thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
Here's a thought about Intellectual Property (movies, photos, books, music, writing, software, patents, etc), and licensing, and why it's all such a mess.

Intangible things of any kind are hard to understand to begin with. Intellectual Property is intangible. Then IP laws are meta IP about IP. Then IP licenses (the things that let you legally use IP) are themselves IP that operate in the context of IP laws.

It's seriously no wonder that people don't understand, and quite reasonably don't even want to understand, Intellectual Property licenses in pretty much any context you like. They're several levels of intangible meta away from even the first level of the intangibility.

And I didn't even mention jurisdictional issues. Ugh.

Really everyone just wants to make cool stuff and maybe make a living out of it. But the legal side of it is actually a giant complicated mess of intangible stuff that almost nobody cares about.

So if you're ever wondering about "Apple vs Samsung", or "Patent trolls", or "creative commons", or "open source" licenses, and why it all seems like it's a horrible mess... Well, yeah. It's not simple. It never will be. :-/ That kinda sucks.
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

O Noes, the Instagram Sky Is Falling...

So, the latest buzz about the traps is that Instagram is about add this (text from the iOS app) to it's Terms of Service :

"Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you."

Note that photos (especially ones taken on smartphones) usually have geographic location metadata attached, by the way. This is essentially the same thing that happens on Facebook with "So and So likes Company Page X", etc. If you use Instagram, you may or may not be concerned by this change of Terms. I already wasn't and still won't be uploading anything to Instagram that isn't intended for public usage, and mostly only have a username because I like to grab usernames, so it doesn't bug me specifically.

The whole situation boils down to this: if you are not paying for the service, you are not the customer. Whoever is paying for the service is the customer - in the case of Facebook, Instagram, Twitter, Google, Youtube, that's the advertisers. Don't expect the service provider to do things that are in your interest. They will do whatever is necessary to keep you interested so that they can serve their customer (the advertisers) - this is not the same thing as doing things that are in your interest.

And if anyone is still wondering why Facebook paid USD1billion to buy Instagram, this is precisely why - one of the biggest features that keeps users on Facebook is photos, and Instagram was the only service so far that actually successfully took users away from FB. That's a cheap price to pay for a defensive manoeuvre that removes your only competitor. (And no, G+ isn't a competitor. It has some different features that some people like, but nothing that actually really competes with FB head on and wins.)

So what?

It's all about the Business Models, IMO: User Pays > Freemium > Open Source Self Supported > Ad Supported.

So, nothing too significant, really. Just something to bear in mind whenever using an Ad Supported service (and note that this includes free-to-air television, news sites, etc), that you are not the customer, and have only small a ability to influence the service to provide what you truly want.

In the case of Freemium services, you are still the customer, in that what you're getting is a loss-leader to try and get you or others like you to pay for the more expensive parts of the service. And if you do choose to pay, you have more influence.

The other "free" alternative kicking around is "open source" software (e.g. roll your own wordpress installation on a web hosting service), but the general caveats with "open source" type services are that: firstly, there's a lot of self-support involved; secondly, the "paying customers" are the developer(s), whose interests often do not align with those of non-technical humans. In some cases you find that there's a mix between Freemium and Open Source, this can be a good way to go for everyone.

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

In Australian Greens MP Adam Bandt's post "Do you think should people be able to enrol to vote online?", a number of people in the post also wanted to actually vote online (or electronically).

My response to that is that electronic voting is currently not possible to secure because of the requirement to preserve anonymity of voting.

With most electoral voting systems today, an essential part of the system is that the vote cannot be linked with the original voter. If votes can be linked to voters, then you open the likelihood that people may not vote honestly, because they can targeted due to the nature of their vote.

The difficulty is that all electronic data is essentially trivially copiable, and an edited version is usually indistinguishable from an original. For example, your computer copies the digital original every single time you look at something online - that's how it gets from the server to your computer so that your computer can even display it to you.

This text you are reading now has been copied in that way lots of times, and you could trivially make more copies of it, edit it however you like, and release a digital text which has been modified, but is in exactly the same format to the original text and nobody can truly verify which one was the real original.

There is only one kind of electronic data that is not editable in that way - that is electronic data which has been securely digitally signed in a non anonymous fashion. That means that if the data is edited, the digital signature will no longer match. For example, digital signatures are used by online banking systems to verify to your web browser that the online website you are talking to is actually the bank you think it is, not someone else pretending to be the bank.

