Internet

Google Chrome – The evil empire owns your life

Never sign anything that you don’t read. Never agree to an end user license when you don’t know what it says. Watching the google monsters gobble up the internet makes you long for the days when the tech world grew to Bill Gates dreams.

Bill got rich, often with buggy bloated code. But he was a real innovator and the technology he and his guys brought to the world changed the world.

The octopus at Google is based on a whole different philosophy. They are the kings of “Reintermediation”. Their only accomplishment is to get in between searchers and content, between writers and readers. Nothing new is created. Nothing new is contributed. Their only skill is capturing a part of the transaction and information costs for themselves. But this week they outdid themselves. They released a new slick browser. They suggest that it is faster and more efficient than Firefox or Explorer. (we have our doubts, which we’ll discuss on another post) but here’s the catch.

THEY OWN EVERY THING YOU EVER WRITE OR POST OR CREATE USING THEIR BROWSER AND THEY CAN SELL IT TO ANYONE THEY WANT TO AND THEY NEVER OWE YOU A DIME.

amazing. unbelievable.

oh please bring back the old king bill.

Here’s more from Gizmodo:

So, are you enjoying the snappy, clean performance of Google Chrome since downloading yesterday? If so, you might want to take a closer peek at the end user license agreement you didn’t pay any attention to when downloading and installing it. Because according to what you agreed to, Google owns everything you publish and create while using Chrome. Ah-whaaa? Update: It was a copy & paste mistake, apparently, and the offending language is being removed as we speak. Thanks, Googe!

Here are the juicy bits in question:

11. Content license from you

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.

11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.

11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above license.

Well, I guess I shouldn’t have used Chrome to put some posts up yesterday, because I certainly do not have the rights, power or authority to hand over my work from Gawker to the Googe. Oops! You’ll have to pry the rights to my posts from Nick Denton’s cold, dead hands, Google.

In any case, it’s a pretty unnecessary and unreasonable thing to put in the EULA for a browser, of all pieces of software, which makes it pretty questionable. Why in the hell would Google want ownership of every single blog post or email written in its browser? It’s so unreasonable that it borders on the insane. I can’t really imagine Google actually invoking this and suddenly publishing heavily edited entries from your LiveJournal for profit, but I think a lot of people would feel much better about hopping on board with Chrome if this little piece of sketchy legalese was axed.

What say you, Google overlords?

Hackers Obtain Critical Internet Flaw

Internet security researchers on Thursday warned that hackers discovered a “critical” flaw that allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay Internet traffic to destinations.

Seeking to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks, computer industry engineers that labored in secret to solve the problem, releasing a software “patch” two weeks ago.

“We are in a lot of trouble,” said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

“This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please. This is a big deal.”

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

MSIE8… Will Microsoft’s Browser FINALLY Work?

I hate using MSIE because it renders CSS so poorly. Is the end near? See the article where this lovely quotation comes from:

Well, slap me with a moldy turnip and color me flabbergasted! I just think it’s a sad thing that Microsoft is receiving praise for doing something that everyone knows they should’ve done five to seven years ago

December 20, 2007 (Computerworld) — A Microsoft Web evangelist hinted yesterday that news of Internet Explorer 8’s development progress was disclosed months earlier than planned because Web developers recently stepped up criticism of the company’s support for standards.

The news of IE8’s ability to pass a widely used Web standards test also came just two weeks after Microsoft Corp. chairman Bill Gates said he didn’t know why the company’s IE development team was keeping a tight lid on information about the next browser.

IE8, the next upgrade to Microsoft’s browser, passes the Web Standards Project’s Acid2 test, according to Dean Hachamovitch, the IE group’s general manager. “On Wednesday, Dec. 12, Internet Explorer correctly rendered the Acid2 page in IE8 standards mode,” Hachamovitch said in a post to Microsoft’s official IE blog yesterday. “While supporting the features tested in Acid2 is important for many reasons, it is just one of several milestones for the interoperability, standards compliance and backwards-compatibility that we’re committed to for this release.”

