Original URL: http://www.theregister.co.uk/2005/11/04/letters_0411/
PETA protests SCO's cruelty to vocabulary
And you spend time getting back to your rootkits
Letters Jumping straight in to the post bag, we can report that Sony's DRM rootkit  has not made any of you happy bunnies this week:
Hmm, so Daniel Cuthbert is convicted of a CMA offence for typing a URL containing "../../.." into his web browser, but Sony Music is entitled to install replacement operating system libraries on my windows machine without violating the "unauthorised modification" provisions of the same law? Surely Shome Mishtake?
I'm curious about this on two levels:
1.) If I run my PC as a non-administrative user does the DRM actually work? As I understand things, you can only install drivers and meddle with system registry settings in Windows if you have administrative rights. Running as a non-administrative user does generally provide a great deal of protection against everyday malware threats; I ensure all my non-techical staff run their PCs in that way for precisely that reason.
2.) If it does circumvent the above, are Sony potentially in breach of the computer misuse act; by running their software as non-adminstrative user, I am effectively declaring that I do not authorize software that I am running to make adminstrator level changes to the system!
Regards John Jameson
Would it be considered industrial espionage if I took one of these CDs and put it in a computer at work (legitimately, following corporate guidelines) and the rootkit or measures to remove it hosed the computer? It is nice to see Sony following in the footsteps of organized crime in order to turn a profit (unauthorized installation of software on others' computers). Soon, perhaps, they will lead the field. I wonder if their marketing department has a virus developers group.
After reading your informative articles about Sony's latest DRM strongarm tactics I was idly wondering if they were legally responsible for a PC which is rendered inoperable by their malicious code.
My personal feeling is that by installing cloaked files without the owners consent that they have crossed the line and could be sued.
I'm sure that trespass, malicious code and purposely putting a machine at risk is certainly up there with the spammers, Virus Writers and Malware producers and should be treated as such in court of law and I look forward to the anti virus people to come up with an antidote A.S.A.P.
It is after all why we buy virus protection........isn't it. The only thing that I will do now is make absolutely certain that when I come across a new CD from Sony, I will not buy it even if I want the music.
Rolling back the clocks a couple of weeks, you may remember we carried a story about internet banking security, which referred to forthcoming US legislation that will require US banks to have two-factor authentication . You had some interesting views on the subject:
I am a Brit who lived in The Netherlands for several years, during this time I opened up an ABN AMRO bank account (in 2001). The Internet Banking provided makes use of 2 pass authentication. I place my bank card into the device, and put in my pin. Then, the website gives me a 6 digit number which I enter into my little device, it responds with a 6 digit answer and by entering this answer into the web site form, I am allowed access to Internet Banking.
At first I thought it was a pain, for example if you leave the device at home whilst you're away on business or holiday then obviously you cannot use Internet Banking. Also they charged 15euro for the device which at the time I thought was a cheeky money-spinner for them. However, with the rise of phishing, key loggers and associated risks, I now see the true value of my little device!
Re: Two-factor Banking (Pass on to 'Letters' if appropriate)
Has anyone stopped to consider how many of these things we will end up carrying around? Take the SecurID offering for example; I have a fob on my keyring measuring 65x40x19mm. This is for a non-banking service. From my understanding of how it works, this fob can only be used with one service (i.e. company) - allowing another company to use the same fob would potentially enable someone at one company to 'be me' at the other company (given the other factors). So that'll be one fob per institution then.
I currently deal with 7 separate financial institutions. No way do I want to have 8 of these 'lying around', let alone have to carry them about.
I'd even pay for the damned token myself (even as a subscription!) - rather than a pesky ID card. And hopefully you'd only need one token for *everything*.
4-digit PIN + 6-digit securID number == "Try and crack that, bitch!"
It does surprise me that more banks in GB and the rest of EU do not use an authentication system which the Swedish NordBank uses in the PlusGiro (formerly Post Giro) system. You write about 2-factor banking. What am I now using - 4-factor?
Look at the inlogging at https://eplusgiro.plusgirot.se/eplusgiro_comp.html . This is an encrypted page for all the transaction. The USER ID is my company registration nr (which anyone might know) or a special number. Then the Inlogging code is a 4-siffer number returned by the bank and usable for 4 minutes. Then comes the certificate. It is produced in a little calculator that I have my chip/pincode card inserted into.
The Inlogging code + my card + the date and my payment pincode give me the CERTIFICAT which I type in to get at my account.
To authenticate payments it works about the same but the bank sends an 8-siffer code that I put into my calculator with the date and amount and password to authorize the payment.
This will work from any computer in the world (as long as I have the calculator with me) and I believe that it is very safe even from an internet cafe. The one time codes both from the bank and from me can not be used again. A very good system.
I read your article with interest, and would like to say that 2-factor is a nice to have. My South African bank provided me with an ActivCard unit at the minimal cost of $7 and it makes me feel more secure, BUT I also would never fall for a phishing email.
If some savvy cracker did cotton on to the idea of defrauding a consumer of said bank in real-time they could channel the victim via a phishing portal to the bank's website. These tokens change access codes every time you push a button, but there is a "validity window" and a margin of error if your unit has generated codes which have not been utilised (by pressing the on button).
What stops a phisher from taking the victim's valid input info, saving it and submitting an altered code to the bank, with the correct code being saved and utilised immediately by a bot/person? Sure, the user may notice an issue with their inability to login, but will keep getting login failures if he keeps using the phisher portal, meanwhile someone is cleaning his account out... However, my bank has an additional feature up its sleeve, because it will SMS me and email me on successful login to the site. It also informs me when anything is done to the account (recipient added, money transferred, etc). So, even clueless user would be aware that something "phishy" was going on.
In conclusion, 2-factor in itself is not the answer, however the sum of the above parts makes it a worthwhile alternative to password only solutions...
The above bank’s website: www.fnb.co.za
1) The folks who lived through WWII may have "trusted" banks, plural, but not any one bank. When my mother died, it took me two weeks to find and deal with all of the banks at which she had accounts.
2) Bank procedures are crap, completely aside from online banking. Again, dealing with my mother's estate, it sometimes astonished me how easy it was to close an account and move it elsewhere, based on typed documents and little else. And don't even get me started on the general screw-ups like "helpfully" assigning the same Taxpayer ID number to two accounts, of two different people, then "fixing" it by assigning the other TIN to both accounts.
I can do something about (1) and (3), and do, but there's nothing I can do about (2), they are all incompetent, as far as I can tell. That's why I still do (1). :-)
Sun's Zettabyte File System is not a figment of your imaginations  and will be shipping this month, says Sun. Hooray, said you, but...
It's great to see Sun are finally getting around to launching ZFS but it raises an important question for me.
When details were announced, I spoke to a friend who used to work as an admin on some large SGI systems. He told me that he's not impressed with ZFS since it doesn't appear to offer anything that SGIs own XFS already supports, and has supported for many years. Not only that, but SGI have ported XFS to Linux, mainly as part of their drive to gain support for their Altix/Prism IA64 based systems amongst the existing IRIX/MIPS customers. In one of Sun's regular web-chats, I questioned them about ZFS being inferior to XFS and they (I don't remember who it was who answered my question) skirted around the subject, as they often do when compared to old SGI hardware or software which can still outperform many new Sun developments. Don't get me wrong, I'm a huge Sun advocate, in fact I'm running Solaris10 at the moment on a Blade1000, but is ZFS really such a huge development or is it another case of overhype?
Another super-pupper file system. As if Wind0ze/Linux had created not enough of them - now Sun tries to join the fame: confuse customers even more deeply on what to do with theirs hard drives, especially after hard drive crash. But my real point follows. Why nobody - absolutely nobody - wants to develop writeable file system for portable devices and make it intl standard? Just what was done with ISO9660 (one for CDs) & UDF (one for DVDs) - but just writable one. People tired of FAT12/16/32 on their external hard drives and memory cards - but no industry body/participant tries to amend the situation. Everyone supports it - but nobody ever recommend to use it. FAT incorporates all possible errors ever made and even M$ itself discourage its use.
Please, please, somebody hear my voiceless scream...
SCO does stuff  in its court case, but you're all more interested in the language they've been using:
"The _numerosity_ and _substantiality_ of the disclosures reflects the pervasive extent and sustained degree as to which IBM disclosed methods, ..."
What is it with executivites (executives) at this point in the timifiication system (time). It's as though the expressification of the English language was not just an evolvorating process but needified a proactivated modification (gotcha there!) to generalate syntheticatious word variants that sort of meanify something but not quite. In England we have the Malapropism (as in Sheldon's Mrs Malaprop). I guess the US has Mr Bush (as in Bushism). Fortunately for us, Mrs Malaprop, being fictitious, was not in a position of power and didn't influencificatorify supposedly intelligentorated leaders of businessication.
Please can we have an ongoing 'Bushism Bingo' poll where readers can point out made up words from executive's and politician's quotes on your site and keep a tally for each dumb-ass personality. You could keep a graph or something. Once a year, you could award a 'BaBUSHka' (a gold statue of the venerable GWB) to the idiot who wins the poll.
Just an Idea
Something for the Strategy Boutique boys to mull over, perhaps...
Ignoring the rights and wrongs of SCO's allegations, anyone who starts a sentence with "The numerosity and substantiality of the disclosures" deserves to be fed to angry bears.
Now on to the less techie, more silly stuff. The advertising standards lot here in blighty fail to take offence  at a Mazda advert depicting a mannequin engaging in smartie smuggling. We're not so sure that this isn't offensive to women. I mean, the idea that something as everyday as a Mazda would have such an effect... really.
But we digress. You of course were far more amused by he number of complainants. We had a fair few that matched this first one. Thanks to all. You know who you are:
"The ASA received complaints from 404 viewers..." - who, presumably, cannot be found.
I'll get me coat...
Well, it's certainly demeaning to mannequins.
In any case, you all seem to have forgotten about the portrayal of a shop mannequin in the film (...erm...) "Mannequin", by Kim Cattrall of "Sex & the City" fame.
Now if anyone could get aroused by being driven around in the back of a car, it's her (or at least, Samantha).
Just wanted to add, that the mazda commercial is basically a cheap copy of an older tv commercial by Toyota , where you see a woman's chest dressed with a relatively tight sweater, see the seatbelt and hear the engine start. Seconds later her nipples start to stick out, fade to black and a claim like "The new Toyota Corolla - Now with air conditioning"
Sticking with our motoring theme, we have some thoughts from you on the revealing research that gay and lesbian car lovers are more likely to buy hybrid motors  than straight petrol heads:
Why might gays et al prefer flashier cars:
1) More disposable income: No rugrats to gnaw away at the lucre. 2) Need for more practical vehicles: You don't really want two yoghurt-tossing agents of entropy strapped in the back seat of the flash-mobile. You need more space for the nappies, piles of soccer gear, school runs etc.
Now I know that not all gay people are child-free and nor are all straight folk blessed with sprogs, but the above generalisations are the overwhelming majority that drive the stats.
Aaaah, now - it would be rude to ignore this story
I drive a new Range Rover and my hubby drives a new mini. He's much more discrete about his sexuality (despite, or perhaps because of his, being an upcoming artist. Ironic, then, that the mini blokes are entirely homo friendly. Neither making an issue of our relationship, nor apparently deliberately *not* making an issue.
I drove Porsches and the like in the UK, so I've no idea what its like there when you buy a Land Rover product, but here in the wilds of Africa (with our 5-star hotels, fine wine, etc), you are lavished with feel-good off road courses so you can go scratch your investment with carefree impunity.
When I did mine, I was the only Range Rover owner amongst a sea of butch, macho Real Men driving mostly Defenders (why?) a few Discoveries (if you must) and the painful Freelander. Unlike my man, I'm shameless in my orientation. It was delightful to see the confusion of the LR people - there I was in my top of their range car, but clearly, unworthy of their respect. Interestingly, the other car owners didnt seem to give a damn.
I revel in it.
You think a Mini out machos a Range Rover?
And finally, to the subject of fur, who should or shouldn't wear it, and the bizarre things people will do  to protect animals from having it nicked. Yes, the president of PETA auctioning herself on eBay. You have a few suggestions as to how she could fill her time assisting you. The Dalai Llama never had to deal with this kind of thing:
I was thinking of pimping her out to Ted Nuggent. Americas #1 hunting and fishing activist and the only person i know of who scares the people of PETA so bad that he can wear fur whenever he wants and the PETA people are afraid to throw paint on him like they do everyone else. of course that could also be cause Mr. Cat Scratch Fever has a concealed carry permit.
I have an idea for the pres of PETA.
The city council of Chicago, IL is currently in the midst of a fight to ban foie gras (you know, goose liver) in all its eating establishments...How about force feeding her with goose liver after you win the auction? I'd pay a dollar to see that.
She has one of those faces that you wouldn't tire of [needlessly?] testing new cosmetic products on.
What is about these evangelical vegan idiots that elicits the smash-brick-into-smug-face response. I could probably write a phd on it.
As much as I think PETA goes overboard on damn near everything, ya have to admit this woman has balls. Great big brass balls. I have to give respect to any person willing to go to that length to stand up for what they believe.
Even though your article is a jest, I would have thought that in this post 911 world, giving any column space/publicity to these fu*king terrorist supporting scum would be frowned upon. (esp if it boosts their little terrorist fund raiser on EBay.)
I'll get me (fur) coat.....
Our family owns a beef packing house/abattoir... we're SERIOUSLY considering sniping this auction and hiring the luuurvly Mizzz OldKirk to be our slaughter floor supervisor's assistant for the day. Not the nicest environment but just to see that would be worth spending 8 hours out there.
Interesting what the person that is "selling" the services has bought to get their eBay rating of 6... these items include... "Super Seal Three-Pin Connector" rather appropriate for the PETA president? Two boat trailer lights and a new dell... just what on earth is this person doing?
A good question to end on. That's all for this week, folks. Enjoy the weekend. ®