It seems that SCO’s litigation engine has been running for ever ( 7 years now ) and they exist only to litigate. But it appears that a jury-led decision agreeing with Novell being the rightful copyright holders of Unix, has finally put paid to any serious action by SCO. Perhaps we can all get on with our business now …
Last week, a story broke in the US concerning invasion of privacy and has become a huge talking point globally. The Lower Merion School District provided Apple Mac laptops to students ( no private machines were allowed ) and installed remote control software on these, allowing the school to remotely activate web-cams in an apparent attempt to curb theft.
Unfortunately it appears that these web-cams have been used for a little more than that, as students with perfectly legal laptops indicated that their web-cams seemed to operate at times when not expected ( check many of the comments in this link ).
One of the students, Blake Robbins, and his parents, have filed a civil rights lawsuit against the school district accusing the school of turning on the web-cam in his computer while it was inside their Penn Valley home, which they allege violated wire-tap laws and his right to privacy. The suit, which seeks class-action status, alleges that Harriton vice principal Lindy Matsko on Nov. 11 cited a laptop photo in telling Blake that the school thought he was engaging in improper behaviour. He and his family have told reporters that an official mistook a piece of candy for a pill and thought he was selling drugs.
Of course the school district is claiming innocence … But things have got a lot more murky with some detailed investigation by Stryde Hax, a security consultant. Some of his findings:
- Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large on-line web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon.
- In a promotional web-cast, Mike Perbix identifies himself as a high school network tech, and then speaks at length about using the track-and-monitor features of LanRev to take remote pictures through a high school laptop web-cam. A note of particular pride is evident in his voice when he talks about finding a way outside of LANRev to enable “curtain mode”, a special remote administration mode that makes remote control of a laptop invisible to the victim.
- Perbix discusses methods for remotely resetting the firmware lockout used to prevent jail-breaking of student laptops. A jailbreak would have allowed students to monitor their own web-cam to determine if administrators were truly taking pictures or if, as the school administration claimed, the blinking web-cams were just “a glitch.”
- In a September 2009 post that may come to haunt this investigation, Perbix posted a scripting method for remote enable/disable of the iSight camera in the laptops. This post makes a lot more sense when Perbix puts it in context on an admin newsgroup, in a post which makes it clear that his script allows for the camera to appear shut down to user applications such as Photo Booth but still function via remote administration
There’s even more information coming from the students themselves:
- Possession of a monitored Macbook was required for classes
- Possession of an unmonitored personal computer was forbidden and would be confiscated
- Disabling the camera was impossible
- Jail-breaking a school laptop in order to secure it or monitor it against intrusion was an offence which merited expulsion
So there are a few questions to ask here:
- was the school district aware of the potential for misuse of this system and the abilities?
- did the school district know about Perbix’s delusions of grandeur?
- if not, how could they be so stupid as to not inform of the students of this monitoring system?
No matter the outcome, this appears to be a simple case of invasion of privacy. Under no circumstances should anyone be allowed to remote view a machine without the user’s consent no matter whether that equipment is the user’s or not.
Perhaps it’s a matter of bravery on the school district’s part as anti-terrorist laws in the USA have increasingly encroached on citizens’ personal freedoms and civil liberties. If the government can do it, why shouldn’t we?
The Australian government have gone public with their China-style Internet filter which includes the following measures:
- mandatory ISP-level filtering of Refused-Classification-rated content
- a grants program to encourage introduction of optional filtering by ISPs, to block additional content requested by households
- an expansion of an existing cyber-security program run by the government to improve education and awareness of on-line safety
Apparently this is all in the quest for protecting families and children – while in itself a worthy cause, this particular implementation is broken in a number of ways:
- there are already suitable applications for parents to employ for content filtering as well many on-line search engines have filtering of results as an option ( and even standard in certain cases )
- this won’t stop people from accessing blocked content ( read VPNs and proxies amongst other methods )
- this program could mislead parents into a false sense of security that this is all they would need
- who is going to manage the massive changes required on a daily basis to keep the filter up-to-date
All in all I think this is a misguided attempt at control of comms by an increasingly socialist-orientated government. Others like the UK and USA are showing similar trends and this is surely not healthy for the constitution-enshrined privacy and freedom that these governments would normally provide their people.
It seems that the Microsoft-dominated SC34/WG4 committee responsible for maintaining the ISO/IEC 29500 standard ( Microsoft’s submitted document format standard ) is now making changes outside the scope of the mandated rules, in a possible attempt at bringing the standard more in line with MS Office 2007.
