Friday, November 27, 2009
Games and privacy
I was in the mood to play a game. So I downloaded "Little Space Duo" to give it a try. But I never had the chance to run this Game. It was complaining it needs to register itself at launch. Now why? Its the first launch of the game. I didn't even had a chance to enter a registration key or anything. So what is it registering??
Now I use LitteSnitch for a very clear purpose. To know when evil programs violate my privacy and send out data I don't want to be sent out. Well in this game's point of view, LittleSnitch is considered evil as it specifically complains about it. Never the less, even if you allow all on LittleSnitch or disable it temporarly, it didn't work. So I did some research on what this app is really doing and did a wireshark trace with interesting results:
The app does connect to www.macgamestore.com and sends the following HTTP request:
GET /blocked/Little%20Space%20Duo HTTP/1.1
Host: www.macgamestore.com
User-Agent: Little%20Space%20Duo/1.0 CFNetwork/454.5 Darwin/10.2.0 (x86_64) (MacBookPro5%2C3)
Connection: close
So far not much information being revealed except my computer's type and architecture.
The response is however indicating more clearly on to why this doesn't work:
HTTP/1.1 404 Not Found
Set-Cookie: bpp=324184256.20480.0000; expires=Fri, 27-Nov-2009 17:41:17 GMT; path=/
Date: Fri, 27 Nov 2009 13:53:22 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 mod_ssl/2.2.4 OpenSSL/0.9.8e
Last-Modified: Tue, 25 Mar 2008 05:53:37 GMT
ETag: "da4b2b-3c2-92d2da40"
Accept-Ranges: bytes
Content-Length: 962
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at macgamestore.com
</ADDRESS>
</BODY>
</HTML>
<!--
- Unfortunately, Microsoft has added a clever new
- "feature" to Internet Explorer. If the text of
- an error's message is "too small", specifically
- less than 512 bytes, Internet Explorer returns
- its own error message. You can turn that off,
- but it's pretty tricky to find switch called
- "smart error messages". That means, of course,
- that short error messages are censored by default.
- IIS always returns error messages that are long
- enough to make Internet Explorer happy. The
- workaround is pretty simple: pad the error
- message with a big comment like this to push it
- over the five hundred and twelve bytes minimum.
- Of course, that's exactly what you're reading
- right now.
-->
In other words they built a blacklist mechanism into the application and lateron removed the blacklist from the server which makes probably all games complain which have an online connection. The workaround is simply to disable the network interface completely. Then it doesn't complain ;-)
Labels:
LitteSnitch,
macgamestore.com,
privacy,
wireshark
Thursday, October 8, 2009
AppStore Dwarfs need glasses...
AppStore Dwarfs are those magic workers behind the scenes at the AppStore. They do a lot of work simultaneously but they don't pay attention to details. Global.AQ 1.0.2 when submitted to the AppStore was rejected by the dwarfs with the comment that sending SMS doesnt work. It was written in the FAQ, on the App documentation, on the website that you must enter phone numbers in international format. Meaning with + in front. Every european who sends SMS across the border knows that. But the american dwarfs don't so they didn't type it correctly. I've heard another developer with a very similar application had exactly the same problem.
Now Global.AQ 2.0 is ready for prime time. First it was hold up due to "itunes disconnect". Then it took a full 2 weeks to get a reply saying, the app doesn't do what the advertisement text was saying.
They complained it doesn't do incoming SMS. Well they tested on AT&T where in fact it doesn't work yet (but AT&T is working on it, I'm sure it does soon) but it does work on a few selected networks (and many more are coming). But the advertisement text was telling this.
Conclusion: the AppStore Dwarfs must be blind. They never read the text fully.
So we have to wait for another 2 weeks. *Sight*
Now Global.AQ 2.0 is ready for prime time. First it was hold up due to "itunes disconnect". Then it took a full 2 weeks to get a reply saying, the app doesn't do what the advertisement text was saying.
They complained it doesn't do incoming SMS. Well they tested on AT&T where in fact it doesn't work yet (but AT&T is working on it, I'm sure it does soon) but it does work on a few selected networks (and many more are coming). But the advertisement text was telling this.
Conclusion: the AppStore Dwarfs must be blind. They never read the text fully.
So we have to wait for another 2 weeks. *Sight*
Labels:
AppStore,
AppStore Dwarfs,
AppStore Zwerge,
free SMS,
Global.AQ,
SMS
Wednesday, September 23, 2009
iTunes Disconnect
For those of you who develop iPhone / iPodTouch applications, you are probably familiar with iTunesConnect, Apple's tool to upload iPhone applications. I don't often use it because I'm not producing 100's of iPhone applications every months and for the statistics part I use AppViz which summarises daily everything I want to know.
Now yesterday our Global.AQ software was ready to be released in version 2.0 into the wild after having worked many many months on fine tuning thousands of small little bits. So I pressed:
and then I got this:
for over 15 minutes! So I retried and retried and retried. Nothing seemed to work. As it was already late I decided to try again in the early morning, a time where USA usually went to sleep and European business have not started to work yet so the hope was that servers where completely idle. But no luck either. Even at 07:30 CET, it didn't work. Some users on twitter reported similar problems but success by just waiting. So arrived in the office I did start up Safari and just have it wait.
So I did and got this after like 30 minutes I got:
Trying again, I got another 30 minutes later:
Maybe that's the new way of rejecting developers?
Its getting more and more absurd.
