Probably the claim you will read most often in recent weeks from my friendly archvillain Jason J Kee on his twitter feed is that, There is NO COMPARISON b/t #C11 & SOPA. While he is playing with words when he makes this claim, I think it is useful to discuss the narrow way in which he is correct as well as the ways he is trying to distract people from the similarities.
February 6, 2012
January 18, 2012
Today many have been raising awareness of USA's SOPA and PIPA. I thought I would back up a bit from those specific initiatives, and discuss just how far apart people are on this type of policy.
November 1, 2011
We should answer the question of whether a paywall is a copyright issue, before we dive into the question of the importance of this question for the debate around the Paracopyright provisions in Bill C-11.
I am familiar with paywalls from the perspective of both a user and a provider of such services. I will offer two specific examples of paywalls to illustrate the issues.
February 5, 2011
I'm not a proud Canadian these days. It seems that everywhere I look I see some monopolist trying to wipe out free markets in Canada, and not enough government intervention to protect the market. There are individuals in the current cabinet who appear on the surface to share some ideas, but who are sending mixed messages. I also don't get the impression that there is enough support elsewhere in cabinet, with other parliamentarians and parties, or with the larger bureaucracy who should be working for us.
July 9, 2010
The deadline for ideas and submissions on Canada’s digital economy strategy has been extended until midnight, Tuesday, July 13
I don't think I will have the time to make a formal submission. I have instead started to post to the ideas forum. If you agree with these ideas, please vote them up. Please also add comments.
June 25, 2010
I am a big fan of audio blogs. Some people call them Podcasts because Apple iPod users seem to claim responsibility for making them popular. Leo Laporte over at TWIT.tv, a large audio/video blogging network with a long history in broadcasting, tried to convince people to call them Netcasts as they were simply broadcasting over the Internet. While I'm a listener to a few TWIT.tv shows, and a few other non-Canadian shows, I have always been looking for Canadian shows that cover some of the technology and political stories from the uniquely Canadian perspective.
June 11, 2010
When I was first writing a little web service in Twisted Python that would return JSON encoded data, and I was having some issues with loading it up using Javascript, I used Wireshark to trace the whole thing and was surprised at how the response looked.
There were delimiters around the data, and the response headers included a reference to “Chunked Transfer-Encoding”. I had to look it up to find out what it was, and I had no idea how to turn it off so I posted on the Twisted Python mailing list, and got a prompt reply.
Chunked encoding has nothing to do with the content type. It is used if
you do not set a content-length header.So, figure out your response’s length (in bytes), and set the
content-length header to that.
Aha! So this in my http.Request handler fixed it.
log.info("sending response")
# Set the content length so that we don't respond with chunked
# encoding.
size = len(content)
log.debug("content length is %d bytes" % size)
self.setHeader('Content-Length', size)
self.write(content)
self.finish()
log.info("done")
Well, not a fix really as there was no bug, but I wanted to rule out the chunked encoding as the source of a problem that I was seeing.
I just discovered surfraw in the results of an apt-cache search (love that command) and I had to laugh at the manpage:
DESCRIPTION
Surfraw provides a fast unix command line interface to a variety
of popular WWW search engines and other artifacts
of power. It reclaims google, altavista, dejanews, freshmeat,
research index, slashdot and many others from the
false‐prophet, pox‐infested heathen lands of html‐forms, placing
these wonders where they belong, deep in unix
heartland, as god loving extensions to the shell.
I know, I’m a geek, but to me it’s funny.
June 5, 2010
I’ve just been learning about Cross-Origin Resource Sharing, to permit javascript downloaded from one domain to make Ajax requests out to another domain. I started learning this because I was writing a Google Maps client to test some back-end code and it wasn’t working for some reason. Thanks to the help of someone on the Prototype mailing list, and a packet trace, the problem was quickly found.
When I loaded my static page off of the disk, the browser assigns it an origin of null. I was then accessing a service running on my desktop, so its origin was localhost. As the origins differ, when I tried to make an Ajax request to it my browser automagickally makes an OPTIONS request to the server, requesting permission.
Let me show an example, captured via tcpdump:
sudo tcpdump -i lo -nn -s0 -w out.pcap tcp port 8000
When I load up this pcap file in wireshark and follow TCP stream, I see:
OPTIONS /route/?start=sta-9998&end=sta-9999&starttime=1274469161 HTTP/1.1 Host: localhost:8000 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091206 Gentoo Firefox/3.5.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Origin: null Access-Control-Request-Method: GET Access-Control-Request-Headers: x-prototype-version,x-requested-with
This is the OPTIONS request to the server, asking if it is permitted for this client to make a cross-origin request to that server. Specifically, it is asking permission to make a GET request from an Origin of “null”. If the server doesn’t respond with the right access-control headers, the browser will not permit the GET request to take place.
