I’ve written about copy-protected software before. In general, I think it’s a bad idea. I’ve yet to meet a scheme that can’t be defeated (albeit some require a bit of knowledge and some uncommon tools), and virtually all impose at least some burden on legitimate customers. Recently, my dear wife had a run-in with software protections that had to be the most intrusive, “you paid us and we still don’t care about you” copy protection I’ve seen this side of Sony.

Now, before I get too far into this, let me say that the system she ran into is several years old: it’s entirely possible that the company has come to its senses in subsequent releases. If so, and if the company contacts me to tell me about it, I’ll post information here. Until then, on with a cautionary tale…

You need to know that Carol is superb with all things having to do with fiber, fabric, and sewing. A friend purchased a sewing machine with embroidry attachments many years ago, but had never really used the attachments. She asked Carol to see if it could be figured out and put to use. The sewing machine and attachments were made by Husqvarna — a top brand. When Carol began installing the software, she found that it required a printer-port dongle as part of its copy-protection scheme. Fortunately, her laptop has a printer port, so she installed the dongle and proceeded with the install. She next found that the application she was installing (one of three separate applications required in order to do the sort of embroidery she wanted to try) also required a special key for the dongle–a key shaped roughly like a large watch battery. She installed the key and moved on. Each of the applications, in turn, required its own key to be placed in the dongle during the software installation process. Now, things get really fun.

Once the programs are installed, they each must be used if you want to make custom designs. Each time a program is invoked, its key must be inserted into the dongle. Since creating and saving a custom design isn’t a straight-through-the-applications sequence, there are more than three key changes required for the creation of each design. Get this image in your head: The process of creating an embroidered design isn’t just an excercise in graphical design–it’s now part of your aerobic excercise program as you get up and down, twist around to the back of the computer, stretch your arms to the dongle, reverse and repeat.

I don’t know whether the Husqvarna folks had “irritate the living daylights out of legitimate users” as an item on their design criteria list, but they nailed this feature. It’s hard to imagine a more annoying system that doesn’t involve physical mutilation.

Now, as I said at the top, it’s possible I’m ranting about a system that’s no longer sold. Lordy, I hope so. Whether it’s been relegated to the waste-bin of history or not, this is a product of the thinking that’s typical of copy-protection schemes. The thinking? Our customers don’t matter at all. The appropriate response? A decision to buy someone else’s product. I absolutely believe that developers (and all those who work in creative endeavours) should be compensated for their work. I’m not advocating intellectual property theft or a system in which no one is allowed to profit from their work. I am saying that these creative folks should respect their customers enough to figure out how to profit by making their legitimate products desirable–not by abusing the people who keep them in business by actually buying their wares.

OK, the lecture is over, and a tough week is done. More regular posting next week and news from a regional SPJ conference over the weekend…

Categories: Security, Software
No Comments »

I’ve known for a while that criminals had moved into extortion for their nasty cyber games. Today, though, I got my first extortion e-mail. It had all the grace and cunning of your average Nigerian scam letter, but with humorous mis-spellings and grammar manglings thrown in for flavor. It read:

hello friend

    first,i am sorry i am not a good man,I am a computer hacker,so when you seeing this email,your computer Already infected my virus.

    i want nothing,i just want a few money,so you must send 150 US dollar to my e-gold  (http://www.e-gold.com) account.

    if you dont do this, I will activate my virus in a week, then your computer will be able to be paralysed and to appear the pornographic procedure.

    this is not a joke,think about it.

    check this link to send money to me:   http://XXXXXXXXX.com

    i just can only wait you 5 days

          when you send money to me,call me at: jznglskq@gmail.com

              see you very soon

I’ve redacted the link to send money, but I’ve left the poor schmuck’s e-mail address. This sort of e-mail should forever put to rest the “all computer criminals are geniuses” meme. Needless to say, there was no malicious payload (unless you count bad grammar), and no one should ever respond to something like this.

I have left a message for the eGold security team–it should be interesting to see if they get back in touch with me. If they do, I’ll let you know.

Categories: Security, Threats
No Comments »

I’m conducting a series of podcasts in support of the Interop conference and trade show this year. The conference will be in May out in Las Vegas–I’m planning to be on-site to conduct more podcast interviews for MediaLive (the producer), and I’ll be blogging the experience as well.

In the meantime, you can listen to some of the podcasts episodes already produced by going here. There are buttons for you to listen without opening your own player, or you can download and listen on your iPod. I’m involved with all the podcasts posted on March 20. Take a listen–and let me know what you think. Comments are open…

Categories: Media
No Comments »

Fellow journalists have pointed to an interesting issue for those writing about security. In a NY Times story about shoplifters the writer talks about a “boost bag” used by shoplifters, and describes in broad terms what the bag is. The issue: Has the journalist damaged security by including information in the story? Those of us writing about IT security face this question every day, as do journalists who focus on law enforcement, military, or homeland security issues. It’s one of those issues that can bear honest disagreement because judgement is involved.