24. Sept. 2007 19:45 CET
I think apple has moved the site from a mac mini to an array of XServes. Upload was out of a sudden possible and blasting fast. Global.AQ PRO 2.0 is finally there. Now we only have to pass the review process (another 2 weeks to wait... )
Now yesterday our Global.AQ software was ready to be released in version 2.0 into the wild after having worked many many months on fine tuning thousands of small little bits. So I pressed:
and then I got this:
for over 15 minutes! So I retried and retried and retried. Nothing seemed to work. As it was already late I decided to try again in the early morning, a time where USA usually went to sleep and European business have not started to work yet so the hope was that servers where completely idle. But no luck either. Even at 07:30 CET, it didn't work. Some users on twitter reported similar problems but success by just waiting. So arrived in the office I did start up Safari and just have it wait.
So I did and got this after like 30 minutes I got:
Trying again, I got another 30 minutes later:
Maybe that's the new way of rejecting developers?
PS: Apparently I'm by far not the only one havin
g this problem. 2 days later its still there. Apple apparently is "aware" but they did not answer any of my e-mails.
Today I even had a new variant of error message
Its getting more and more absurd.
24. Sept. 2007 19:45 CET
I think apple has moved the site from a mac mini to an array of XServes. Upload was out of a sudden possible and blasting fast. Global.AQ PRO 2.0 is finally there. Now we only have to pass the review process (another 2 weeks to wait... )
Wednesday, August 5, 2009
Espresso
By espresso I don't mean the coffe but the radio emission on swiss radio DRS. In the next emission on
Ok now I'm censored from viewing the law pages. Kind of interesting approach.
PS: it looks like everyone was getting this page. It is no longer the case. So it sounds like a stupid mistake of a sysadmin instead of real censorship. But still funny.
Labels:
Data Retention,
EJPD,
vorratsdatenspeicherung,
Zensursula
Wednesday, July 22, 2009
Swiss version of the german "Vorratsdatenspeicherung"
The swiss federal police forces, the department for telecommunications surveillance, has invented new lawmaking. Based on the swiss law of telecommunications, they sent a "Vernehmlassung" to all internet providers in switzerland. "Vernehmlassung" is the discussion about a new law. Its usually a public process where the parliament asks the public if this new intended law is a good idea and what modifications should be made.
This time it was however different. The "Vernemlassung" was about rules which should follow the law. However those "rules" are self made rules by the police which go far and beyond what the law says. It invents interfaces which all internet providers must have so the police can send wiretap orders automated etc. Those orders which by law have to be authorized by a judge, however dont carry the information about which judge has ordered it. So the internet provider is by far not able to verify if this is legal or not. Also it imposes massive costs to the burden of the internet providers which he can not recover. So small ISP's can't complete this and have to go out of business. Furthermore those undemocratic rules have been declared confidential (how can you have a public discussion on something confidential??), are put into force on 1. August and passed through the "Vernemlassung" within 3 weeks at vacation time so nobody takes notice.
We have thus decided to stand up and break the confidentiality and publish our full answer so everybody can see for himself what power the police is trying to achieve.
The full answer is published on http://www.fink.org/ejpd-antwort.pdf
Other related posts:
http://www.woz.ch/artikel/2009/nr29/schweiz/18143.html
http://www.inside-it.ch/frontend/insideit?&site=ii&_d=_article&news.id=18419
http://blog.internet-briefing.ch/2009/07/22/vorratsdatenspeicherung_schweiz/
http://www.ayom.com/topic-30668.html
http://www.heise.de/newsticker/Bericht-Schweiz-plant-Echtzeit-Ueberwachung-des-Internetverkehrs-von-Verdaechtigen--/meldung/142082
http://www.statewatch.org/EUFBISW.HTM
http://www.cablemodem.ch/forum/viewtopic.php?t=8463
This time it was however different. The "Vernemlassung" was about rules which should follow the law. However those "rules" are self made rules by the police which go far and beyond what the law says. It invents interfaces which all internet providers must have so the police can send wiretap orders automated etc. Those orders which by law have to be authorized by a judge, however dont carry the information about which judge has ordered it. So the internet provider is by far not able to verify if this is legal or not. Also it imposes massive costs to the burden of the internet providers which he can not recover. So small ISP's can't complete this and have to go out of business. Furthermore those undemocratic rules have been declared confidential (how can you have a public discussion on something confidential??), are put into force on 1. August and passed through the "Vernemlassung" within 3 weeks at vacation time so nobody takes notice.
We have thus decided to stand up and break the confidentiality and publish our full answer so everybody can see for himself what power the police is trying to achieve.
The full answer is published on http://www.fink.org/ejpd-antwort.pdf
Other related posts:
http://www.woz.ch/artikel/2009/nr29/schweiz/18143.html
http://www.inside-it.ch/frontend/insideit?&site=ii&_d=_article&news.id=18419
http://blog.internet-briefing.ch/2009/07/22/vorratsdatenspeicherung_schweiz/
http://www.ayom.com/topic-30668.html
http://www.heise.de/newsticker/Bericht-Schweiz-plant-Echtzeit-Ueberwachung-des-Internetverkehrs-von-Verdaechtigen--/meldung/142082
http://www.statewatch.org/EUFBISW.HTM
http://www.cablemodem.ch/forum/viewtopic.php?t=8463
Friday, July 10, 2009
Amusing iPhone
Monday, June 29, 2009
Free SMS for your iPhone
If you want to send free SMS from your iPhone, simply download this iPhone application and you are all set.
