From DRM to Driving lessons

Letters Mostly when people write to us, the letter is very obviously a reaction to a particular article we've run on the site. Sometimes, we get a letter like this first one up today. Although this article about Steve Ballmer's vastly amusing remarks about iPod users and DRM probably prompted the sending of this letter, we suspect the author has been nurturing these thoughts for some time:

Dear Reg,

I see, and soon will you, that the path to righteousness is laid by Microsoft. Angels hungrily paw at the heals of Ballmer and Gates, hoping to one day be as anointed. Mr and Mrs monopoly, you get to pick who is who; though I think we all know who plays the lady-friend, are out to rid the world of evil, and set themselves, the most pure, atop the software heap, to be the only distributors of "clean" software.

Gates & co are going to somehow force all music players to use a Microsoft liscensed DRM. Then they are going to set terms, and decide who gets to get in on their little party. It's going to be Windows all over again, and all will be right in the world.

Imagine now, an alternate reality where a plan of this magnitude backfired on Gates & co, where pudding-brained consumers took up arms and decided that they should not put up with any more rubbish, and all go out to buy iPods. This could happen b/c Gates & co are not going to let Apple in on their little DRM Party, and Fairplay is simply not fair enough to the pigopolists. So let's assume that the only players you can buy, with few exceptions are equipped with some big-brother style DRM that doesn't let you hit the WC w/o paying microsoft 1/8p.

People get angry cause they can rip CDs that they own, but can't play them cause they don't Have DRM, this scenario has been suggested by Gates & co supporters, and recording industry execs. So your music player is useless, cause it only plays DRM encoded songs, which can only be bought from Microsoft or a Microsoft afiliated Download service, you get angry, and you get an iPod b/c they thumb their noses at Gates, and they can still do whatever they want. (Ahh to live the carefree life of an industry innovater who dosn't have to follow a tryannical Lemming Demigod off the edge of a fjord, and need not grovel at the feet of a higher power.)

So iPods start flying off the shelves, along with iTunes being downloaded. So Microsoft panics and codes Horn-Envy (post longhorn windows seed) to cause iTunes not to function. People become enraged, and begin to cast their PC's in the channel on Ferry-rides to France...

Weird, huh. Boy that was some really great candy that i got from that homeless bloke down by the pub, i think I'll go back.

Clay Garland

We also ran the news that paper factories the world over are vulnerable to cyber attack. Well, at least one factory, somewhere in the US, might be. At issue, our correspondent writes, are the Programmable Logic Controllers that served as the electronic brains of each major piece of plant equipment.

Firstly, it seems we shouldn't use the phrase 'Electronic Brains':

It is not 1965 any more. Thank you.

John

Jargon-fashions aside, there are other questions out there:

The really important question here is why were the PLCs placed on an insecure open network in the first place? When they were upgrading the system from the old serial PLCs to the new Ethernet PLCs, why was new ethernet not run in the first place and only the monitoring computers connected into that network.

Glen

Very interesting read. Now that the hacker community was been thoroughly alerted to this golden opportunity, I have no doubt that things will start moving a lot more quickly. After all, it must be much more fun to know that you've just shut down an entire plant in RL then simply having annoyed a given web site in VR. Could this not be one instance in which it would have been better to shut one's mouth ?

Pascal.

"I don't think the hacker community has totally woken up to the opportunity, fortunately," Byres says. "I think we've got a bit of a jump on them."

There's very little mileage in the 'hacker community' actually messing around with embedded PLCs; mostly they're completely undocumented, and you'd need access to the PLC to see what it's actually doing most of the time, which is fairly boring switching of process controls. Ladder diagrams are usually on paper, and tend to use addressing from the mimic machines; more damage tends to come from the VB programmer that has a momentary brain fart than someone actually messing with things, although it does have interesting implications for water companies.

The other aspect is messing around with industrial plant would tend to have law enforcement coming down like a tonne of bricks on the head of the given 'hacker' for both endangerment and the nascent spectre of 'cyber attacks' on industrial infrastructure that the Homeland Security dept have been making brief allusions to whenever their funding cycle comes around.

The majority of blackhats are very happy at the moment collecting the money from botnets (victimless crime until yesterday) or spam dollars from using botnets (Still pretty much free to do, despite the tools being there to track the people actually doing it) or even just passing around software. While some think that South Korea's fevered admonishment that North Korea is training up teams of hackers is a credible threat, it remains that the tools for stopping these things from affecting industry in general already exist, such as airgapping controls rather than plugging them into a publically available ethernet.

Perhaps it's time to introduce the idea of 'stupidity liability' to this whole question rather than constantly bang on about security coming from the vendors.

James

Phishing, the practice of fraudulently obtaining a person's banking details, is by its very nature an irritating phenomenon. Even more irritatingly, you say, companies don't make it easy to report such attacks:

One annoying fact about Phishing attempts is that the companies spoofed do NOT make it easy to report such. 2 banks that I have attempted to send the phish emails to had no such email addresses to report them. For Ebay and Citibank, I had to search in order to find a place to forward the emails to, but those companies did in fact provide such an address. If companies are serious about cracking down on these scammers, they should make it easy for people like me to report the phish attempts, and use whatever tools they possess on their end to find and terminate the originating sites.

I get the impression that companies talking tough about cracking down on Phishers but not providing places to report them, are full of hot air and attempting to blow smoke up our asses. Phooey on them!

Kimberly

Phooey, indeed.

The Chinese authorities have not, historically, gotten much praise from El Reg, but this week we found ourselves compelled to commend their decision not to allow a chap to name his son @. Their stated reason was that it can't be translated into Mandarin. The reason we support their decision? Well, its a bloody silly idea, isn't it?

Hi Lester,

What sort of tw@ would give their son a name like th@?

Regards, Mike

Coincidentally, I received the following this morning - only in Texas. It's a pity that Dubya doesn't have a son she could marry for some double-barrelled hilarity. [See illustration, below - Ed]

Gary

Sceptical readers might like to note that Minge is indeed a name. See evidence here.

Enough of that. Let's move on...

Next up: your thoughts on the merits, relative or otherwise, of Push-to Talk mobile technology:

Not sure if you've heard this from any other US-based cellphone subscribers, but the one part of the story you're missing here about Push-to-Talk cellular is pop culture. Just as it's incredibly popular to text message people in the UK, so is PTT here. Over here in the US, text messaging has had a lukewarm reception at best, this may be the same way UK businesses and personal subscribers react to PTT.

Also, Nextel is generally a more expensive service provider than the other cellphone providers available, but to the non-business segment, this has seemed to create an air of exclusivity. It's much akin to the affect of riding down the street in a BMW, when you key up the phone and it makes it's trademark noise. This all sounds completely ridiculous, but when was pop culture not ridiculous Steve

PTT calls by mobile?

Gimme a break... A certain Mr G Marconi invented a PTT solution a little while ago, and it's become quite widespread in the meantime. Calls are free too.

KEITH Nairobi

A tax advisor's perspective on the 3G VAT issue:

Some smart bloke in a pub who knows all about tax and that said "Easy, peasy, the court decides that that it is VATable, so C&E send the telecoms operator invoices for an additional 17.5%. Cough it over, then you can attempt to reclaim as much as you like." He'd obviously had a half too much of shandy, though.

If the court decides that that it is VATable, the amount charged by the Government is deemed to have included VAT already. The Government may not have realised it was charging VAT, and it may not have put it on the invoice, but the VAT was there (it's great how tax can sneak around invisibly).

Hey, enough of my clients get billed by HMC&E for VAT on their sales that they didn't know was there (and their customers never get told they could reclaim it).

Of course this wouldn't be an issue if people actually spent a bit of time finding out what they were spending their £20 billion on *before* writing out the cheque. Or indeed finding out what they were selling. Apathetic bloody idiots, I've no sympathy at all.

Cheers,

Andrew

And finally, advice on what to do if your cruise control goes bananas:

Your cruise-control goes into "BANZAI" mode; What do you do?

1. Put car in neutral (easy enough in both a manual and an auto)

2. Head for a convenient spot off the road and stop (yes, your brakes will still work, yes the engine is screaming it's head off if the CC is still engaged)

3. Turn off the Ignition

4. Wait a few seconds (IT types will know that this is called a "Coldboot") then restart the engine. Drive off as per normal but bear in mind that you have a pixie in your Engine Management unit and it needs dealing with

5. When you get home, open your bonnet (hood), remove the engine management unit (big black box) take it inside and place in a large pan of boiling water for one hour. Then bake in the oven on gas mark 9 (250C, 480F) for one more hour. This is to kill the pixie

This process will make the roads a much safer place as only those who actually have brains will be driving. So, now all we have to do is get people to actually use their brains during normal everyday driving. <sigh>

A runaway Cruise-control is nothing new. GM & Ford have had problems with these for years.

George

So now you know. More on Friday. ®