I'm hesitant to write this piece, because there are a lot of people out there who don't analyse functionality - they just adhere to brand preference. It's a bit like the Holden v Ford wars of the 80's.
Anyway, I own a new Mac Mini with 8 GB of RAM and Mountain Lion (as of today), an older Mac Mini with Leopard, and a bunch of Windows 7 machines. I even have a Windows 8 preview, which I can't stand and never use.
I think Mac OS X is not as convenient to use as Windows 7. I think Ubuntu 12.04 is not as convenient to use as Windows 7. I would never by choice use either as a day to day machine. I think OS X is a terrible operating system - as bad as Ubuntu.
There, I've said it. But why? Now, bear in mind that I suspect many of my complaints can be fixed with tweaking, but I don't tweak Windows 7 either.
For document management, the Finder is truly awful. Each of the views in the Finder doesn't display all of the information you need, nor the display you last requested.
Even something as simple as "Don't reopen my windows on next boot" is simply ignored by the Finder. EVERYTHING friggin' opens all the time without me requesting it.
Reopening documents I've finished with is even worse.
Cut and paste files? It seems to work in some scenarios but not others.
Connect to an SMB/CIFS share? Not only is it stupidly slow to connect, it takes 20 seconds to enumerate a file listing that takes 1 second on my slowest Atom powered netbook. Is Apple trying to be funny?
The moment you don't want Apple's defaults - say, moving your music folder, you need to learn about UNIX symbolic links. On Windows you right-click and re-home the folder.
The stupid Finder file views don't make any sense at all.
Desktop web shortcuts always default to Safari - why can't I make them open in Chrome?
Sherlock on the Mac has always been superior to any other OS - that's one good thing.
The Dock is a very odd and not very intuitive GUI element. And by the way, the incredibly subtle little dot underneath running apps is an exercise in modesty. I don't know how to improve the Dock, but it just doesn't feel right.
My Mac is every bit as unstable as every Windows 7 machine I've used. It freezes just as often - say, every fortnight or so.
I'll add to this post over time, but really, five months with the Mac and OS X has made me realise that Windows 7 is the best currently available.
26 July 2012
22 July 2012
Cyberspace August 2012
I regularly revisit technology that I think has potential but hasn't made it yet. In the mid-90s I wasted a lot of time on voice recognition on the Macintosh, and asking the computer what time it was usually ended up in launching WordPerfect. I've done the same with Linux over the years, and a recent trial of Ubuntu 12.04 reminded me why I still don't use it.
I decided to revisit voice recognition this year, and purchased Dragon NaturallySpeaking 11.5 Premium (available for Windows and Macintosh). I normally use it wearing a headset at my computer, but there is an iPhone client which allows you to dictate as if you were speaking on the phone, and later upload dictation for transcription later. The voice recognition is very accurate, and after learning the basic set of commands I can navigate my PC, open and close applications, dictate magazine articles, and look at documents rather than the computer while dictating, just as I would do with a normal handheld dictaphone.
Is this more productive? I think it is - I recently wrote a 3,000 word paper using the system and I believe I saved approximately one third of the time I would have taken to type it myself, despite being a fast typist. I can now read, look at other documents, use both hands with a book and avoid common spelling mistakes while getting my thoughts down. It is reasonably tolerant of background noise and regularly processes the dictation it receives to create a voice and audio profile that seems to negate some of the effect of working in an open plan office. The transcription is context sensitive, so it makes fairly accurate judgements as to whether I want to use for or four, and it can insert commas and full stops for you. If it struggles with a word you can spell it and it will remember that word and all your particular pronunciation of it. The main requirement is to speak clearly, because it is not as intelligent as your secretary - however that does not mean that you need to speak like a robot. On the contrary, it prefers you to speak naturally in full sentences so that it can understand the context of the words you dictate.
Would I recommend it to another lawyer? Yes. It provides the freedom of dictation with instant results.If you are happy to go back and revise it yourself you can get a lengthy document out quite quickly. I haven't fully explored all the commands available or the customisations you can carry out, so that inserting footnotes and other rather specialised activities are still a manual process for me but I have no doubt that I will master those in time as well. I can even open an e-mail in Outlook, reply and send the reply all without touching the keyboard. It works in most applications, including browsers, so if you use Web based e-mail you can still dictate. It can also scan your e-mails to learn the names of people you correspond with, so you can say "new e-mail to Joe Bloggs" and it will understand who that person is and his e-mail address.
One particularly interesting modification you can make is to set up commands that will automatically insert boilerplate content or signatures and logos. For example, you may have a standard limitation of liability clause for trusts – you can insert a whole page with one command.
Both Windows 7 and the next version of OS X, Mountain Lion, have built-in dictation abilities. However, they are not sufficiently advanced to use in practice. You may be able to make them work, but the cost in time will far outweigh the cost of buying a dedicated product.
18 July 2012
Arcane Spellcaster
I bought an Android TV dongle from Kogan recently. The setup wizard is described as follows:
"Simple arcane spellcaster"
Who's been playing too much World of Warcraft?
"Simple arcane spellcaster"
Who's been playing too much World of Warcraft?
Cyberspace July 2012
Privacy
You might recall that in October last year First State Super (FSS) responded to a report from one of its members that he was easily able to access other members’ statements, because the website used a “direct object reference” style of programming. This is a very simple way of extracting data from a database, but it means that the “key” is in the URL, and it is easy for a user to change the key simply by typing in the URL bar. This happened in 2000 to the ATO, which is used the ABNs as the key in the URL. According to the Sydney Morning Herald, FSS responded with legal threats against the member. The technology community expressed outrage however, as the security breach apparently was due to direct object reference coding.
The Privacy Commissioner conducted an own motion investigation and recently reported that while FSS had not breached National Privacy Principle 2, it had breached Principle 4.1. FSS had outsourced its IT systems to a third party, Pillar, who had conducted over 200 security tests, but had not tested the website in question. The Privacy Commissioner concluded that there had been a breach of Principle 4.1 due to the limited testing, leading to a failure to have adequate security measures in place.this
There are a few lessons from this case. The first is that outsourcing IT by you or your clients will not protect one from a finding of breach due to a failure by the outsourcing company. While you may obtain warranties and indemnities from the IT company, this will not protect you from reputation damage.
The second lesson is to ensure that you do have adequate warranties and indemnities from the IT company. You should also ensure that such insurance cover as is available is held by the outsourcer so that the indemnities are actually worth something.
The third lesson is to become involved in the security regime, and not merely leave it to the contractual position. This will probably involve gaining access to a great deal of confidential information and intellectual property held by the IT company. While there may be reasonable resistance to this, it should not deter you from satisfying yourself that your or your clients’ personal information is adequately protected. In particular, a suitably qualified person should understand the technology used, the ownership of the hardware and software, the testing regime and be able to understand the results of testing. Bear in mind that Pillar had conducted over 200 tests, but had failed to test the system that ultimately failed.
Depending on the nature of the system outsourced, it may be worth treating the systems as if they were an asset during the due diligence. If software was the primary asset being purchased you would want to understand the commercial value based on quality, security, ownership of intellectual property and the ability to adequately maintain the software.
A final lesson is in how FSS ultimately responded to the event. The Privacy Commissioner publishes a data breach notification guide, and FSS carried out many of the steps in the guide. These included: understanding the extent of the breach, resolving the flaw immediately, contacting the police, seeking assurance from the member that the information had been destroyed, engaging a penetration testing consultant, and updating policies and processes. While some components of the response were probably a bit wanting, they showed sufficient effort that the Privacy Commissioner ceased his own motion investigation. They also no doubt had the desired effect of ensuring that the member did not carry out the same activities again.
You might recall that in October last year First State Super (FSS) responded to a report from one of its members that he was easily able to access other members’ statements, because the website used a “direct object reference” style of programming. This is a very simple way of extracting data from a database, but it means that the “key” is in the URL, and it is easy for a user to change the key simply by typing in the URL bar. This happened in 2000 to the ATO, which is used the ABNs as the key in the URL. According to the Sydney Morning Herald, FSS responded with legal threats against the member. The technology community expressed outrage however, as the security breach apparently was due to direct object reference coding.
The Privacy Commissioner conducted an own motion investigation and recently reported that while FSS had not breached National Privacy Principle 2, it had breached Principle 4.1. FSS had outsourced its IT systems to a third party, Pillar, who had conducted over 200 security tests, but had not tested the website in question. The Privacy Commissioner concluded that there had been a breach of Principle 4.1 due to the limited testing, leading to a failure to have adequate security measures in place.this
There are a few lessons from this case. The first is that outsourcing IT by you or your clients will not protect one from a finding of breach due to a failure by the outsourcing company. While you may obtain warranties and indemnities from the IT company, this will not protect you from reputation damage.
The second lesson is to ensure that you do have adequate warranties and indemnities from the IT company. You should also ensure that such insurance cover as is available is held by the outsourcer so that the indemnities are actually worth something.
The third lesson is to become involved in the security regime, and not merely leave it to the contractual position. This will probably involve gaining access to a great deal of confidential information and intellectual property held by the IT company. While there may be reasonable resistance to this, it should not deter you from satisfying yourself that your or your clients’ personal information is adequately protected. In particular, a suitably qualified person should understand the technology used, the ownership of the hardware and software, the testing regime and be able to understand the results of testing. Bear in mind that Pillar had conducted over 200 tests, but had failed to test the system that ultimately failed.
Depending on the nature of the system outsourced, it may be worth treating the systems as if they were an asset during the due diligence. If software was the primary asset being purchased you would want to understand the commercial value based on quality, security, ownership of intellectual property and the ability to adequately maintain the software.