Sunday, June 21, 2009
The internet is not just USA
The internet once got invented in USA so it started there a lot. But it didn't take too long to spread the world. Today, the internet is the place where international businesses meet and do business together. Globalisation is common. However there are some industries which have completely forgot that.
In my case I was looking for an easy way to process credit cards. I knew the "local guys" who do that do it in a very secure and highly professional way. But they are also very expensive and timeconsuming to get there. So I looked around and found a few who offered a small iPhone App as a credit card terminal. Sounded good for the rare small amount charges I had in mind. The iPhone App was sold or given world wide in the AppStore. But then you need some account with a processor. If you try to sign up there, you get stuck. You cant enter your country (missing field), you must enter a US state. The phone number field didnt accept numbers starting with a +. So I tried entering it "us-centric" in the way an american would dial my number.
Here's what I got:
What can I say, that processor didn't get my busines.
I'm still not amused how many american companies are running around in the internet thinking they could only do valuable business with americans. But they will loose at the end.
In my case I was looking for an easy way to process credit cards. I knew the "local guys" who do that do it in a very secure and highly professional way. But they are also very expensive and timeconsuming to get there. So I looked around and found a few who offered a small iPhone App as a credit card terminal. Sounded good for the rare small amount charges I had in mind. The iPhone App was sold or given world wide in the AppStore. But then you need some account with a processor. If you try to sign up there, you get stuck. You cant enter your country (missing field), you must enter a US state. The phone number field didnt accept numbers starting with a +. So I tried entering it "us-centric" in the way an american would dial my number.
Here's what I got:
What can I say, that processor didn't get my busines.
I'm still not amused how many american companies are running around in the internet thinking they could only do valuable business with americans. But they will loose at the end.
Labels:
credit card processing,
globalisation,
internet,
phone nubmer,
USA
Saturday, June 20, 2009
Officially Unlocked iPhone 3GS in Switzerland
Here is the ultimate "how to" to get an unlocked iPhone in Switzerland
Step 1:
Go and buy a new iPhone 3GS in any Apple shop or at any Orange retailer. It is important that Orange is delivering the phone. Phones from Swisscom Mobile will not work. I got mines from Ingenodata in Basel for 999.- CHF (32GB iPhone 3GS model). This is the "full price" model which comes without any contract. (Orange told me full price was 1299.- but who cares. Your price might vary).
Step 2:
Take your purchase invoice and scan it in and e-mail it to info@orange.ch with the comment that you would like your full price iPhone to be unlocked. You should include the IMEI number and Serial number of your phone. You can find it at the back of the box. In my case I never got an answer from Orange that way (even I was promised Instant answer) but they need some proof you paid full price at some point.
Step 3:
Call 0800 700 700, the hotline of Orange and go through the too many menus to mobile phones and customer care. Ask them to unlock your iPhone which you purchased at full price. They might ask you to do what you did in Step 2. Be aware that depending on which person you end up talking to, the answer can be "send in the papers", "give me your IMEI and I activate it", "I'll pass it to the backoffice, they call you back" or "I have no clue, let me ask my collegue". But they all know that it is possible. And if they know how to do it, they can doit very quick.
Step 4:
If you end up on a friendly guy answering with "give me your IMEI and I'll enter it" then be sure your iPhone is connected via USB. Give him your IMEI, let him type it into the computer and once he has done that, launch iTunes. iTunes will ask the Apple activation server and should get the unlock code immediately. You get a message saying something like "Congratulation your phone is now unlocked". Don't believe the employees if they say it takes 2-3 days to be activated. It takes 2-3 days to get someone from Orange to enter the IMEI into the system but once its at Apple's server, its instant.
I've done that with 3 iPhone 3GS I bought this friday morning and even though it took me various calls (mainly because I was in a hurry as I was planning on traveling outside of country the next morning), it was an easy going process.
Note: even though I am a Swisscom Mobile customer since 1994 and I paid my previous iPhone 3G at full price, Swisscom does not want to unlock. This also means that if you buy iPhones from Swisscom, they wont unlock and you're stuck to be Swisscom customer and you can not put a foreign SIM card into the phone if you travel abroad (#1 reason for me to only buy unlocked iPhones). In my eyes this is illegal but I leave it to someone else to go to court for it.
I can only say, Thank you Orange for having this fair option, even though I'm not your subscription customer.
Step 1:
Go and buy a new iPhone 3GS in any Apple shop or at any Orange retailer. It is important that Orange is delivering the phone. Phones from Swisscom Mobile will not work. I got mines from Ingenodata in Basel for 999.- CHF (32GB iPhone 3GS model). This is the "full price" model which comes without any contract. (Orange told me full price was 1299.- but who cares. Your price might vary).
Step 2:
Take your purchase invoice and scan it in and e-mail it to info@orange.ch with the comment that you would like your full price iPhone to be unlocked. You should include the IMEI number and Serial number of your phone. You can find it at the back of the box. In my case I never got an answer from Orange that way (even I was promised Instant answer) but they need some proof you paid full price at some point.
Step 3:
Call 0800 700 700, the hotline of Orange and go through the too many menus to mobile phones and customer care. Ask them to unlock your iPhone which you purchased at full price. They might ask you to do what you did in Step 2. Be aware that depending on which person you end up talking to, the answer can be "send in the papers", "give me your IMEI and I activate it", "I'll pass it to the backoffice, they call you back" or "I have no clue, let me ask my collegue". But they all know that it is possible. And if they know how to do it, they can doit very quick.
