Bruce Guenter's Thoughts

Random musings about stuff that crosses my path.

Home
Archives
Subscribe via RSSXML Icon

My favorite blogs:

Valid XHTML 1.0!

Powered By Greymatter

Wednesday, November 23rd

More on Sony's DRM


Two more notable articles in the whole Sony DRM saga.

First, a rather amusing discovery that the XCP software contains DVD Jon's code. The ironic part is that this same code was the cause of the author getting mauled through the Norweigan courts by the MPAA for circumventing other DRM software. There's also code in there from LAME and mpglib, both GPL'ed software, in addition to the VideoLAN code (to which Jon is a contributor) which is licensed under the LGPL.

The second is a rather sobering thought from Bruce Schneier and Wired asking the question why the virus and spyware companies have been virtually silent about this whole affair. Should not at least one of the two supposed to be protecting their subscribers from exactly this?
Bruce on 11.23.05 @ 12:20 PM CST [link] [No Comments]

Thursday, November 10th

History's Worst Software Bugs (Updated)


Simon Garfinkel of Wired is writing a good three part series on bugs. The first part is a list of what he considers to be history's worst software bugs. Everybody who writes software should pay close attention to the kinds of things, because this is the kind of experience that would be wise to learn second hand instead of first hand.

The second part is about battling bugs. One of the things he noted, which I would agree with, is that "type safe" languages (such as Java or Python) are inadequate to protect against all bugs -- they simply move problems from one class of bugs to another. I would like to argue that hiding code behind increasing layers of abstractions also makes bugs harder to fully eradicate once they are discovered.

The third part is about a so-called secret bug squasher called the "Static Driver Verifier" developed by Microsoft. The SDV is a tool targeted at driver developers, and does static (compile-time) analysis of the sources to make sure the driver isn't doing something detectably wrong. A related tool, called sparse, was written by Linus Torvalds for the Linux kernel to do higher-than-C level type analysis. In its present form it appears to be catching some of the same kinds of bugs as SDV claims to. Such automated verification is a great thing to have, but it remains very hard to catch higher level design issues.

The article closes with an interesting and very true quote from Jack Danahy (the founder of Ounce Labs, a company that makes a semantics validator): "Most of the security risks that people face are not just bugs -- they're decisions that programmers made."
Bruce on 11.10.05 @ 01:15 AM CST [link] [No Comments]

Tuesday, November 8th

Apparently, you can patent just about anything.


This is almost too outrageous to believe: Knight and Associates have published a patent for "Process of relaying a story having a unique plot". That's right, they're trying to patent a movie/story plot. Being only a published application, it hasn't yet been issued (but the way the USPTO is rubber-stamping just about every application, it could easily make it).
Bruce on 11.08.05 @ 02:20 PM CST [link] [No Comments]

Monday, November 7th

USA House restores some sanity to eminent domain


In a previous article, I wrote about a decision made by the USA supreme court that would allow local governments to seize people's homes and businesses -- even against their will -- for private economic development. The USA government has today passed a bill that would make any government using eminent domain to seize private property for commercial use ineligible for federal funding for up to two fiscal years (more from Google News). As one comentator put it, this takes "a significant step back in the right direction". It is, however, still a reactive stance -- penalties are applied after the seizure takes place as opposed to preventing the seizure from happening in the first place. Still, with the federal government weilding such a large stick, this should discourage the states from taking such unwise action against their constituents.
Bruce on 11.07.05 @ 06:39 PM CST [link] [No Comments]

Sunday, November 6th

It has to get worse before it gets better.


Our natural gas company (government monopoly) wanted to raise their rates 41% as a result of the drastic increase in their cost of actually purchasing the gas. This is a huge increase, but not really unfair, since their costs are going up by about the same amount, and they are already getting the gas at well below market rates due to various lock-in contracts and such that they have arranged.

Being a government run business in Saskatchewan, they have to pass their increases past a "rate review board", which makes a political decision on whether to allow the increase or not. That panel shrank the increase to 27%, thinking that would make the increase more palatable to the constituents. Well, bully for us, but we still have to pay for the gas somehow. It'll just come out of the back pocket instead of the front.

The premier, however, has rather generously decided to cap the increase at 10%. While the politics behind this is interesting in of itself, the real kicker was for him to be quoted saying that "clearly, the longer-term solution is to converve energy." How in the world can reducing an increase in energy costs have anything to do with conserving energy? If the oil crisis of 1973 should have taught us, there is no motivation to reduce consumption until it hurts us not to do so.

Of course, those who forget history are doomed to repeat it.
Bruce on 11.06.05 @ 12:40 AM CST [link] [No Comments]


Sony rootkit bumper sticker


I suppose it had to happen, but it's still funny. John Hardin pointed to this bumper sticker he created to lampoon Sony.
Bruce on 11.06.05 @ 12:14 AM CST [link] [No Comments]


The government will always get it wrong


No matter what the problem is, any solution provided exclusively by the government is going to be the wrong solution. Here's why.

A solution provided by a government must be a kind of cookie-cutter one-size-fits-all (otherwise the government is just playing favorites). Usually government will scale the solution so that the rich get less of a benefit than the poor do (or at least, they try to). However, none of this gives the government sufficient flexability to taylor programs to single individuals. It's all done on a formula or set of rules.

On the other hand, the individuals that make up a governed body are as varied as they are numerous. Ask any ten people what they want the government to do, and you'll get at least ten different answers. Worse yet, they will all be adamant that their answer is right. How can any government hope to possibly get it right? The best they can hope for is to be tolerably wrong. That is, where a few benefit, and those that don't benefit don't grumble too loudly.

The only way for a government to get it right is to let everybody have their own way. You want it? You get it. Of course, this is impossibly expensive to implement. Not just infeasably expensive or unimaginably expensive. Impossibly expensive.
Bruce on 11.06.05 @ 12:03 AM CST [link] [No Comments]

Wednesday, November 2nd

More on the Sony DRM issue (Updated)


The Sony DRM issue that I posted about yesterday has appeared in a lot of places:



The first Freedom to Tinker article listed is very important to understand -- by putting software onto a computer that hides its existance, Sony is making it vastly simpler for other malicious programs to also latch into the same mechanism for free and hide themselves under the same cloak. So far we know little about what Sony's DRM actually does (other than preventing raw digital data being read from CDs), but it is not hard to see how it allows for other uses, such as spying on your activites, setting up spam gateways, hooking into zombie networks, uploading private files, etc. None of these are far fetched scenarios, as there already exist viruses, worms, and trojans to do all of them.
Bruce on 11.02.05 @ 11:27 AM CST [link] [No Comments]