September 30, 2011

Unacceptable Incompetency: Microsoft Accidentally Deletes Google's Chrome Browser from Users' PCs

Microsoft now claims that about 3000 users were impacted when their Security Essentials antivirus package went berserk and incorrectly flagged as a virus -- and in many cases deleted -- Google's Chrome Web browser from users' systems today.

Jokes aside about Microsoft deploying a new weapon to boost its own Internet Explorer in the "browser wars," this event could have been much worse, should never have been this bad, and is a clear warning not just to Microsoft, but to the entire computing industry.

Security Essentials is a free package that Microsoft very heavily promotes and encourages users to install -- including within the normal Windows Update automated environment. It's straightforward to imagine how far more users could have been easily impacted by this event. Even worse, picture the consequences if other critical elements of PC's had been targeted in error this way, perhaps even making booting difficult or impossible.

There is no imaginable, reasonable excuse for how Microsoft could have screwed up so badly today. Even if a faulty virus signature was in their database, it would not have required more than a few obvious, rudimentary additional checks to indicate that a major software package was involved that should not be subjected to recommended or automated deletion in what can only be described as a cavalier manner.

Where were the sanity checks? Why weren't Microsoft personnel alerted to a nonsensical virus hit before Security Essentials was permitted to run wild deleting Chrome from trusting Microsoft customers?

This wasn't a rocket science situation, and it calls into question the totality of Microsoft's antivirus technology and associated management.

Is Microsoft the only antivirus vendor who could make this kind of major mistake? We'd be foolish in the extreme to make such an assumption.

This was a shot across the bow that could have been a disaster.

We had better take notice. Right now.


Posted by Lauren at 02:41 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Video Available: Google+ Identity and "Real Names" Discussion Hangout

Yesterday evening, I conducted an initial Google+ discussion video "Hangout" dedicated to the controversies surrounding identity ("real names") controversies on Google+. As I noted in Real Names, Guilt, Self-Censorship, and the Identity War, these are complicated issues.

My thanks to everyone who participated, especially given the short notice.

The video of this Hangout is now available:

Google+ Identity and "Real Names" Hangout Discussion
(YouTube / ~24 minutes)

A quick technical note: Recording of Hangouts without integral (server-based) recording facilities is technically challenging, especially if multiple systems aren't being used for this process. In this experiment, I used my own "split screen" technique to work around a limitation in the Hangout video switching algorithm, and to make it easier for me to overlay a "This Hangout is being recorded for YouTube" warning for any additional participants who might arrive during the course of the discussion itself.

While there are obvious limitations to this recording technique, it's clear that there is enormous promise in Hangouts for serious dialogues and explorations on all manner of topics, and I plan to schedule more of these sessions in near future.

Thanks again to the participants not only for their thoughts on the issues of concern, but for their willingness to be "guinea pigs" for last night's explorations.

Take care, all.


Posted by Lauren at 10:34 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 29, 2011

In Android Patent War, Microsoft Channels Al Capone

As we watch the U.S. still deep in economic turmoil, there are many fingers pointing in various directions trying to assign blame.

Clearly one primary aspect of what has now become a systemic failure of the U.S. economy, is the trend over recent decades toward making money through whatever (usually legal, but frequently unethical) schemes seem possible, rather than as a natural benefit of building useful products and providing quality services.

Wall Street and the insurance industries, with the support of their political minions in Congress and elsewhere, are masters at this evil game, and contributed mightily to pulling our country -- and the rest of the world -- to the brink of global depression. The puppet-masters of these plans bask in ever increasing luxury, while many of the rest of us can't even afford basic medical care.

But beyond Wall Street per se, the patent wars are another example of how our economy has gone terribly wrong.

Patents were created as a means to encourage innovation and production, not as a handy mechanism for protection rackets and extortion. These are strong words, but the dictionary definitions seem to fit the way some players in this realm are behaving.

The battles over smartphone patents and Android are an obvious example. There are two main reasons for buying patents in bulk. One is to attack other entities and to try to wring money out of them. The other is to try protect yourself from such attacks.

There are light-years of difference between how Microsoft and Google have approached this area.

Google hasn't been running around demanding vast patent-related payments related to Android. Google appears to have purchased patents in this space not just to help protect itself from patent-related attacks, but to also help protect Android developers and consumers from the unwarranted penalties and costs associated with patent extortion.

Microsoft, on the other hand, has reverted "true to form" -- back to the same kind of nasty sensibilities and shenanigans that had it forcing monopolistic contracts on PC manufacturers relating to the Windows OS on a take it or leave it basis.

And Microsoft still maintains much of their ingratiating "frat boy" attitude as well.

Microsoft's lead corporate communications spokesman initially responded yesterday to Google's complaints (regarding a new predatory patent licensing agreement with Samsung) by characterizing Google's statement as "Waaaah."

In a followup tweet he then referred to Microsoft's official blog statement regarding the agreement, which invokes the ghosts of Old Chicago (unfortunately, an increasingly familiar set of ghosts these days).

Its title -- Our Licensing Deal with Samsung: How IP Drives Innovation and Collaboration is Orwellian "doublespeak" aplenty -- given that these sorts of agreements result from fears of bloodthirsty patent holders wielding patents like weapons to block innovation.

This line from Microsoft's posting is of special note: "To them, we say this: look at today’s announcement. If industry leaders such as Samsung and HTC can enter into these agreements, doesn’t this provide a clear path forward?"

In other words, "Everyone else in the neighborhood is paying us so -- ya' know -- so, nothing, uh bad will happen to 'em. If you know what's good for ya', you'll see the clear path forward so that, uh, you don't suffer any unfortunate, uh, accidents or whatnot."

Somewhere in the great beyond, the spirit of Al Capone is smiling, and nodding his head in recognition. "Hey, those Microsoft boys are my kind of people!"



Posted by Lauren at 10:54 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 27, 2011

Santorum, Google, and Colbert

The "Senator Rick Santorum vs. Google" controversy exploded in my inbox yesterday, along with one really, seriously irate phone call that was particularly notable. Then satirist, ersatz right-winger Stephen Colbert closed out the day in his own unique style.

The level of activity suggests (though I certainly cannot prove) that some sort of organized pro-Santorum campaign had been deployed. I'm used to people contacting me about Google-related issues based on my various past postings, but yesterday had the smell of something more systematic.

In any case, the topic was a familiar one -- complaints about searches for "Santorum" on Google yielding as their top result an SEO-induced (that is, via the use of Search Engine Optimization techniques) link to what we could call a significantly off-color "revenge site" aimed at Santorum by an individual disgruntled by Santorum's anti-gay remarks.

Recent news reports have suggested that Santorum has recently approached Google asking that the search results be altered, and that Google has (appropriately, in my opinion) denied this request.

Colbert then picked up the theme last night, even quoting Google's Matt Cutts' accurate statement that search results are subject to first amendment protections.

The focus on Santorum will probably fade considerably once it becomes clear that he's not going to be the GOP presidential nominee. But search freedom detractors will likely continue to use this case as a "poster child" for their insidious demands that governments should have control over search engine algorithms.

Regular readers probably know that folks have been sending me their complaints about search results for years, and that I am absolutely dedicated to the concept that Google (and other search engines) should have 100% control over their search algorithms -- being forced to alter the order of those results based on specific complaints would set a terrible precedent.

Having said that, I continue to feel that some sort of explanatory "annotation" mechanism for specific highly controversial results in a carefully delineated set of circumstances -- much as Google has long done for searches on the word "Jew" -- might merit serious consideration. Such a process (to be applied only in a very limited set of cases) could provide useful transparency to help searchers understand why particular "contentious" results are appearing -- especially when they seem incongruous at first glance and have triggered significant public scrutiny.

Most importantly, such a system would allow search results to remain completely in their algorithmically computed order, which must rightly be viewed as a top priority for search engines and their community of users.

This is a very difficult set of problems, and there are no appropriate trivial solutions. No matter how these issues are approached, somebody is going to be dissatisfied. But calls for government involvement in search engine algorithms should be extremely alarming to everyone who cares about the sanctity of search results and the knowledge that they help impart to us all.


Posted by Lauren at 11:35 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 25, 2011

How to Steal Your Way to #1 In the Copyright Wars

A seemingly innocuous showbiz headline flashed on my screen today. It noted that Disney's 1994 animated blockbuster The Lion King was number one in the U.S. box office for a second week, even though it's a reissue!

Lion King is one of the top grossing films of all time -- and reportedly the highest grossing of all hand-drawn animated films.

Needless to say, the Lion King movie itself -- and its vast array of merchandising and spin-offs -- have been a gold mine for Disney, and you can be sure that anyone Disney has found to be ripping off the franchise -- as in illegal copies flowing around the Internet -- could find themselves subject to a full range of civil and criminal sanctions. Under the PROTECT IP Act being pushed through Congress, the ramifications for Lion King thievery would be even more severe.

But there's something particularly interesting about Disney's Lion King, that makes it a fascinating example of how media power itself can be used in dishonest ways.

Because almost certainly, Lion King -- the franchise, the film and all that flows from them -- is itself purloined, stolen, ripped-off.