A final lesson is in how FSS ultimately responded to the event. The Privacy Commissioner publishes a data breach notification guide, and FSS carried out many of the steps in the guide. These included: understanding the extent of the breach, resolving the flaw immediately, contacting the police, seeking assurance from the member that the information had been destroyed, engaging a penetration testing consultant, and updating policies and processes. While some components of the response were probably a bit wanting, they showed sufficient effort that the Privacy Commissioner ceased his own motion investigation. They also no doubt had the desired effect of ensuring that the member did not carry out the same activities again.
04 June 2012
Cyberspace June 2012
I like gadgets and travelling, so Hong Kong is a great place to go. Recently at the Stanley Markets I was offered a pen that could record video and sound. Fortunately for me I wasn’t interested, because the Surveillance Devices Act 2007 has something to say about it. You can purchase wireless network cameras for around $200 that record audio and video. You can buy cuddly toys complete with webcam, and of course you can buy baby monitors. You can even buy a video recorder with 8GB of memory that is built into a very convincing stainless steel watch, as well as a shelf clock that has motion detection that videos in high definition. And if you can’t make it to Hong Kong you can buy the pen spy camera with 8GB of memory online for $80.
The Act deals with things that were once very much in the realm of surveillance professionals, but now are cheap, moderate quality and easy to purchase. The devices covered by the Act include optical, data, listening and tracking devices. Unless you have a warrant you just can’t do some things when the subjects intend their actions to be private, and it’s illegal to manufacture, supply or possess such devices with the intent of contravening the Act. Unless you plan to film your child’s soccer game holding a pen, I’m not sure what the spy pen camera is for...
People want to conduct surveillance for many reasons - preventing theft is common, but estranged spouses might look for ammunition for their cases, and some people are just nosey. Of course, illegal data surveillance, which is the monitoring of input or output of computer information or a network without consent is a favourite activity in the online world. Section 10 prohibits it, and like the other offences is indictable.
So, what about the James Bond pen? Using a listening device to overhear, record, monitor or listen to a private conversation to which the person is not a party is prohibited by s.7. Fortunately the conversations usually relayed by a baby monitor are more along the lines of “you need to change me”. More usefully, these sorts of devices were used in some of the houses used by the recently arrested Malcolm Naden to alert police as to his presence. Heat-sensitive devices were also used, but they aren’t covered by this Act.
Optical surveillance devices are any device capable of being used to record visually or observe an activity, and using them is prohibited by s.8 if unauthorised entry or interference with a vehicle is required to use or maintain them. So that doesn’t stop you having a video intercom at your front door, but it certainly will stop someone bugging their ex’s house.
Tracking devices are reasonably popular with parents who want to check on their children, but section 9 says that you must not install, use or maintain a tracking device to determine the geographical location of a person or object without express or implied consent by person or person in possession of the object. This rules out the tracking device up Arnold Schwarzenegger’s nose in the film Total Recall, and it also rules out attaching a GPS to someone’s car.
So, while you can visit ThinkGeek (http://www.thinkgeek.com) and buy the Rear View Spy Sunglasses, Midnight Shot NV-1 Night Vision Camera and the Laser Trip Wire, you probably shouldn’t get the SpyNet Night Vision Video Watch.
On a final note, don’t forget that the Workplace Surveillance Act 2005 has something to say about these sorts of activities too.
First published in the Journal of the Law Society of New South Wales, June 2012. © 2012 Andrew Calvin, Sydney, Australia
The Act deals with things that were once very much in the realm of surveillance professionals, but now are cheap, moderate quality and easy to purchase. The devices covered by the Act include optical, data, listening and tracking devices. Unless you have a warrant you just can’t do some things when the subjects intend their actions to be private, and it’s illegal to manufacture, supply or possess such devices with the intent of contravening the Act. Unless you plan to film your child’s soccer game holding a pen, I’m not sure what the spy pen camera is for...
People want to conduct surveillance for many reasons - preventing theft is common, but estranged spouses might look for ammunition for their cases, and some people are just nosey. Of course, illegal data surveillance, which is the monitoring of input or output of computer information or a network without consent is a favourite activity in the online world. Section 10 prohibits it, and like the other offences is indictable.
So, what about the James Bond pen? Using a listening device to overhear, record, monitor or listen to a private conversation to which the person is not a party is prohibited by s.7. Fortunately the conversations usually relayed by a baby monitor are more along the lines of “you need to change me”. More usefully, these sorts of devices were used in some of the houses used by the recently arrested Malcolm Naden to alert police as to his presence. Heat-sensitive devices were also used, but they aren’t covered by this Act.
Optical surveillance devices are any device capable of being used to record visually or observe an activity, and using them is prohibited by s.8 if unauthorised entry or interference with a vehicle is required to use or maintain them. So that doesn’t stop you having a video intercom at your front door, but it certainly will stop someone bugging their ex’s house.
Tracking devices are reasonably popular with parents who want to check on their children, but section 9 says that you must not install, use or maintain a tracking device to determine the geographical location of a person or object without express or implied consent by person or person in possession of the object. This rules out the tracking device up Arnold Schwarzenegger’s nose in the film Total Recall, and it also rules out attaching a GPS to someone’s car.
So, while you can visit ThinkGeek (http://www.thinkgeek.com) and buy the Rear View Spy Sunglasses, Midnight Shot NV-1 Night Vision Camera and the Laser Trip Wire, you probably shouldn’t get the SpyNet Night Vision Video Watch.
On a final note, don’t forget that the Workplace Surveillance Act 2005 has something to say about these sorts of activities too.
First published in the Journal of the Law Society of New South Wales, June 2012. © 2012 Andrew Calvin, Sydney, Australia
Cyberspace May 2012
Lies, damned lies
In 2050 no grandchild will see a photo of his grandfather sitting on his antique motorcycle, because that photo was taken on a phone or digital camera and was never backed up or handed over to the children (“Here honey, take my 30 GB of family photos before I die”).. Another problem with digital photographs is that they are easily edited... but are those edits undetectable?
You might be involved in an AVO defence, a claim against police or a family law matter where some photographs are being tendered. What can you do to ensure that they haven’t been tampered with? I’d start by cross-examining on the chain of custody of the digital images, starting with the photographer and ending with the person tendering them in court. The concept of an “original” photograph is fairly nebulous - perhaps the only original is that on the SD or Compact Flash card - everything else is suspect. But the truth is that you can analyse a photo that has been resized, cropped, altered and find the fakes.
There are many techniques (and multiple techniques should always be used) but only some deal with visible issues. Classic visible problems are where the light appears to illuminate a subject from several directions when there clearly could only have been one light source. This analysis can show that one or more subjects have been added, moved or reversed. Another visible problem is where perspective anomalies arise. If an object is inexpertly added then its perspective will not match the rest of the photograph. This can show, for example, that the wheels on a car are too close together or people are too far away from a background object. Changes in highlights (bright areas) where you would expect them to be similar was noted in a Scientific American article (http://goo.gl/Og0Tv), where a photograph of American Idol judges was analysed to show it had been doctored.
But what about edits that are seriously professionally done using quality software? These are still detectable. A great recent example was by Dr Neal Krawetz, who has been conducting digital photo forensics for many years. In the USA a recent lottery draw for over $640M was world news. A person posted three photographs of a “winning ticket” on Reddit, and Dr Krawetz decided to examine them (http://goo.gl/qhcjS). . These photographs were seriously believable visually, but the context indicated they were probably fake, and he ultimately proved so. How?
The first picture was analysed to see if different areas of the image had been compressed at significantly different levels (all JPEG photos have some degree of compression). Even after multiple saves we should see consistent degradation across an entire photo. This sort of analysis will easily reveal that something has been added to or removed from a photograph, but if something has been copied within a photograph then other tools will be required.
The next step was to consider whether tools such as Photoshop were used - these introduce distinct artifacts that are peculiar to the brand of software used. After processing experts can visually identify which software has been used.
Another anomaly that can be introduced is varying colour spaces, which is what the Dr used to detect the lottery fake. Altered parts of the photo will be revealed by detecting changes in the colour values used in different parts ofthe photograph.
The moral is that you need not accept defeat in the face of what your client tells you is a digitally altered photograph - you should consider calling in the experts.
First published in the Journal of the Law Society of New South Wales, May 2012. © 2012 Andrew Calvin, Sydney, Australia
In 2050 no grandchild will see a photo of his grandfather sitting on his antique motorcycle, because that photo was taken on a phone or digital camera and was never backed up or handed over to the children (“Here honey, take my 30 GB of family photos before I die”).. Another problem with digital photographs is that they are easily edited... but are those edits undetectable?
You might be involved in an AVO defence, a claim against police or a family law matter where some photographs are being tendered. What can you do to ensure that they haven’t been tampered with? I’d start by cross-examining on the chain of custody of the digital images, starting with the photographer and ending with the person tendering them in court. The concept of an “original” photograph is fairly nebulous - perhaps the only original is that on the SD or Compact Flash card - everything else is suspect. But the truth is that you can analyse a photo that has been resized, cropped, altered and find the fakes.
There are many techniques (and multiple techniques should always be used) but only some deal with visible issues. Classic visible problems are where the light appears to illuminate a subject from several directions when there clearly could only have been one light source. This analysis can show that one or more subjects have been added, moved or reversed. Another visible problem is where perspective anomalies arise. If an object is inexpertly added then its perspective will not match the rest of the photograph. This can show, for example, that the wheels on a car are too close together or people are too far away from a background object. Changes in highlights (bright areas) where you would expect them to be similar was noted in a Scientific American article (http://goo.gl/Og0Tv), where a photograph of American Idol judges was analysed to show it had been doctored.