I tend to come down on the side of “more information is better” in most cases. The information on how to build bombs, put together a boost bag, defeat an alarm system, or construct and SQL Injection attack is out there anyway–none of this involves a deep, dark secret. Trying to keep citizens from understanding these things is not only self-defeating, it diminished the opportunity to enlist the help of thousands (or millions) of intelligent men and women of good will.

Are there exceptions? Of course there are. I think you have to give serious consideration to publishing the details of an on-going operation, and if the subject of the article might endanger human life then a writer must weigh the consequenced very, very carefully before proceeding. I don’t write details like IP addresses in my articles, and I’ll tend to fuzz out the details of an individual’s vulnerabilities when writing about case studies. It’s not that I won’t write about the issues, including details of what’s possible–I just won’t put the key into the lock for someone who might be trying to decide which network will host their next cyber-joyride.

Some of the folks who operate in the political blogosphere talk about groups of citizens as “a pack, not a herd.” I like that. I think that most groups will form themselves into a pack and not a herd if given the opportunity. Part of that opportunity consists in being informed about what the Bad Guys are doing, or are capable of doing. Security Through Obscurity is, in the long run, an unsuccessful strategy and I don’t feel I violate my responsibilities either as a journalist or as a citizen when I make a security issue a bit less obscure. I strongly believe that a well-educated citizenry (whether of a nation or of the world) is best capable to defend himself and help defend other citizens.

Gear up–get educated.

Categories: Uncategorized, Security
No Comments »

OK, a frank admission: I haven’t migrated to Vista. I’ve got my free premium upgrade on order (and a recent e-mail says that it’s going to ship sometime during or after next week) but I’m still working with Windows XP. I’ve made the shift to Office 2007, and I’m hoping that the Vista migration will cause my head to hurt less, but I’m beginning to think that’s wishful thinking.

For the last few days I’ve been watching my father-in-law make the leap to Vista. Before I go any farther, understand this: He’s no computer novice. He’s been working with computers since around the time I was born, got me interested (and trained) in computers, and has the sort of knowledge depth that most four- or five-letter certifications can only hint at. He’s done Vista the right way, buying a new super-honking, fire-breathing computer that came with the new OS already installed. All he has to do is move his applications and data files from the old softly-honking, steam-snorting computer to the new one. Piece of cake, right? Yeah.

Let me say now that if the process I’ve seen is the best that Microsoft could come up after laboring for several years, then Vista may be the last new operating system many of us will ever live to see. I’ve witnessed a level of frustration normally reserved for morally-upright 15-year olds, and still haven’t heard that most wonderful of statements, “Everything is moved over and working.” It’s enough to make me consider a Mac.

To be honest, if I had a bit more scratch right now I probably would consider a Mac. The truth is that the combined changes in Vista and Office 2007 are not dramatically more involved that the change to the Macintosh would be for most people. File incompatibilities have been minimized and there are some very nifty things I’ve seen run as widgets on Macs. Until then, though, I’ll wait for Vista. After what I’ve seen so far I’m not looking forward to it, but I am waiting.

Categories: General computing, Software
No Comments »

Earlier this week I wrote about my adventures in Daylight Saving Time. In that post I mentioned that the Cingular support site said that my Samsung Blackjack didn’t need an update–that everything should be fine. That turned out not to be the case; I found the necessary patches and fixed my system. All worked out just fine.

Today, March 15, I received a text message from Cingular letting me know that we are going to change to Daylight Saving Time on March 11. Oh yes, my Blackjack will need a software update last Sunday. When I went to check this out on the Cingular Support Page, I found that the page had been updated to say that, yes indeed, I will need to update my Blackjack on or before the 11th.

I draw several lessons from this. First, it’s to Cingular’s credit that they did eventually figure it out and deliver correct information to their customers–I’m going to assume that other Blackjack owners got a similar message in their in-box today. Next, in a company the size of Cingular/AT&T you’d think they could find someone who has mastered verb tenses. They need some work on the whole past/present/future thing. Finally, while I give them credit for eventually sending out correct information, why wasn’t it available, oh, last Saturday (March 10th)? It’s not like this whole Daylight Saving Time were some last-minute surprise tossed at the phone company. There were announcements about this. It was in all the larger papers.

