This week there was protesting going on about SOPA and PIPA. The real question is, what happens now?

Congressmen are removing their support. the people who introduced the bills are removing the DNS blocking provisions. What more needs to happen is the question that they will ask.

First, lets start with this, a politicians promise is like a prostitute’s kiss. It is slimy and is not something you can believe. The fact that non of the congressmen who have backpedaled have given any clue as to what they now find objectionable outside of their constituents not liking the bill, is a worrisome sign. One that shows that they don’t really want to back off, and they are putting on a face until the fervor dies down. This is why we need to press the advantage right now to get these bills changed.

Karl W. Palachuk rightly claims in a Facebook post that 99% of the people who signed the petitions don’t know much about the bill. He though, like a lot of the people for the bills, try to make it about infringing versus not infringing. That is not the real problem. People like him who say that not supporting SOPA/PIPA is akin to being a pirate yourself are short sighted and wrong. The real issues are Cybersecurity, letting the foxes (RIAA/MPAA) guard the hen house, and no oversight. The Censorship angel is being used as a way to disguise these other issues that have been brought up.

For instance, there is a provision in SOPA that “bars the distribution of tools and services designed to get around such blacklists.” This is dangerous because sites such as Tor, which is used by people in places such as China and Iran to get around their firewalls, could create problems for VPNs, which could be used by people who work for multinational companies to get around the blacklists, and encryption which would prevent people from seeing what you are requesting on the net. Heck, to bypass some of the blocking/filtering, you could just modify your hosts file. Does that make every operating system illegal under SOPA?

Also think about this. The punishments in SOPA do not fit the crimes. Overbearing on the fines front, making these crimes a felony and setting jail times longer than those who beat up their wives or kids is just not right.

Now to further the argument, there is the Megaupload takedown which happened yesterday. this 2 year investigation with international cooperation sets a standard for taking down sites that are helping pirate stuff knowingly. Yes they have servers on American soil, but they are a multinational company, and Kim Dotcom was arrested in New Zealand. That right there shows that the DCMA combined with current law can take down pirates.

Yes Piracy is a problem. Then again its always been a problem. Should we shut down libraries because people might not (and do not) return books thereby getting them for free. Heck they read them for free through the library. You can get movies, music all of it for free from a library. Why not shut them down? The point being that no matter what, there will be it. I have yet to see confirmable numbers on what it actually is doing to the entertainment industry, but with the amounts of money the execs get pain in bonuses, it really can’t be hurting them too much.

You can go to sites like ArsTechnica.com and find a wealth of information about SOPA and PIPA, what they could do with the laws, extreme examples such as I have posted, and more. There is a wealth of good information out there, and people do need to actually take time to make educated decisions about these sorts of laws.

Finally, think about this. How often do the worst case scenarios come true? Look to the past, see what controversial laws have been enacted without oversight, and how they have been abused over the years. See what groups like the RIAA and MPAA have done in playing the role of Chicken Little (Cassette Tapes, VCRs etc..) over the years, and how they have been proven wrong. We have to decide at some point our own future and not let it get silently dictated to us by a bunch of corporate goons.

People don’t listen. I recently did a little test on my personal Facebook account. I posted a quote from a Republican candidate, said how the quote sounded like Pre-WWII Nazi propaganda and waited. I was not disappointed as people pointed to only part of the statement.

It was an interesting experiment that confirmed what I feared. Most people see and hear only what they want to, and are blind to the rest.  So what does this have to do with the world of IT? Plenty. think about when you deal with a customer/client/user. Do you only hear party of what they are saying,or do you hear the whole thing? Is the client only hearing certain things you are saying? Where is the disconnect and how can one get past it?

Now this disconnect is shown in all its glory with SOPA and PIPA. Congress is listening to the entertainment industry. the refuse to hear what the tech industry has to say. It is a sham that could make us more unsecure. The techniques of domain blocking they are talking about are not only used by oppressive regimes to control what their citizens can see on the Internet, but is used by the very same people that they are trying to stop.

Think about this, you get an e-mail from what looks like a legitimate source, and get sent to a good forgery of the website. The link showed the right address, until you really dig into it. Next thing you know, you have become a victim of identity theft. This is the sort of misdirection that SOPA and PIPA use. Redirecting and falsifying the DNS records. This is what DNS-Sec, which has been years in the making, is supposed to curb or stop.