But what about edits that are seriously professionally done using quality software? These are still detectable. A great recent example was by Dr Neal Krawetz, who has been conducting digital photo forensics for many years. In the USA a recent lottery draw for over $640M was world news. A person posted three photographs of a “winning ticket” on Reddit, and Dr Krawetz decided to examine them (http://goo.gl/qhcjS). . These photographs were seriously believable visually, but the context indicated they were probably fake, and he ultimately proved so. How?
The first picture was analysed to see if different areas of the image had been compressed at significantly different levels (all JPEG photos have some degree of compression). Even after multiple saves we should see consistent degradation across an entire photo. This sort of analysis will easily reveal that something has been added to or removed from a photograph, but if something has been copied within a photograph then other tools will be required.
The next step was to consider whether tools such as Photoshop were used - these introduce distinct artifacts that are peculiar to the brand of software used. After processing experts can visually identify which software has been used.
Another anomaly that can be introduced is varying colour spaces, which is what the Dr used to detect the lottery fake. Altered parts of the photo will be revealed by detecting changes in the colour values used in different parts ofthe photograph.
The moral is that you need not accept defeat in the face of what your client tells you is a digitally altered photograph - you should consider calling in the experts.
First published in the Journal of the Law Society of New South Wales, May 2012. © 2012 Andrew Calvin, Sydney, Australia
20 April 2012
Is an Australian ISP liable for the infringing acts of its customers?
Roadshow Films Pty Ltd v iiNet Ltd [2012] HCA 16 (20 April 2012):
By a unanimous five judge court in the Hight Court of Australia, iiNet did not authorise the infringement of copyright held by the movie owners (the appellants).
There was no question that copyright infringement by iiNet's customers had occurred - the fundamental question was whether iiNet had authorised the infringement, which would fall foul of s 101 of the Copyright Act 1968. This secondary infringement could result in damages being paid by iiNet to the copyright owners.
The appellants relied on passages from University of NSW v Moorhouse [1975] HCA 26; (1975) 133 CLR 1 (1 August 1975) as noted in para 58. They argued that control was within the meaning set out by Gibbs J:
iiNet argued that it would be "a complex and costly task" to investigate allegations in notices, and it is obvious that if it did not thoroughly investigate before taking action then it might end up breaching its own terms of service with its customers.
Moorehouse was about the use of photocopiers in the university library, and it led to legislative change to protect the university and other educational institutions. The case was distinguished in iiNet in para 144 on the topic of indifference to infringement. The theme running through copyright legislative change in Australia has been to protect the providers of goods or services which can be used for legal or impermissible purposes - it is up to the user to obey the law.
In my opinion there is a practical issue here - the Australian legal system is generally predicated on punishing or controlling people for what they have done, not what they might do. If someone has stolen copyrighted property then that is wrong, but does it indicate that they should receive a contractual punishment dictated by someone who is not party to the contract? iiNet's terms of service clearly give it the ability to terminate a contract with a customer who breaches the law, but that is a matter between iiNet and the customer.
Past behaviour may indicate a tendency toward future behaviour, but in Australian law the court confine the ability to lead that sort of evidence to very limited cases. Third-party-enforced termination of service of an internet connection is a type of retributive punishment, which has no place in civil law. The punishment does not attempt to put the victim back into a position as if the offence had not occurred, nor does it provide compensation for the damage. These are valid consequences of copyright breach, but termination of service after the fact is unrelated.
The decision
By a unanimous five judge court in the Hight Court of Australia, iiNet did not authorise the infringement of copyright held by the movie owners (the appellants).
There was no question that copyright infringement by iiNet's customers had occurred - the fundamental question was whether iiNet had authorised the infringement, which would fall foul of s 101 of the Copyright Act 1968. This secondary infringement could result in damages being paid by iiNet to the copyright owners.
The appellants relied on passages from University of NSW v Moorhouse [1975] HCA 26; (1975) 133 CLR 1 (1 August 1975) as noted in para 58. They argued that control was within the meaning set out by Gibbs J:
It seems to me to follow from these statements of principle that a person who has under his control the means by which an infringement of copyright may be committed - such as a photocopying machine - and who makes it available to other persons, knowing, or having reason to suspect, that it is likely to be used for the purpose of committing an infringement, and omitting to take reasonable steps to limit its use to legitimate purposes, would authorize any infringement that resulted from its use.The appellants argued that after receiving a notice of infringement, iiNet had to take action against the account holder who had been assigned the relevant IP address. That person, of course, may not have been the person committing the primary infringement - it could be a family member, employee, house guest or housemate.
iiNet argued that it would be "a complex and costly task" to investigate allegations in notices, and it is obvious that if it did not thoroughly investigate before taking action then it might end up breaching its own terms of service with its customers.
Thoughts about policy
Moorehouse was about the use of photocopiers in the university library, and it led to legislative change to protect the university and other educational institutions. The case was distinguished in iiNet in para 144 on the topic of indifference to infringement. The theme running through copyright legislative change in Australia has been to protect the providers of goods or services which can be used for legal or impermissible purposes - it is up to the user to obey the law.
In my opinion there is a practical issue here - the Australian legal system is generally predicated on punishing or controlling people for what they have done, not what they might do. If someone has stolen copyrighted property then that is wrong, but does it indicate that they should receive a contractual punishment dictated by someone who is not party to the contract? iiNet's terms of service clearly give it the ability to terminate a contract with a customer who breaches the law, but that is a matter between iiNet and the customer.
Past behaviour may indicate a tendency toward future behaviour, but in Australian law the court confine the ability to lead that sort of evidence to very limited cases. Third-party-enforced termination of service of an internet connection is a type of retributive punishment, which has no place in civil law. The punishment does not attempt to put the victim back into a position as if the offence had not occurred, nor does it provide compensation for the damage. These are valid consequences of copyright breach, but termination of service after the fact is unrelated.
Questions and answers
Did iiNet have the power to prevent use of BitTorrent?
para 65 ... iiNet had no direct technical power at its disposal to prevent a customer from using the BitTorrent system to download the appellants' films on that customer's computer with the result that the appellants' films were made available online in breach of s 86(c).
What contractual power did iiNet have?
69 Even it if were possible to be satisfied that iiNet's inactivity after receipt of the AFACT notices, and its subsequent media releases, "supported" or "encouraged" its customers to continue to make certain films available online, s 101(1A) ... makes it plain that that would not be enough to make iiNet a secondary infringer. An alleged authoriser must have a power to prevent the primary infringements ... there must be such a power to prevent...
70 As explained, the extent of iiNet's power was limited. It had no direct power to prevent the primary infringements and could only ensure that result indirectly by terminating the contractual relationship it had with its customers.
Per Gummow and Hayne JJ: 146 Further, iiNet only in an attenuated sense had power to "control" the primary infringements utilising BitTorrent. It was not unreasonable for iiNet to take the view that it need not act upon the incomplete allegations of primary infringements in the AFACT Notices without further investigation which it should not be required itself to undertake, at its peril of committing secondary infringement.
Did iiNet take reasonable steps?
76 iiNet's inactivity after receipt of the AFACT notices was described by the appellants as demonstrating a sufficient degree of indifference to their rights to give rise to authorisation. However, the evidence showed that the inactivity was not the indifference of a company unconcerned with infringements of the appellants' rights. Rather, the true inference to be drawn is that iiNet was unwilling to act because of its assessment of the risks of taking steps based only on the information in the AFACT notices. Moreover, iiNet's customers could not possibly infer from iiNet's inactivity (if they knew about it), and the subsequent media releases (if they saw them), that iiNet was in a position to grant those customers rights to make the appellants' films available online.
The key point
77 The appellants' submission, that iiNet should be taken to have authorised the infringements unless it took measures with respect to its customers, assumes obligations on the part of an ISP which the Copyright Act does not impose. A consideration of the factors listed in s 101(1A) does not permit a conclusion that iiNet is to be held liable as having authorised the infringements. (my emphasis)
iiNet - the winner
The High Court of Australia handed down judgement today in Roadshow Films Pty Limited & Ors v iiNet Limited [2012] HCA 16.
The court dismissed the appeal by the copyright owners from the Full Court of the Federal Court of Australia - in other words, iiNet won.
The case was based on "authorisation" under the Copyright Act 1968, which extremely roughly means "aiding and abetting" someone in copyright infringement. The court held that iiNet had not authorised the infringement by its Bittorent-using-customers by not terminating customer accounts despite being given notice that infringements were occurring.
The logic of the decision is obvious - iiNet's only real power was to terminate its contracts with its customers on the basis of material given to it by third parties. However, the court held that these notices were not a sufficient basis for iiNet to cancel or otherwise limit its users' accounts.
The full text of the court's decision is not yet available.
The court dismissed the appeal by the copyright owners from the Full Court of the Federal Court of Australia - in other words, iiNet won.
The case was based on "authorisation" under the Copyright Act 1968, which extremely roughly means "aiding and abetting" someone in copyright infringement. The court held that iiNet had not authorised the infringement by its Bittorent-using-customers by not terminating customer accounts despite being given notice that infringements were occurring.
The logic of the decision is obvious - iiNet's only real power was to terminate its contracts with its customers on the basis of material given to it by third parties. However, the court held that these notices were not a sufficient basis for iiNet to cancel or otherwise limit its users' accounts.
The full text of the court's decision is not yet available.
iiNet - the High Court of Australia decision
The High Court of Australia has handed down its decision in the claim by movie copyright owners against the ISP iiNet.
The High Court dismissed the appeal by the film and television companies! (I had quite a few beers riding on that result - I won)
The copyright owners claimed that iiNet had "authorised" infringement of their copyrights by permitting Bittorrent users to continue using the ISP's services despite being notified by the copyright owners.
Authorisation is a right under s 13(2) of the Copyright Act 1968, and a similar provision was used to convict the Pirate Bay operators - it is no excuse that you don't actually host the files. However, this was not enough to sink iiNet.
Analysis of the judgement to follow shortly.