Of course, I shouldn’t complain too loudly, since Cingular is far from the only small business to have trouble with the shift to Daylight Saving Time. Yesterday when I flew back from San Francisco our Delta Air Lines 767 gave us the local time at our destination. Yep, their clock hadn’t gotten its new marching orders. It’s hard to explain just how much confidence that gave me as we soared into the sky. It was enough to make me forget all about my cell phone…

Categories: General computing, Media, Embedded, Consumer Technology
No Comments »

Welcome to Daylight Saving Time, Deluxe 2007 Version. There were lots of warnings, a few dooms-day scenarios and, as best I can tell, a lot of folks for whom the day passed with nothing more traumatic than a late entry to Sunday morning services. I thought I was in good shape since I made sure that my systems were patched and visited various vendor sites to see what they said about DST and their products. I only made one real mistake: I trusted Cingular.

I have a Samsung Blackjack phone from Cingular. On the whole, it’s a fine cell phone, though I’ll admit that I often miss the Treo I was using in my last job. Anyway, I went out to the Cingular support site and was told that I didn’t need to do anything to the Blackjack–it was ready for the shift to Daylight Saving Time. With my other systems patched, I felt pretty good. Silly me.

When I got up yesterday morning I had to quckly head out to the airport, so I didn’t look at the phone for a couple of hours. When I did, I noticed that the Blackjack was still on standard time. I turned it off on the plane, and when I turned it back on at the mid-point of the trip I expected the time to have reset. Nope. Turning the phone off and traveling to California didn’t help, either. Rats.

I finally did some searches and found that Microsoft had released a Special Daylight Saving Patch for the Blackjack. I downloaded the patch, applied it to the phone, and the world was once again in temporal balance.

So what’s the lesson here? I suppose it’s that you shouldn’t trust a single participant in a multi-vendor system to tell you all you need to know. In my case, there are three vendors who have portions of my phone; Cingular, Samsung, and Microsoft are each participants. My mistake was assuming that Cingular would have a handle on the operating system issues. It would be nice if the company that directly took your money for a product could be counted on to properly support it, but that may be asking too much in today’s world. Congratulations, pilgrim–you’re on your own. The times, they are a-changing, and it’s up to you to make sure all your systems keep up.

Categories: Mobile, Embedded, Consumer Technology
1 Comment »

In some ways, my search for a podcast recorder is like my search for a briefcast or backpack–everything I see would be just perfect if only this one little thing were a bit different. i’ve used several different recorders, starting with a Tascam PocketStudio 5 digital recorder that seemed super when I bought it–which turned out to be about three months before they discontinued it. It has limited memory and is (by today’s standard) large, but it is a decent recorder and I’ve recorded some very nice podcasts using the box and a Samson dynamic mic. Most of the time, though, I’ve recorded straight to my computer using Propaganda or Audacity software. On the whole, the setup has worked well, though I’m interested in doing more audio tours and remote work in the near future, so…

I’m looking at new recorders. Right now, my number one choice is the Zoom H4. It has most of what I’m looking for, though I’ve heard some complaints about the user interface complexity and a “light” feeling to the construction. Since I may do some music recording in addition to the basic podcast work, it seems like it would be a good choice. I’m also big on the phantom power capabilities and the ability to use it as an A/D interface when I do want to record directly to the computer.

Now, if money were no object I might consider the Sony Professional Portable 24-bit Linear Recorder, though I have serious reservations about the DRM Sony tends to stick on any of their recording equipment. Between that and the $1,600 price tag, the Zoom looks pretty good.

The other recorder that seems to be serious competition for the Zoom is the Edirol R-09. I’ve used Edirol recorders in the past, and found them to be quite adequate machines. The word from users is that the user interface is considerably simpler than that of the Zoom, and the physical dimensions a bit smaller. I suspect that, if speaking-voice recording is your only task, the Edirol would do a fine job. Since the feature set is smaller and the street price a bit higher, I suspect I’ll stick with the Zoom, though I’m open to suggestion.

I’d be interested in hearing your suggestions–what recorder are you using for podcasting? Comments are open…

Categories: Media, Consumer Technology
No Comments »

Today’s Dark Reading column is up, and it’s on an interesting topic; it seems that spammers have decided that there are more important things than porn to use in flooding our in-boxes. The column brought with it an even more interesting situation; Kelly Jackson-Higgins wrote her blog entry on the same subject.

As problems go, this one isn’t earth-shattering, and in many instances it wouldn’t even be a problem. It’s the sort of thing that’s easily corrected in the editing and production work-flow of a print publication, but “web time” tends to leave publications open to these little issues. The question, of course, is how to solve the problem without invoking a process that will make everyone long for the days when we could all file different takes on the same story and just laugh about it.

