Mon, 14 Jul 2008
Lawful Ransom
My almost five years old compactflash microdrive in my camera has finally died, so I have decided to buy a new CF card. To my great surprise, about 10 % of the total price is the "authors fee". Which is law-imposed tax (a ransom, in fact) for supposed loss on authors' fees caused by distributing copyrighted work using this CF card. WTF?
Does it mean that having paid this ransom I can now legally use this CF card to transfer copyrighted work, as I have already paid the authors' fee? Or is there a way of getting this money back, provided that the card will be solely used in my camera, i.e. to store and transfer my own author's work? According to the Czech law, these fees are collected by a mafiaa-like organization named OSA, which then distributes it to their members (after subtracting their operating expenses, of course).
But in order to become a member of OSA, there is a minimum amount of author's earnings per year, which is quite high. Well, I really don't need to have a share on the total ransom collected by OSA, I just want back the money I have paid to them myself when buying this CF card. How can I do this, my dear lazyweb? A related question: is this ransom collected even for CF cards in embedded systems (think medical computers and other systems, where is no way they can ever be used for tranfering random files)?
Thu, 03 Jul 2008
HTTP Referer
One of our customers subscribes to a library system, which has its users
"authenticated" by verifying the HTTP Referer: header.
So they have to register a single authenticated page, accessible by
their own users only, and we have to put a link to the library system
to that page. Leaving aside the stupidity of such an approach to the
authentication, I have found some interesting facts about the
Referer: header:
Firstly, we have found that going from that page, browsers never send
any Referer: header. When looking into it deeper, we have discovered that when you are on a page retrieved via https, the
browser does not send the Referer: header to the
pages with the http protocol.
So we have decided to write an intermediate redirector application,
accessed over http authenticated by a random string
as a CGI parameter. This application would than redirect user to the final
destination. That also did not work.
The problem was that when redirecting using HTTP 301 status code
(probably 302 as well), the client also does not send the Referer:
header.
The next try was redirect using <META HTTP-EQUIV="Refresh">
tag inside the generated HTML page. Also did not work.
Finally, I have tried to redirect the client using Javascript (rewriting
the window.location parameter in the onLoad
handler), and it worked. So non-Javascript users are out of luck,
but the majority is OK. Still, this system of "authentication" is stupid,
because faking the Referer: header is not hard.
Update - Fri, 04 Jul 2008: MSIE and Referer
Apparently MSIE does not send HTTP Referer: header also when
redirecting using window.location in Javascript. So for now
I have disabled automatic redirection for MSIE, and I am just displaying the
text "Use firefox or click to the above link manually.". In the meantime,
I have found a really comprehensive guide on browser type detection.
Wed, 02 Jul 2008
Owner Free Filesystem
It seems that somebody finally got the eight years old idea of Schizzors (which is essentially a one-time-pad) with respect to the absurdities of the copyright law into something useful in a real world: meet the owner free file system.
The interesting feature is that in theory, you don't need to have the whole 2*n bytes of "random" data stored for retrieving n bytes of the data you want - the "truly random" seed can be reused to some degree: for example, if I want to store the files A and B (for the sake of simplicity suppose they have the same length of n bytes), you have to generate another n bytes of truly random data (let's call it C), and then store three files: A xor C, B xor C, and (for example) A xor B xor C. From them, either A, B or C can be retrieved, while all three stored files are "truly random" data, i.e. provably by themselves bear no relations to the original data A or B.
What this brings is not (only) an easy way to commit a copyright violation, but it allows the storage subsystem (i.e. a P2P network) to plausible deny the responsibility for the actual data they store, because they are truly random and bear no relation to the possibly copyrighted material. For example - I would happily offer my free hard disk space and bandwidth to some distributed computing project or whatever, but the risk of somebody storing a copyrighted material on my file system and then police seizing my computer is too high. With OFF client and protocol, the situation might be different, as no possibly copyrighted data is actually stored.
Tue, 01 Jul 2008
E51
On the mobile devices front, I have decided to buy Nokia E51 phone and a n810 tablet PC. So far I have got only the phone, so this is my experience after using E51 for a week or so:
- It is fast. Having seen E50, the user interface is much more responsive.
- The UI is good and configurable. For example, having a separate "Delete" key can make some operations fast. Configurable buttons and icons are also nice.
- The web browser works even with javascript.
- I have not figured out how to display letters from foreign alphabets. Probably a full unicode font has to be installed, but I don't know how to do it. Some sites suggest putting it to
E:\System\Font\Ceurope.gdrand reboot the phone, but it did not work for me. - Gnokii supports only identifying the device, not the data and contacts transfer. OpenSync gives an error when trying to synchronize contacts. I hope they will fix it soon.
- Useful apps include cCam (a third-party camera capture program, which features no fake shutter sound), and Symbian Ogg Play (an audio player with Ogg/Vorbis and FLAC support).
- It has a SIP client, which is well interconnected with the Contacts list. I have been able to phone home over SIP over WiFi. On the other hand, I have tried to call the E51 over SIP: it started ringing, and when I picked up a phone, it has crashed - I had to remove and re-insert the battery. But having SIP is definitely a step in a right direction.
- The 2.5mm headphone jack is a disadvantage as my headphones have 3.5mm one.
- The battery life sucks. It has died after two days of usage. Maybe I am leaving WiFi on or something.
- Custom ringtones are nice, but they still have to be an MP3, not Ogg.
- The only Japanese dictionary for S60 is a commercial software.
I have decided to try what it means to have a supported commercial non-free OS, and asked the Nokia technical support about unicode fonts. Their reply was something like "we do not know, use a freeware sites if you want."