I had to modify my server, written in Twisted Python, to respond with:
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Access-Control-Allow-Headers: x-prototype-version,x-requested-with Content-Length: 0 Access-Control-Max-Age: 2520
So here I’m saying, yes, it is permitted from any origin (hence the *) to make a GET request, and the client can cache this permission for 2520 seconds (42 minutes). This won’t be my response when I deploy, I will tightly control the domains that this service permits, and lower the max-age to more like 10 minutes.
Now, this initial response is not enough, be aware. These headers must be supplied in every response, not just the response to the OPTIONS request. So when the GET finally takes place it looks like:
GET /route/?start=sta-9998&end=sta-9999&starttime=1274469161 HTTP/1.1 Host: localhost:8000 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091206 Gentoo Firefox/3.5.4 Accept: application/json Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive X-Requested-With: XMLHttpRequest X-Prototype-Version: 1.6.1 Origin: null
And the server now responds with:
HTTP/1.1 200 OK
Content-Length: 76
Access-Control-Allow-Headers: x-prototype-version,x-requested-with
Access-Control-Max-Age: 2520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Content-Type: application/json
{
"reason": "No workers ready, try again soon",
"status": "defer"
}
This is just an example while the server is loading a rather large data set, and cannot respond yet. Note the Access-Control headers in the response, just like the initial OPTIONS response.
Doing this in Twisted is simple enough. Inside of a http.Request handler, you can set response headers with self.setHeader(header_name, header_value), like so:
self.setHeader('Access-Control-Allow-Origin', '*')
self.setHeader('Access-Control-Allow-Methods', 'GET')
self.setHeader('Access-Control-Allow-Headers',
'x-prototype-version,x-requested-with')
self.setHeader('Access-Control-Max-Age', 2520)
self.setHeader('Content-type', 'application/json')
My next steps are to tighten this granting of access, probably via configuration file, but I’m sure you get the idea.
February 12, 2010
In an article for The Mark I suggest that we shouldn't blame Google when music blogs are shut down, since it’s the major record labels that are to blame.
December 30, 2009
According to a Hearst Seattle Media blog article, Mike Landreville, an advisor in the Intellectual Property Office of Environment Canada sent a letter to German Internet Service Provider (ISP) Serveloft requesting that the sites "enviro-canada.ca" and "ec-gc.ca" be removed. Without any judicial oversight of any alleged infringement claim (not that I can think of any legitimate claim for these spoof/paridy sites), the ISP shut off the range of IP addresses that served those sites as well as 4,500 other Web sites that had nothing to do with the spoof.
Whatever you think of the prank/spoof, this is obviously over-reaching by a Environment Canada bureaucrat and incompetence on the part of an ISP who removes websites due to random requests. This might be another Hoax given the claims originated from the Yes Men, but this would not have been the first time an ISP shut down an IP address range without judicial oversight based on a letter from someone alleging to be a lawyer.
December 12, 2009
Ok, this is just dumb.
msoulier@kanga:~$ gem list torrent --remote *** REMOTE GEMS ***
Well that’s wrong, I know there’s a RubyTorrent gem.
msoulier@kanga:~$ gem list tftp --remote *** REMOTE GEMS *** tftpplus (0.4)
It finds my tftp library just fine with a substring.
msoulier@kanga:~$ gem list RubyTorrent --remote *** REMOTE GEMS *** rubytorrent (0.3)
So why do I have to be so specific?
I shouldn’t need a web interface to find code in a repository people! Learn from apt-cache.
November 20, 2009
I’ve been involved in some discussions regarding Java recently, and I’ve repeated said that I mostly find it a solution that is still looking for a problem.
Looking back at this post by Paul Graham on “Java’s Cover” I find it interesting how many of his points still ring true, 8 years later.
My favorite quote:
It could be that in Java’s case I’m mistaken. It could be that a language promoted by one big company to undermine another, designed by a committee for a “mainstream” audience, hyped to the skies, and beloved of the DoD, happens nonetheless to be a clean, beautiful, powerful language that I would love programming in. It could be, but it seems very unlikely.
My problem with it is simple, and it’s why I dislike ClearCase, and many other technologies; it makes easy things hard. I’m busy. I’d use it if forced to, and then I’d try desperately to like it. Until then, I have better things to do.
November 3, 2009
Charlie Angus was in full force yesterday. He took his contribution to the debate on Bill C-27 (often called the anti-SPAM bill, although it still contains anti-malware and other provisions as well), and spoke about it as one part of a larger digital agenda.
The full debate is available via Hansard, but I wanted to highlight a specific section of Mr. Angus' contributions. (Note: Debate resumes after C-50, which may be today or later.)