A week before IE8’s first Acid2 exam, Web standards advocate and blogger Molly Holzschlag had asked Gates about the lack of information coming out of the IE8 group. Gates’ answer: “I’ll have to ask [IE General Manager] Dean [Hachamovitch] what the hell is going on. I mean, we’re not, there’s not like some deep secret about what we’re doing with IE.”

In his blog Wednesday, Hachamovitch seemed to take a shot at those who had criticized his team’s silence. “For IE8, we want to communicate facts, not aspirations,” said Hachamovitch. “We’re listening to the feedback about IE, and at the same time, we are committed to responsible disclosure and setting expectations properly. [But] now that we’ve run the test on multiple machines and seen it work, we’re excited to be able to share definitive information.”

Posts placed on the IE blog last month drew disdain from a large number of users, many of whom identified themselves as Web developers frustrated with the lack of information about IE8’s support for standards and angry at the current IE7’s lack of support for those same standards.

Another Microsoft employee, Joshua Allen, essentially said that the timing of the IE8-Acid2 news was prompted by complaints from users and developers. Allen, an evangelist at Microsoft and one of the hosts for MIX Online, echoed Hachamovitch’s news about IE8’s progress, but said the news was intended for March 2008.

“I had hoped that we could keep the news secret until MIX08, but the masses were demanding information,” said Allen, who linked to an earlier Hachamovitch blog post that had attracted more than 580 comments, the majority of them negative.

MIX08 is the Microsoft-sponsored Web developer conference slated to run in Las Vegas March 5-7, 2008.

The comments attached to Hachamovitch’s Tuesday post, however, were generally supportive, although some users remained cautious. “Well, slap me with a moldy turnip and color me flabbergasted!” said a user going by the name David Lane. “Who would’ve thought. [But] I just think it’s a sad thing that Microsoft is receiving praise for doing something that everyone knows they should’ve done five to seven years ago.”

I am not David Lane nor do I play him on TV. But it’s funny to restate his cogent point about their MSIE browser:

Well, slap me with a moldy turnip and color me flabbergasted! I just think it’s a sad thing that Microsoft is receiving praise for doing something that everyone knows they should’ve done five to seven years ago

Read the rest.

Learn about ACID2.

Image above from Turnip Family Secrets.

Shake it up Baby Now, Twist and Shout – Sansa’s MP3 players will Rock YOU

The first album I ever fell in love with was the Eagle’s 1977 Hotel California. I must have spun that old vinyl 33 a thousand times on my brand new Ward’s Airline Stereo. Pretty cool stuff for a kid. New stereo, new music. new ideas. I just found out last night, that I’ve never actually heard the song.

I’ve never been a hardcore music fan. My college roommate, ran UCLA’s radio station in the mid 80s, and probably owned a bazillion albums. I had maybe 20. So I’m not really the ultimate customer for an IPOD. I like music, but couldn’t see my way to spending 300 bucks on an MP3 player, or a thousand dollars to fill it up. I’m fine with my car stereo and an occasional tune on the stereo system in my office. So I got picked, as the closest thing to a civilian here in our studios, to evaluate and test what’s new in MP3 players and portable music devices.

So let me tell you right off the bat, bang for the buck, the New SANSA Shaker will rock your world. This 30 dollar MP3 player has a purity and clarity of sound that is just amazing. I loaded up a digitally mastered recording of Hotel California, put in the earbuds, gave it a shake and heard the opening 12 string guitar like i’ve never heard it before. The stereo separation is so perfect, you can feel the marracas shaking on your left, the guitar in the center of your soul, the drummer in front and the audience to your right. Stellar, beautiful, clear, rich, rounded sound. Its almost enough to make you understand why people get addicted to their IPOD. I always wondered what stereo was good for. With the Shaker I understand. The first question I had was: Do all little earbud MP3 players sound this good? I loaded up the song on a $90 dollar VIBE from PNY, popped in my earbuds and heard plain old transister radio quality sound. So, no. Great sound is not a done deal, but the Sansa guys got it right. And this is their bottom of the line unit.