The High Court dismissed the appeal by the film and television companies! (I had quite a few beers riding on that result - I won)
The copyright owners claimed that iiNet had "authorised" infringement of their copyrights by permitting Bittorrent users to continue using the ISP's services despite being notified by the copyright owners.
Authorisation is a right under s 13(2) of the Copyright Act 1968, and a similar provision was used to convict the Pirate Bay operators - it is no excuse that you don't actually host the files. However, this was not enough to sink iiNet.
Analysis of the judgement to follow shortly.
18 April 2012
Stuff I use at home - Netgear ReadyNAS NV+
I've had a Netgear ReadyNAS NV+ for about a year, and yesterday I bought and installed a second one. What do I think?
These boxes are about the size of a toaster, and have room for four discs. I've put Seagate 2TB discs into them, and to be specific, 4 x Seagate ST2000DL003-9VT166 into the latest machine. The ReadyNAS is a SPARC based linux machine, but you'd never know because the interface is web-based and easy to use.
I put the four discs into their drive cages (5 minutes), connected the power and network, turned it on and went to bed. By this morning it had checked the drives, updated its firmware, built a RAID 5 array (technically it's something else, but it has RAID 5 functionality), and created two shares. These were CIFS (SMB) and AFP, but it also can create shares based on NFS, RSYNC and FTP. There is also functionality around http and https, which I don't use.
They are interesting boxes, since they prioritise sharing heavily - don't bother trying to use the management interface while pushing its gigabit ethernet interface. These are not meant for more than a handful of users if you push them.
Plenty of other people have reviewed these machines, so I won't go into detail other than to say that it offers Time Machine backup for my Mac Mini, RSYNC works perfectly, it keeps the discs at a few degrees above ambient temperature, the discs are hot-swap, they're quiet, and a pleasure to use.
This machine will eventually replace my ageing Windows Home Server v1, which I will miss, but its habit of killing discs is becoming a bit old. I have pulled a disc out of the ReadyNAS and it responded as advertised.
One major point: if you run one of these (or any other consumer RAID 5 array), have a spare disc ready - the moment a disc fails you should replace it, because if another disc goes bad or is already marginal you need to get that new disc in immediately.
These boxes are about the size of a toaster, and have room for four discs. I've put Seagate 2TB discs into them, and to be specific, 4 x Seagate ST2000DL003-9VT166 into the latest machine. The ReadyNAS is a SPARC based linux machine, but you'd never know because the interface is web-based and easy to use.
I put the four discs into their drive cages (5 minutes), connected the power and network, turned it on and went to bed. By this morning it had checked the drives, updated its firmware, built a RAID 5 array (technically it's something else, but it has RAID 5 functionality), and created two shares. These were CIFS (SMB) and AFP, but it also can create shares based on NFS, RSYNC and FTP. There is also functionality around http and https, which I don't use.
They are interesting boxes, since they prioritise sharing heavily - don't bother trying to use the management interface while pushing its gigabit ethernet interface. These are not meant for more than a handful of users if you push them.
Plenty of other people have reviewed these machines, so I won't go into detail other than to say that it offers Time Machine backup for my Mac Mini, RSYNC works perfectly, it keeps the discs at a few degrees above ambient temperature, the discs are hot-swap, they're quiet, and a pleasure to use.
This machine will eventually replace my ageing Windows Home Server v1, which I will miss, but its habit of killing discs is becoming a bit old. I have pulled a disc out of the ReadyNAS and it responded as advertised.
One major point: if you run one of these (or any other consumer RAID 5 array), have a spare disc ready - the moment a disc fails you should replace it, because if another disc goes bad or is already marginal you need to get that new disc in immediately.
17 April 2012
Cyberspace May 2012
Lies, damned lies
In 2050 no grandchild will see a photo of his grandfather sitting on his antique motorcycle, because that photo was taken on a phone or digital camera and was never backed up or handed over to the children (“Here honey, take my 30 GB of family photos before I die”).. Another problem with digital photographs is that they are easily edited... but are those edits undetectable?
You might be involved in an AVO defence, a claim against police or a family law matter where some photographs are being tendered. What can you do to ensure that they haven’t been tampered with? I’d start by cross-examining on the chain of custody of the digital images, starting with the photographer and ending with the person tendering them in court. The concept of an “original” photograph is fairly nebulous - perhaps the only original is that on the SD or Compact Flash card - everything else is suspect. But the truth is that you can analyse a photo that has been resized, cropped, altered and find the fakes.
There are many techniques (and multiple techniques should always be used) but only some deal with visible issues. Classic visible problems are where the light appears to illuminate a subject from several directions when there clearly could only have been one light source. This analysis can show that one or more subjects have been added, moved or reversed. Another visible problem is where perspective anomalies arise. If an object is inexpertly added then its perspective will not match the rest of the photograph. This can show, for example, that the wheels on a car are too close together or people are too far away from a background object. Changes in highlights (bright areas) where you would expect them to be similar was noted in a Scientific American article (http://goo.gl/Og0Tv), where a photograph of American Idol judges was analysed to show it had been doctored.
But what about edits that are seriously professionally done using quality software? These are still detectable. A great recent example was by Dr Neal Krawetz, who has been conducting digital photo forensics for many years. In the USA a recent lottery draw for over $640M was world news. A person posted three photographs of a “winning ticket” on Reddit, and Dr Krawetz decided to examine them (http://goo.gl/qhcjS). . These photographs were seriously believable visually, but the context indicated they were probably fake, and he ultimately proved so. How?
The first picture was analysed to see if different areas of the image had been compressed at significantly different levels (all JPEG photos have some degree of compression). Even after multiple saves we should see consistent degradation across an entire photo. This sort of analysis will easily reveal that something has been added to or removed from a photograph, but if something has been copied within a photograph then other tools will be required.
The next step was to consider whether tools such as Photoshop were used - these introduce distinct artifacts that are peculiar to the brand of software used. After processing experts can visually identify which software has been used.
Another anomaly that can be introduced is varying colour spaces, which is what the Dr used to detect the lottery fake. Altered parts of the photo will be revealed by detecting changes in the colour values used in different parts ofthe photograph.
The moral is that you need not accept defeat in the face of what your client tells you is a digitally altered photograph - you should consider calling in the experts.
15 April 2012
Computer edited photograph forensics
Here's a fascinating article on picking forged photographs.
http://www.hackerfactor.com/blog/?/archives/478-Fool-Me-Once.html
13 April 2012
Cyberspace April 2012
Computer assisted review
It can be hard to find specific evidence to support broad assertions of systematic misconduct, such as a glass ceiling for female employees. These cases often require very extensive discovery, and the inspection process can run into the millions of dollars.
Keyword searches can provide some results, but it is easy to write a document on a particular topic without using any particular keywords. Keyword searching will miss these documents. So what to do when you have millions of emails between many senior managers over many years?
One technique is “computer-assisted review”, or “predictive coding”. Searches are performed using rules created by watching how experienced lawyers analyse a set of documents taken from the actual potential discovery set. These rules are far more complex than keywords, but they require that very experienced lawyers create the rules. The software watches while the documents are coded, and it attempts to predict the coding results. After sufficient cycles of review and feedback the software becomes capable of either determinig yes/no relevance or providing a relevance score. This enables the legal team to prioritise the review of those documents. Where a relevance score is used the parties may attempt to agree on a minimum threshold for manual review, thus containing costs.
In Da Silva Moore et al v Publicis Groupe & MSL Group (USDC, SD of NY, 24 Feb 2012) (http://goo.gl/0pNzq) the court dealt with consent orders using computer-assisted review in relation to a glass-ceiling case. Particular processes were required, such as maintaining the sample set and a documented quality control regime to assist in dealing with arguments as to the accuracy of the process. Magistrate Judge Peck had previously said “Key words, certainly unless they are well done and tested, are not overly useful. Key words along with predictive coding and other methodology, can be very instructive.”
The defendants proposed that the top 40,000 documents be produced, but this approach was rejected as it did not deal with what the statistics showed for the results. It may result in many relevant documents being excluded.
Since some data was in an email account of a French citizen, Peck MJ also mentioned the Sedona Conference’s (a research and educational institute) International Principles of Discovery, Disclosure and Data Protection publication. This deals with the challenges of competing international privacy laws. This is a particular issue since the EU is drafting a replacement General Data Protection Regulation that requires strict personal data protection compliance for non-EU countries. A penalty of up to 2% of world-wide turnover may be applied for breach, and it will be compulsory to notify data protection authorities and the individuals concerned of of a breach or leak within 24 hours. The rules will apply to non-EU based businesses who have subsidiaries in the EU or offer goods or services to EU-based customers.
The parties started by selecting a sample of documents with a 95% confidence level. using that to train the software. Keyword sample sets were also produced, and in the end around 7,000 documents were given to senior attorneys to create the seed set, and the court made the point that these were not paralegals, in-house lawyers or junior associates. The defendants proposed seven iterative rounds of training and testing, at which the plaintiffs baulked, but the court “reminded the parties that computer-assisted review works better than most of the alternatives, if not all of the [present] alternatives. So the idea is not to make this perfect, it’s not going to be perfect. The idea is to make it significantly better than the alternatives without nearly as much cost.” Now, there’s an idea.
17 March 2012
Why mobile phone records are important
For a case where mobile phone records help demolish a plaintiff's case, see Dye v Commonwealth Securities Limited [2012] FCA 242 (16 March 2012) http://www.austlii.edu.au/au/cases/cth/FCA/2012/242.html
The case concerned allegations by Vivienne Louise Dye against Commonwealth Securities Limited, the Commonwealth Bank of Australia and certain personnel of those entities. The allegations centred around sexual harassment during her employment.