The RIAA and MPAA, who are so knowledgeable and innovative in the tech world that they are still trying to avoid it, swear that these laws won’t harm security and won’t damage DNS-Sec. Yet the experts who have been DENIED a chance to talk to the committees about the technical issues, are saying the exact opposite. Congress still won’t listen.

Don’t get me wrong, as much as I don’t like the RIAA and MPAA for overextending copyrights so that they don’t have to innovate, they have a right to want help in controlling piracy of their work. To me its not for the Artists who make millions of dollars, but for the lowly engineers, the secretaries, the people who make normal wages and want to keep their jobs. Yes piracy is not as big as it once was, and as more and easier legitimate means come to get entertainment, it goes down. Also, you will never be able to completely stop it. The pirates always find a way around things.

In a world where Identity Theft is a larger problem than Piracy, where something such as DNS-Sec and other security measures that are impacted or killed by bills such as SOPA and PIPA, what is the right solution. SOPA and PIPA definitely are not.  Feel free to e-mail this to your congressmen and senators, for them hearing from us, the people who employ them, is the only way to truly stop it.

Extra charges for single online pay, 4G outages, the FTC starting to look at their business practices. Verizon, what have you done?

I was going to give a review of the Motorola Droid Razor today, but decided to push that off. See the Razor is available only through Verizon, and I noticed yet the start of another outage of 4G services this morning. Verizon has said these outages are growing pains, and were the 4G network brand new, I would accept that, but it is not. Verizon has had their 4G network up for just over a year, and should know how to handle growth. They were the ones who didn’t have the issues AT&T had with the explosion of smartphones. Of course that was CDMA vs. GSM. Now its LTE vs. LTE, and AT&T might have the advantage.

See both are using the LTE network, which requires the use of a SIM card. AT&T, whose network is still known for poor quality, and lots of drops, at least has a head start in dealing with the issues of a network that requires the SIM cards. I wish I had proof, but it seems that the SIM cards, or at least networks that require them, are not as stable here in the States as a network like CDMA which has no SIM card. (At the time of writing this, the 4G network just came back up after being inaccessible for an hour). It would be interesting to hear from someone on the differences between the two networks and why the ones that need SIM cards seem to be more unreliable.

Now this is on the heels of the FTC announcing it was probing Verizon over the $2 convenience fee it was going to charge and then pulled back on. Verizon’s statement is that even paying online has its costs. And they are right, there is equipment and software costs, maintenance on the systems, and hardening the equipment against hackers and other forms of data breaches. Still the costs are the same, whether for an automated system or if people pay individually. That is, unless they have to use 2 separate systems, or the company that is processing the payments is charging them an extra fee. Either way, there are other options to reduce the cost. If you think about it from a security standpoint though, the single payment, which I use, is a safer bet, not just from people knowing they have the money in their account, but from a security breach standpoint.

Just think about it. If you sign up for Automated payments, Verizon and the third party who processes the payments, both have your bank account or credit card information saved on servers. These servers are supposed to be PCI compliant. Even if they are, PCI compliance is a joke. Think of the banks (all of which have to follow at least PCI compliance) or stores (Which have to be PCI compliant) or anything that does online transactions, and how many breaches we hear of. Now think about how many breaches we don’t hear of, at least not immediately. Now look at single payment options, where you can choose not to save the payment info on their servers. Yes there are still problems that can arise from man in the middle attacks, spoofed SSL certificates, etc.. but once you make that payment, the info is not supposed to be stored anywhere. That means if Verizon, or their third party payment processor, has a security breach, your payment information should not be compromised. In reality it might just me being paranoid, but from a logic standpoint it does seem safer.

Now, Verizon did withdraw the $2 fee idea pretty quick, but expect to see it show back up again and again. The bigger thing Verizon has to worry about right now is the amount of bad press they are receiving. They need to remember that pissing one customer off means that customer is going to tell their friends and family, and eventually it can and will take a toll on business.

Years ago I use to think McAfee was a good Anti-Virus program. Then they got bloated. Now McAfee is becoming chicken little.