Nevertheless, even though I’m inclined to keep the Shaker myself, I’m not the real target demographic. It says right on the packaging: Ages 8 and UP. Thus, before I had a chance to discover great new sound, my two preteen sons have been marching around for the last week constantly rocking to the beat of their own shakers. My 12 year old has been asking for an IPOD for months, and was thrilled when I tossed him the Shaker. Ergonomically, its no IPOD look alike, so its cool to be the only kid in class carrying one. The Shaker is shaped like a little salt shaker, with a twist band top and bottom to control sound and navigation. Just give it a little wrist flick shake and it’ll randomly pick a new song to play.

He tells me its simple to load songs. (even his mom could do it). Plug in the scsi cable to the bottom of the shaker. Then open an explorer window to the list of songs on his PC, open another to the SANSA (because its built around a removable SD card – just like your digital camera- it shows up as just another removable harddrive on your PC) and drag the files you want from one to the other.

The Shaker is a really well designed little package with intuitive controls and nice extra features. Since the music is stored on a removable SD card (Sandisk’s core product) you can easily expand capacity, and in theory have an unlimited supply of songs available to your shaker.
Even better, you can grab a few low capacity SD cards for 10 bucks a piece and use one for each kid, or even one for you to store that new audio book you just downloaded. Best of all for a rugged little player aimed at kids, the Shaker is easy to share. It comes with an external speaker – so everyone can hear it, has enough power to drive a bigger pair of speakers or feed a stereo system, and even comes with Two headset jacks so the kids can listen together and Mom and Dad can still have some peace and quiet.

All in all, at the price, i would call it a sure fire gift for all of family holiday gift exchanges. The only guys who won’t love the shaker are the Zune product managers over at Microsoft. I don’t see how they are ever gonna be number two with Sansa in their way.

Check out SanDisk’s Product page here to learn more.

Why My Friends and Relatives Get My Tirades About Putting Me In Long To: and cc: Lists

A few years ago I began telling relatives that I would not give them technical advice if they didn’t bother to have basic antivirus software or sent me chain mail, jokes or any “look at this” email that didn’t explain in a sentence where I’d be sent, with a link. Any story, no matter how tear-jerking, if it didn’t have a link to its source, would be ignored.

I would even change political parties if my most loathed candidate from the other party would grant me the license to deny Internet access to anyone who sent out 3 debunkable hoaxes that could be found in a 4-word Google search where “Snopes” is one of the words, as in “Snopes microsoft cash”

But what’s getting my goat is just how gullible most well-meaning folks are and how clueless they are about their habits. Bruce Schneier discusses social phishing, and how it is more who sends you an email than its contents that determine whether you’ll go to where it directs you, no matter how dangerous.

Phishing Studies

Two studies. The first one looks at social phishing:

Test subjects received an e-mail with headers spoofed so that it appeared to originate from a member of the subject’s social network. The message body was comprised of the phrase “hey, check this out!” along with a link to a site ostensibly at Indiana University. The link, however, would direct browsers to www.whuffo.com, where they were asked to enter their Indiana username and password. Control subjects were sent the same message originating from a fictitious individual at the university.

The results were striking: apparently, if the friends of a typical college student are jumping off a cliff, the student would too. Even though the spoofed link directed browsers to an unfamiliar .com address, having it sent by a familiar name sent the success rate up from 16 percent in controls to over 70 percent in the experimental group. The response was quick, with the majority of successful phishes coming within the first 12 hours. Victims were also persistent; all responses received a busy server message, but many individuals continued to visit and supply credentials for hours (one individual made 80 attempts).

Females were about 10 percent more likely to be victims in the study, but male students were suckers for their female friends, being 15 percent more likely to respond to phishes from women than men. Education majors had the smallest disparity between experimental and control members, but that’s in part because those majors fell for the control phish half the time. Science majors had the largest disparity–there were no control victims, but the phish had an 80 percent success rate in the experimental group.

Okay, so no surprise there. But this is interesting research into how who we trust can be exploited. If the phisher knows a little bit about you, he can more effectively target your friends.

And we all know that some men are suckers for what women tell them.

Another study looked at the practice of using the last four digits of a credit-card number as an authenticator. Seems that people also trust those who know the first four digits of their credit-card number:

Jakobsson also found a problem related to the practice of credit card companies identifying users by the last four digits of their account numbers, which are random. From his research, it turns out people are willing to respond to fraudulent e-mails if the attacker correctly identifies the first four digits of their account numbers, even though the first four are not random and are based on who issued the card.