October 30, 2009
Welcome to the all hallowed eve eve edition of Blogrotate. It was a relatively quiet week this week but the 2 standouts are from the OS department with more reviews of the just released Windows 7 and the release of Ubuntu 9.10. Here’s some of the stories that we took note of this week.
Operating Systems
Ubuntu 9.10 is released. Anyone who reads my blogs knows by now that I am a Kubuntu user and I think that it’s the best desktop Linux available right now. They’ve put a lot of work into this one and it’s the best version of Ubuntu yet, easy to install and use with all the features you could ask for. Ryan Paul at Ars Technica has his own review called Ubuntu 9.10 brings web sync, faster bootup, GNOME 2.28, check it out.
Here’s a short list of some types of Ubuntu you can get, and their niche.
- Ubuntu – The standard desktop featuring Gnome.
- Ubuntu Server Edition – Just how it sounds.
- Ubuntu Netbook Remix – A version of Ubuntu designed to work on your netbook.
- Kubuntu – The KDE desktop version of Ubuntu. With KDE it’s an easier conversion for Windows users in my opinion.
- Edubuntu – Edubuntu is an educational operating system that is designed for kids, parents, teachers and schools. I have not tried this one yet, but my 3.5 year old is ready for it.
- Mythbuntu – A replacement for Windows Media Center featuring MythTV. I use this for a PVR at home, easy install and great interface.
- XUbuntu – A version of Ubuntu using the xfce desktop, and designed for older or less powerful machines that have trouble with the Gnome or KDE desktops.
Windows 7 is still fresh in the minds of many. If you want an exhaustive review of all the pros and cons of Windows 7, how about trying to get through a 15 page review by Peter Bright. For the impatient, he sums it up at the end saying “…Windows 7 is, overall, a fantastic OS. It builds on a solid platform, and just makes it even better”. Read the full review in Hasta la Vista, baby: Ars reviews Windows 7.
PC Pro has an interesting article up called The Crapware Con. This article has some interesting information on what sort of extra software each of the major manufacturers are adding to your laptop, and what sort of effect this has on your performance. If you have an Acer, Sony or HP laptop they are apparently the worst offenders.
Security
Dan Goodin has an interesting article about a free Microsoft product that can identify and harden applications against common avenues of attack without even needing access to the source code itself. Read the scoop in Free Microsoft security tool locks down buggy apps.
Dan Goodin reports on a new Mozilla site that will check the plugins in your FireFox for old versions which may have security issues and allow you to update them easily. Mozilla service detects insecure Firefox plugins has the full story, and the plugin check page is here.
Software
Paul Lorimer, Group Manager for Microsoft Office Interoperability, writes in his blog that “In order to facilitate interoperability and enable customers and vendors to access the data in .pst files on a variety of platforms, we will be releasing documentation for the .pst file format”. This will open up the specifications for the pst file, used by MS Outlook to store email, making it easier for other software vendors to tap into the file format. See more in Roadmap for Outlook Personal Folders (.pst) Documentation.
Internet
The Internet celebrated its second 40th birthday on Thursday marking the date that the first word, “Lo”, was sent between 2 machines at UCLA on October 29, 1969. Get more of the story in Internet pops champagne on (second) 40th birthday. On an unrelated note, this happened 40 years after the 1929 stock market crash.
Hardware
Neil Mcallister at InfoWorld has an interesting article on the rise of the ARM processor as a competitor to the Intel’s Atom for mobile devices. Read on in ARM vs. Atom: The battle for the next digital frontier.
Computerworld has an article about the recent Intel release and recall of it’s SSD firmware update due to issues with data corruption. Intel pulls firmware for SSDs just a day after release has more details. Ars Technica also covered the story in Intel’s SSD firmware brings speed boost, mass death (again).
That’s all we have time for this week folks. Be sure to tune in again next week. Same bat time. Same bat channel.
October 21, 2009
A CRTC press release from the CRTC seems to indicate that they didn't understand the traffic management issue before them. While they separate retail and wholesale in name, they don't in policy. They did not separate the phone and cable companies which see the Internet as a competative threat to their legacy services from the ISPs who seek to offer Internet services.
October 17, 2009
The CBC article Marketers want anti-spam bill altered contains an interesting notes from the Liberal critic of consumers:
Liberal consumer affairs critic Dan McTeague told CBCNews he doesn't know what the position of his party is, but that he personally supports the Conservative bill, "warts and all."
October 16, 2009
Welcome to week 2 of Blogrotate. It was a short week due to Thanksgiving (Canada) and Columbus Day (US), but the world of IT is always buzzing. So as they say at the race track, pitter-patter, let’s get at ‘er.