Step 4:
If you end up on a friendly guy answering with "give me your IMEI and I'll enter it" then be sure your iPhone is connected via USB. Give him your IMEI, let him type it into the computer and once he has done that, launch iTunes. iTunes will ask the Apple activation server and should get the unlock code immediately. You get a message saying something like "Congratulation your phone is now unlocked". Don't believe the employees if they say it takes 2-3 days to be activated. It takes 2-3 days to get someone from Orange to enter the IMEI into the system but once its at Apple's server, its instant.
I've done that with 3 iPhone 3GS I bought this friday morning and even though it took me various calls (mainly because I was in a hurry as I was planning on traveling outside of country the next morning), it was an easy going process.
Note: even though I am a Swisscom Mobile customer since 1994 and I paid my previous iPhone 3G at full price, Swisscom does not want to unlock. This also means that if you buy iPhones from Swisscom, they wont unlock and you're stuck to be Swisscom customer and you can not put a foreign SIM card into the phone if you travel abroad (#1 reason for me to only buy unlocked iPhones). In my eyes this is illegal but I leave it to someone else to go to court for it.
I can only say, Thank you Orange for having this fair option, even though I'm not your subscription customer.
Wednesday, June 17, 2009
Pricing
This happened while I tried to buy a train ticket from SBB. Translated it means that there are some delays on the pricing information. Well things can happen. Not a problem by itself.
But then it says that doesn't affect the ability for you to buy a ticket.
In cleartext: You can buy a ticket and they charge your credit-card for the exact amount, but if you don't buy a ticket, they can't tell you what the price would be.
Does that make sense to anyone?
Thursday, May 28, 2009
new version of 419 scam
Nigerian 419 scammers are getting on my nerves. Letters and emails are not good enough anymore. Now they start spamming via Skype.
[col alan] hello
can i have abrief word with you
[Andreas Fink] sure.what's up?
[col alan] im fine
how are u
[Andreas Fink] fine.
[col alan] im colone Alan Metler. us army
no cos for alarm
ok
[Andreas Fink] I see.
what brings me the pleasure to speak to the army?
[col alan] its all business
[Andreas Fink] sure of course
so what business are you in then
[col alan] some days ago my boys found a boy at the un office at iraq
with a consignment box
[Andreas Fink] and?
[col alan] so when i open up the box privately in my office i found out that the box contains 40million us dollars
[Andreas Fink] ah another 419 case...
[col alan] listen to me boy
this is serios
i have interv
the boy
i discover that the little boy father was the former owner of a oil company here in iraq
ok
bye
Will they ever give up?
[col alan] hello
can i have abrief word with you
[Andreas Fink] sure.what's up?
[col alan] im fine
how are u
[Andreas Fink] fine.
[col alan] im colone Alan Metler. us army
no cos for alarm
ok
[Andreas Fink] I see.
what brings me the pleasure to speak to the army?
[col alan] its all business
[Andreas Fink] sure of course
so what business are you in then
[col alan] some days ago my boys found a boy at the un office at iraq
with a consignment box
[Andreas Fink] and?
[col alan] so when i open up the box privately in my office i found out that the box contains 40million us dollars
[Andreas Fink] ah another 419 case...
[col alan] listen to me boy
this is serios
i have interv
the boy
i discover that the little boy father was the former owner of a oil company here in iraq
ok
bye
Will they ever give up?
Tuesday, May 19, 2009
Anarchy is coming to Europe
Politics in Germany and all over Europe currently goes mad. Politicians have spotted that the internet can do something they want. The discussion around the proposed law to block child pornography from the net has sparked ideas. The original idea was to block unlawful content. The original intention might be very well positive but the technical idea behind it is just nuts. A wall around a crime so you don't see it, wont stop the crime from happening. And there's plenty of laws to stop the crime already. The police are just too lazy to execute them.
Anyway, this discussion has sparked the idea to use network filters to block a few pages from the net. Now other politicians are getting the idea. Well if you can block child pornography with that, can't we use that tool to block something else too? And voilà the list of "we could stop this and that etc" starts.
http://netzpolitik.org/2009/buendnis-fordert-schaerferes-zensursula-gesetz/
The music and video industry wants to block the pirates of course. You know those few evil entities which ruined their business model. They just forgot to note that the music industry has ruined themselves because their business model just doesn't work in the new world and they didnt adapt.
Anyway, tomorrow it will be a politician who wants to block someone who says something bad him etc.
And there we go. The dangers are
- Censurship first class
- No more freedom of speech
- No more distribution of political power (see HADOPI). A single entity is accusing and judging and punishing. And that entity is not even voted in a democratic way. It is controlled by the music industry in the case of HADOPI in france.
- Small ISP's have to go out of business as they cant afford the investments needed in such net filters.
- The world gets split apart. Freedom of Information destroyed.
And no, this is not happening far away in a dictatorship controlled country. Its not china. Its right here in Europe. In front of your door!
Germans: go talk to your politicians. They have not understood the power of the internet yet. Explain it to them. Show them what they are trying to destroy. And vote for the petitions against censuring. And also consider voting for the petition to allow again to eliminate stupid digital right managements which has always been a pain in the ass in my eyes and its only purpose is to punish the legal user.
French users: go talk to your politicians. Ask them why they allow someone to get disconnected from the internet while still having to pay without a judge ever looking at the case! Its your civil rights which is at stake. You will suffer from it at the end.