“People think [the phrase] ’starting with’ is just as good as ‘ending with,’ which of course is remarkable insight,” he said.

Another attack comes to mind. You can write a phishing e-mail that simply guesses the last four digits of someone’s credit-card number. You’ll only be right one in ten thousand times, but if you send enough e-mails that might be enough.

A virus that compromises my friends’ email address book compromises me. I want to take all email I get from my family and friends seriously, but if they’re sloppy and lax and add me to their To: and cc: lines in their email headers to spread around jokes and stories I last thought were funny in 1998, not only do they put me at risk, but everyone they know now has my legit email address.

Don’t be sloppy with the email addresses of your friends, relatives and business contacts.

Discover and learn to love your email’s BCC.

I really don’t want to have to say these words under oath… “And that’s when I started pummeling them with my cluebat, your honor…”

One Laptop Per Child Succumbs to the Law of Unintended Consequences

When the epicenter of spam in Nigeria meets the charitable intentions of One Laptop Per Child and the nature of children to explore where they ought not comes:

Nigerian pupils browse porn on donated laptops

Thu 19 Jul 2007, 15:34 GMT

ABUJA, July 19 (Reuters Life!) – Nigerian schoolchildren who received laptops from a U.S. aid organisation have used them to explore pornographic sites on the Internet, the official News Agency of Nigeria (NAN) reported on Thursday.

NAN said its reporter had seen pornographic images stored on several of the children’s laptops.

“Efforts to promote learning with laptops in a primary school in Abuja have gone awry as the pupils freely browse adult sites with explicit sexual materials,” NAN said.

A representative of the One Laptop Per Child aid group was quoted as saying that the computers, part of a pilot scheme, would now be fitted with filters.

Maybe “one laptop per child” got translated into “one lapdance per child”?

We should also have OLPC consider the wisdom of giving the world’s spam capital more tools to perpetuate their scams.

Web Servers of the 2008 Presidential Candidates

OK, this is a very funny angle. Douglas Karr blogs Is the next President of the United States running Linux?. Read the whole piece, with pie charts.

Here’s a summary:

Site Operating System and Server by Candidate

• Joe Biden (Democrat) – Linux, Zope by Interlix
• Hillary Clinton (Democrat) – Windows Server 2003, Microsoft-IIS/6.0 by Paul Holcomb
• Christopher Dodd (Democrat) – FreeBSD, Apache by pair Networks
• John Edwards (Democrat) – Linux, Apache by Plus Three
• Mike Gravel (Democrat) – Linux, Apache by Voxel Dot Net, Inc.
• Dennis Kucinich (Democrat) – Linux, Apache by New Age Consulting
• Barack Obama (Democrat) – FreeBSD, Apache by pair Networks
• Bill Richardson (Democrat) – Linux, Zope by Interlix
• Wesley Clark (Democrat) – Linux, Apache by Voxel Dot Net, Inc.
• Al Gore (Democrat) – Linux, Apache by Rackspace
• Sam Brownback (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by RackForce Hosting, Inc.
• Jim Gilmore (Republican) – Linux, Apache by 1&1 Internet, Inc.
• Rudy Giuliani (Republican) – Linux, Apache by RackSpace
• Mike Huckabee (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by LNH Inc.
• Duncun Hunter (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by Individual
• John McCain (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by Smartech Corporation
• Ron Paul (Republican) – Linux, Apache by Rackspace
• Mitt Romney (Republican) – Linux, Apache by Rackspace
• Tom Tancredo (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by Interland
• Fred Thompson (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by LNH Inc.
• Tommy Thompson (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by Time Warner Telecom, Inc.
• Chuck Hagel (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by Individual
• Newt Gingrich (Republican) – Windows Server 2003, Microsoft-IIS/6.0 by Smartech Corporation

Linux Lilliputians Team Up with Google’s Brobdingnagians

So the executive producer of TechTalk sends me this link from Fox News and asks me what I think.

Oy… more blog fodder. So I emailed him:

Do you want me to take a half hour to write something about this?

