Seth Excels Himself

Mostly this is a technical blog, but I feed a bit of marketing to the geeks now and then. I keep an eye on Seth Godin's blog, and this post caught my eye today. It ends with

The object isn’t to be perfect. The goal isn’t to hold back until you’ve created something beyond reproach. I believe the opposite is true. Our birthright is to fail and to fail often, but to fail in search of something bigger than we can imagine. To do anything else is to waste it all.

Amen to that. The person who never failed at anything never tried anything worthwhile.

Electronic Voting? Just Say "No"

Because Ka-Ping Yee was involved, and because I have a professional interest in information security, I have been keeping my eye on the California Secretary of State's investigation into electronic voting machines. I'm afraid the initial results are not at all promising for the future of American democracy. Here's the most telling quote from the source code review of the Sequoia system:

Of particular concern is that virtually every software mechanism related to counting votes is exposed, directly or indirectly, to compromise through tampering with equipment that is deployed in the field. In many cases, tampering sufficient to cause compromise requires only brief physical access and may leave behind little or no evidence.

This is hardly a surprise to those who have studied computer intrusion techniques, but clearly wasn't taken into account by the system's designers. The list of vulnerabilities makes me wonder whether the people who designed the system actually had any security training at all. Yet I just know, before I look for it, that the inevitable response of the vendors involved will be to try to minimize the impact of the security issues, just like Microsoft used to (they know better now).

As far as the voting public is concerned all of this might just as well not have happened, since they are neither educated nor encouraged to value their participation in democracy. As a result I fully expect that electronic voting systems of dubious security and with no paper audit trail will be even more widely deployed in the next election, with the result that victory will go to the least scrupulous, and no challeneg will be mounted by an apathetic populace.

The depressing thing is that the majority of voters (hey, aren't they supposed to decide who gets elected?) would rather leave the dirty business of politics to someone else. It's easier to keep their heads buried in the sand than engage with the endemic corruption of the democratic process. Perhaps you really do get the government you deserve.

Because I live in the USA I can't really claim to be disinterested, but for the record I am at present merely a disenfranchised immigrant. So I am asking all the citizens I know to take an interest in these issues and force the politicos and bureaucrats to implement a more rigorous and respectful approach to secure voting. There would be a real value to open source voting machines.

Misunderstandings

Here's a quote from an article about agile programming which is otherwise quite well-informed:

But because of their simplicity, languages such as Python and Ruby are better-suited to writing small applications.

This is the kind of myth that really needs to be squashed at the source. Unfortunately the source in this case is a journalist who has written an article and moved on with her misunderstanding of the issues and the facts completely untouched.

It's difficult to know how to attack this problem, because even the Python Software Foundation's advocacy coordinator were to contact the journalist in question and correct the mis-impression the damage is already done, and another opportunity to gain the wrong idea about dynamic languages is out there to be used as "evidence" by those looking to press the advantage of some other technique. It must have annoyed David Goodger (one of the Foundation's directors) to be quoted shortly after that misstatement.

In this particular case the author of the article did manage to get a lot right - technologies should come second to business needs, agile methods can save money by delivering business value faster and avoiding large amount of rework, and so on. So the content wasn't all bad, but the misunderstanding of Python's suitability for large projects spoiled it for me.

But then, I (and, I presume, most of thios blog's readers) already know that Python can be used successfully to build very large systems indeed.

Microsoft Strategy is Patently Ridiculous

A recent Fortune article, Microsoft claims software like Linux violates its patents, suggests that the Ballmer empire is about to start seeking royalties from users of open source software whihc, the company claims, violates 235 of their patents.

I don't think they have thought this through. The US Supreme Court has so far issued no ruling on whether software is even patentable, despite the Patent Office's ridiculous willingness to issue patents on techniques that fail even the simplest test of obviousness. When the most powerful software company in the world starts throwing its weight around to gain revenue from those patents it will force the issue somewhat.