Anyway, this discussion has sparked the idea to use network filters to block a few pages from the net. Now other politicians are getting the idea. Well if you can block child pornography with that, can't we use that tool to block something else too? And voilà the list of "we could stop this and that etc" starts.
http://netzpolitik.org/2009/buendnis-fordert-schaerferes-zensursula-gesetz/
The music and video industry wants to block the pirates of course. You know those few evil entities which ruined their business model. They just forgot to note that the music industry has ruined themselves because their business model just doesn't work in the new world and they didnt adapt.
Anyway, tomorrow it will be a politician who wants to block someone who says something bad him etc.
And there we go. The dangers are
- Censurship first class
- No more freedom of speech
- No more distribution of political power (see HADOPI). A single entity is accusing and judging and punishing. And that entity is not even voted in a democratic way. It is controlled by the music industry in the case of HADOPI in france.
- Small ISP's have to go out of business as they cant afford the investments needed in such net filters.
- The world gets split apart. Freedom of Information destroyed.
And no, this is not happening far away in a dictatorship controlled country. Its not china. Its right here in Europe. In front of your door!
Germans: go talk to your politicians. They have not understood the power of the internet yet. Explain it to them. Show them what they are trying to destroy. And vote for the petitions against censuring. And also consider voting for the petition to allow again to eliminate stupid digital right managements which has always been a pain in the ass in my eyes and its only purpose is to punish the legal user.
French users: go talk to your politicians. Ask them why they allow someone to get disconnected from the internet while still having to pay without a judge ever looking at the case! Its your civil rights which is at stake. You will suffer from it at the end.
Thursday, April 30, 2009
Paperium versus LiveScribe. Or how to get rid of customers
Since a few weeks, I am exploring the technology of handwriting recognising pens. I bought a LiveScribe Pulse . It is capable of recording your writing on special paper and save it on your computer as drawing. It is also able to record voice together with your notes and you can run applications on the pen itself. The exactness of the drawings are stunning and the sample applications clearly show how amazing technology can be. One thing which I however missed was to directly paint on the computer. This would require a live connection between the pen and the computer which is not possible as the pen is connected via a small USB dock.
I've then heard of Paperium one which uses Bluetooth. Paperium is not capable of recording the voice though but I thought I give it a try to see if its maybe of use for another usage case. I received a nice package with two CD's with a printed registration code on them. Sounds like every CD is hand made with a different code. So far so good. Once you install the software (simple drag & drop) and launch it, you get welcomed with:
Please install License File
Select Help -> Install License File... from Menu
Now where is my license file? Why would anyone put "Install license File" under the help menu? Why would I have to worry about that at all? There is no license file on the CD. There's just a code printed on the CD. Some pages deep down in the manual you then find out that you have to enter the registration code on the papirion website together with the serial number of the pen and together with your personal data to get the license file which then enables your application. In other words, the seller restricts you from:
a) using the software with another pen (apparently the pen is a Anoto PC-201 made by Hitachi Maxell)
b) using the pen with another software
c) selling the software to someone else which is your legal right.
d) stay anonymous.
And of course their website doesn't say anything about those restrictions.
And all those limits for a hardware product which was 165 euros.
Apparently the seller is way more concerned about his software being copied than he is worried about being user friendly. And you should be. I have decided to return the Paperium product unused to the seller without ever being able to even try it.
I'll stick with the LiveScribe which I bough from intellishop.ch. Quick delivery (24h!), great product. Absoutely worth the bucks.
I've then heard of Paperium one which uses Bluetooth. Paperium is not capable of recording the voice though but I thought I give it a try to see if its maybe of use for another usage case. I received a nice package with two CD's with a printed registration code on them. Sounds like every CD is hand made with a different code. So far so good. Once you install the software (simple drag & drop) and launch it, you get welcomed with:
Please install License File
Select Help -> Install License File... from Menu
Now where is my license file? Why would anyone put "Install license File" under the help menu? Why would I have to worry about that at all? There is no license file on the CD. There's just a code printed on the CD. Some pages deep down in the manual you then find out that you have to enter the registration code on the papirion website together with the serial number of the pen and together with your personal data to get the license file which then enables your application. In other words, the seller restricts you from:
a) using the software with another pen (apparently the pen is a Anoto PC-201 made by Hitachi Maxell)
b) using the pen with another software
c) selling the software to someone else which is your legal right.
d) stay anonymous.
And of course their website doesn't say anything about those restrictions.
And all those limits for a hardware product which was 165 euros.
Apparently the seller is way more concerned about his software being copied than he is worried about being user friendly. And you should be. I have decided to return the Paperium product unused to the seller without ever being able to even try it.
I'll stick with the LiveScribe which I bough from intellishop.ch. Quick delivery (24h!), great product. Absoutely worth the bucks.
Tuesday, April 28, 2009
Digital Death Penalty and the future of civil rights
There's quite some shakeup happening in the european lawmaking. A massive attack on civil rights is being pushed through by copyright enforcement entities. Trials such against the Pirate-Bay are showing that the fine line of hosting content or having a link to a content is not understood by low level judges. This would mean google could be sued for anything illegal you could find over it. And there's always something to be found. So google should be banned. Would that make sense to you? To me it doesn't but exactly those rules where used against the Pirate Bay.
But there's more changes happening. The Cybercrime convention as I wrote in my last blog entry is a time bomb which will go off at some point if not acted upon as well.
And the french are trying to run the 3 strikes rule for file sharer. This means if you get cought 3 times doing illegal filesharing, you will be disconnected from the internet. No questions asked.