In an exceptionally robust judgement by Buchanan J he stated:
For example, in paragraph 258 the plaintiff's mother insisted she was present with the plaintiff when the plaintiff received a particular phone call. However, the Court points out that phone records show numerous phone calls between the plaintiff and her mother around that time, which would not be necessary if they had actually been together.
and in paragraph 452
Moral of the story? - drafting a comprehensive chronology of all relevant facts is tremendously useful at all stages of litigation - not just when deciding what evidence is required. Dare I say, it seems that Freehills and/or Clayton Utz did a thorough job in their use of the telephone records.
POSTSCRIPT
Ms Dye attempted to appeal to the Full Federal Court of Australia, and the Bank sought security for costs, as it already had a costs order in its favour for over $5.5 million. In August 2012 Emmett J ordered that security in the sum of $200,000 be provided. Ms Dye then applied to the High Court of Australia for special leave to appeal the security for costs decision. That application was refused on 5 June 2013, and costs were awarded against Ms Dye.
The case concerned allegations by Vivienne Louise Dye against Commonwealth Securities Limited, the Commonwealth Bank of Australia and certain personnel of those entities. The allegations centred around sexual harassment during her employment.
In an exceptionally robust judgement by Buchanan J he stated:
The causes of action Ms Dye chose to advance are each without any factual foundation or legal substance. They will each be rejected.Why? There were many, many reasons in the lengthy and detailed judgement. However, the use of telephone records is of interest. Their objective nature and origin from a third party appears to have been given great weight when weighing up versions of conversations and events.
For example, in paragraph 258 the plaintiff's mother insisted she was present with the plaintiff when the plaintiff received a particular phone call. However, the Court points out that phone records show numerous phone calls between the plaintiff and her mother around that time, which would not be necessary if they had actually been together.
"Mrs Dye said in her evidence that she was in Ms Dye’s apartment in Sydney when Mr Blomfield made a late night telephone call to her on 22 November 2006. She was quite specific about that. She was confronted with the fact that telephone records show that there were numerous calls to her phone late that night and in the early morning. That would only be necessary if Mrs Dye was not in Sydney at all. Mrs Dye was forced to concede that she could not have been in Sydney that evening."
and in paragraph 452
The next problem for Ms Dye’s new account is that the telephone records deny that, as she alleged, Mr Patterson rang her on her mobile phone from his mobile phone on Saturday, 10 June 2006. No such telephone call was made.paragraph 464
Events at the soccer game did not transpire as Ms Dye suggested in these later statements. I accept Mr Patterson’s account of what happened on the evening of the soccer match. It is adequately supported by telephone records and by the objective record of the passage of the soccer game itself and the events within it.paragraph 492
Both Ms Dye and her mother volunteered that Ms Dye became sufficiently concerned about Mr Blomfield’s behaviour that she rang her mother during the evening and registered her concern with her. That evidence was false also. It was false when given by Ms Dye and it was false when given by her mother. The telephone records show that the last conversation between them that evening occurred at a time which predated Mr Blomfield’s arrival at the function.paragraph 499
Ms Dye’s allegations against Mr Patterson concerning 16 June 2006 (less than 24 hours later) which were made for the first time in the February 2009 police statement also merit immediate rejection. In this case there is some fatal contemporaneous material that makes it clear beyond argument that Ms Dye fabricated the allegation. I pointed out earlier that in her April 2008 published allegations Ms Dye asserted that Mr Patterson invited her for a drink on Friday, 16 June 2006, after she had left a meeting with Mr Blomfield, but that she declined. In the statement which she made to the NSW Police (but not in any earlier statement) Ms Dye said for the first time that something very different happened after Mr Blomfield’s meeting on 16 June 2006. She gave an account of text message and phone communications with Mr Patterson wherein Mr Patterson was angry and demanded that she have a drink with him. She gave this same account in her evidence in the proceedings. The evidence she gave about that aspect was not supported by the telephone records. Far from Mr Patterson badgering and interrupting her, as she claimed, Ms Dye contacted him as soon as the meeting with Mr Blomfield was over. [my emphasis for clarity]The court also used phone records to assist in inferring the intent of communications between the plaintiff and her industrial adviser, as well as a journalist.
Moral of the story? - drafting a comprehensive chronology of all relevant facts is tremendously useful at all stages of litigation - not just when deciding what evidence is required. Dare I say, it seems that Freehills and/or Clayton Utz did a thorough job in their use of the telephone records.
POSTSCRIPT
Ms Dye attempted to appeal to the Full Federal Court of Australia, and the Bank sought security for costs, as it already had a costs order in its favour for over $5.5 million. In August 2012 Emmett J ordered that security in the sum of $200,000 be provided. Ms Dye then applied to the High Court of Australia for special leave to appeal the security for costs decision. That application was refused on 5 June 2013, and costs were awarded against Ms Dye.
09 March 2012
iOS 5.1 and no 3G data?
Just a tip - if you upgrade to iOS 5.1 and suddenly your 3G data stops
working, go into settings and check the APN. It will have gone back to
its default, and if that was incorrect in the first place (such as on
my TPG SIM) then it will stop working.
working, go into settings and check the APN. It will have gone back to
its default, and if that was incorrect in the first place (such as on
my TPG SIM) then it will stop working.
In my case I changed it from CONNECTME to INTERNET and it all started
working again.
Andrew Calvin 2012
16 February 2012
Cyberspace March 2012
Twits
You’re probably not as loose-tongued as as your average Twitterer (http://twit.com), but some people have managed to ruin their holidays. The Sun reported (http://goo.gl/5NpGf) that two UK citizens recently arrived in Los Angeles for a holiday and were promptly returned to the UK. Why? One of them had tweeted in a fit of pre-holiday excitement that he was going to dig up Marilyn Monroe (a TV show quote), and he tweeted another friend if she was “free this week for a quick gossip/prep before I go and destroy America? x”. Leigh Van Bryan said that “destroy” in slang meant “partying.” The couple were flagged by the USA Department of Homeland Security, and were handcuffed and imprisoned overnight. Watch your tongue.
Digital ownership
Now that many of us download audio books, electronic texts on the Kindle, and download music, the concept of lending second-hand books and LPs/CDs is waning fast. But, why not sell your electronic assets when you’re done with them? You’ve often paid a high price, so why not sell them on? Why can’t you transfer that licence (and the related media) to another person? There are some technical difficulties, since you might have to reliquish usernames and password, but there may be license issues too.
ReDigi (https://www.redigi.com/) decided to have a go at this market by facilitating “the verification and hand off of a digital music file from the seller to the buyer.” They work to ensure the source is legitimate, the vendor really is the licence holder, and that any copies held by the vendor are deleted. Capitol Records didn’t think much of this idea, and in the US District Court, Southern District of New York, in Capitol records, LLC v ReDigi Inc (No. 12 Civ. 95 (RJS)) Capitol sought an injunction preventing ReDigi from carrying on that business. The court denied the injunction, but the real issue is yet to be tried.
The USA has a “first sale” doctrine which permits the purchaser of a copyrighted work to transfer for value a copyrighted article to another person. However, it’s common for licence agreements to state that they are not transferable, and the litigation has been endless. There are cases on CAD software, promotional CDs, the World of Warcraft game and others.
I might buy a CD for $15, or I may “buy” the same album electronically for the same amount. Have I purchased something less by buying the latter? I know I can loan, give or sell to you the CD and I’ve done nothing wrong. If I give you copies of the downloaded music on a USB key, and delete all my copies, where do I stand? Common sense tells me that if I have bought a physical thing for value (like a car) then I should be able to transfer it for value. My car is full of copyright software, and is no doubt subject registered designs, and patents. Of course I can sell it, so what’s the difference? One key difference is that I haven’t copied anything in my car, but to give you my electronic music I have to copy it from my computer. Is that an infringing copy provided that I delete my copy? I have paid the same amount for the music in each case.
I think the real answer lies in the commerciality of the deal. If the purchase price reflects that I no longer receive two rights (the right to loan an article to my friends or family, and the right to sell it second hand) I’m happy. Sadly there’s not much evidence of that in the market.
You’re probably not as loose-tongued as as your average Twitterer (http://twit.com), but some people have managed to ruin their holidays. The Sun reported (http://goo.gl/5NpGf) that two UK citizens recently arrived in Los Angeles for a holiday and were promptly returned to the UK. Why? One of them had tweeted in a fit of pre-holiday excitement that he was going to dig up Marilyn Monroe (a TV show quote), and he tweeted another friend if she was “free this week for a quick gossip/prep before I go and destroy America? x”. Leigh Van Bryan said that “destroy” in slang meant “partying.” The couple were flagged by the USA Department of Homeland Security, and were handcuffed and imprisoned overnight. Watch your tongue.
Digital ownership
Now that many of us download audio books, electronic texts on the Kindle, and download music, the concept of lending second-hand books and LPs/CDs is waning fast. But, why not sell your electronic assets when you’re done with them? You’ve often paid a high price, so why not sell them on? Why can’t you transfer that licence (and the related media) to another person? There are some technical difficulties, since you might have to reliquish usernames and password, but there may be license issues too.
ReDigi (https://www.redigi.com/) decided to have a go at this market by facilitating “the verification and hand off of a digital music file from the seller to the buyer.” They work to ensure the source is legitimate, the vendor really is the licence holder, and that any copies held by the vendor are deleted. Capitol Records didn’t think much of this idea, and in the US District Court, Southern District of New York, in Capitol records, LLC v ReDigi Inc (No. 12 Civ. 95 (RJS)) Capitol sought an injunction preventing ReDigi from carrying on that business. The court denied the injunction, but the real issue is yet to be tried.
The USA has a “first sale” doctrine which permits the purchaser of a copyrighted work to transfer for value a copyrighted article to another person. However, it’s common for licence agreements to state that they are not transferable, and the litigation has been endless. There are cases on CAD software, promotional CDs, the World of Warcraft game and others.
