« | Home | Recent Comments | Categories | »

World pledges $2 billion

Posted on January 1st, 2005 at 22:04 by John Sinteur in category: News

[Quote:]

The world has pledged $2 billion in aid for stricken areas in South Asia and U.N. Secretary-General Kofi Annan will probably visit Indonesia next week.

Jan Egeland, the U.N. undersecretary-general in charge of emergency relief, the overall donations increased to $2 billion from some $1.2 billion due mainly to a $500 million pledge from Japan, the highest single donation to date. About 40 governments and the World Bank have made pledges.

USA $350 million, EU $300 million, individual EU countries almost $500 million, World Bank $250 million… and collections still going strong… I’m proud of Mankind!


Write a comment

German court sets copyright levy on new PCs

Posted on January 1st, 2005 at 14:37 by John Sinteur in category: Intellectual Property

[Quote:]

The District Court of Munich has ordered Fujitsu Siemens Computers (Holding) BV to pay a copyright levy on new PCs.

The landmark decision, announced on Thursday, ends a nearly two-year dispute between the largely Germany-based computer maker and the country’s VG Wort rights society, which has sought compensation for digital copying.

VG Wort had filed a suit against Germany’s largest PC maker, Fujitsu Siemens, seeking 30 (US$41) for each new computer sold in the country. The court agreed to a 12 copyright levy.

The rights society plans to apply the decision to all PC vendors in the country.

Middlemen are attempting — in vain — to sustain their dying and increasingly parasitic industries and refusing to adapt and re-invent themselves. Everyone else watches in amazement and dismay the consequences of this grand folly: innovation is thwarted, consumers penalized, access to works of art, literature and research constrained.


Write a comment

Judge wont let woman divorce while shes pregnant

Posted on January 1st, 2005 at 10:40 by John Sinteur in category: ¿ʞɔnɟ ǝɥʇ ʇɐɥʍ

[Quote:]

A Spokane woman trying to divorce her estranged husband two years after he was jailed for beating her has been told by a judge she cant get out of the marriage while shes pregnant.

The case pits a first-year attorney who argues that state law allows any couple to divorce if neither spouse chal-lenges it against a longtime family law judge who asserts that the rights of the unborn child in this type of case trump a womans right to divorce.

Theres a lot of case law that says it is important in this state that children not be illegitamized, Spokane County Superior Court Judge Paul Bastine told The Spokesman-Review newspaper.

Further complicating things, Shawnna Hughes claims her husband is not the childs father.


Write a comment

Comments:

  1. Maarten on January 2nd, 2005 at 0:42:

    I just posted that too after finding it in the Seattle Times. I sure hope that that’s just one rogue judge putting a slanted interpretation on some obscure legal precedents.

    The woman deserves to have a legal defense fund set up for her…

Sumatra

Posted on January 1st, 2005 at 9:38 by John Sinteur in category: Great Picture


[Quote:]

IKONOS satellite images show Aceh on northern Sumatra in scene details, at 2-meter resolution, taken by the IKONOS satellite from 423 miles in space, over Indonesia. The image on the left was taken on January 10, 2004 while the image at right was taken December 29, 2004


Write a comment

Cartoons

Posted on January 1st, 2005 at 9:35 by John Sinteur in category: Cartoon




Write a comment

Risk Your PC’s Health for a Song?

Posted on January 1st, 2005 at 8:52 by John Sinteur in category: Intellectual Property, Microsoft

[Quote:]

Think you’re downloading a new song or video? Watch out–that file may be stuffed with pop-ups and adware.

PC World has learned that some Windows Media files on peer-to-peer networks such as Kazaa contain code that can spawn a string of pop-up ads and install adware. They look just like regular songs or short videos in Windows Media format, but launch ads instead of media clips.

When we ran the files, we noted over half a dozen pop-ups, some attempts to download adware onto our test PC, and an attempt to hijack our browser’s home page. However, you can take steps to guard your PC against this ad invasion.

A reader initially alerted PC World to an ad-laden Windows Media Audio file, titled “Alicia Keys Fallin’ Songs In A Minor 4.wma.” We then found two other WMA files and two Windows Media Video files that had been similarly modified.

Using a packet analysis tool called Etherpeek, we determined that each media file loaded a page served by a company called Overpeer (owned by Loudeye). That page set off a chain of events that led to the creation of several Internet Explorer windows, each containing a different ad or adware.

Overpeer first made news in mid-2002 by offering its services to record companies looking to stop P-to-P pirates. It creates fake audio files that purport to be popular songs but play only a short loop of the track or an antipiracy message; the file then pops up a window offering the downloader a chance to buy the song. By flooding file-sharing services with spoofed files, Overpeer makes finding real music files more difficult.

MS originally put these capabilities in so the media companies could provide “richer” and more “interactive” content. If the RIAA and MPAA can do it, so can any hacker/cracker/virus writer. That’s a good enough reason to never touch DRM inflicted Microsoft media files. Law of unintended consequences: .wma/.wmv are dead as a format. Windows Media Player? Stick a fork in it, it’s done.


Write a comment

Comments:

  1. Maarten on January 2nd, 2005 at 0:52:

    Having interactive content as part of a music file seems like reasonable innovation to me (aren’t you in favor of evolution and innovation in the media market?), but that’s not what the article says the capability is for. It’s there to allow the DRM to let you play something once and then offer a chance to buy it. That seems totally reasonable too.