Now at first this makes some sense. Remove the person the ability to do something illegal. Similar to take someone's weapon away so he can not do harm with it. But there is one thing which is getting forgotten. The internet for a "filesharer" is not just a tool to do filesharing. It has become a necessity of life. You can not send/receive emails without internet. You can in some cases not follow your public rights. In some cases its used for governmental use. So someone who can no longer access the internet is basically loosing a lot of civil rights. Think 20 years down the road. We might vote for presidents over the internet. Someone who had done something stupid in his childhood will still be banned from the net and can not participate. Even today, electronic banking rules everywhere. I predict in 2 years time you might no longer be able to pay your bills over the counter, or at least not without big problems and/or costs.
Now think about the 3 strikes rule again. This filesharer who has violated copyright 3 times when he was maybe 18 years old is now 40. He can not pay any bills electronically, he can not vote, he can not learn. This is what some people call the "Digital Death Penalty".
Is this penalty really the correct way to handle this?
Now to make the case a bit worse, the french president Sarcosy thinks it's ok to block access to "unlawful" internet content without a prior ruling by the judicial authorities. (see http://www.laquadrature.net/wiki/Campaign-Save_amendment_138_and_Internet_Freedom_from_Council_of_EU).
Now think again. I open a book publishing company tomorrow. And because I hate my neighbor, I will just blindly accusing him, he is sharing copies of my books. No judge needed, he gets blocked. I do this 3 times and he would be punished for life.
Even though this sounds like a far away example, you can imagine what powerful companies like the IFPI would do just because they think you have done something bad to them by pointing a URL to a file hosted by someone else. They could basically make you dissapear from the digital life. In my personal case, this would mean loosing my job 100%, loosing all my income with no ability to ever work inside the business.
Can this be right?
And a last thing is threatening Europe. Privacy in the internet is being melting down. Politicians in germany are using the "child pornography theme" to show that there is a major issue in the internet and that we need mechanisms to ban websites. They believe every ISP must install devices which support blocking websites. While everyone agrees that child pornography is bad and should be punished, some politicians think that blocking the access to the websites solves the problem. But its not. A list of blocked sites from Australia have shown that the sites they have blocked there have been still alive for months. A german newspaper has tried to fix this and has called the ISP in USA to find out what's the status. The site dissapeared within hours. So if its so easy to bring down childporn websites (and believe me the US police will prosecute such cases quickly), why to install all those devices to block access to sites which then can be so easy get around? Just to push to sell the boxes can not be the reason. The real reason is somewhere else. It gives the government the ability to block anything they dont want anyone to see. It gives them a tool to bypass juristical procedures. The example from Australia also has shown that one dentists website was on the blocking list. Why? because someone has hacked his computer. This problem was fixed long ago but he still resided on the blocking list. Why? Because no one told him he was on this list. So he got punished twice. He had to reformat his computer and reinstall everything and then no one could look at his website without him knowing that's the case. And he had no way of appealing to any decision.
What does this say to us? There are industries who do heavyweight lobbying to establish laws which allow to block any content someone likes without even a judge looking at it. Laws to bring down filesharers without a judge looking into it and to permanently ban them. Laws to enforce blocking devices, laws to make sure privacy is no longer existing in the internet so the potentially bad guys can be punished in advance.
In other words, the old fashioned music industry who is loosing its business is trying to convince us that its correct to leave child porn websites alone and instead use censorship to control our universe. They apparently have the money to pay expensive attorneys, to pay politicians and even french presidents to vote in their sense.
Just because they have the wrong business model we should pay this bill?
No. Stand up and make your voice heard.
To remind you what is at stake:
Fundamental Rights of the European Union, Art. 11
the right to “receive and impart information and ideas without interference by public authority".
Thursday, April 16, 2009
Cybercrime Convention
Switzerland has signed the cybercrime convention. Now its time to put it into applicable law. But this seems to be very tricky. Several IT and ISP's and telecommunications companies are objecting those changes for a good reason.
The issue is the new rule about hacking tools (see previous posts).
I have uploaded our detailed answer (in german) on to
http://www.bebbicell.ch/cyber-crime-convention-response.pdf
The issue is the new rule about hacking tools (see previous posts).
I have uploaded our detailed answer (in german) on to
http://www.bebbicell.ch/cyber-crime-convention-response.pdf
Wednesday, March 18, 2009
Apple's view of the world
Here's Apple's view of the world. They are so proud that they have 80 countries offering the iPhone that they painted the world red. The map above however is missing Greenland and Iceland. It simply doesn't look that nice to have two big white spots in the middle of USA and Europe showing that Apple doesn't have world domination yet.
Tuesday, March 17, 2009
CyberCrime and the wrong way to bring it down
The swiss federal adminsitration wants to change the law about cyber crime.
See also:
http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD
(or especially Genehmigung und Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität )
I think this new proposed law includes some dynamite in the details
First of all: I think its time for the government to face the fact that there are many open ends (like the discussion we had with the order from Canton de Vaud). My biggest issue with facing CyberCrime is however that not the law is the issue but the ability of the police force to enforce the law. Mainly due to lack of knowledge and probably financial resources. CyberCrime is happening every day and is happening Quick. The processes on police work where maybe accurate 1960 but lack the needed speed of todays events. I had two incidents in my own company where it has clearly shown that the police has not the slightest clue what's happening on the internet, besides how to fix the issue. Costed me a hell of a lot of money at the end even it was a crystal clear case for me (as a techie...). But I must admit its not the fault of the law, its the fault of the execution of the law and the financial resources needed to follow those cases. That's the real problem. If it takes 6 months to get police help from another country, it will take 6 months to stop the spammer. Well the spammer is changing its servers daily. So what does that help? Anyway...