There is a clear delineation in the rules between making changes to fix an issue and making changes that are additive to the standard. And the WG4 committee are making clear additive changes that are likely to cause incompatibilities with vendors who might have ( there weren’t actually any ) written according to the original standard. Instead of Microsoft changing MS Office 2007 to be in-line with the standard, it seems that the standard is being changed to be in-line with MS Office 2007 – scary!!! And the fact that MS Office contains far more patent-encumbered and non-implemented features than the standard itself should be worrying to all.
Another area of concern is the i4i patent suit against Microsoft; it’s likely that the 29500 standard will need to be completely withdrawn as it quite possibly is in contravention of the patent. What’s that I hear you say? I told you so? Yes you did …
And perhaps we should be worried about the current defect report which runs to over 800 pages – longer than the entire ODF 1.0 standard!
I get the feeling though that ISO and the WG4 committee are not worrying overly about this. And that should be a warning to all – ISO appear to no longer be putting out impartial standards, and vendors are charting the course of standards nomination, acceptance and maintenance.
Internetnews.com mentioned on the 16th October that the bulk of the data had been recovered: “Microsoft today reports it recovered the majority of lost customer data for Sidekick owners amid a flurry of lawsuits filed yesterday over the recent server failure caused a service outage and data loss.” This is not quite the truth: no data has yet been recovered to users and it appears the problem may have been a failed firmware update to a storage subsystem which as a result caused database corruption. And so the saga drags on almost 2 weeks after Sidekick users were left without their information. Daniel Eran Dilger at RoughlyDrafted Magazine has written a biting piece on the saga – although he may be a bit hysterical about it all, the fact is that this problem happened under Microsoft’s watch and no amount of spin doctoring or news speak will allay the fact that Sidekick users don’t have their data.
Anyone worth their weight in IT gold knows to backup, to backup again, and back up again. When you’re finished there, go back up again. And for safety sake, just make another copy. Period!!! Systems fail, firmware updates fail, management requests that put your IT at risk fail, some gamma ray from the sun flips a bit. The point is that problems will happen – accept this and build IT systems that cater for them.
Finally it seems that they’ve had enough of poor old Darl at SCO. Took them long enough but they’ve filed some paperwork with the SEC in the USA indicating as much.
Microsoft has been recently sued by i4i ( a Canadian developer of sgml software ) for patent infringement, specifically on a custom XML feature in Word. The damages so far amount to $290m which is a considerable amount. That though is not the big problem for Microsoft: the suit includes an injunction against Microsoft selling Word after the date of 10 October 2009.
I’m no fan of the US Patent system ( or any patents on softfware or computer functions for that matter ) however I feel a slight pinch of pain for Microsoft – this is certainly a big deal. One might call it just deserts in response to Microsoft’s patent waving flag against Linux in the last year. And that slight pinch of pain is lessened by the fact that Microsoft apparently knew about i4i’s patent as early as 2001 but still went ahead …
Of course Microsoft is now asking for time ( up to 5 months ) to create a workaround and at the same time keep on selling Word. However, both i4i and an independent patent lawyer have indicated that the offending code should be easily worked around with a patch.
Finally Microsoft indicated: “Even if the injunction will not affect Microsoft’s existing Office customers, consumers and businesses who require new copies of Office and Word would be stranded without an alternative set of software.” Huh? What about the 20 or so alternate office suites on the market including OpenOffice, MS Office’s most interesting rival.
UPDATE: here from Andy at the Standards Blog
I’ve been a keen follower of Pamela Jones’ editorial on the SCO-IBM case for a number of years now, mainly because of the importance of the topic but also because of Pamela’s straightforward and factual journalism style. Whether or not this is her real persona has never been an issue with me because her facts speak for themselves. I think the rest of the Groklaw community as well as the media at large would agree with me. Certainly a lot of the facts unearthed at Groklaw have assisted both the public at large, and the legal community I dare say, understand what was really going on with SCO in their attempt at coercing IBM into paying up for misappropriation of rights to code that SCO didn’t even own.
This draws a parallel to a particular nasty journalism issue that has reared its ugly head, partly as an indirect result of the SCO case itself. Unauthorized use of bloggers’ and journalists’ published work without notification, compensation or … ( Could this be termed plagiarism? Not really, as there a publisher’s work is indicated as being from someone else. )
The story starts with Maureen O Gara’s column LinuxGram for LinuxWorld Magazine where she went about trying to expose the true identity of Pamela Jones and then draw some link between her and IBM which would be regarded as unethical and cast doubt on IBM’s stance with regards to the SCO lawsuit. Notwithstanding the fact that nothing of great importance was unearthed ( original article here ), MOG was adamant in her view that there was some sort of collusion between PJ and IBM. Besides SCO and MOG, no one else agreed, the article was deemed to have been in very poor taste and the publisher Sys-con removed the story. The removal however had more to do with the fact that Sys-con’s sites were experiencing a DDOS attack rather than a desire to distance themselves from MOG. You can gather from this interview with Sys-con’s CEO, Fuat Kircaali, that they didn’t think they were in the wrong. In fact Kircaali takes a fairly unapologetic stance in the interview which brings into serious question how the privacy of bloggers and journalists is viewed by publishers. Ultimately this led to the resignation of all LinuxWorld staff.