The problem is, digital votes that are secure and verifiable must remain attached to their original digital signature - which fully identifies the voter. Once you detach the digital vote from the digital signature, they can immediately be trivially copied and faked (just like this unsigned digital text you are reading), and cannot be verified using any means.

No matter how much auditing you do on the software and hardware, at any point between the detachment of the digital signature and the final vote count, there is the possibility of trivial and currently impossible to check and verify against digital vote fraud.

Paper votes are physical objects which are much much harder to create copies and fakes of. Once the voter is identified, they can be given a blank voting paper, and the physical vote can then be passed around and verified without having any link to the voter any more.

As regards the original question posed, enrolling to vote online is actually fine, just like Internet banking and similar systems, the point is to be identified to prove that you are you. It could even tie in well to the electoral system at booths - secure identification that ties in with your digital enrolment at the tick off point in order to receive the physical voting papers would actually improve voting security, not decrease it.

In short: Online voter registration, no worries. Online voting, just no.

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

I'd already decided I was going to stop complaining about LJ - at this point it's just useless annoying noise. I'd been thinking I should instead talking about what's nice on and why I like it as a blogging platform, without comparing it to anything else.

[personal profile] shanaqui posted a meme in [community profile] lj_refugees specifically on that, so I copied it. :-)

Favourite thing(s) you think everyone should know about DW:
Favourite feature(s) that is/are unique to DW:
Favourite comm(s) on DW:
Comm(s) I wish would get more attention:
Favourite user(s):
The kind of comms I'm looking for:
The kind of people I'd like to befriend:

... my answers inside ... )
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

TLDR version

Most Internet traffic is not encrypted at the moment. It is trivial in cost and setup to use some form of encryption on all Internet traffic, which means that any Internet filtering solution will be unable to inspect that traffic and block sites.

Aside from that, if people access illegal content using non-encrypted communications, that is a good thing. Why? Because that means your ISP can actually detect them and send the information to law enforcement agencies. That sort of thing is common practice within the ISP industry already.

All that implementing a net filter would do is force people actually doing illegal things to get clever and use encryption technologies like the above, rather than leaving at least some of them out in the open as they are now.

Layer Cake

The Internet works on a layered communication method, where "protocols" are run on top of each other. I'm going to simplify some and leave out some things that aren't necessary to mention, but that's okay.

At the base, there exists "hardware" - wires, radio waves, that kind of thing.

Each type of hardware has a type of hardware specific communication that things use to communicate over it. (DSL, DSL2, 56k modem, wireless 802.11b/g/n, etc).

On top of that hardware specific communication is layered a protocol called "IP" (Internet Protocol), in which every device on the Internet has a numerical IP address.

At each endpoint of those bits of hardware are things called "routers", which essentially take traffic from one part of the network and "route" it to another part.

On top of IP is layered a protocol called "DNS" (Domain Name Resolution), which lets you look up a domain name (like and have it translated to some IP address.

In order to make a connection between one computer (e.g., yours), and another (e.g., a web server), your computer uses DNS to find the IP address, then connects to it on a "port" (another number) which is related to a particular service.

HTTP is a protocol that runs on top of IP. When you put a URL like into your web browser, your computer asks via the "DNS" protocol for the IP address to contact. It then contacts that IP address on port 80, and makes a "request" for the content that lives at /intl/en/options. The server then sends the content back to your computer, which feeds it to your web browser, which then renders it.

Because all of that traffic is not encrypted, your ISP (which controls the routers between you and the rest of the Internet) can inspect that traffic, and if it sees a request for the "wrong" sort of content, it can block the rest of the traffic. That is what is proposed under the net filtering trials that have been conducted.

Sounds good. The problem is that there already exist technologies in common use today that defeat this approach completely.

There is a protocol called SSL (Secure Sockets Layer), which is another protocol layered on top of IP. It actually provides exactly the same function as IP, in that you make a connection from your computer to the other side, but what it supports (that IP doesn't) is encryption and authentication. When your computer makes an SSL connection to another server, it can tell if the other side has a "certificate" which, when "signed" by the appropriate well known authorities (Thawte and Verisign are the primary providers), proves that the server in question is really the server that is supposed to live at that hostname. In addition to that, all data passing back and forth over an SSL connection is encrypted, so nobody in between can read it.

The analogy is that "IP" traffic is like postcards - they're being passed around readable by anyone. "SSL" traffic is instead like sending a sealed and signed and stamped envelope - tampering is obvious to the other end, and you in fact can't even tamper with the envelope without destroying the contents.