Fans of 1960s Japanese Anime realized this almost immediately when Lion King was released 17 years ago.

Though Disney has always denied it and claimed coincidence, characters and plot elements from Lion King were obviously lifted from Jungle Emperor ( ジャングル大帝 -- Jungle Taitei) -- known in the U.S. as Kimba the White Lion.

The degree of parallels is nothing short of remarkable -- and far outside the realm of any conceivable coincidence in a rational analysis.

A number of YouTube videos have even explored this controversy in detail, illustrating the intellectual property theft from Kimba scene by scene. Two good examples are: The Lion King - Homage or Stealing and Lion King - An Overview on Kimba and Interesting Facts.

Watch them for yourselves. See what you think.

The fate of the Western World no doubt doesn't rest on the vast sums (reportedly approaching a billion dollars) that Lion King the film has fed into Disney's coffers.

But for those of us concerned about intellectual property issues, and in particular the apparent desires of some in the media empires to remake the Internet "in their own image," Kimba vs. Lion King is a fascinating case.

I have friends in the movie and other entertainment industries here in L.A. who are hard workers, and they're understandably concerned about their futures in an age of rapid Internet-induced technology changes.

But this doesn't excuse the fact that some leaders of the entertainment empires are pushing Congress to create vast new classes of "casual copying criminals" -- while pushing for technological changes to core Internet technologies that are affronts to Net security and stability -- and to civil rights as well.

These corporate media moguls are always ready and willing to declare Internet users to be crooks and thieves who should be massively fined and in some cases even imprisoned. In so many of these cases, the punishments being deployed are massively far too serious -- far out of scale -- for the offenses involved.

And while clearly there are some serious intellectual property crooks out there, who truly do deserve significant sanctions, it seems only fair to note that when it comes to making crime pay, there are cases where the media giants themselves make everyone else look like rank amateurs.

Kimba, at least, certainly deserved better.


Posted by Lauren at 10:25 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 10, 2011

SSL vs. "Referers": Friend or Foe?

In a recent posting in some other venues, I noted with pleasure that Google is now testing the use of "SSL by default" for Google Search.

In passing, I very briefly touched on the implications of SSL for "referer" data that is traditionally passed along to Web sites when a user clicks a link.

I received a surprisingly high level of diametrically opposed reactions. On one side, people were saying, "Good riddance! Referers are privacy invasive and never should have been implemented in the first place!"

On the other hand, I also got many messages with claims along the lines of, "This is just Google's attempt to ruin my analytics -- they don't really care about privacy."

The latter assertion is the easier to address. I've been talking to Google folks for years about SSL issues, and there has been a consistent desire to move their services toward this protection on a default basis (as they've already done with Gmail and Google+). The collateral impact on referers has been an issue of concern all along, and possible workarounds such as enhanced Webmaster Tools data and other techniques have always been part of the discussions.

But the still largely status quo of "postcard security" data on the Internet, where any entity -- commercial, government, or others -- who have access to a data stream can read most information in the clear, has become intolerable, and securing these paths to the extent practicable must be viewed as an important priority. For now, SSL is a practical means to that end.

The "Good Riddance" reaction probably needs a bit more exploration.

Let's remember what "referers" (typically misspelled in this manner due to an original misspelling in the HTTP specifications) really do.

When a user views info on a Web site, the associated site's logs will typically record a variety of data regarding the connection, including source IP address, various browser-related configuration information, and other information -- most notably for our discussion the referer.

The referer is the URL of the page that contained the link that the user clicked to reach the destination site -- the page that "referred" the user. In the case of a search results page, that referer will usually including the user's search query as embedded in the URL itself.

However, when a user click arrives via a site that was viewed through SSL, the information that would otherwise normally have been relayed (like the referer) will usually no longer appear. Note however that the IP address of the user will still be present.

The passing of referer information is a function not only of the sites involved but also of the user's browser. Various browser extensions and plugins have long existed that allow users to optionally block referers if they wish.

There are various reasons why referers were originally implemented. One important one was to aid in session sequencing, since knowing the full URL of the previous page -- that referring page -- could be useful to maintaining session transactional states, especially in the absence of more advanced methodologies that would further evolve later.

Some critics of referers make the claim that only "snooping businesses" are interested in such data, and so cutting it off would harm nobody of real merit.

But this really is not true. I believe if you took a poll, you'd find that the vast majority of Web site operators -- including nonprofits, individuals, and so on, not just commercial enterprises -- use referer data to better understand what people find to be of interest on their sites, and to have some sense of how their sites are being referenced by the broader world.

I know that I find this data to be of significant interest, and I don't run any ads or other monetizing elements on my blog. While there are other ways to discover relevant links over time, being able to see immediately when there's a "flood" of hits referring from a particular site (e.g., a Slashdot posting!) can be very important not just as a point of knowledge but from a site management standpoint as well. Visible search terms in referers tell me what issues from my postings are of particular worth to readers, and help me determine followups and future emphasis.

Could I continue posting new items if all log referers suddenly vanished? Sure. It would mean switching to more limited tools that were less real-time in nature, like retrospective searching and such, to try understand the dynamics of users viewing my site, but the fundamental ability to run my blog would of course not be significantly undermined.

But there would be a notable diminishing of the "value proposition" between readers and the site.

While you may never have thought of them in this way, referers can be viewed as something of an "equalizing" agent between large and small Web sites.

When you conduct a search on a search engine, that site obviously knows your query, so that they can provide you with a list of results. You then usually visit sites based on that list, and (hopefully) obtain the information of interest. This transaction -- that typically occurs without your being charged any fee by either party -- still has real value.

Questions: Is it unreasonable for the site that actually provides the information that answers your query, to see the same data (the search query itself) that the search engine itself had? The search engine must have the query to process your request, and can use this information to improve its search results over time. Is it reasonable to argue that the actual content site should have the same opportunity to improve its services through the use of this data?

These questions can certainly be argued either way. I personally come down on the side of best possible use of data in a responsible and egalitarian manner whenever possible.

In any case, the increasing routine and default use of SSL, with the many important benefits it brings, is likely moving the era of traditional referers toward a gradual diminution and ultimately an effective closure in many respects. Other analytical mechanisms (either existing or yet to be developed and deployed) will likely take up some of the slack, and in some cases provide even greater insights.

But perhaps of even greater importance in the long run, is the reality that questions surrounding the collection and use of transactional data, even related to relatively routine operations on the Internet, can be much more complex than they might appear at first glance, and that seemingly obvious "simple" solutions (such as blanket restrictions) may actually create or exacerbate far more problems than they might solve.

This is true regardless of who is referering to ... I mean referring to ... uh, talking about these issues!


Update (9:00 PM):

When I wrote the above posting text earlier today, my intention was to highlight the complexity of these issues from a "philosophical" standpoint, not to get at all into the technical details of SSL and browsers. But some queries I've received since I posted suggest that a few more words are in order.

I'm simplifying somewhat, but the decision to send (or not send) the current referer onward with a user click is made by the user's browser itself. That is why existing browser options and extensions to control referers can function. The SSL referer pass-along prohibition is based on the desire to avoid exposing a URL "resulting" via an SSL connection (e.g., SSL to a search engine), on a subsequent click (like from search results) to a site that is not using SSL, exposing the referer URL in unencrypted ("in the clear") form.

If a "clicked-to" site (e.g., clicked from search results generated via an SSL connection to a search engine) is also using SSL, the requirement for "end-to-end" encryption is met, and a browser may (subject to any other restrictive settings or options at the browser) pass along a referer as usual.

So we have yet another irony. As major sites convert to default SSL, especially search engines, there will be a dramatic drop-off in referers, all else being equal, since most sites don't use SSL, and appropriately deploying SSL on complex and busy sites can be a nontrivial task in various respects.

If we could flip a switch and make every site on the Internet SSL at once, the "SSL to non-SSL" ("no referer") issue essentially would not exist.

In reality though, at least for the foreseeable future, there will likely be a widening gap between major sites supporting default SSL and the vast numbers of "referred-to" smaller sites that don't. Combine this with the (in my opinion inappropriate) "demonization" of referers by various parties -- likely to affect browser defaults in this context -- and you can see why I suspect that traditional referers will be in a downward accessibility spiral, as I discussed in the main blog entry above.

I hope that this clarifies the issues at least a wee bit.


Posted by Lauren at 01:30 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 02, 2011

CBS Borg Force Google to Disintegrate Android "Tricorder" App

OK, this isn't the end of the galaxy, the quadrant, or even the world. But it sure is another example of how totally inane intellectual property demands have become. Make sure you're sitting down before reading onward for this one.

Since early in the public availability of Google's Android OS, there's been an Android user app under continuing development called Tricorder -- delightful, free, and utterly harmless.

The Tricorder app displays, with optional beeps and boops to gladden the heart of any Trekkie or Trekker (don't drag me into that comparative naming issue, please!), a variety of Android phone sensor data and some external info, such as current solar conditions and the like.