You can see the reports regularly. New exploit in this, new trojan here, new zero-day exploit, and on. The world of securing your information and your identity, either individual or corporate, is a complex and never ending battle. Nothing is going to be 100% secure. you know it, I know it and the bad guys know it. Its a matter of mitigation. The smaller area of attack we give the bad guys, the more chance that they will pass us up for an easier target.

It becomes more complex every year. New devices come out, connectivity becomes better, people become more greedy. In fact the more complex things get, the easier it is to break into them with simplicity. You may ask how is that the case. Simply put you just showed how. We tend to gloss over the simple items for the more complex ones, including bugs and holes. That is a discussion to have another time though.

Right now, in the security field, McAfee has been making a lot of headlines lately. From a RAT Report that other companies are calling “shady” to the latest report from them about cars becoming the next hacking target, McAfee keeps getting their name out there. The problems with these reports is their are either obvious or disputed. That McAfee look more like an attention hound than anything else.

This grab for attention comes on the heels of a decade of McAfee putting out worse and worse products. Suites that are so bloated that you machine drags to a crawl during start up. Anti-Malware products that let too much Malware through. Software that is difficult to remove from a system should you prefer to go with one of their competitors. How the mighty have fallen.

Most companies in the consumer security field, especially those that make Anti-Malware software, can run into these same pitfalls as the become more popular. Norton has, although they are slowly turning things around, they still have a long way to go. Kaspersky is doing its best not to fall down that path, but it does seem to be getting more resource intensive. AVG, well they put out a decent product but we are about due for another bad patch that messes machines up. None of them are perfect, but some are better than others, and McAfee has been considered part of the bottom of the heap for a while now.

So McAfee throws up a smokescreen. Instead of improving their product, they try to show that they know more. Sorry but knowledge of what is happening, and the ability to translate that into a decent working product do not have to be equal. In fact, McAfee has shown me that you can have the knowledge without the product. Then again, McAfee lately has been more like Chicken Little. Just remember, the sky isn’t falling, things are just progressing. We as the ones in the field need to keep our wits about us and it will all be fine.

Apple, a company you either love or hate. Its about as black and white as one can get. Now they really have a chance to make some good changes to their culture, but they won’t.

When Apple was founded, the computer world was a simpler place. Young people just wanted to be able to play, to work on these new machines. Steve Jobs and Steve Wozniak created a company that fed into those dreams, helping define an era. Having an Apple II machine was hip, it was cool, and it was around $1000-$1500 to get one. Most of its competitors cost around the same, so it wasn’t too big of a deal. You could purchase or write your own programs, and do what you wanted to with the system.

Somewhere along the way, after Woz left, Apple’s vision started changing. They came out with the Macintosh which was an amazing little machine. A machine that started to really open the world of computers to more people. A machine that would redefine Apple. Who can forget the Orwellian Ad that they came up with for the Mac. Funny how prophetic that would be.

Steve Jobs always had a great mind for marketing and a brilliant mind for ideas. Some over the years would stick, some wouldn’t. He got removed for Apple, sold all but one of his shares, and eventually through the means of  mergers and acquisitions wound up back in charge of the company he had founded. He brought them back from the brink with a savvy set of ideas that pushed the envelope not in computing, but in consumer electronics.

Jobs also took the paranoia he got from his original ouster to an extreme. While Mac is a good, and solid system, and pretty easy to use, the helped create fallacies around it, from the level of its security to the ease of its use. He also locked the system down tighter than Fort Knox. Same with the iPhone and iPad. Locking down these systems not only gives Apple more control over the device and the data but creates a problem for consumers from a pricing standpoint. The lack of competition helped Apple become the 2nd largest company in the United States, only behind Exxon Mobile. It also gave Apple another item at its disposal, the lawsuit.

Apple is as much a company now that is anti-competitive as Microsoft was back in the 90′s. Its biggest rival is Google, who is just as closed minded and stupid about things as Apple is. Both companies claim to have the consumers best interests at heart. Apple looks at any competing product and immediately tries to find what it can sue over. This is not in the best interests of the consumer.

