyway (another golden example of bad policy at the same site), we can be reasonably certain that the offending organization should not be trusted with any private data anyway.

What can be worse than such ludicrous password policy?

How about a slightly less ludicrous policy that is almost as bad for security and comes with a completely absurd, even insane, explanation for why the password policy is so bad?

This is the case of American Express, evidently. A customer received a thoroughly crazy customer service email explaining the reasoning behind a password policy limited to eight characters, with special characters prohibited. The most unbelievable thing about this entire situation is that the email reads like it was written by a Nigerian scammer, but it came from the American Express “Email Servicing Team.”

Key phrases illustrating the lunacy of the explanation include:

• We discourage the use of special characters because hacking softwares can recognize them very easily. Presumably, this is meant to refer to keyloggers that might harvest passwords, but the fact of the matter is that detecting passwords is not dependent on the characters used. Key factors such as words (or non-word strings of characters) appearing out of context in the middle of other logged keypresses and time delays at either end of a single, relative short string of characters are much more important for identifying passwords than whether an asterisk is typed.
• The length of the password is limited to 8 characters to reduce keyboard contact. Some softwares can decipher a password based on the information of “most common keys pressed.” For commonality of keypresses to be used to statistically identify passwords, your passwords will have to be incredibly long. Otherwise, every time you type Xerox, the date or time, or an emoticon, someone trying to parse a keypress log is going to have to check to see if it is a password. Sorry — this part of the explanation is even less reasonable than the first quote.

This little gem of an email from Saturday has already spread like wildfire amongst online communities populated by people with an inkling of what “security” means, and the consensus is that whoever this person is, he or she does not not know what “security” is. One can only hope that this person is making things up to BS a customer, rather than actually expressing official American Express “security” policy.

The alternative is too horrible to imagine.