Internet
Have you ever wondered how much trouble can be caused by a single typo? This week a single typo in a script to update all zone files for the .se (sweden) TLD (top level domain), dropping the entire .se domain off the internet for almost 2 hours. Royal Pingdom has the full story in “Sweden’s Internet broken by DNS mistake”. This is why we need tight controls on change management. It’s called testing guys. Sweden. Give me a call.
Facebook now has 30,000 servers and produces 25TB (that’s tera-byte kids) of log data per day. The Data Center Knowledge site has some interesting details in “Facebook now has 3000 Servers”.
Cloud
Lot’s of buzz this week about T-Mobile’s service disruption and subsequent loss of users data. Discussion over whether the problem was a cloud failure or not was one hot topic. Data Center Knowledge discussed it here in “The Sidekick Failure and Cloud Culpability”. Ars Technica had some more on the cloud debate with “T-Mobile and Microsoft/Danger data loss is bad for the cloud”. It looks like most or all users will have lost their data due to the lack of backups, see “Some Sidekick Users May Recover Data” for more. I am sure there will be more fallout from this one.
Enterprise Storage Forum has an interesting evaluation of the limitations of cloud computing for corporations, specifically due to bandwidth limitations and hardware error rates. See Henry Newman’s article titled “Why Cloud Storage Use Could Be Limited in Enterprises”.
Nate Anderson over at Ars Technica has an interesting read about fear mongers who say our beloved intertubes are going to die in “The Internet is about to die. Literally die!”.
Operating Systems
IT Wire claims “Microsoft teams up with Family Guy to sell Windows 7″. That’s just sad. If they are going to glorify Windows then I really can’t see how they can funny it up. I am guessing Seth will get to pan Microsoft just to spread word that Windows 7 is coming.
VMWare has announced that their new “VMware Fusion will support Windows 7 in more Mac-like way” says IT Wire. This “Unity” feature looks a lot like VirtualBox’s “seamless” mode. Check out the You Tube video “Unity in VMware Fusion for Mac OS X” to see it in action.
Jim Zemlin, the executive director of the Linux Foundation gave the keynote address at the Maemo Summit and said that he thinks Linux could be the dominant OS for mobile phones and devices. Ars Technica has more in “Will Linux be the dominant OS for consumer electronics?”.
And from the wicked cool idea department
An interesting study from McCormick University on using your PC’s existing hardware as a sort of sonar to detect when you are there. See “Research Group Uses Sonar for Computer Power Management”. They plan to use this as a method of detecting if you are close to your computer and to turn off your screen if you are not, then turn back on again when you return. The group is currently looking for guinea pigs testers to evaluate if there is any real world power savings. The link to the software is in the article. Hey, if my TV remote control can do it, why not a laptop?
That’s all we’ll have time for this week. Come back again next week for more Blogrotate and, as always, feel free to speak your mind or post your interesting stories in the comments.
March 26, 2009
Everyone’s probably seen one. You visit some website with a URL prefixed with “https” and you get a pop-up or warning of some kind in your browser, telling you that the certificate for the site is not signed by a known authority, and warning you not to continue. You continue anyway since, surprise surprise, you needed to go to that website for a reason.
Lately in more recent versions of Internet Exploder and Firefox, these warnings have become more obtrusive, and it’s on purpose. Browser vendors want you to have to work to get to a secure site with an invalid certificate, and it’s for more than one reason, good and bad.
- Websites running certificates not signed by a known authority can be put up by anyone, and the current site may not deserve your trust.
- DNS hijacking could direct your browser to a completely different website than you think you are visiting. The point of the host certificate is to ensure that you are talking to the people you think you are talking to.
- Valid certificates are big business, employing many people at Verisign, Thawte, etc. If just anyone can put up an SSL-enabled website then it undermines their business model.
I could care less about Verisign’s business model, I think that valid Certs are way too expensive so I run a self-signed one myself. Furthermore, I work on applications and infrastructure for a Linux distribution that has an SSL-enabled web interface for management. We want SSL to secure the user’s session key, and any privileged information being transmitted between the client and the server. But, we cannot afford to buy a valid certificate for each and every box. No way.
So, we compromise. We generate a self-signed cert and we provide a mechanism to install your own if you choose to buy one. Problem solved, right? Wrong.
We have teams here that don’t want customers to be scared off by the certificate warning when they first visit the interface. So, they just use unencrypted, insecure HTTP instead.
Yes, that’s right. They’re more afraid of the warning in the browser than the fact that the session is unencrypted, potentially over the Internet. So, what are the browser vendors accomplishing by making the warning more prominent? They’re encouraging application developers to stop using SSL.
Bravo.
October 30, 2008
The following is a reply I added on John Degen's blog to his article Industry News -- Google settles.
As always, there are multiple ways to look at the recent agreement.
You could think that Google settled (your idea), or that the publishing industry settled. It all depends on what you saw as the problem, and then what came out as a solution.