The whole work-process issue is fascinating. I’ve been on the team starting at least three magazines, and work flow discussions tended to involve minor tweaks to a system that apparently originated with Gutenberg. The web changed things in dramatic fashion because of the speed that has come to be associated with web publishing, the differences in the understanding of article length, and the very basic differences in how readers experience the material. The staff size is also a huge factor.

A blog like this is, generally, a one-person operation. Right now, I’m the only one posting here so the process is whatever lets me get something onto the web. I’ve had discussions with colleagues about their participation, and when they begin contributing we’ll have to work out a more significant process. If you have 20 editors, 36 writers, and an art department, you’re in a different world of process altogether.

You’ll notice that I haven’t said anything about the whole editorial oversight that’s supposed to be such a huge differentiator between Real Publications and blogs. There’s a reason I haven’t talked about it–there’s no standard to talk about on either side. I’ve written for huge print publications where my articles ran exactly as I submitted them, and I’ve written for blogs and on-line pubs where editors went over every word. Here? You, my friends, are my editorial review and so far you’re doing a good job. I liken this most to a good newsletter–there’s an on-going relationship between writer and reader that keeps things vital.

Categories: Security, Housekeeping
No Comments »

You can read my latest security column at Dark Reading. I manage to say good things about the Department of Homeland Security. So far, no porcine aviators have been seen.

The broader point around the column is that there are times and places to be on the bleeding edge of technology. Projects that involve securing the lives and personal information of, oh, everyone are in neither. I love new stuff as much as the next guy, but there have been far too many utter disasters around big projects built on new technology for me to suggest that Real ID should have anything that isn’t highly secure and thoroughly experienced as part of the spec.

Categories: Security
2 Comments »

This afternoon I was reminded of all the reasons I like satellite radio–and why commercial terrestrial radio is so disappointing. On the way home from running errands, XM Radio’s channel 12–Cross Country–was playing Asleep at the Wheel’s version of a Kinky Friedman song, Homo Erectus. I feel safe in saying that this song contains what must be the best use of the word Australopithecine in a western swing song. Channel 12 is one of my favorite music channels on XM, though it’s far from the only one I listen to. I think it’s interesting that the channel I listen to most–Ngoma on channel 104–is found only on-line. I suppose it’s too much to hope that the proposed merger of Sirius and XM would bring it to the satellite.

Categories: Entertainment
No Comments »

…is up at Dark Reading. It’s a rant on the “20 worst…” lists that have become so popular. It’s not that the lists aren’t good, it’s that so many of the items on the list can be boiled down into a few basic problems. In the column I, you guessed it, bile them collards down, as the old song has it. I’ll take the pot likker and stop this string of analogies before I’m compelled to bring anything like chitlins to the table.

You know, though, a lot of the very complicated things we worry about can be broken down into very simple rules. I’ve had to mandate–and take–sexual harassment classes in various jobs. All the words, examples, and legal precedents can be summed up very neatly: Be a gentleman; be a lady; don’t be an ass. There–I’ve just saved you thousands of dollars on harassment training. In the same way, I run across so many IT problems that could have been solved if someone–anyone, actually–had applied Thomas Watson’s famous word: Think.

We’ve built such a cult around speed that thinking about the problem we’re trying to solve and the consequences of our solution gets short shrift. I’m sure you can supply your own example here; anyone who’s been in business for more than 38 minutes can. It’s time to bring thinking back into fashion. Security is a good place to start, but it’s starting that’s the key.

Think.

Categories: Security, Enterprise
No Comments »

One of the other newsletters I work with is Business VoIP Report. It comes out as a push newsletter every Wednesday, with the information up on the web site shortly after it goes out to subscribers. I’ll put a reminder to post links in my to-do list, and everyone will get to see the extent to which I ignore my to-do list.

Categories: Networking, Enterprise
No Comments »

One of the newsletters I put together is IT_Wireless. Most recent edition is at the link, with a new version every Monday. I’ll try to remember to link to each new one, but if I don’t, feel free to subscribe.

Categories: Wireless, Enterprise
No Comments »

My latest column is up at Dark Reading. I’m afraid I got up on one of my favorite soapboxes–companies trying to silence those who find flaws with their products. It’s not just security companies; take a look at the license you agree to when you use any of the major databases, for example, and you’ll find that you’ve agreed never to tell a soul if you build a test and get results.

I’m not excited about a culture built on cowardice and secrecy. This kind of thing makes no one more secure, and contributes to an atmosphere that leads to more bad surprises, rather than fewer. Let sales reps know that you don’t like this sort of thing, and that it will figure into future purchasing decisions. It’s the only real way to get the attention of the execs who think they’re doing their company a favor.

Categories: Security, General computing, Enterprise, Software
No Comments »