Abiding by the law sucks

November 25th, 2008

Since I started making real money, I’ve attempted to steer clear of software- and media piracy. In particular, all non-free software that I use has been paid for, and my music collection contains zero pirated tracks.

For a few years now, I haven’t really bought any new music, so a few weeks ago I decided that I was getting seriously tired of listening to the same ~1000 tracks over and over again. To get things rolling, I initially bought a few albums through the iTunes music store (ITMS). I then realised that I was getting screwed with my pants on: prices on the iTunes music store are way above prices at stores like cdwow.com in spite of the facts that the quality is much poorer, I don’t get the physical album and the tracks will only play on a very limited number of devices. If it wasn’t because ITMS is so damn convenient, it’s difficult to see why anyone would want to buy anything through it.

What to do instead I wondered. The answer: Order CD-ROMs from virtual shops like cdwow.com. So, I went ahead and ordered a few albums (Apollo 440 and Eminem). The cdwow website estimated delivery within 10 days. Yesterday, after 4 weeks of waiting, the CD’s finally arrived in my mail box. It was always my intention to simply rip the CD’s to mp3’s. Who really wants to tote around a stack of CDs these days? But, lo and behold, the Eminem disk appears to be DRM-protected to the extent that my PowerBook refuses to even read it, let alone rip it. (The Apollo 440 ripped fine, though).

Compare this (and the associated exorbinant fees) to pointing your browser at sites such as isohunt.com or thepiratebay.org and you have a very uncompelling alternative to pirating (big label) music.

I all fairness I feel compelled to point out emusic.com, which provides an extremely streamlined interface to loads and loads of indie-label music at very modest prices.

Long story short: The big-label industry is not going to overcome their problems with pirating any time soon. At least not as long as pirates get a better product for free, than what paying customers can even begin to hope for.

Posted in Shopping, music, rants | No Comments »

Aarhus universitys new corporate identity

November 12th, 2008

In an effort to present a more professional appearance, the management at Aarhus University decided to get themselves a new corporate identity. A commendable idea as such, if it wasn’t for the spectacularly poor implementation.

Obviously, differently people have different ideas about what constitutes good design, but I would argue that a primary trait for a font should be readability. Management, however, disagrees. Follow the link above, and see if you can figure out how to make sense of the new and “improved” font.

Finally, in honor of the new identity, a few of us got together and improved the new AU logo. It’s inserted below, for your viewing pleasure.

AU - It's not a dick!

It's not a dick!

I am sure someone will take offense, but rest assured that this was made from scratch, and no copyright infringement occurred in the process.

Enjoy.

Posted in Uncategorized | 1 Comment »

Hello world!

September 6th, 2008

New box online. My blog has moved to tyrael.fork.dk.

So far, the migration has been completely smooth, thanks to Wordpress’ export/import features. Say what you want about the quality of Wordpress, but its level of usability is just plain impressive.

Posted in Software | No Comments »

No fair use of content at www.backupreview.info

July 10th, 2008

A little while back I was directed to this URL which is a verbatim copy of a post I made to this blog a while back.

As far as I can tell, backupreview.info provides no links or references to my original post, other than naming me as the author. Where I come from that is considered unfair use at best, and copyright infringement at worst.

In the spirit of forgiveness, I decided to post a comment on their article, only to discover that they moderate comments, and appear to have rejected mine. I reproduce the comment here for completeness:

Hi,

I just thought that I would point out that this article was copied verbatim (shamelessly ripped of) from http://soren.overgaard.org/index.php/2008/06/23/privacy-and-online-backup-solutions/

As far as I can tell, you are not even providing a link back to my post.

What does that make you?

Additionally, I sent them a friendly heads up by email. Let’s see how they react.

Update:

I received the following from backupreview.info:

Hi Soren,

I apologize for not making a link. Sometimes, this happens due to failure in coordinating between admins of our site.

Thank you very much for bringing this matter to our attention. We have now corrected the post by making a link back to your site. If you rather want to completely remove your article from our site, please just reply saying “Remove”.

Thank you again.

Best regards,

Looks like a simple mistake on their part. They have corrected the contents and are now providing links. No harm done.

Posted in writings | No Comments »

Resharper for Visual Studio

July 4th, 2008

During my work on the InfoGalleri suite of applications, I’ve had the misfortune of working with Visual Studio 2005. In summary, i consider working with Visual Studio a misfortune because it

  • is incapable of debugging multiple applications at once.
  • manages to slow my machine down beyond anything I’ve experienced with any other application.
  • lacks support for basic features, such as showing a list of all usages of a given symbol
  • takes 4-5 minutes to start with a 30-project solution

I am sure that I could think of more reasons given a bit more time.

But I digress. This post is really supposed to be about the ReSharper plugin for Visual Studio. I was recently directed toward ReSharper by a colleague of mine, and having worked with it for about a month, I don’t really see how I ever coped without it. While it doesn’t do anything to speed up Visual Studio, it massively improves productivity. It extensively improves Visual Studios support for automatic code generation, refactoring, autocompletion and in-code navigation.

If you work with Visual Studio, I strongly suggest you give it a try. It’s available as a 30 day free trial here.

Posted in Uncategorized | No Comments »

Privacy and online backup solutions

June 23rd, 2008

A few days ago I wrote a post on Mozy Inc.’s privacy policy. A Mozy Inc. employee then decided to go ahead and tell me that I “just don’t get it”. So, to determine whether Mozy Inc.’s draconian privacy policy is representative of online backup solutions, I decided to take a closer look at some of Mozys competitors’ privacy policies.

So, without further ado, a summary of online backup solution privacy goodness (again, I would like to remind you that I am not a lawyer, simply a concerned luser):

Carbonite

The Carbonite privacy policy looks a lot friendlier than Mozys. Carbonite distinguishes between two types of disclosure. Disclosing (a) your personal information, presumably your name, address, phone number, etc, and disclosing (b) your backed up data.

With regard to (a), the privacy policy contains the following:

Carbonite is committed to protecting your privacy. Carbonite will not, under any circumstances, rent, sell, or give away your Personal Information nor does Carbonite trade or exchange mailing lists with any other organization. Carbonite maintains this information; but we may disclose your Personal Information to third parties if we believe that such action is necessary to (1) comply with the law; (2) protect and defend the rights or property of Carbonite; (3) enforce the Carbonite Terms of Use Agreement.

Although slightly rubbery, I guess that is what is to be expected, so we move on to (b), to which the following quote refers:

Carbonite will not share your encrypted files with any third party unless such action is necessary to comply with a government or court order legally compelling us to do so.

That’s more like it. As I’ve mentioned before, handing over data when ordered to do so by the courts are clearly a no-brainer.

So except for the fact that Carbonite, like Mozy, is situated in the US (which during the Bush administration has become an increasingly hostile environment with respect to legal rights), there really doesn’t appear to be much cause for concern.

In summary though, Carbonite appears to be a whole lot more privacy friendly than Mozy. Moving on to IBackup.

IBackup

The Ibackup privacy policy appears somewhat more fragmented than those of Mozy and Carbonite.

It appears that the following paragraph, taken from the IBackup terms of use, defines the cases in which Carbonite chooses to share stored data with third parties:

(…) In addition, Pro Softnet may be asked to provide user data and logs as a part of a legal issue in a third party case by a court order or a subpoena, discovery request or other lawful process that may override privacy rules.

As was the case with Carbonite, IBackup pledges not to share stored data with any third parties, unless ordered to do so by the courts.

Conclusions

Both Carbonite and IBackup provide reasonable terms of use with respect to sharing data with third parties. That is, according to their respective privacy policies, stored information is only divulged under court order.

This is in contrast with Mozy Inc. which allows itself to share stored information with any third party at any time that they deem fit.

As neither of the providers publicly disclose their encryption algorithm implementation, the privacy policy/terms of use of the providers are pretty much all that users can rely on for keeping their private data private.

Posted in Me, Software, network | 2 Comments »

Mozy, update

June 22nd, 2008

Apparently a Mozy employee (Ryan?) picked up on my rant about Mozy, Inc.’s privacy agreement, and decided to debunk my statements. I am not really all that impressed with his insights.

He writes:

C’mon people, do you actually think a company would just hand over your data to anyone with a badge that walks in the door?

(…)

Of course Mozy’s TOS says that they will comply with a court order to hand over your data if subpoenaed. That’s the law.

That’s fine. Don’t make statements to the opposite at the top of your privacy policy then. If I was suspiciously inclined, I would suspect that the company bets that nobody bothers to ready beyond the first promising paragraph. Also, I find it interesting that this guy completely ignores this excerpt from the privacy policy:

Mozy, Inc. may disclose Personal Data, including the data you back up with the Service, with or without notice (…) (c) at our sole discretion, where we deem it necessary to protect the safety of any individual or the general public or to prevent violation of our User Agreement or the rights of Mozy, Inc. or any third party.

As far as I can tell, that allows Mozy, Inc to disclose your personal data under any circumstances, not just when subpoenaed to do so.