    The problem here is not with the fact that a WMA/WMV file can contain a link to such a dialog box. The problem is that they implemented it using an unrestrained, unsecured IE instance. IE itself is the problem here, and that made it an inappropriate component for WMP–but then leaky IE is pretty much inappropriate for anything, no?

  2. John on January 2nd, 2005 at 1:04:

    No, it’s not IE in this case. The basic problem is that a DRM file has a command-stream as well as a data-stream. That can be abused..

  3. Maarten on January 2nd, 2005 at 8:05:

    That’s not what the article you quoted describes.

  4. John on January 2nd, 2005 at 8:22:

    There’s no need for an Internet Explorer exploit. The command stream can connect to a DRM server and display license acquisition dialogs. When a user clicks yes, well, at that poin the user is the security hole exploited. Of course, current exploits in Explorer make this process a whole lot easier and automated, but that’s just an unrelated side effect.

    I know the PC world article makes it sound like a leak in IE was exploited, but they’re clever enough to only suggest that: “Using a packet analysis tool called Etherpeek, we determined that each media file loaded a page served by a company called Overpeer (owned by Loudeye). That page set off a chain of events that led to the creation of several Internet Explorer windows, each containing a different ad or adware.” I realise the obvious thing is to blame IE again, but that’s NOT what the article claims. Unless you equate “a chain of events” with “bug in Explorer”.

  5. Maarten on January 3rd, 2005 at 4:36:

    Actually, I’m interpreting this part of the article: But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to to be a clumsy way of saying that it’s a window that hosts an IE/Trident control. This is in keeping with MS’s way of doing things, e.g. how WMP displays dynamic content using an IE/Trident control. So I still bet that it’s really an IE problem.

  6. John on January 3rd, 2005 at 6:59:

    In that case we’re probably both correct. On a system with a fully secure Explorer, were such a thing ever exist, the command-stream in a DRM file could open hundreds of windows (which would be especially annoying if that DRM file were embedded in a webpage with zero width and height), and one last one with a dialog-like message “windows has discovered an attempt to blah, do you want to stop it? yes/no” that would get the user to do anything to stop the barrage of popups.

  7. Maarten on January 3rd, 2005 at 21:11:

    Can you give me a reference to documentation of the command stream part of MS DRM? (Perhaps we should use a different term, since “command stream” has a normal meaning in encoded content different from “binary executable”.) What I’ve found so far in a few minutes search/browsing talks about licenses being in XML format with no binary executable content, but it’s also a few years old.

  8. John on January 3rd, 2005 at 21:40:

    You’re asking me? I haven’t looked at QuickTime in a while so it would take me a few minutes to find the API references for the different track types, but Windows Media I’ve avoided like, well, like I’ve avoided all microsoft developer documentation.

    But anyway, a quick search on Microsoft.com gives me this which is part of the Microsoft Windows Media Rights Manager 10 Software Development Kit (SDK) but since that technically only discusses the header of a media file, I don’t think that really qualifies (although reading it I’d really like to experiment a bit with “javascript:” and “file://” URL’s, but that’s a different story).

    Thus, onwards went my search, until I ran into this which is part of the Windows Media Format 9.5 SDK.

    Script Streams

    You can deliver script commands in their own stream in an ASF file. Each sample in a script stream contains the two strings of the name/value pair. The advantage of using a script stream is that the commands will be delivered at the correct presentation time.

    I guess that’s enough to call ‘QED’? Although I must admit the functionality of this is far, far more limited than what I recall of my QuickTime days about 6 years ago (I recall scripts for mouse and key events, for example), I guess that’s on par for Microsoft innovation. At least it does support what I claimed – opening URL’s at specific time points during playback. See this.

    But you’re right when you feel this doesn’t really deserver the phrase “command-stream”. My apologies for that…

  9. Maarten on January 4th, 2005 at 4:40:

    Of course I’m asking you–you suggested you know something about command execution in MS DRM beyond what the cited article says. :)

    I was actually thinking that maybe you’d read third party analysis of MS’s DRM implementation that pointed to holes, and expected you’d have a pointer to something like that.

    From the doc you pointed to:

    Script type: URL
    Description: The player sends the specified URL to the browser for display to the user.

    So to repeat my question: are there security holes here that aren’t inherent in IE?

  10. John on January 4th, 2005 at 6:59:

    And the repeat my answer, when you can open thousands of popups just by playing a movie, you don’t need any further security holes.

  11. Maarten on January 4th, 2005 at 7:35:

    Of course, any web page can try to open thousands of popups, so in the end MS DRM is just as dead (“stick a fork in it”) as MS IE is. And IE may be losing market share, but it’s hardly dead.

  12. John on January 4th, 2005 at 7:43:

    Except these days IE has a pop-up blocker, and windows media does not. Expect abuse of this “feature” shortly. Oh, and IE is not dead, it’s resting! Beautiful plumage!

Complexification | Gallery of Computation

Posted on January 1st, 2005 at 8:46 by John Sinteur in category: Great Picture


[Quote:]

“We adore chaos because we love to produce order.” – M. C. Escher


Write a comment

Comments:

  1. Maarten on January 2nd, 2005 at 0:53:

    That’s a site full of gorgeous stuff. Thanks.

  2. Shunyata on January 2nd, 2005 at 20:13:

    Indeed. Thank you so very much for bringing this to my attention. I feel like digging up those old programming books now…