I might buy a CD for $15, or I may “buy” the same album electronically for the same amount. Have I purchased something less by buying the latter? I know I can loan, give or sell to you the CD and I’ve done nothing wrong. If I give you copies of the downloaded music on a USB key, and delete all my copies, where do I stand? Common sense tells me that if I have bought a physical thing for value (like a car) then I should be able to transfer it for value. My car is full of copyright software, and is no doubt subject registered designs, and patents. Of course I can sell it, so what’s the difference? One key difference is that I haven’t copied anything in my car, but to give you my electronic music I have to copy it from my computer. Is that an infringing copy provided that I delete my copy? I have paid the same amount for the music in each case.
I think the real answer lies in the commerciality of the deal. If the purchase price reflects that I no longer receive two rights (the right to loan an article to my friends or family, and the right to sell it second hand) I’m happy. Sadly there’s not much evidence of that in the market.
Cyberspace February 2012 Cyberspace February 2012
Save the trees
Sick of photocopying trolleys of paper for subpoenas to produce? The Supreme Court has issued Practice Note No. SC Gen 18, which commenced on 3 January 2012. It notes that under the UCPR it is possible to produce scanned copies rather than photocopies, as well as copies of electronic documents on disc. Since scanning is physically a similar task to photocopying there should be some savings available.
However, scanned files (the Court suggests PDFs, but the format must be acceptable to the issuing party) need to be named. These might be automatically named by the scanner, but these names are usually fairly arbitrary. The alternative is to check and rename them, which also takes time. At least with photocopies you put them through the machine and you’re done with them.
When producing the documents you can provide them on DVD, CD or a USB device, or even email them to the registry with a scanned copy of the subpoena. This might be very useful where timeframes are short.
The Court also suggests that it is sufficient to produce emails as PDFs. Unfortunately this inherently removes a lot of the meta data from the emails, and it doesn’t satisfactorily deal with attachments. You probably want to specify to the producer that emails should be produced in native form, such as a Microsoft pst file or a Lotus Notes database. Where emails are in other forms, such as Gmail or Hotmail there exist export functions to achieve a similar result.
Documents that are printed to PDF are generally able to be searched by full text tools or using the Find function in your PDF reader. However, documents scanned to PDF require further work before this is possible, and the accuracy of the conversion depends on the quality of the scan. Still, it’s usually better than a pile of paper.
To gain access to the produced material you must provide to the registry blank optical media or a USB device. A one terabyte 2.5” external hard disc can be purchased for $120 these days, and that will hold at least a million of documents. If the volume of informaiton is limited then the registry may simply email you the produced documents.
No internal emails
Atos (http://atos.net) is an IT service company with 74,000 employees and revenues of €8.6B. It recently announced that “Atos' aim is to eradicate all emails between Atos employees by using improved communication applications as well as new collaboration and social media tools.” No more internal emails.
I’m old enough to have received paper memos and distribution group memos that you read, initialled, and passed on. You didn’t receive a lot of them, and when you did they were usually worthwhile. Internal email, of course, is now a different proposition, although it still has great value.
Atos says that “The focus of Atos is to adopt innovative social business solutions in the workplace to bridge the “social business” gap. Built on collaborative technology these solutions provide a more personal, more immediate and importantly more cost effective means to manage and share information ... and enables the Smart Organization... it is encouraging the use of tools such as Office Communicator and has set up social community platforms to share and keep track of ideas on subjects from innovation and Lean Management through to sales. Initial feedback is that these types of tools reduce email by between 10 and 20% immediately.”
This has generated a lot of conversation in the informaiton community, and while I don’t think it’s appropriate to remove email altogether, I have to agree with the Gartner statement: “Email doesn’t erode productivity and encroaches work into our personal lives, bureaucracy does.”
17 January 2012
Log into Gmail without typing a password
[UPDATE: This site has been taken down - it was an experiment by Google]
A few sites have mentioned an undocumented method of logging into Gmail (or iGoogle) without typing your password.
Why is that a good thing? Well, if you're using a computer you don't trust (such as in an internet café/hostel/hotel) then a keystroke logger or other malware won't be able to capture your password.
You need to install a QR Reader on your phone - there are lots out there such as Norton Snap QR reader or QRRreader (free). These readers can interpret codes like the one in this article.
To use the system:
- On the untrusted PC navigate to http://accounts.google.com/sesame
- Start your QR reader and point the camera phone at the code that appears on the PC monitor
- [The first time you do it you will need to link your phone to your Google account]
- Click the Gmail button on your phone to log in. The browser window on the PC will magically show your Gmail account!
This system also allows you to have a really long (and more secure) password that even you can't remember. Just use this whenever you want to log in on a PC or laptop!
Oh, and Google - we'd love some info on how clicking a browser button on a phone then sends a redirect to the PC in question!
© Andrew Calvin 2012
Oh, and Google - we'd love some info on how clicking a browser button on a phone then sends a redirect to the PC in question!
© Andrew Calvin 2012
10 January 2012
OnLive Intros Virtual Windows 7 Desktop With Office for iPad - Mac Rumors
OnLive Intros Virtual Windows 7 Desktop With Office for iPad - Mac Rumors:
VERY interesting announcement from OnLive - Windows 7 virtualised on your iPad. This may be one of the biggest steps toward the redundancy of laptops that we've seen.
VERY interesting announcement from OnLive - Windows 7 virtualised on your iPad. This may be one of the biggest steps toward the redundancy of laptops that we've seen.
09 January 2012
Free Skype 'much better' than Labor's $7.2m telehealth grant
Interesting article on how Skype might be more usable than custom video conferencing software for remote doctors.
Of course, it only provides part of the story, but it is often the case that commercial off the shelf software can be far more cost effective than custom installations that offer 5% more for a much greater cost.
I have to say that I find Skype video works as well as Microsoft Communicator, albeit without Active Directory integration (which is required for enterprises). I'd say a GP doesn't need that though.
Free Skype 'much better' than Labor's $7.2m telehealth grant:
'via Blog this'
Free Skype 'much better' than Labor's $7.2m telehealth grant:
'via Blog this'
06 January 2012
Virtualizing storage for scale, resiliency, and efficiency - Building Windows 8 - Site Home - MSDN Blogs
For you Windows Home Server version 1 users out there who don't want to migrate to WHS 2 (like me), there is hope ahead in the guise of Windows 8!
The features described in this MSDN Blog are similar to Drive Extender, but take them way further. I'm looking forward to seeing how this can be implemented for consumers. One key usage will be twin drives in a laptop.
Virtualizing storage for scale, resiliency, and efficiency - Building Windows 8 - Site Home - MSDN Blogs:
'via Blog this'
The features described in this MSDN Blog are similar to Drive Extender, but take them way further. I'm looking forward to seeing how this can be implemented for consumers. One key usage will be twin drives in a laptop.
Virtualizing storage for scale, resiliency, and efficiency - Building Windows 8 - Site Home - MSDN Blogs:
'via Blog this'
01 January 2012
31 December 2011
Anzac Bridge
Can anyone explain why, since Anzac Bridge is closed to traffic during
fireworks, there is black plastic and fences preventing pedestrians
from watching the fireworks from the bridge?
fireworks, there is black plastic and fences preventing pedestrians
from watching the fireworks from the bridge?
I counted 15 NSW Police and 6 private security oafs carefully guarding nothing.
Great use of resources, NSW Government, police and RTA (and it's successor).
20 December 2011
TomTom Traffic HD Australia
After poor previous experience with TomTom HD Traffic around Sydney on an iPhone, I strangely resubscribed hoping that over time it would improve... but it hasn't.
This morning there was an accident in North Sydney near the Sydney Harbour Tunnel. As I drove along the Gore Hill Freeway at 80 km/h the TomTom showed me traffic at a standstill. A few kilometres later as I was actually at a standstill for 10 minutes the TomTom showed no incidents and a happy green symbol...
And of top of that, I can drive for 1/2 hour to work some days while the TomTom tries to download traffic information unsuccessfully. Of course, this morning it managed to do it before I even got out of my street (for all the good it did).
I can't recommend it, no matter how much I want to. I get better results from Waze http://www.waze.com/.
19 December 2011
16 December 2011
ISP filtering in Europe
In May 2011 I wrote about the SABAM case, in which Scarlet Extended SA (an ISP) had been sued by Société belge des auteurs, compositeurs et éditeurs SCRL, better known as SABAM.
That case seems to hit finality in Scarlet's appeal to the Cour d'appel de Bruxelles. The court requested a preliminary ruling from the Court of Justice of the European Union in Case C-70/10, and judgement was handed down on 24 November 2011. It held:
That case seems to hit finality in Scarlet's appeal to the Cour d'appel de Bruxelles. The court requested a preliminary ruling from the Court of Justice of the European Union in Case C-70/10, and judgement was handed down on 24 November 2011. It held:
EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal download of files (press release)The case turned on the E-Commerce Directive, which prevents Member State laws from requiring ISPs to carry out general monitoring of information passing through its network. The Court recognised the importance of protection of intellectual property rights, but found that the SABAM injunction would not respect fundamental rights of citizens - particularly their right to personal data and the right to receive or impart information. The personal data issue arose because Scarlet would have had to collect and identify IP addresses, which are protected personal data.
Accordingly, the Court’s reply is that EU law precludes an injunction made against an internet service provider requiring it to install a system for filtering all electronic communications passing via its services which applies indiscriminately to all its customers, as a preventive measure, exclusively at its expense, and for an unlimited period.The full text of the judgement can be found here.
iTunes Match in Australia
iTunes Match launched in Australia, after a fashion, on 14 December 2012. However, signing up didn't result in anything happening until 16 December, when it seems that someone flipped a switch at Apple and the status started updating from "Waiting" to "Matched".So if you're using the Australian iTunes Store then be patient, and perhaps quit iTunes once or twice to give it a kick along.