With Steve Jobs stepping away from the CEO position to Chairman of the Board, he still has a great influence over Apple, its products, its direction. Tim Cook could try to open things up, but won’t. The consumer friendly company that was the little engine that could is gone. They are a company that wants, like Google, to tell you how to do things. They don’t care about what you think. This is why they have been referred to as a cult over the years. Just like Scientology, Jonestown, the KKK and many others over the years, the ultimate goal is to control you and make you bend to their will.

Steve, thank you for all you have done to forward technology, but your controlling and paranoid thoughts, I won’t miss.

Google Plus, the honeymoon is over. Is social Media any good when you have no one to talk to?

So there we go. Google is really bringing the hammer down on people who use Pseudonyms. Not only for Plus, but also for Buzz, and other Googley apps. What good is it though? People get pissed and leave those services. That means less ad money for Google. It gives people a bad taste in their mouth, so they stop purchasing things that Google supports. It can be a nightmare, especially in this day and age of Twitter and Facebook also.

A friend of mine who just left google plus wrote the following as their last post:

Dear +Bradley Horowitz

I really thought you guys had figured it out, but its pretty clear from the Google Name Policy that Google has once again failed at recognizing the basic tenant of social networking, namely that relationships made and maintained online are just as real as those made in real life if not more so because of the greater pool of finding like minded individuals. Clearly those at the top have never been part of a forum community, an MMO, or been to a spontaneous community event whether it be out in the desert at Burning Man, inside the track at the Indy 500, or just waiting in a line for a concert. Those who have understand that a chosen name is just as real as one printed, stamped and filed by someone’s parents.

Everyone else has already mentioned the safety and legal concerns of denying the protection of a pseudonym to a wide array of people who would be in significant danger should they use their legal names on a public, datamining, service, so I won’t belabor the point.

For Google, I only ask you to watch the numbers as people begin to walk away and try to understand the significance of having a network where no one is, because none of their friends can participate safely.

For everyone else, please repost on your own accounts, you can give me a mention, if you like, but don’t just share it, you never know when I won’t be considered ‘real’ enough for Google.

Collapse this post

Google uses the moniker, “Don’t Be Evil,” but is that the truth behind the company? A look at Google Plus might change your mind.

Google+ is an interesting creature. One that is gaining popularity rather quickly. It is also one that might not last due to Google’s own policies.

The buzz around Google wanting people to only use real names in Google+ is gaining more and more steam. People are not happy with this idea. Everyone thought that Google+ would be better than Facebook. It definitely has the potential to compete with Facebook. The naming issue is turning into a stumbling block.

I will not go into depth on the whole idea of hiding from stalkers using a pseudonym in a social media setting. Instead I look at it from a natural way to know people. I have a great deal of online friends. I know them by their names from games, from forums, form other places that you don’t use your normal name. So when I see that Joe Shmo instead of DJ Cool J has added me to their circles, I have to sit back and wonder who the heck is following me? For that matter, Google+ is only as usable as the people you have in your circles, and if I cannot find them easily, which means nicknames, pseudonyms, etc, then I am not going to use the site.

Google though, sees the whole Social Media world as data. Just like search, just like AdWords, it is all data that can be used with algorithms to extract bits of information. That information can then be used to send targeted advertising to you. This increases the chance that Google and the company who is advertising can make some money off you. Its all about making a buck.

So should it surprise anyone that Google wants to mine what you say in Google+. What you Link to? Who you are? The amount of data that Google can dig up on each one of us through public means can really give a good profile of us. That can be used for Advertising, or worse, should Google decide to use it for “Homeland Security” purposes.

The book In The Plex by Steven Levey takes a good look at Google. Brin and Page (Google’s Founders) are all about the data and search. Data especially, because they want to have everything in the world indexed in one spot. Just imagine if that data fell into the wrong hands.

Lulzsec, a group that some people applauded. The were showing security holes. Well, truth is they are a bunch of bullies and jerks.

I love music. More so, I enjoy some Internet Radio Stations. I find a lot of the smaller ones tend to play all sorts of stuff I have not heard before, and broaden my musical tastes. These independent stations will go through the FCC to make sure they are compliant with the outrageous Licensing fees that the music industry puts on them. The FCC is even willing to help pay for that licensing, in turn for a few small things such as playing 5 minutes of real news every so often. Its something the government does right.