This in itself is not the crux of this article but rather a recent blog by Aral Balkan describing Sys-con’s unethical behaviour w.r.t. their publishing of authors’ articles without those authors’ permission. Sys-con, according to the blog, misappropriates authors’ identities in indicating they are a Sys-con Media authors and publishes articles by these authors without their permission. A number of other high profile IT presences appear to have been subsumed by Sys-con including Tim O Reilly and Matt Cutts from Google. There were even website domains in the form of author.ulitzer.com. These domains now redirect to the Ulitzer site ( seemingly a Sys-con Media offshoot; Kircaali is CEO of both ) which promotes itself as “BusinessWeek, TIME, Harvard Business Review, Scientific American, and Condé Nast Traveler will be replaced by Ulitzer.” Wow, that is pretentious and grandiose …
So I did some further digging and came up with some interesting articles from a variety of sources regarding Sys-con. Aral Balkan appears to not be the only one who has suffered at the hands of Sys-con. Boycottnovell have been complaining about Sys-con for some time. Brandon Harper indicates he has had issues with Sys-con in relation to the Coldfusion Developers Journal ( CFDJ ) published by Sys-con. Scott Rose, a writer for International Yacht Vacations and Charters ( another Sys-con magazine ), has had difficulties getting payment for submitted articles. Angsuman Chakraborty talks about forced podcast feeds when visiting the Sys-con websites. Keith Peters had more damning things to say about Sys-con’s unauthorised reproduction of content.
The list goes on and on and on …
I’m not making any predictions on this matter here and would rather let the reports of others guide you in your dealings with Sys-con and use of their media. The ease of publishing data on the Internet these days does make it very easy to plagiarise or reuse content without permission. And it’s a constant threat whenever an author/blogger decides to release a piece of information expounding their views on whatever subjects they are interested in. However, the Internet will always retain a view of itself and be available as proof should those who are aggrieved, need evidence of wrongdoing and a means to right the wrongs against themselves. The community stands by you too.
Update: Ted Neward writing in JavaWorld has just indicated his content has been purloined as well.
The government-led project to block all sites deemed as inappropriate to children has continued with a number of interesting developments in the last few weeks. First Wikileaks listed the blocked site list on their website ( and were then duly blocked themselves!!! ). Now a group have hacked the Aus Classification Board’s website.
For a little bit of history, the Aussie government spent $116 mill on internet filtering software which was easily circumvented by children. This after a study which said that ISP-level filtering was not feasible. The government then decided to spend another $89 mill on a blacklist ISP-level scheme developed by the Aus Communication and Media Authority.
The filtering scheme has continually been problematic with non-pornographic websites being listed including that of a dentist’s. Perhaps the Aus government should, instead of burying their heads in the sand, a. acknowledge that they are following China’s lead in censoring their citizens and freedoms and/or b. just cut the damn cables.
The Free Software Foundation has filed a law suit against Cisco for alleged breaches of copyright in, specifically, many Linksys products ( WRT-series comes to mind as having OSS software ). Apparently the 2 have been in discussions since 2003 but it appears that Cisco have gone into dormant mode as there are still apparently issues with copyright in their products. One has to wonder why Cisco would tarry as the FSF has been 100% successful in prosecuting OSS software copyright cases. But we also see the attempt by most to first string OSS developers along and then to capitulate when the FSF gets involved. Let’s see if Cisco will do the same or try to fight what is surely to be a losing battle as the GPL is now battle hardened in the legal sense.
A recent US federal appeals court ruling ( which overrules a previous lower court ruling ), has indicated that open source software now has the same protection under copyright law as other content. It’s quite interesting that the Business Software Alliance ( BSA ), which in the past has been the watchdog for such commercial software heavyweights as Microsoft and Oracle, might be called upon to protect open source products – any bets on whether they would?
The issue at hand here is that under the previous ruling, the remedies or compensation for a contract disagreement would be zero – or close to it – as Open Source software often has no cost. Under the later ruling, contract violations now carry the full weight of normal copyright infringements.