Don't forget to go into Music preferences on your iOS device and turn on iTunes Match as well!
15 December 2011
Nothing ever works properly these days
Back to Peter Warren for a recall of my Mégane RS 250 after one week!
10 November 2011
News Limited and security of your passwords
News Limited has had a lot of problems this year, and I predict that there is plenty of potential for more.
One cause may well be the fact that it stores its subscribers passwords in the clear, rather than hashing them or using other techniques to ensure that a username and password database can’t be stolen.
How do I know? I recently signed up for a trial subscription with The Australian newspaper. After signing up, they very “helpfully” sent me an email with my password in it!
So:
- - my password is stored as plaintext on their system; and
- - it was emailed in plaintext across insecure systems (the internet).
These are clear security threats. To quote Hitachi ID Systems, Inc.:
Security threats
Passwords are simply secret words or phrases. They can be compromised in many ways:
- Users may write them down or share them, so that they are no longer really secret.
- Passwords can be guessed, either by a person or a program designed to try many possibilities in rapid succession.
- Passwords may be transmitted over a network either in plaintext or encoded in a way which can be readily converted back to plaintext.
- Passwords may be stored on a workstation, server or backup media in plaintext or encoded in a way which can be readily converted back to plaintext.
The moral of this story? Don’t give News Limited any personal information that you don’t have to, and don’t use your News Limited password on any other site or system.
© 2011 Andrew Calvin
03 November 2011
The decline of Usenet
Optus recently posted the following on its web site:
There is a sense of hierachy, so comp.networking.tokenring was part of networking, which was part of computers. There are roughly nine major top levels, such as comp, news, rec and alt. Many years ago I used to frequent rec.sport.mountainbiking and aus.legal for example.
The system was clever, in that a server didn't need to be online all the time. It could dial up another server or ISP, exchange posts, then disconnect again, much the way email used to be transmitted using UUCP.
As you can see, Optus is decommissioning its usenet servers, but various sources how that the amount of data posted per day continues to rise. However, I suspect that much of that data is unlawful sharing of binary data, such as movies, software, TV and music.
Usenet also helped give birth to actions for defamation on the internet. The most famous cases revolve around Dr Laurence Godfrey, who sued a number of internet service providers and universities who hosted usenet servers. In each case he requested that a defamatory posting be removed from the usenet server. Of course, since usenet posts are propagated across the world very quickly it is almost impossible to control them. If a usenet server is subscribed to a particular newsgroup it will simply receive all the posts.
His first action against Demon Internet Limited (Godfrey v Demon Internet Limited [1999] 4 All ER 342) was relatively novel, dealing with the "secondary publisher defence" under the UK Defamation Act 1996. Demon failed to take down a posting after being notified of its existence, and the UK High Court upheld Godfrey's argument that it ceased to be a protected secondary publisher once it was on actual notice. An excellent analysis of the British law at the time and proposed reforms can be found here. The case has been followed many times since, and formed the foundation of changes to laws all over the world.
Various organisations have attempted to archive usenet postings, including Google Groups, where I can find things I wrote in usenet from 1994 onwards, such as those celebrating the birth of my daughter, and issues using HyperCard 2.2 with Oracle 7.
So, while not being a huge user of usenet any more, I'll be sad to see its demise.
Message posted at:You might know these as newsgroups. usenet was one of the earliest systems available on the internet - it is, more or less, an incredibly large bulletin board with many thousands of topics and many, many posts within each topic. It was decentralised, so an organisation could choose to run its own server, and then subscribe to all or just topics of its own choosing, and in turn, share its own posts with other usenet servers.
2011-10-18 16:27
What:
Optus News Server removal
Impact:
Optus has previously provided usenet service (Optus Newsgroup) to customers. However, following evaluation of the services that we offer to our customers, and the declining usage of usenet by our customers over the past several years, it is no longer viable to continue to provide this service. As a result, the usenet service is in the process of being disabled and removed. This service will close as of 21/11/2011. If you still want to use usenet, there are a number of commercial usenet providers that will be able to provide this service to you.
There is a sense of hierachy, so comp.networking.tokenring was part of networking, which was part of computers. There are roughly nine major top levels, such as comp, news, rec and alt. Many years ago I used to frequent rec.sport.mountainbiking and aus.legal for example.
The system was clever, in that a server didn't need to be online all the time. It could dial up another server or ISP, exchange posts, then disconnect again, much the way email used to be transmitted using UUCP.
As you can see, Optus is decommissioning its usenet servers, but various sources how that the amount of data posted per day continues to rise. However, I suspect that much of that data is unlawful sharing of binary data, such as movies, software, TV and music.
Usenet also helped give birth to actions for defamation on the internet. The most famous cases revolve around Dr Laurence Godfrey, who sued a number of internet service providers and universities who hosted usenet servers. In each case he requested that a defamatory posting be removed from the usenet server. Of course, since usenet posts are propagated across the world very quickly it is almost impossible to control them. If a usenet server is subscribed to a particular newsgroup it will simply receive all the posts.
His first action against Demon Internet Limited (Godfrey v Demon Internet Limited [1999] 4 All ER 342) was relatively novel, dealing with the "secondary publisher defence" under the UK Defamation Act 1996. Demon failed to take down a posting after being notified of its existence, and the UK High Court upheld Godfrey's argument that it ceased to be a protected secondary publisher once it was on actual notice. An excellent analysis of the British law at the time and proposed reforms can be found here. The case has been followed many times since, and formed the foundation of changes to laws all over the world.
Various organisations have attempted to archive usenet postings, including Google Groups, where I can find things I wrote in usenet from 1994 onwards, such as those celebrating the birth of my daughter, and issues using HyperCard 2.2 with Oracle 7.
So, while not being a huge user of usenet any more, I'll be sad to see its demise.
02 November 2011
Cyberspace November 2011
Web sites
You’re a (or part of) a small firm, and you’re busy. Does your firm have a web site? Can you articulate the goal of having it? Who maintains it? Who is responsible for each piece of content on it? Has the content been carefully designed so that it achieves your goals?
Web sites can have many functions: an electronic white pages so your clients can look up your contact details; a yellow pages so potential clients can find you based on your location or expertise; a place to provide information on areas of law to current and potential clients; and a portal for communication between clients and lawyers. Understanding why you have a web site will help you ensure that you have the right information on it. Let’s say that you use it to provide contact details only (and that’s a perfectly acceptable use) - does it have all your details? How about a Google map?
Have you thought about how it looks on a mobile phone? Many web sites are simply unusable on smaller screens. It’s easy to have a web site that detects the type of device in use and formats the content appropriately. For mobile pages you might take care so that on appropriate devices a user can simply tap your phone number to call, or your address to switch to maps or a GPS. Avoid large images, background images, and technologies that don’t always work well on mobiles, such as Flash.
Design
Getting some marketing and design advice will assist in getting the best out of this important marketing tool. Don’t talk to a tech person - speak to someone with a proven track record in design. Make sure it’s clearly laid out, free of clutter and uses fonts and colours that make it readable to all types of human conditions.
Consider what your core messages are, and what images (no clichéd images, please) might be appropriate to provide an attractive and appropriate presence. Don’t have an annoying landing page that does nothing except require someone to click on it - and they often cause problems on a mobile browser.
Information
If you want to give clients some basic grounding by linking to other sites, such as, say the NSW Fair Trading home page (http://www.fairtrading.nsw.gov.au), then make sure that link opens the page into a new browser window, rather than replacing your own.
What are your core competencies? Consider writing a primer for your clients to read before they come in to see you - it will help them be a better client and save you time on routine matters.
Content value
Don’t clutter the site - don’t add anything unless it has a purpose and enhances the core messages. Consider “search engine optimisation” which, although often spruiked by unsalubrious types, can be very important if you want to come up in a search “Newcastle small business lawyer.”
Diarise to review your site at least every month. Make sure all the content is owned by someone, and that they understand it is part of their job to care for it. Make it easy to add and alter content by using a quality content management system. A CMS, whether commercial or open-source will assist in SEO, avoid technical errors and eliminate broken links.
Process
To get going: How much money and time do you want to spend? Do you need to get someone to do everything for you, or can you (recognising you’re a lawyer and not a marketer or technologist) contribute? Some people may be able to go to a reputable hosting company, register a domain name, and have a CMS running within an hour. There are many of these (eg www.dreamhost.com) who offer tools that require low-medium technical skills for a quality self-service site. You may find that a blog alone is all you need (eg: http://blog.calvin.it).
You’re a (or part of) a small firm, and you’re busy. Does your firm have a web site? Can you articulate the goal of having it? Who maintains it? Who is responsible for each piece of content on it? Has the content been carefully designed so that it achieves your goals?
Web sites can have many functions: an electronic white pages so your clients can look up your contact details; a yellow pages so potential clients can find you based on your location or expertise; a place to provide information on areas of law to current and potential clients; and a portal for communication between clients and lawyers. Understanding why you have a web site will help you ensure that you have the right information on it. Let’s say that you use it to provide contact details only (and that’s a perfectly acceptable use) - does it have all your details? How about a Google map?
Have you thought about how it looks on a mobile phone? Many web sites are simply unusable on smaller screens. It’s easy to have a web site that detects the type of device in use and formats the content appropriately. For mobile pages you might take care so that on appropriate devices a user can simply tap your phone number to call, or your address to switch to maps or a GPS. Avoid large images, background images, and technologies that don’t always work well on mobiles, such as Flash.