Tricorder's very limited display layout is a bit reminiscent of the colors and curves of Enterprise display screens from Star Trek: The Next Generation, but only in the most general of ways. Great fun for Trek fans, though.

Now, after all this time, comes word that CBS ordered Google to pull the app from the Android Market, causing the author to defensively obliterate his associated Google Code hosted project.

CBS claims infringement on the "LCARS graphical user interface" from the show.

To call this moronic would be an understatement similar to calling the Borg a "minor nuisance" to The Federation.

The Android Tricorder app "infringes" on Star Trek to the same degree that a homemade model of the Empire State Building created from LEGO building blocks would infringe on the property rights of Malkin Holdings (owners of the actual building).

It's almost (but not quite!) possible to feel sorry for the poor slob at CBS or their law firm whose job it must be to go searching around the Net for anything even vaguely Trek-like on which to sic the DMCA. Using heavy boots to stomp on Tribbles is probably this person's idea of a good time.

Many, many Stardates ago, I spent a chunk of my life in Hollywood working within the Star Trek universe, and I had the opportunity to interact with various of the original creators and principals. Even way back then, there was certainly an interest in protecting against direct copying of key Trek intellectual property, but I believe that the concept of calling out the lawyers to shut down a remotely affiliated free Tricorder simulation would have been laughed right off the sound stage.

And of course, you can still find the Tricorder app (latest version 5.12, I believe) with a wee bit of searching -- at least perhaps until Congress passes PROTECT IP and starts to enforce its censorship will on the entire Internet. Kinda makes the Borg's "assimilation" scheme seem almost lightweight by comparison.

In 1976, in the classic skit The Last Voyage of the Starship Enterprise from the first season of Saturday Night Live, the late John Belushi's character of Captain Kirk explained that, "We have tried to explore strange new worlds, to seek out new civilizations, to boldly go where no man has gone before. And except for one television network, we have found intelligent life everywhere in the galaxy."

At the time, he was speaking of NBC. Those words written by Michael O'Donoghue could be applied in reference to CBS with an order of magnitude more emphasis today.

When it comes to copyright laws and intellectual property in the Internet universe of the present, it's Star Peck, Wreck, and Dreck -- not Trek.

CBS and its kin, like the Borg, tell us that "resistance is futile."

We shall see.


Posted by Lauren at 08:15 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 01, 2011

AT&T, T-Mobile, and "Leave It to Beaver"

Between 1957 and 1963 on U.S. television, the iconically family-friendly comedy series Leave It to Beaver was immensely popular.

Arguably the most fascinating character on the show was a duplicitous jerk named Eddie Haskell, wonderfully portrayed by actor Ken Osmond.

I found myself thinking about good ol' Eddie today as I perused the various articles explaining how AT&T is pulling out all the stops -- likely to include new offers of resources divestitures and even perhaps dropping some T-Mobile subscribers, in a continuing hell-bent effort to assimilate all too willing T-Mobile, in the face of Department of Justice actions to try (at least ostensibly) block the merger itself.

AT&T doesn't like to lose. It has recreated much of the power of the old Bell System in recent years, reforming since its 1984 breakup despite endless promises and guarantees that nothing of that kind could possibly occur.

And AT&T doesn't just lie and mislead -- the historical record of their unfulfilled promises to regulators, communities, and legislators is clear enough on those points -- but it crucially knows when to back off a bit as well, smiling as if their new concessions were actually their plan all along.

Eddie Haskell knew that game well. He cared only about himself. To your face he'd smile and be the epitome of politeness. When your back was turned he'd hypocritically plot and badmouth you with equal aplomb. And in case he got caught, he always had a protective hand ready to play.

So now the talk is that Eddie -- I mean AT&T -- is ready to promise lower prices for a while, and perhaps even show some T-Mobile subscribers the door to slightly reduce the massive market power the merger would bring -- the technical term for the latter is "shedding" by the way. (Question: Is subscriber shedding more like shooing away flies? Or is it like picking off fleas and drowning them in alcohol?)

Either way, a probable dilemma is that many (perhaps most) T-Mobile customers aren't the company's subscribers because the prices are lower, but because they simply don't want any part of AT&T wireless services. As I've noted in past postings, I've twice before had my own cell service sucked back to AT&T from other companies as a result of previous mergers. It's like the film Groundhog Day, only without Bill Murray or snow.

There's much pondering about what would happen to T-Mobile if the merger ultimately falls through.

But you probably wouldn't have wanted your daughter to marry Eddie Haskell.

And if you're a T-Mobile subscriber, being forced into bed with AT&T would be much more akin to a nightmare than a situation comedy. Even without Eddie.


Posted by Lauren at 10:36 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein