(no subject)

I believe that much of my behavior can be traced to an extensive set of rules that were taught to me when I was very little, and which I no longer remember consciously, but which bubble up to meet me from time to time.

One of them is "ALWAYS - sign your work.".

The real Google app

This was pointed out to me:

There are a few really big pieces missing from this analysis.

1) Orkut is a .NET application and the rest of their apps, as far as I know, run on customized linux. So, unless Orkut is entirely separate (which seems unlikely), either they've built a cross-platform cluster or they're running Orkut on mono or something like it. Either way, this is still more powerful than the article above would lead you to believe.

2) It sort of dances around what I'm going to say next, but fails to make the next conclusive leap. The Google cluster is supposedly based on the assumption that hardware is cheap and disposable - it routes around damage. But what if, from Google's perspective, hardware was not just effectively free and disposable, but >ACTUALLY FREE< and disposable? I suspect that they've built or are building what I've been talking about recently - a way to use the entire internet as distributed storage. Because of the Google toolbar and the ability to correlate activity to IP addresses, they've probably got a pretty good map of uptime for a large chunk of the internet (which is in itself, extremely valuable). Why should they pay for a data center cluster to run your Gmail (or whatever), when they could make you pay for it instead? To a system like this, disconnecting a machine from the internet or turning it off looks exactly like a failed disk. Sure, it happens more often, but you've got plenty of space to spread things around in for multiple layers of redundancy.

Some simple rules for email, web, phone, and life in general

  1. Do not use Microsoft products to browse random websites or read random emails. In a controlled environment, these products do have advantages. When used with untrusted content, they behave badly and will run code without your permission or knowledge. This includes all versions of Internet Explorer, Outlook, and Outlook Express. Instead, use products that are better about executing untrusted system code - Mozilla, Opera, Netscape, and the like.
  2. If you can, use a plaintext mailreader. HTML mail is fraught with all sorts of security problems.
  3. Do not open attachments unless you are expecting the specific attachment and you know what it is. Even then, this is risky. If you're not expecting that specific attachment, it's probably an email worm or something else bad. Even if you are expecting the attachment, rather than clicking on it directly to run it, you're much better off saving it to disk, opening the program you think it should be run with, and then opening it manually. This takes a bit more time, but think of the time you save by not having your data randomly deleted by malicious attachments.
  4. If you're going to give out any information - financial info, username / password, etc... - do not click on links that are emailed to you. Always type in URLs by hand (or use bookmarks that you saved from typing URLs in by hand).
  5. Do not ever give out any information to anyone who contacts you, no matter how inconspicious it seems. Find an alternate way to find out their contact information (or use contact information you already have, which has been verified), and call them back. For example, if you get a voicemail from your credit card company telling you to contact them about some suspected fraud, don't use the number they leave. Call the number on the back of your card instead.

More on Orkut

Here's a summary of what I see...

There are actually three issues:

1) Orkut claims irrevocable unlimited license rights to everything you post. Most people don't understand what that means. One example of this is that many of my friends have posted pictures that I've taken. This is probably not a problem, generally, but they've granted Orkut a license to use them without consulting me, and created a legal tangle should I have a problem with that, forcing me to have to perform a legal struggle with Orkut, because of their unwitting actions. I think this is rude behavior on the part of Orkut, but their prerogative to demand.

2) Orkut may share personal information with Google in an unrestricted way. Google is unwilling (so far) to discuss what use they may make of that information.

3) Google's privacy policy possibly has some holes in it with regards to data collected by way of means other than use of the website.

I >suspect< that Orkut is a way for Google to gather personal information about their clientele for marketing purposes, and to try to form a more solid relationship beyond "I just use Google for search because it's convenient". This is not terribly nefarious, but the kind of data that could be collected to do so has wide potential for abuse, and people should be aware that that's what's going on. Some may not care, but many people I know are signing up without reading or understanding the implications of the above three points.

Google's position of power is somewhat due to their stringent policy of not associating searches with personally identifiable data, not only about you, but about who you know and how you interact with them. They may be able to do this now (according to the tangle of policies they've created), and if they suddenly merge Orkut and Google, they will certainly be able to do this for everyone who's used the service up until that time. The construction of such a database in a piecemeal fashion might be called nefarious. I'm not sure. It would certainly be an unprecedented collection, and I suspect that it would be ripe for abuse, both by currently legal means that didn't foresee such a resource, and by malicious intruders.

I don't have any reason to believe that there's anything sinister going on other than what I've just described, but it seems to me that the construction of such a database with the loopholes above is reason enough for some concern, or at least some explanation.

I'm curious about what information Google is amassing, and I think everyone has a right to know how it will be used (or at least publicize that Google is unwilling to say).

Orkut Terms of Service

Many (, ) have already pointed out that the Orkut terms of service ( are overly broad and give Orkut an unlimited non-revocable license to anything uploaded to the service.

Jeremy Zawodny ( has pointed out that Orkut is likely a channel for Google to mine for personal information, but he overlooked the following privacy policy gap.

The Orkut privacy policy says that they can share personally identifiable information with Google. Neither the Google privacy policy nor the Orkut privacy policy seems to say anything about what Google can do with information about you that they get from Orkut. That seems to be completely unrestricted. Google's privacy policy only appears to covers information that Google itself collects on you. My email request to Google regarding their intended use of any information they may receive from Orkut has gone unanswered thus far (I will update this if I receive a response).

One possible application for this would be for Google itself to run a service allowing very highly personalized spamming or in-frame ads to your orkut account based on a combination of Google searches and personal profile data.

I think the framework is already in place for this.

This is pretty sophisticated, and it could be done in a way that's unobtrusive and not particularly nefarious.

However, simply the fact that they >can< correlate searches to identity is possibly a bad thing, even if they only make "benign" uses of it. If the data is there, it's waiting to be hacked, leaked, or abused. The fact that they've made no public mention of how or whether this information is to be used is worrying to me.

(no subject)

This company claims that wearing their multi-colored shirts, oh, I don't know, strengthens your aura or something.

Moreover, in an obvious stab at NY fashion, they claim that:

'Bio-electrography measurements seem to suggest that wearing black creates weakening and fragmenting of our electro-photonic bio-energy field. In view of the evidence collected by Dr. Chalko using bio-electrography, wearing and promoting black clothes seems to be an act against human Nature and well being.'

New version of Photoshop won't reproduce currency

I first noticed this on Slashdot:

It's since been confired by Adobe:

If you have the latest version of Photoshop, you can test it with this image.

This is an interesting thing.

Commercial software does sometimes offer serious advantages over the (F/f)ree counterparts. Photoshop is one example - there are things you can do to an image in Photoshop that you can't do in the alternatives. But now, if you want those features, you have to also accept the (probably inappropriate) restrictions that have been imposed by the creators of that software at the behest of a governing body to aid law enforcement.

This is huge!

Not only has Adobe bowed to the government and agreed to scan every image you load for currency infringement (using up cycles on your machine; and yes, the first thing I noticed about Photoshop CS was how slow it was compared to previous versions), but the technical measures are both overly broad, ineffective, and destructive, and they've been added silently.

Overly broad: This restriction removes fair use cases allowed by the law. Photoshop won't even let you open this image, even though doing so doesn't mean you're a counterfeiter. Reproducing currency is legal in certain circumstances, and those circumstances are clearly laid out in the law.

Ineffective: Counterfeiters don't necessarily need the advanced editing features in Photoshop; but Photo editors certainly do. This feature will cause people who want to counterfeit money to look elsewhere, but the legitimate customers are shit out of luck, and technically forbidden from performing legal actions that happen to fall under the umbrella of this restriction. And, because of the DMCA, consumers are also forbidden from bypassing this restriction, even for legitimate uses.

Destructive: It's also been pointed out in this Metafilter thread on the topic that it's theoretically possible to embed the pattern that Photoshop checks for into any image, and thereby prevent that image from being edited in Photoshop.

This is exactly the same situation as every case involving Digital Rights Management, and we're going to see a lot more of them. DRM is not your friend - by its very nature, it can't stop the criminals, and it does a lot to inconvenience and restrict legitimate users. Companies haven't listened to this argument yet, because they have no reason to believe that they'll lose customers by doing this.

Cory Doctorow put it most succinctly, talking about the upcoming Tivo DRM that "allows" you to copy Tivo video to your PC:

'Where does this bizarre idea -- that the dinosaur industry that's being displaced gets to dictate terms to the mammals who are succeeding it -- come from?

I'll tell you two things that are obvious to my entrepreneurial instincts:

1. There is no market demand for TiVo's DRM -- or anyone else's. No
TiVo customer got out of bed this morning and said, "Damn, I wish
there was a way I could do less with my videos."

2. If TiVo isn't giving customers the features they want, someone else
(like a commercial packager of mythtv, for example) will.

Not delivering the products your customers demand is not good business.'