Design
Getting some marketing and design advice will assist in getting the best out of this important marketing tool. Don’t talk to a tech person - speak to someone with a proven track record in design. Make sure it’s clearly laid out, free of clutter and uses fonts and colours that make it readable to all types of human conditions.
Consider what your core messages are, and what images (no clichéd images, please) might be appropriate to provide an attractive and appropriate presence. Don’t have an annoying landing page that does nothing except require someone to click on it - and they often cause problems on a mobile browser.
Information
If you want to give clients some basic grounding by linking to other sites, such as, say the NSW Fair Trading home page (http://www.fairtrading.nsw.gov.au), then make sure that link opens the page into a new browser window, rather than replacing your own.
What are your core competencies? Consider writing a primer for your clients to read before they come in to see you - it will help them be a better client and save you time on routine matters.
Content value
Don’t clutter the site - don’t add anything unless it has a purpose and enhances the core messages. Consider “search engine optimisation” which, although often spruiked by unsalubrious types, can be very important if you want to come up in a search “Newcastle small business lawyer.”
Diarise to review your site at least every month. Make sure all the content is owned by someone, and that they understand it is part of their job to care for it. Make it easy to add and alter content by using a quality content management system. A CMS, whether commercial or open-source will assist in SEO, avoid technical errors and eliminate broken links.
Process
To get going: How much money and time do you want to spend? Do you need to get someone to do everything for you, or can you (recognising you’re a lawyer and not a marketer or technologist) contribute? Some people may be able to go to a reputable hosting company, register a domain name, and have a CMS running within an hour. There are many of these (eg www.dreamhost.com) who offer tools that require low-medium technical skills for a quality self-service site. You may find that a blog alone is all you need (eg: http://blog.calvin.it).
26 October 2011
iPhone location services and battery life
I've noticed that compass calibration seems to be permanently on. You can tell by enabling the indicator under System Sevices.
Are there any developers out there who know, technically, what happens and its effect on battery life?
Are there any developers out there who know, technically, what happens and its effect on battery life?
19 October 2011
The law and hacking
Privacy and bad security
Recently a major superannuation fund (pension fund to those of you overseas) in Australia was "hacked" - First State Super complained to the police that Patrick Webster had told them that member accounts were easily accessible by anyone, and proved it to them.
Privacy
The discussion that has arisen around mandatory data breach notification laws is timely. In this case First State only notified people whose account was listed by Mr Webster, but the fact was that the entire web site was flawed and it could have easily been harvested entirely by someone with a few scripting skills. Instead of blaming Mr Webster for accessing the data, First State should have blamed itself for poor security. Instead of threatening him it should have thanked him.
The letter from Minter Ellison (three and a half weeks later) apparently was a typical lawyer's job - I trust Mr Webster obtained some good advice in response. The quotations in the SMH obviously can't give the full picture of what has gone on, but there's a flavour that First State are more interested in having a crack at Mr Webster than looking at their own failings. What First State should be doing is not worrying so much about Mr Webster deleting any data (and goodness, if he was going to misuse it or sell it it would have been long gone after three weeks) - it should be setting out to prove to its customers that no-one else has done it (a serious criminal isn't going to tell First State they've done it), and offering them free identity theft monitoring.
I'm pleased to see that the NSW Privacy Commissioner is going to take a look at this case - particularly since the limited notification by First State was not acceptable in his opinion.
Is hacking a crime?
By way of example, the Criminal Code 1995 (Commonwealth) doesn't deal with hacking - it deals with unauthorised access to data. The Crimes Act 1900 (NSW) also deals with unauthorised access to data. Section 308B defines it as
Restricted data is defined by s 308H (3) of the Act to be:
Rather than an access control system we probably actually have a data access system inherent in software for extracting data from a database and displaying it through a web server. I'll make a few assumptions here:
So, if Minter Ellison actually told Mr Webster that he had breached various pieces of criminal legislation, they probably want to have a good look at themselves.
An example which borders on access control is someone who gets a new home internet router, such as a D-Link, and turns it on leaving the well-known admin username and password of admin and password. Is that an access control system? It's a little sturdier than a URL with an account number, but it's still fundamentally flawed.
If First State Super used a master password of "password" would that be an access control system? For a security consultant neither an account number in the URL nor an easily guessed password would be considered an access control system of any commercial value.
Why is all this important?
The law, if misunderstood by ill-informed people, makes it an offence to poke around your bank's or anyone else's web site to see how good their security is. If an account number in a URL is an "access control system" then it becomes a free-for-all for the baddies, because the goodies can't look. Luckily that is probably not the case.
Worse still, if you live in the USA you might run foul of the DMCA, where even the most hopeless access control system has been used to prevent competitors from producing rival compatible products, such as garage door openers.
The so-called hack was incredibly embarrassing for First State. It seems that the URL for a member to access their account simply used the member's account number! As quoted in the Sydney Morning Herald by Asher Moses:
Plenty of computer security experts have rounded on First State, not only for the heavy-handed way it treated Webster but also for failing to detect such a glaring and easily exploited security flaw. "Changing a number in a URL bar isn't even hacking ... anyone who configures their systems to work that way is negligent," said Patrick Gray, a specialist security journalist who first broke the First State story on his podcast, Risky.biz.I think I might have written a web site using a similar technique in the first few weeks I learned to code for .NET. Who knows what First State was thinking in deploying this software if this story is true.
Privacy
The discussion that has arisen around mandatory data breach notification laws is timely. In this case First State only notified people whose account was listed by Mr Webster, but the fact was that the entire web site was flawed and it could have easily been harvested entirely by someone with a few scripting skills. Instead of blaming Mr Webster for accessing the data, First State should have blamed itself for poor security. Instead of threatening him it should have thanked him.
The letter from Minter Ellison (three and a half weeks later) apparently was a typical lawyer's job - I trust Mr Webster obtained some good advice in response. The quotations in the SMH obviously can't give the full picture of what has gone on, but there's a flavour that First State are more interested in having a crack at Mr Webster than looking at their own failings. What First State should be doing is not worrying so much about Mr Webster deleting any data (and goodness, if he was going to misuse it or sell it it would have been long gone after three weeks) - it should be setting out to prove to its customers that no-one else has done it (a serious criminal isn't going to tell First State they've done it), and offering them free identity theft monitoring.
I'm pleased to see that the NSW Privacy Commissioner is going to take a look at this case - particularly since the limited notification by First State was not acceptable in his opinion.
Is hacking a crime?
By way of example, the Criminal Code 1995 (Commonwealth) doesn't deal with hacking - it deals with unauthorised access to data. The Crimes Act 1900 (NSW) also deals with unauthorised access to data. Section 308B defines it as
acesss to... data... is unauthorised if the person is not entitled to cause that access...It gets interesting when you read s 308H. It says (my paraphrase):
A person who accesses restricted data, and knows the access is unauthorised, and does it intentionally is guilty of an offence. (Max penalty 2 years imprisonment).But did Webster access restricted data?
Restricted data is defined by s 308H (3) of the Act to be:
data held in a computer, being data to which access is restricted by an access control system associated with a function of the computer.Is it possible to say that First State had restricted access using an access control system? It's a pretty close call, and strongly arguable that they didn't.
Rather than an access control system we probably actually have a data access system inherent in software for extracting data from a database and displaying it through a web server. I'll make a few assumptions here:
- Mr Webster logged in - presumably using his own account;
- which set a session cookie or other session identifier allowing him to use the web site;
- he typed things into the URL box in his browser;
- that data was parsed by normal operation of the software, put into a SQL query, and the results returned.
So, if Minter Ellison actually told Mr Webster that he had breached various pieces of criminal legislation, they probably want to have a good look at themselves.
An example which borders on access control is someone who gets a new home internet router, such as a D-Link, and turns it on leaving the well-known admin username and password of admin and password. Is that an access control system? It's a little sturdier than a URL with an account number, but it's still fundamentally flawed.
If First State Super used a master password of "password" would that be an access control system? For a security consultant neither an account number in the URL nor an easily guessed password would be considered an access control system of any commercial value.
Why is all this important?
The law, if misunderstood by ill-informed people, makes it an offence to poke around your bank's or anyone else's web site to see how good their security is. If an account number in a URL is an "access control system" then it becomes a free-for-all for the baddies, because the goodies can't look. Luckily that is probably not the case.
Worse still, if you live in the USA you might run foul of the DMCA, where even the most hopeless access control system has been used to prevent competitors from producing rival compatible products, such as garage door openers.
11 October 2011
Voice control on the iPhone
I've been a fairly happy user of voice control on my iPhone 3GS and later the iPhone 4. I only use it for making calls, but it's very accurate both holding the phone and via the Bluetooth in the car.
Writing text and emails via Bluetooth would be nice, but I found the Dragon products didn't work well with an Australian accent.
The iPhone 4S will have much more, but I've found Vlingo (http://www.vlingo.com/) and it is better than I thought it might be. You can draft emails and SMS as well as a few other things. It's not perfect, and deeper integration into the system a la the 4S would be better, but it's an acceptable substitute.
The iPhone 4S will have much more, but I've found Vlingo (http://www.vlingo.com/) and it is better than I thought it might be. You can draft emails and SMS as well as a few other things. It's not perfect, and deeper integration into the system a la the 4S would be better, but it's an acceptable substitute.
Mythbusters duo to host Discovery documentary on Jobs
Macintosh News Network report:
"Mythbusters duo to host Discovery documentary on Jobs:
"Mythbusters duo to host Discovery documentary on Jobs:
Entertainment Weekly has revealed that the Discovery network is assembling a documentary on the life of Steve Jobs, co-hosted by Adam Savage and Jamie Hyneman, the duo behind the popular show "Mythbusters."An interesting choice of presenters... but what will be more interesting is who the researchers and scriptwriters will be!
Subscribe to:
Posts (Atom)