The law above however has a section which I think is dangerous and could affect our work:
Now what does that mean? It is basically what the germans have done under the term "Hackerparagraph". It disallows software which could potentially be used for hacking to be distributed. The result of this was for example that in germany the WiFi tools to verify your WiFi security dissapeared. Why? because someone could use it for hacking. If you think this a bit further, you could use a C compiler to write a hacker tool, so the compiler could be considered a tool to do hacking and we all very well know know someone can write hacking tools in C. So to bring this ad absurdum, it could theoretically forbid us to distribute a C compiler. Or think about Linux with all the built in tools.
Of course this is a bit far reached but there are many gray zones in between. For example I use Wireshark, a great open source packet analyzer for my daily work because I develop network protocols. So I use it to verify my own written network protocols for accuracy or use it for troubleshooting on other networks. Of course someone could use this for hacking to listen to passwords in cleartext (for example from old POP3 accounts). So if the new law passes and we publish a wireshark version on our server, we become criminal?
The result will be that security tools to verify your security will be forbidden. You will not be able to verify if your machine is crackable or not. The real bad boys out there (and I'm not saying a hacker is a bad boy by definition because most are honest and more in the area of security researcher than anything else) will not give a dam if they are allowed to distribute this hacking software (they just use it anyway) because they per definition want to commit crime. So they will get hold of that software and just use it. And because no one was able to verify if POP3 cleartext passwords are floating on your LAN, they will find it out for you but they will not help you to make your computer network a more secure world, they will simply abuse it to send spam, to take money from your bank account or whatever they want.
So the normal end user is getting tools removed to help fight crime. This is helping the bad boys instead of keeping them out. Its like saying, you are not allowed to encrypt to protect your privacy simply because some bad boys encrypt to protect their evil plans.
The report from the EJPD was clearly written by lawyers, people who do not understand the technological impact of such laws. And thats why I think its pretty dangerous.
I think we should respond to this proposal to keep above paragraph out of the law. Otherwise we wouldn't even be able to help the police if they are investigating because the tools to do this are also used by hackers sometimes.
Here is what I got first from EJPD.
----------- snip ----------
Ihre Kommentare sind willkommen. Sie finden die Unterlagen unter http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD (Geschäfte EJPD: Cybercrime). Das Verfahren läuft bis 30. Juni 2009.
----------- snip ----------
There's also contact details on that URL there.
So feel free to make your voice heard or remain silent forever.
See also:
http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD
(or especially Genehmigung und Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität )
I think this new proposed law includes some dynamite in the details
First of all: I think its time for the government to face the fact that there are many open ends (like the discussion we had with the order from Canton de Vaud). My biggest issue with facing CyberCrime is however that not the law is the issue but the ability of the police force to enforce the law. Mainly due to lack of knowledge and probably financial resources. CyberCrime is happening every day and is happening Quick. The processes on police work where maybe accurate 1960 but lack the needed speed of todays events. I had two incidents in my own company where it has clearly shown that the police has not the slightest clue what's happening on the internet, besides how to fix the issue. Costed me a hell of a lot of money at the end even it was a crystal clear case for me (as a techie...). But I must admit its not the fault of the law, its the fault of the execution of the law and the financial resources needed to follow those cases. That's the real problem. If it takes 6 months to get police help from another country, it will take 6 months to stop the spammer. Well the spammer is changing its servers daily. So what does that help? Anyway...
The law above however has a section which I think is dangerous and could affect our work:
Das materielle Strafrecht mit seinen am 1. Januar 1995 in Kraft getretenen Bestim-
mungen im Bereich "Computerstrafrecht" vermag den Erfordernissen der Konventi-
on über weite Strecken zu genügen. Anpassungsbedarf ergibt sich bezüglich des
Straftatbestandes des unbefugten Eindringens in ein Datenverarbeitungssystem (Art.
143bis des Strafgesetzbuches, sog. "Hacking"-Tatbestand). Hier wird vorgeschlagen,
eine Vorverlagerung der Strafbarkeit vorzunehmen: Strafbar soll sich auch machen,
wer Programme oder Daten zugänglich macht im Wissen, dass diese für das illegale
Eindringen in ein Computersystem verwendet werden sollen. Daneben wird, ausser-
halb der Erfordernisse gemäss Konvention, vorgeschlagen, das durch die Lehre
verbreitet kritisierte Merkmal der fehlenden Bereicherungsabsicht in Artikel 143bis
StGB zu streichen.
Now what does that mean? It is basically what the germans have done under the term "Hackerparagraph". It disallows software which could potentially be used for hacking to be distributed. The result of this was for example that in germany the WiFi tools to verify your WiFi security dissapeared. Why? because someone could use it for hacking. If you think this a bit further, you could use a C compiler to write a hacker tool, so the compiler could be considered a tool to do hacking and we all very well know know someone can write hacking tools in C. So to bring this ad absurdum, it could theoretically forbid us to distribute a C compiler. Or think about Linux with all the built in tools.
Of course this is a bit far reached but there are many gray zones in between. For example I use Wireshark, a great open source packet analyzer for my daily work because I develop network protocols. So I use it to verify my own written network protocols for accuracy or use it for troubleshooting on other networks. Of course someone could use this for hacking to listen to passwords in cleartext (for example from old POP3 accounts). So if the new law passes and we publish a wireshark version on our server, we become criminal?