Finally, Ryan makes some rather clueless statements about cryptography:

  • He states that “(blowfish is )impossible to decrypt”. No it is not. There are no known attacks on the the algorithm, except, obviously brute force. That is not the same as it being impossible to decrypt.
  • To my knowledge, Mozy, Inc’s blowfish implementation is not publicly available, which makes it impossible to determine if trap doors have been placed in the algorithm implementation.
  • Mozy, Inc. actively suggests (in fact it is the default configuration) that users allow Mozy to select the encryption key used. This obviously allows mozy to decrypt any sensitive information contained in user backups. Couple that with Mozy’s statement about disclosing backup data at their discretion, and you have an interesting definition of privacy.

All in all, I am hoping that Ryan is neither in charge of PR nor security at Mozy, Inc.

Posted in Software, network, rants | 1 Comment »

Mozy, a (broken) online backup solution for the Mac?

June 21st, 2008

I just decided to try out Mozy, an online backup service, which has received stellar reviews from a bunch of reviewers. I don’t really need an online backup solution, as I keep all important documents in a remote subversion repository, and a copy of all images at an online gallery. Anyway, I decided to give Mozy a shot, as they now sport a client for the Mac platform.

I must say, the Mozy client works beautifully, and the 2GB free storage plan makes it easy to test the service without spending anything except the time. It took me less than 2 minutes to download and configure the mozy client to do remote incremental backups of a few select directories on my mac book. No problems.

So there I was, pretty impressed, until I decided to ready the Mozy privacy policy. It starts with the following:

We will not sell or market the email addresses or other collected personal information of registered Users to third parties.

We will not view the files that you backup using the Service.

We may view your file system information (file extensions, sizes etc. but not your file contents) to provide technical support.

So far, so good. Further down, however, I encoutered this:

Mozy, Inc. may disclose Personal Data, including the data you back up with the Service, with or without notice (a) if required by a subpoena or other judicial or administrative order, (b) where required by law, or (c) at our sole discretion, where we deem it necessary to protect the safety of any individual or the general public or to prevent violation of our User Agreement or the rights of Mozy, Inc. or any third party.

Now, I am not a lawyer, but that seems to be in direct contradiction with the first set of statements. The way I understand is this: At our sole discretion we may violate the privacy of the data you choose to back up.

Hmm. I am not sure I like that.

Additionally, it turns out that Mozy is based in Utah in the US. Again, I am no lawyer, but from what I can tell, the US have all but abandoned the idea of due process in their precious war on terror. For all I know, any old US government agency could waltz into Mozy’s data center and make a copy of whatever data they damn well want to.

Whoops. I just uninstalled the Mozy client.

Posted in Me, Software, network, rants | 5 Comments »

Growl notifications in irssi on the Mac

May 20th, 2008

I use Irssi for IRC’ing on the Mac, because it is simply the best client out there (except for the fact that it only has perl scripting support).

Recently I found myself wanting some kind of notification thingy, which would allow Irssi to discretely notify me when when something interesting happens on IRC. Irssi, being a console app, doesn’t really have any way of supporting this, except through the use of plugins. So, I had pretty much decided to dive back into perl and write up a simple script for irssi, utilizing the Growl for notifications by means of the Mac::Growl package.

As it turns out, someone else already did. And not only that, someone else took the time to explain in meaningful detail how to get the whole thing working. So, now I have growl notifications whenever someone sends me a private message or says my name in a channel that I have joined.

I like good software.

Posted in Me, Software | No Comments »

SOAP vs. XML-RPC

May 1st, 2008

Having spent copious amounts of time making a .NET client successfully interoperate with Java based web services, my level of frustration is rising. Fast.

I am not even going to begin to enumerate the problems that I have encountered, but they have been mostly related to various WSDL formats, some of which are unsupported by .NET, and some of which are unsupported by various Java based web service frameworks.

So, admitting failure, I decided to look into SOAP alternatives, and I came across XML-RPC. Unlike SOAP/WSDL, XML-RPC is extremely simple: The specification is 8 pages including examples, and there are client and server implementations for pretty much any language you can think of. So, what’s the downside to XML-RPC compared to SOAP (taking into account that I was going to use SOAP over HTTP only anyway): Well, WSDL, basically. XML-RPC does not statically define its endpoints, instead it is up to the client to know what methods/parameters are supported by a given XML-RPC service. Also, SOAP supports a number of data types not supported by XML-RPC, but not really anything that causes problems.

Depending on the server implementation used, it is in fact possible to automatically generate clients (kindof). More on this in a little while.

Posted in Software, Work, network | No Comments »

« Older Entries
Newer Entries »