Archive for the ‘tech policy’ Category

Copyright is dead

May 4, 2012

At least if you’re a big company and you want to violate it.

How OpenStreetMap Got Apple To Give It Due Credit | TPM Idea Lab

“The OSM Foundation has made informal contact with staff at Apple and, in addition, one of our volunteer mappers who is an iOS developer spoke to people at Apple. We believe it was the latter that precipitated adding the attribution – it’s great to have such an active and engaged community!

Completely ignored in all of this back-and-forth has been the fact that the CC attribution license is a license for things that are copyrighted, and that if you make copies without following it, you are infringing. Depending on the way Apple has parceled up the data when developing iphoto and the mood of a court, that would be statutory damages anywhere from the low millions to the high tens of billions.

Oh, and distribution of copyrighted material worth more than $2000? Check. For personal gain? Check. In interstate commerce? Check. Apple management and the engineers involved in the project have pretty clearly met the predicates for the criminal law involving piracy for profit.

But none of that matters these days unless you’re some dweeb downloading songs or your favorite movie.


A certain naive charm

May 5, 2011

File-Sharers Await Official Recognition of New Religion | TorrentFreak

The church has its own set of axioms, most of which revolve around free access to knowledge and the sharing of information. They include:

# Reproduction of information is ethically right.
# The flow of information is ethically right.
# Remix Spirit is a sacred kind of copying.
# Copying or remixing information conveyed by another person is an act of respect.

Kids who want to learn will learn if you give them half a chance

November 4, 2010

Old but good

BBC News – Using computers to teach children with no teachers

“I told them: ‘there is some very difficult stuff on this computer, I won’t be surprised if you don’t understand anything’.”

Two months later, he returned.

Initially the children said they had not learnt anything, despite the fact that they used the computers everyday.

“Then a 12-year-old girl raised her hand and said ‘apart from the fact that improper replication of the DNA contributes to genetic disease – we’ve understood nothing else’.”

So the real question is more about getting more of them to want to learn the stuff that would be good for them to learn and getting anyone who might interfere with the process out of the way..

Why LED lights are too expensive

April 11, 2010

Because they last too long. No, seriously. If I put a 25,000-hour light in a typical fixture (4 hours a day) that’s 17 years until I replace it. Am I going to be around in this house to see if the claims pan out? And even if the light does last that long, why should I buy one now when in a couple of years it will cost half or a quarter the price? Early adopters always get screwed, but the longer the life of the product the worse they get it. An LED light is pretty much a lifetime investment, so the sooner you switch over, the more you pay.

Which is why even early adopters are having a hard time justifying them. Which is why, in turn, the prices aren’t dropping as fast as they otherwise might. Chicken, meet egg.

There are the power savings, but. Let’s say I replace that 60-watt bulb with a 6-watt LED. 54 watts at 15 cents a kilowatt-hour means about three and a quarter cents a day in savings for my 4-hour-a-day light. Payback time: about 3 years. Meanwhile, if I get a compact fluorescent for $5 or so, it might use more than twice as much electricity, but the payback time is more like six months. Sure, I’ll have to buy another in 5 years instead of 15, but both kinds will be even cheaper by then.

So this leaves the early adopters with longer time horizons (If I were building a house I’d probably go with LED fixtures) and the people who have money to burn in a good cause. Enough? Or not enough?

No need to know

March 23, 2009

Google Latitude to Cops: ‘I Don’t Remember’

Google is promising that its new location-reporting service Latitude, which lets you broadcast where you are to your friends, will have a memory leak and won’t remember anything.

That’s a feature, not a bug. The intention is to make sure Latitude doesn’t become an honeypot for cops wanting to be able to easily find out where you have been or even say the names of everyone who attended, or was near, a political protest.

The policy, created in consultation with the Electronic Frontier Foundation, puts Latitude on equal privacy footing with Loopt, a popular friend-finding service that predates Latitude. Both services now overwrite your previous location with your new location, and don’t keep logs.

This is very nice, and not too hard to do. Libraries, of course, have been doing this kind of information-protection for decades — in line with ALA principles about the freedom to read without the government looking over your shoulder, typical library circulation systems started being designed early on to lose information about what books a person had taken out, as soon as they were returned.

Wouldn’t it be nice if other databases did the same thing?

cool useful maps

March 5, 2009

mySociety » Travel-time maps

New map of London

Showing travel times to work at the Department for Transport in Pimlico, arriving at 9am

And now they have fancy animated versions with sliders that you can set to show exactly the range of time you want, or commuting times cross-indexed with real estate prices…

How do they do it? In an incredibly primitive fashion. They go to the transit company web site and request route information from one location, then parse the html and put it in their database, make another request and so forth. Suddenly I understand what the folks over at Freedom to Tinker are talking about when they push for government data transparency.