The result will be that security tools to verify your security will be forbidden. You will not be able to verify if your machine is crackable or not. The real bad boys out there (and I'm not saying a hacker is a bad boy by definition because most are honest and more in the area of security researcher than anything else) will not give a dam if they are allowed to distribute this hacking software (they just use it anyway) because they per definition want to commit crime. So they will get hold of that software and just use it. And because no one was able to verify if POP3 cleartext passwords are floating on your LAN, they will find it out for you but they will not help you to make your computer network a more secure world, they will simply abuse it to send spam, to take money from your bank account or whatever they want.
So the normal end user is getting tools removed to help fight crime. This is helping the bad boys instead of keeping them out. Its like saying, you are not allowed to encrypt to protect your privacy simply because some bad boys encrypt to protect their evil plans.
The report from the EJPD was clearly written by lawyers, people who do not understand the technological impact of such laws. And thats why I think its pretty dangerous.
I think we should respond to this proposal to keep above paragraph out of the law. Otherwise we wouldn't even be able to help the police if they are investigating because the tools to do this are also used by hackers sometimes.
Here is what I got first from EJPD.
----------- snip ----------
Ihre Kommentare sind willkommen. Sie finden die Unterlagen unter http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD (Geschäfte EJPD: Cybercrime). Das Verfahren läuft bis 30. Juni 2009.
----------- snip ----------
There's also contact details on that URL there.
So feel free to make your voice heard or remain silent forever.
Saturday, January 10, 2009
Exclusive fonts...
Monday, January 5, 2009
Virtually inexistant support
Edit: this problem has been fixed in VMWare 2.0.2. Now even 10.6 beta boots.
I own VMWare fusion 2.0.1. I use it on a MacOS X Server (XServe) to sometimes run Windows XP if I have to. But I also use it to try new stuff out in a "protected" environment. So I have a MacOS X Server instance running inside a VMWare Fusion virtual instance. I recently updated VMWare to 2.0.1 and MacOS X to 10.5.6. VMWare tells me that I should update VMWare tools inside the virtual machine for optimal performance. So I did. This is a BAD IDEA. MacOS X Server guest operating system didn't boot anymore after that.
So I reinstalled MacOS X Server 10.5.1 from CD, updated all the Apple updates to 10.5.6 again and VMWare tools again. Same problem. Locked up totally.
Clearly an issue for VMWare's support as its smells like a BIG FAT BUG.
So go to the website, click on support, you end up searching a database of similar cases. MacOS X Server is not found anywhere in there. So continue to register a support case. But oh-oh, you only get free support for 30 days. Well, ok I got to spend a few bucks. But no I can't. You try to log into the store and you get PAGE NOT FOUND. Sending a "comment" to the website triggers an email back after 30 minutes with the correct URL. Great now I'm able to waste my money in the shop and get a serial number for support. What now?
The confirming mail says you should register your product. So you click on it and what you get? Product registered. That's it. Now you log into support again and you get:
Well after quitting and restarting the webbrowser or force reload you can get past this. Now then you see I have an expired license. No mentioning of my registered pay per incident item. so what now? Well there is a item saying in emergency cases call this number. As this is my very last option, I call long distance across the atlantic.
"Welcome to VMware blabla, for VMWare Fusion, press #". I press #. "For VMWare Fusion issues please go to www.vmware.com .....". Great. Infinite loop.
Calling in again with NO OPTIONS selected. I end up on a human. GREAT. He can find my support license number but it says the license number I bought TODAY is already expired. He can not open a case due to that and wants to pass me on to the Licensing department to fix this. I get transferred and the call gets dropped.
I call again, "Welcome to VMware blabla, for VMWare Fusion, press #"... for Licensing issues and other stuff press 1. So I end up on another person. "Ah Fusion, please wait"... "Welcome to VMware blabla, for VMWare Fusion, press #". but now there's no option to wait. After 30 seconds "Please make a selection NOW"... and then "Welcome to VMware blabla, for VMWare Fusion, press #".
I call again and I end up on the same techie. He now figured out how to file my one time to support number and directs me through the website (including "not found" and all the issues again) I end up on a page to now file my support issues in a webform. He can not help me by phone. Its web / email support only (so why pay the bucks for commercial support if you dont even get phone support, but that's another story). So I successfully filed a request. HURRAY.
He also suggested to use VMWare Community. And there's an option from the support request page to go there so I do. I have to register AGAIN, now for the VMWare community (others call it forum but what the heck). Of course my usual username is taken and the webform only says that it can not register and brabbles some ununderstandable error. After picking another username I ended up on the forum. So I want to do a new post. Then I get this:
Going to the main page and go on to the community tab reveals this:
So I click on LOGIN (top left or the big fat button in the middle). This brings you to this page:
Fun, isn't it.
Getting nowhere, I decided to add those screenshoots to the support incident. But what do I get there:
and I also realized my phone number has changed:
To recap:
I spent about 1 hour of work, 29$ in wasted incident support, 3 international calls on a simple issue I'm sure the right techie could answer or fix in 1 minute.
The community can't help because you are not able to log in, the stuff is so carefully hidden in the website that no one can find it.
And after all this: my problem is still not fixed.
Well what options do we have? Unfortunately the competitor Parallels is worse. My Parallels Server actually freezes and after 2 months waiting, I have given up on them.
Conclusion: don't try to run virtualisation whatsoever on MacOS X on a server. Just don't even try. Boot camp is the only way (now I could start writing about 2h on how many countless hours it took me to get Vista running properly on my MacBook pro but I save this for another time).
Thursday, January 1, 2009
Windows Alert
Subscribe to:
Posts (Atom)