The inevitable result will be a Supreme Court ruling that inevitably weakens, or even removes altogether, the protection that patents have been assumed to provide by those who have invested heavily in them. Microsoft senior VP Brad Smith claims, for example, that the Linux kernel violates 42 Microsoft patents.ourse the joke is that nobody has any idea how many patents Microsoft products violate because, unlike the open source projects Microsoft complains about, the code that comprises them isn't available for public scrutiny.

Give Me a Break, Microsoft

Well, it's going to be quite a long goodbye, but today I finally and irrevocably decided to stop buying Windows. As with most decisions of its kind this hasn't happened overnight. There have been the little annoyances, the bloat as more and more bits and pieces clamor for run time and screen real-estate, the ever-increasing startup time, but what's finally pushed me over the top is the Windows Genuine Advantage (or, as I like to think of it, the Make Microsoft Richer) program. I've been saying for over ten years now that Microsoft will become "the first IBM of the twenty-first century" and this program, coupled with the digital rights management (DRM) approach embodied in Windows Vista, has finally made me realize I am sick of this snake oil.

Windows Genuine Advantage has been bugging me for a while, sitting there as an uninstalled update. Eventually, as it was designed to, the continued notification on restart became annoying enough that I decided "what the hell, this Windows came from Dell, why don't I just install it and stop this annoyance". So I did. Right at the end there was a check box that said "when I click finish show me the benefits of Windows Advantage" or some such, and rather than uncheck it I thought I'd see if Microsoft could persuade me that this effort had in some trivial way been worthwhile. Unfortunately the justifications seem mostly to be bogus in the extreme.

First example: "A recent report from the market research firm IDC found that, if the global software piracy rate was lowered just 10 percentage points over the next 4 years, this would contribute a total of 2.4 million new jobs and $400 billion in economic growth to the global economy." This, accompanied by a link (that would have opened several popups had Firefox been dumb enough to let it) to the Business Software Alliance web site and an IDC white paper on "Expanding the Frontiers of Our Digital Future - Reducing Software Piracy to Accelerate Global IT Benefits". For some reason they go to great lengths to hide the URL of that white paper, and there appear to be a family of these documents, each tailored to their specific audiences, so the link I've included might not be "your" content if you come from somewhere where the prinicpal economic impact of IT has been to reduce the amount that can be spent on things like clean drinking water.

On page 4 we see, under the heading Who Wins and Why the point that "Governments benefit from $67 billion in new tax revenues for needed services that could [according to a unstated OECD cost estimates for government services] be used to provide:

• 33 million computers for schools

• 45 million people with health care

• 6.6 million people with college educations

• 11 million children with schooling

• 435 million people with job training, or

• 132 million families with services like day care, maternity, or home help services
  

The snag here, of course, is in that little word could, since the same revenues could also be used to prosecute America's war in Iraq for a further eight months. When I ask myself which is more likely I don't conclude that Republican crocodile tears about "big government" will suddenly cause a sea-change in US political behavior.

On page 8 the authors try to convince us that "Lower Software Piracy Produces Higher IT Benefits". This section is accompanied by a wonderful graphic which I reproduce here as a classic example of how correlation is frequently taken to be causality. And yet I can find nothing anywhere in the paper that suggests the graphic might not equally well be entitled "Economic Growth Starts with High Piracy Rates" or "Poor People Steal Software Rather Than Do Without". The one thing IDC's methodology did not do was to look at single countries' change in "IT tax benefits" as the piracy rate changed, which it seems to me would be the only convincing way to demonstrate the benefits of such a change.

But I digress. In their discussions of the Genuine Software Initiative, Microsoft explain that downloading illegally-obtained software increases the chances of infection by malware and identity theft. Clearly these are things we would all like to avoid (and for my part it's why I tend not to buy anything from dodgy characters down back streets). They go on to say "In addition ... installing and using counterfeit software can prevent customers from obtaining some updates and premium add-ons." In other words, Microsoft will punish you still further for acquiring illegal software by refusing to provide updates to non-genuine copies. This seems fair enough, and it seems to me is the real thrust of Microsoft's policies: they don't care about your possible malware and identity theft issues (otherwise they would make their own products more secure), they care about whether they receive the revenue or not. The rest is just hokum designed to make people fearful about software theft, masquerading as a concern for the consumer.

I have to admit that Microsoft's update also bugged me by creating an automatic reboot event. This might not normally have been too troublesome (I had deferred it several times, and can only presume that the window appeared and consumed a random newline to gain permission to restart the system) had it not occurred during the installation of software. Aarrgghh!

The thing that really makes me want to run away from Windows, however, is Vista and its draconian approach to product registration and DRM issues. On the latter topic it's as though Microsoft were already a fully-fledged member of the Hollywood hegemony (which might give us clues about its media ambitions: I am sure that Microsoft is clever enough to sense the diminishing returns from software production). This paper by Peter Gutman enumerates some of the many ways in which DRM paranoia has caused Microsoft to choose to degrade content presentation and disable functionality that many users will desire.

With all the brains that Microsoft has at its disposal (and despite my occasional scathing criticism of the company and its products Microsoft does employ many very clever people), the best approach they could come up with for securing content in the 64-bit Vista environment was an insistence that drivers be digitally signed and approved by Microsoft. Fortunately it took about a month for NV Labs in India to design a system that completely subverted these protections. It's clear that Microsoft, like Hollywood, just doesn't understand that copy protection schemes are a busted flush. But they still continue to wrong-headedly pursue them because they know the majority of consumers will accept the technology unmodified and not even realize that in many legislations (i.e. those not subject to provisions similar to those of the USA's stupid Digital Millennium Copyright Act) their legal rights to fair-use copying are infringed by such systems.

One quite amusing result of Windows' present-day incorporation of DRM features is that in five or ten years' time Microsoft will have the content producers by the nuts. I can't say I'm sorry about that one. Microsoft like to paint themselves as subject to Hollywood's whims, but they are actually very cleverly positioning themselves to control the distribution channel. This would allow Microsoft to say "if you don't like our deal, tough, because it's the only game in town". This would be true if they weren't so busy throwing the desktop away. People are going to be really pissed when they find that they can't play their HD content on Vista, or that they have to repurchase after a disk crash.

The only systems I have left using Windows are laptops, and it's becoming increasingly easy to buy a laptop without a Windows you never plan to use. Unfortunately this won't stop me having to deal with people who can only provide me with low-resolution content because they can only talk to me over what Microsoft regard as an insecure (by which they mean non-protectable) channel. Microsoft say:

Digital distribution offers consumers a convenient way to access their favorite content at any time, and with content protected with Windows Media DRM 10 they'll have even greater flexibility and choice. Today consumers can choose from a variety of content service providers, a multitude of devices, and a variety of "purchase and download" payment options and subscription models. Windows Media DRM 10 ensures that consumers will be able to enjoy even greater flexibility and choice by allowing them to acquire and/or transfer their subscription content to the devices of their choosing.

I say this is complete tosh. The benefits of DRM are for the content owners and content providers, and Windows DRM allows them to provide copy-protected content that they can disable simply by adding it to a Certificate Revocation List. The "greater flexibiity and choice" is specious: Microsoft assume that content providers would choose not to make their content available digitally without DRM schemes, but in fact there has been no effective demonstration of this assertion. But I am used to corporate America pretending that their profit plans are really for my benefit.

Gutman says at the start of his paper "The Vista Content Protection specification could very well constitute the longest suicide note in history". It certainly puts them in the running to become a shadow of their former selves. Notice, by the way, that while IBM is also a shadow of its former self it is still a significant organization.It just no longer has the 75% of the world computer market that it used to. When Microsoft looks back thirty years hence I hope it will realize that this obsession with DRM was what lost it the desktop dominance that fueled its growth into the largest software company in the world. I just hope they still sponsor PyCon.