So when a few of the stations I listen to all of a sudden had problems with their web sites, and a few had problems with their streams, I figured I would talk to the tech people and see if I could help. Each one of them gave me a similar story of what was going on. Lulzsec was trying to blackmail them. Yep, these independent stations, all of whom get some help from the government, were facing DDOS attacks from Lulzsec. That was not the only thing. They are getting automated phone calls from Lulzsec demanding the admin password for their radio streams so Lulzsec can break in whenever they want to and take over the station.

I won’t mention the names of the stations, since they have called in the FBI on this. I just look at this and go, what a bunch of script kiddie jerks. I mean if Lulzsec were the “Elite” hackers they claim to be, couldn’t then have just hacked the servers that host the radio stream and taken it over that way? Heck, most Internet Radio Stations use either IceCast or Shoutcast stream servers. those servers tend to be Linux based, and usually have Apache on them. How do I know this? Well, I help some volunteer radio stations with tech at times, so I have learned the setup. Heck for that matter, I set up a Shoutcast server at my house so I could do some testing, and stream music to my different devices around the house. It isn’t that difficult.  If Lulzsec wants to broadcast over the Internet, and they are such high end people, then why not just make their own server for streaming, like they do for their IRC?

Think about it. If a group is so boisterous, it wants the press. It wants to be heard. The most elite in the hacking world though, you will never hear a peep from. They lurk in the shadows. They keep their egos in check. They create things for those kiddies that want the attention. Those are the tough ones to find. Until then, we have to keep dealing with jerks like Lulzsec.

The case of the mysterious stopping spooler has been solved. At least this time.

Good old Microsoft. You send in errors, look up errors and can not find anything from Microsoft itself. Half the time the people in the Technet Forums treat people with almost a snark to them, and don’t listen. Canned answers, no answers, and worst of all no information.

I recently had one of those spooler.exe keeps stopping problems. Went through all the logs, did my Internet searches and came up with an answer. c:\windows\system32\spooler\print needed to be cleaned out. Simple answer, which I found archived from a forum question about 4 years ago. Not an official Microsoft forums mind you, just a general IT forum.I find more things away from Microsoft than on their site.

It is frustrating. I am sure all of you have run into something similar. You look in the event logs and there is the “Click here for more information” link in the error message. Of course 99% of the time when you click on that link, the more information is sorry, we have no information on that error. The rest of the time it is just a general description that already has been stated inside the log entry.

Why does Microsoft tease us so? They have the perfect mechanism to help us, the ones who support their products, and yet they shun us. Yes there is a lot of other information out on the net, but sometimes you run into errors that you can’t find anyone else who has solved the error. Sometimes you want that information from Microsoft, without having to call them up and use an incident or pay for an incident. Last time I called up Microsoft, I had the problem figured out while on hold because the Microsoft Technician was asking for help. He couldn’t find information on the error codes.

Microsoft wants to be a big name in search. They have the perfect mechanism to help take Google down a peg with the links in the error log entries. Why they don’t get that working properly, I have no clue.

It’s been an interesting week, so lets just take a moment to toss out a few thoughts.

First thing is the whole patent wars that are going on now. I find it awful, stupid and deplorable. This is what happens when companies are afraid of each other. Instead of working on making things better and competing, they just try to sue each other.

Next on the hit list is Cloud Computing. Microsoft is all in, Amazon and Google have their offerings, and still it hasn’t taken off the way some people thought it would. There are a lot of statistics out there showing that people are moving to the cloud. The problem is what is the definition of the cloud in each case. To be honest, working with small businesses, I don’t see a lot of movement to the cloud for anything other than backup. The biggest reason being they can’t afford the speeds to make cloud computing worth it for anything else.

Coming up in a few weeks are Black Hat, Defcon and B-Sides all out in the Las Vegas area. For those who are going, I look forward to reading your reports and thoughts. Myself, I can’t afford to on my own (Money and time off), and my office won’t pay for me to go to them. So I will try to keep up on the web, see whatever videos I can, and just wait.

Finally, on a totally different tangent, The San Diego Convention going on right now. I refuse to call it Comic-Con, since it really is geared toward the entertainment industry in general, and more specifically a showcase of Hollywood’s attempts to cater to geeks. Sorry, not buying it.