That the Linux folk are meeting at Google does not portend well for the consumer. There are fewer and fewer potential competitors for Google, and their Google’s dominance combined with their ability to profile users based on click/search activity is an enormous privacy threat.

Ultimately, operating systems and interfaces should become very portable, and almost invisible. In theory, if one had a 5GB thumb drive loaded with browser settings, passwords, etc, someone should be able to “jack in” to a thin client at a Starbucks or library which has a 21″ screen and a USB port and a broadband connection.

No, I do NOT want to use iGoogle or My MSN or other web-based bookmark aggregators designed to enable their owners to send advertising my way and profile my search and click behavior. Nor do I want to keep my addressbooks and business files online so that a disgruntled employee or outsourced foreign programmer too remote for extradition can compromise my privacy.

If you like Vista, fine. If you like OS X, fine. If you like Linux, fine. If you’re still plugging away on an Amiga, more power to you. Just as a vehicle can run on Shell, Exxon or ARCO gas, a thin client terminal will reduce the number of breakable parts to almost none. Let the user be preoccupied with his experience and tweak his thumbdrive from home.

I hate operating systems. I hate the attitudes of OS developers even more. I hate how the press portrays Microsoft as the ultimate technical evil while ignoring Google’s greater dangers to our personal liberties. Yes, Microsoft is evil, but its evils are limited to monopolistic avarice, and that’s hardly the worst evil. Google really wants to control you.

People may portray Microsoft as Gulliver and Linux as poor vulnerable Lilliputians. But most people never read ALL of Jonathan Swift’s Gulliver’s Travels and have never heard of Brobdingnag, which I liken to Google, or at least what Google aspires to be compared to Microsoft (Gulliver) at its greatest.

I think we’ll look back on a day, as we do at the Ma Bell phones, and lament how we bashed Microsoft into history in favor of telling Google our most private thoughts. Yeah, Microsoft is bad, but it’s not the worst bad.

Howard said “post what you just emailed me”.

Howard is kinda sneaky. He gets me to blog stuff even when I don’t want to work and just want to cantankerously vent.

Help Save Internet Radio

Senators Barbara Boxer and Dianne Feinstein and Representative Dianne Watson will be getting a call from me.

I’m a Pandora addict. I’m tired of the repetitive playlists of the local broadcast stations. After about 3 months, I’ve “trained” Pandora to mix about 30 “stations” into the kind of music sampling that keeps me happy all day while I slave over my keyboard.

A Day of Silence

Hi, it’s Tim from Pandora,

I’m sorry to say that today Pandora, along with most Internet radio sites, is going off the air in observance of a Day Of Silence. We are doing this to bring to your attention a disastrous turn of events that threatens the existence of Pandora and all of internet radio. We need your help.

Ignoring all rationality and responding only to the lobbying of the RIAA, an arbitration committee in Washington DC has drastically increased the licensing fees Internet radio sites must pay to stream songs. Pandora’s fees will triple, and are retroactive for eighteen months! Left unchanged by Congress, every day will be like today as internet radio sites start shutting down and the music dies.

A bill called the “Internet Radio Equality Act” has already been introduced in both the Senate (S. 1353) and House of Representatives (H.R. 2060) to fix the problem and save Internet radio–and Pandora–from obliteration.

I’d like to ask you to call your Congressional representatives today and ask them to become co-sponsors of the bill. It will only take a few minutes and you can find your Congresspersons and their phone numbers by entering your zip code here.

Your opinion matters to your representatives – so please take just a minute to call.

Visit www.savenetradio.org to continue following the fight to Save Internet Radio.

As always, and now more than ever, thank you for your support.

-Tim Westergren
(Pandora founder)

Thanks, Tim. I’ll get right on it!

Google is Worst Privacy Offender – Privacy International

Ars Technica reports:

A new report puts Google in last place when it comes to privacy protection. Despite recent moves to anonymize server logs and other pro-privacy gestures, Privacy International called the company “an endemic threat to privacy.”

Only Google earned the dismal “black” color bar from the group, which has just issued a report on Internet privacy that took six months to assemble (see the rankings [PDF]). The current report is preliminary; final results will be released in September.

See earlier TechTalk report Google, Do No Evil?