First they said it couldn’t be sniffed, now they say it’s not important

February 6, 2009

Passport RFIDs cloned wholesale by $250 eBay auction spree • The Register

To be sure, the RFID tags contain no personally identifiable information, but rather what amounts to a record pointer to a secure Department of Homeland Security database. But because the pointer is a unique number, the American Civil Liberties Union and other civil libertarians warn the cards are still susceptible to abuse, especially if their RFID tags can be read and captured in large numbers. Cloning the unique electronic identifier is the first step in creating fraudulent passport cards, they say.

The cards also amount to electronic license plates that could be used to conduct clandestine surveillance. Law enforcement officials could scan them at political rallies and then store them in databases. The tags could also be correlated to other signals, such as electronic toll-booth payment systems or RFID-based credit cards, to track the detailed movements of their holders.

Of course that number can be de-anonymized. And of course the DHS database is going to release information to unauthorized people. And of course that number is going to be used as a de facto identifier.

One of the things security people have learned over the decades is that it’s much easier to suborn a system when you have some kind of nominally-legitimate access than when you’re completely on the outside. And making easily-cloned passport rfids is that first step.

(Another risk that the Reg folks don’t really mention is that skimming enough numbers may give a black hat insight into how the id numbers are generated — assuming no one is stupid enough to just issue them in sequence — and thus mount attacks on passports they’ve never even seen, or that haven’t been issued.)

Because people never change their minds

January 25, 2009

Two-thirds of Americans without broadband don’t want it

But when we look at the overall reasons why Americans don’t have broadband, availability isn’t the biggest barrier. Neither is price. Those two, combined, only account for one-third of Americans without broadband. Two-thirds simply don’t want it.
What’s the point?

The bigger issue is a lack of perceived value. 19 percent of dial-up users, for example, say that “nothing” would get them to upgrade, not even lower prices. Of the 25 percent of Americans that don’t regularly use the Internet at all (Hi, Mom!), a third said that they were “not interested in going online,” almost ten percent thought it was too “difficult,” and seven percent simply don’t “have time.”

Older and poorer Americans tend to be the ones who see less need for broadband, and it’s clear that demand for it could be boosted through national e-health and e-government programs. But Pew’s main point is that working on price and access alone will only bring broadband to a limited subset of Americans who don’t already have it—in the short term, at least.

And just how long is that short term? As long as the 5 years or so it will take to do last-mile buildouts?

Paolo Soleri eat your heart out

December 31, 2008

Nobody Goes There Anymore, It’s Too Crowded

All of which is a throat-clearing way of saying that if we see a big increase in the amount of walkable urbanism available to American families, an awful lot of it will probably exist outside the city limits of the municipalities that form the hubs of our metropolitan area. That will mean, yes, converting existing elements of the build environment rather than simply abandoning everything and trying to get everyone to move willy-nilly into downtown Cleveland. In other words — more housing in malls.

See also the links on actual conversions and other stuff in Matt’s piece.

But the real kicker, in my opinion, is going to be getting useful jobs into these areas. If all you have is a bunch of rich people who live at the mall and shop there while working 20 or 30 miles away by non-mass transit, and a bunch of lower-middle types who work at the mall and its associated offices while living 20 or 30 miles the other way, also by non-mass transit (because you wouldn’t want to make it easy for “those people” to get to the upscale mall and its residences), then you haven’t gotten very far at all.

The Tysons area may have done this pretty well, with oodles of office towers in bowshot of the malls and the incredibly ugly apartment blocks, except for the problem of getting from one part of the place to any other. You get in your car, drive out of the parking lot, navigate a couple of eight-lane cloverleafs (might only take half an hour if you’re lucky), find another parking spot and walk to your destination. If they had shuttles running continuously, or a few monorail loops, or just put up enough pedestrian bridges to pave over the big honking roads, it would be just perfect.

In the comments to Matt’s piece there’s a little bit along this line, with someone noting that this same kind of closely-sited residential and retail develpment at Springfield Mall/Kingstowne, but with a few hundred yards of completely unwalkable distance between them.  Pedestrian bridges and their equivalents really aren’t so hard to build, but many suburban developments seem religiously opposed to them.

a lawsuit waiting to happen

December 26, 2008

Join The Revolution! » Untrusted Certificates

n an unrelated event which was briefly mentioned at the mailing list of Mozilla, something strange happened. During my attempt to verify and understand who stands behind the sending of fraudulent “reminder” email messages tricking our customers, I created a certificate from the source I was following. And my certificate was issued without any further questions.

This prompted me to create another certificate through them, but this time by using a domain name which should never be issued to me. For the purpose of testing, I selected the domain (I’m certain they will forgive me). Five minutes later I was in the possession of a legitimate certificate issued to – no questions asked – no verification checks done – no control validation – no subscriber agreement presented, nothing.

With the understanding about MITM attacks, the severity of this practice is obvious. No encryption is worth anything if an attacker can implant himself between the client and the server. With a completely legitimate and trusted certificate, the attack is perfect.

That’s why we call them certificate authorities, and why self-signed certificates are supposed to be so utterly evil. Right.