HTTPS is defined as being exactly the same protocol as HTTP, except that instead of making a connection using "IP", it runs over SSL. This is the protocol used by all of your Internet banking services, and indeed by many webservers that require login of some kind, because they don't want your password and details flying around the Internet for anyone to inspect.

If your ISP wants to "filter" HTTPS traffic, it essentially can't do that effectively. It can block access to specific hostnames (e.g.,, but it can't block say, without blocking all traffic to everything at

So, anyone wanting to host RC content under the proposed filtering system simply has to provide it over HTTPS, and that will defeat any filtering attempt.

There is another protocol called IPSec (Internet Protocol Security), which is IP tunnelled over IP. Sounds weird, I know. What use is it? It's the same deal as SSL - it's an encryption/authentication protocol. This is what your corporate road warriors use to connect to their corporate network via a VPN (Virtual Private Network). All the traffic leaving your computer is essentially encrypted and sent down the "VPN tunnel", to your VPN server, which then decrypts it and sends the "real" traffic out to the Internet at large. All the ISP sees is a bunch of encrypted IPSec traffic, which it cannot decipher.

Now, there are quite a large number of providers in the US and elsewhere, who are happy to sell you a VPN service. What does that do? It makes your computer appear to, as far as the Internet is concerned, be coming from the US. This is commonly available technology, costs you about USD5 a month at the low end, more than that for better services. Anyone using one of these VPN services is, essentially, totally immune to the filter, because their Internet connection effectively originates in the US (or elsewhere), instead of in Australia.

These are just the two most commonly used encryption and authentication protocols out there, that are in common use by a lot of people. They are both designed to be entirely secure and not breakable in a real-time manner, not even by governments.

No filtering technology can possibly block these protocols, because to do so would cripple Australia as far as the ecommerce world is concerned. Imagine not being able to use or or to do anything. Imagine the CEO of IBM visiting Australia and not being able to access corporate email. We're already considered an Internet backwater due to our slow bandwidth and terrible usage caps. Inability to use basic encryption would just be madness.

Aside from that, if people access illegal content using non-encrypted communications, that is a good thing. Why? Because that means your ISP can actually detect them and send the information to law enforcement agencies. That sort of thing is common practice within the ISP industry already.

All that implementing a net filter would do is force people actually doing illegal things to get clever and use encryption technologies like the above, rather than leaving at least some of them out in the open as they are now.

Relevant links

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

I bought a Drobo, and configured and formatted it last night. Copied the data from my previous external storage disk (which was failing with block errors). Plugged it into the back of the Airport Extreme, and voila, it's just working. Time Machine is happily grinding away doing its thing, and it's very nice knowing that we have 3TB of raid storage that is protected against single disk failure. I didn't have to install any drivers, work out any raid configuration details, or fiddle any settings - there essentially aren't any to fiddle.

This is essentially representative of what I'm enjoying about the current state of play in computer technology - quite a lot of things are falling out of the Corporate Price Point down into the Small Business / High End Consumer Price Point.

A few examples:

  • Mobile Broadband (Satellite, early GPRS/3G vs ubiquitous 3G/EDGE and wifi)
  • Compute Cluster (SUN, IBM, HPUX, etc vs Google Apps, Dreamhost, etc)
  • RAID/NAS (NetApp, iSilon, etc vs Drobo, lots of other manufacturers too)
  • Portable Computing (Blackberry vs iPhone, Android, Pre, Netbooks)

What's nice and interesting to note is that the Usability Fu really really matters in this zone. Corporates can afford to just suck it up and pay an expert to integrate a solution (and are almost invariably doing something weird and custom enough that they would have to even with "off the shelf" solutions). Small Business and High End Consumers don't have the time or the money to spend on Integration Experts and Solution Architects. It just has to Plug In And Work. If it doesn't work just like that, you can't sell it effectively in this price point.

Ordinary people are starting to expect computing technology to Just Work and be Easy To Use. And so they should. So, if you're in the industry at all, "It's a tricky computer thing" is not an excuse any more. It should never have been an excuse in the first place. If it's hard to use, find another supplier with a more usable product. They're starting to exist.

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
There seems to be quite a lot of confusion around the place about the Apple vs Google vs Microsoft ding dong three ring circus "battle" that's developing.

Here's why I don't think it's a real battle, even though they all appear to be playing in the same spaces (Mobile/Search/OS/Apps). They don't have the same customers.

Apple's customers are people.

Google's customers are advertisers.

Microsoft's customers are corporations.

Bear this in mind at all times when you are analysing their products and activities. It explains a lot.

April 2015

12131415 161718


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags