Home 2007 Page 5

Yearly Archives: 2007

from the “another security headache” department

Posted on by No Comments ↓

Yes postings have been sparse lately – things getting busy so alas. Anyway, very short (but rather alarming) note from Wired about copiers. Though I knew most copiers now used digital technology of some sort, I had no idea they actually contained full-blown hard drives that store your copies. The exact reason why they need hard drives to copy documents, and why the data needs to remain on the drives, is a bit of a mystery to me, and something the article doesn’t go into. I’d had always just assumed that the image information was stored somewhere temporarily and disappeared when you finished copying. Apparently not. Anyway, here’s a brief excerpt:

most digital copiers manufactured in the past five years have disk drives – the same kind of data-storage mechanism found in computers – to reproduce documents. As a result, the seemingly innocuous machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned.

If the data on the copier’s disk aren’t protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.

I guess someone, somewhere, will be selling add-on kits for copiers relatively shortly…

canadian export controls now apply to quantum cryptography

Posted on by No Comments ↓

Well. Not like this is going to affect a huge number of companies in Canada, but one of my colleagues brought to my attention at an internal meeting the fact that the Canadian government has updated its export control list – i.e. the list of things that you can’t ship out of Canada without a permit. A brief release from the gov’t summarizes the additions, which now include quantum cryptography goods and technologies. D-Wave might want to be pay attention to this, though they’re not in the area of quantum cryptography per se. That being said, I’m a bit surprised that its only quantum cryptography that’s on the list. Given the potential impact that quantum computing technology may have on standard cryptographic protections (i.e. being able to render it more or less useless, assuming the predictions on its horsepower come to pass) I would have thought quantum computing would have also been added on in some form.

press neutrality and lawsuits

Posted on by No Comments ↓

Techcrunch (Mr. Arrington) has put up an article suggesting Digg sue Wired (that’s also the headline – “Digg Should Sue Wired”). Because Wired posted some negative reviews of Digg. And because Wired’s parent, Condé Nast, owns a competitor of Digg (reddit). The nub:

Digg can’t treat Wired like any other user that’s engaged in fraud. Wired is the press, and the press has tremendous power. Wired is putting Digg in an impossible situation, and they should be called on it. Reporting news is one thing (although they should note the conflict of interest there as well), but actively creating negative news about a competitor and then using the massive reach of Wired to promote that “news” is way over the line.

Very strog words indeed. I’m quite surprised by this comment, as I understand Mr. Arrington has legal training and in fact practiced as a lawyer for some time. Why surprised? Because, apart from the possibility that the reporter who wrote the second article to which he refers (who basically tried to see if Digg’s system of user rankings could be “gamed”) breached Digg’s terms of use (of course – because rightly so their terms would prohibit such gaming…), its really, really tough for me to see exactly what Digg should sue Wired for? What exactly is the cause of action? Surely he’s not accusing Digg of actually committing fraud, is he? It difficult for me to see how fraud has been committed – what exactly is fraudulent about the articles?

Sure, there is a conflict of interest situation here, the usual cure for which is full disclosure, but hardly the basis for a lawsuit. And if he thinks that Wired suffers from conflict of interest, well, I invite him to check out the ownership of most major media in the US and Canada, and see how many times they are taking a stab at competitors of other companies that their ultimate owners control. If this is as big a deal as Mr. Arrington suggests, the Chomsky’s Manufacturing Consent should be considered a field manual to endless lawsuits against not only Condé Nast but also CBS, NBC, ABC, CanWest Global, etc. etc. etc.

But perhaps I took the words too seriously – perhaps he was just using the words “sue” and “fraud” figuratively or to illustrate his point. Or perhaps, given the more litigious nature of the US, and the somewhat kindler, gentler, less punitive (as in damages) environment in Canada, there is actually a basis for Digg suing the heck out of Wired.

Bit of a tempest in a teapot, I think…

And of course in the interest of full disclosure, I am a subscriber to Wired, and also hope someday to see one tiny link from their site to this little blog.

canadians – as bad as the chinese (almost)

Posted on by No Comments ↓

Well, this story certainly has got a lot of coverage. I was quite surprised to read in Wired that quite of bit of IP is stolen in Canada. To wit:

But — surprise, surprise — IIPA also wants Canada added to the list of the most egregious violators. That’s right. Canada. According to the IIPA, Canada was responsible for $551 million in lost revenue in 2006, all of it in the business software sector (numbers from other industries were not available). That makes Canada the fourth-worst offender. See the chart here.

I was also at a very interesting speech that Graham Henderson of CRIA gave on the proliferation of counterfeit goods in Canada. Again, though I knew of some counterfeiting of goods going on here, I was a bit surprised at the numbers that were presented and also the types of counterfeiting – everything from extension cords to batteries to pharmaceuticals.

Of course that’s one side of it. And like everything else there are always two side to a story. Michael Geist is quoted in the story as asserting that the IIPA is out of touch with the rest of the world by criticizing countries who have less stringent measures in place than US legislation, which he asserts to be the world’s toughest.

Its interesting to compare this with the MPAA’s position on proposals in the use on fair use, which I mentioned a bit earlier. Perhaps best described like this:

Geist on IP infringement issues in Canada: “Problem? What problem?”

The MPAA on fair use issues in the US: “Problem? What problem?”

And so it goes. <sigh>

canadian hacker puts judge in prison

Posted on by No Comments ↓

Odd where you find stuff and don’t find stuff. Noticed this story in The Inquirer. The nub:

The case was all started when a Canadian hacker Brad Willman broke into the judge’s Irvine home computer and discovered sexually explicit images of young boys and a diary that revealed Kline’s fantasies involving young boys. A subsequent police search of the Judge’s court computer revealed more images and more dodgy Web sites.

Kline is the judge in question. In Orange County. Apart from the irony of the situation I thought it was somewhat interesting that it didn’t (apparently) see much coverage in Canada, notwithstanding the origins of the hacker in question.

Startup Financing Article

Posted on by No Comments ↓

Interesting  article in Venture Law Lines on what usually takes too much time in startup financing deals and what is usually not given adequate attention. I’d tend to agree, particularly on one:

1. Registration rights (Some VCs still require these in early stage companies, although mercifully this is a declining trend)

I can’t recall a single instance of anyone actually invoking a demand right (or for that matter any other right) under a registration rights agreement. That being said, its primarily a US oriented document so there may be some in the US I’m not aware of (if you know of one please do let me know in the comments).

That being said, if too much time is spent on reg rights, the question still remains as to whether it should be cut out altogether, or, given the very low probability it will be exercised, whether to avoid a long drawn out debate and sign it and move on. Needless to say, these two perspectives are usually the ones that result in the discussion taking longer than it should…


Fair Use and the DMCA

Posted on by No Comments ↓

An article in Wired News with the dramatic title of “Lawmakers Tout DMCA Killer” describes the most recent attempt to: (a) water down the protections afforded to content owners by the DMCA; (b) ensure the preservation of fair use rights on the part of users. As is usual, each side has its own rhetoric to describe what is happening, so in fairness I took the liberty of offering to readers of this blog the two alternative descriptions above. The nub:

The Boucher and Doolittle bill (.pdf), called the Fair Use Act of 2007, would free consumers to circumvent digital locks on media under six special circumstances.

Librarians would be allowed to bypass DRM technology to update or preserve their collections. Journalists, researchers and educators could do the same in pursuit of their work. Everyday consumers would get to “transmit work over a home or personal network” so long as movies, music and other personal media didn’t find their way on to the internet for distribution.

And then of course on the other side:

“The suggestion that fair use and technological innovation is endangered is ignoring reality,” said MPAA spokeswoman Gayle Osterberg. “This is addressing a problem that doesn’t exist.”

Osterberg pointed to a study the U.S. Copyright Office conducts every three years to determine whether fair use is being adversely affected. “The balance that Congress built into the DMCA is working.” The danger, Osterberg said, is in attempting to “enshrine exemptions” to copyright law.

To suggest that content owners have the right to be paid for their work is, for me, a  no-brainer. That being said, I wonder whether the DMCA and increasingly more complex and invasive DRM schemes will ultimately backfire – sure they protect the content, but they sure as heck are a pain in the ass – just my personal take on it. For example, I’d love to buy digital music, but having experienced the controls that iTunes imposes and suddenly having all my tracks disappear, I just don’t bother with it now. Not to mention the incredible hoops one needs to go through to display, say, Blu-ray on a computer – at least in its original, non-downgraded resolution – why bother with all of that at all?

I wonder whether this is, in a way, history repeating itself in a way. I am old enough to remember the early days of software protection – virtually every high-end game or application used fairly sophisticated techniques (like writing non-standard tracks on floppies in between standard tracks) in attempting to prevent piracy. Granted, these have never gone away altogether, particularly for super high end software that needs dongles and and the like, and of course recently there has been a resurgence in the levels of protection that have been layered on in Windows, but after the initial, almost universal lockdown of software long ago, there came a period where it seemed many (if not most) software developers just stopped using such measures.  At least that’s what seemed to happen. I’m not quite sure why, but I wonder if this same pattern will repeat with content rather than software. I suspect not. But hey, you never know.

In the meantime, off I go, reluctantly, in the cold, cold winter, to the nearest record shop to buy music the old fashioned way…


Shares and How Not to Give Them Away

Posted on by No Comments ↓

Interesting post by Rick Segal on how a financing deal died mid-stream due to paperwork. The nub:

Last week I watched, live, a promising young start up die because of pesky paperwork and a VC that felt the need to go the distance when it came to covering thy butt. It was ugly and it will be nothing shy of a miracle if the lawsuits don’t come flying.

A VC offers up a term sheet, does due diligence, and decides, yep, we’re in, let’s go to legals.  The terms are negotiated, everybody appears happy, capital is ready to transfer.

VC lawyers offer up the shareholders agreement as one of the documents that needs to get signed off by all the shareholders.  No problem. Well, almost no problem.

All told, 42 shareholders which owned 22% of the company.  42 people spread out over three countries.  42 signatures required.  And, as fate would have it 21 missing shareholders.  Moved, not returning phone calls, no emails, etc.

The VC refused to close without the signatures and, to make a long (painful) story short, the company died for lack of funding.

Ouch. Rick suggests setting up a voting trust agreement as one way to avoid running into this issue. That’s definitely a good idea. Another would be to avoid, as much as possible, handing out shares to folks. Many entrepreneurs seem to think of their stock as an easy or cheap way to pay people. That’s only true if your company turns out to be worthless. If it doesn’t, then you can rest assured it won’t be as cheap as you thought.

Think of this way – every time you give someone shares, you are also giving them a little stake in your company and some ability to decide what your company does. So think of shares like bits of your body – before you give away your pinkie, or foot, think about what you are getting in return, and whether its really worth it. And keep very close track of it – before you know it, you might be missing a leg.

And I know this sounds a bit self-serving (at least for my profession) but please, please, please spend just a few minutes talking to a lawyer before you  ever give away shares, options to buy shares, or even promise anyone that you’ll give them shares. It may save you a world of trouble later on, as Rick’s story quite clearly illustrates….


XBRL Is Cool

Posted on by No Comments ↓

Just a very short one during my “lunch”. Ever heard of XBRL? Its short for Extended Business Reporting Language – basically a kind of sort of extension of XML or, perhaps more precisely, a subset of SGML. I like to follow developments on it because I think the potential ways in which XBRL will impact a variety of industries (primarily the financial sector) is huge.

To give you an idea, here’s a (rather old) excerpt from a speech that the CIO of the SEC gave at the last XBRL International Conference last May:

I think the agency can be proud of its use of electronic filing and information distribution. But we can aim higher. Today, the vast majority of EDGAR documents are filed in ASCII text, and another large fraction in HTML. That’s fine for reading about a company’s strategy and general issues, but if you want to do financial analysis or compare accounting policies between companies, you then have to do a lot of printing, searching, data entry, text parsing, and other mechanical work. Or, you can go to a third-party data provider, who can provide you with a database of financial information — but the data provider will have made a number of assumptions to simplify and standardize the financial information, and it may no longer be consistent with how the company intended to present its financials. And you won’t get any of the valuable information from the footnotes.

Since you’re at this conference, I know you can all envision the attractive alternative posed by XBRL and interactive data, so I won’t belabor the point. The potential benefits are persuasive enough — greater transparency of financial information, reduced costs for investors and analysts, potentially even deeper coverage of midcap companies by analysts, and ultimately more efficient markets.

Let me paint what I think is an interesting scenario. Wall Street types have been talking for a couple of years about algorithmic trading — basically, using computers to process real-time streams of market data and making fast, automated trading decisions. Today, that market data is mostly about stock prices and volumes, since that’s what’s available in real time. But at some point in the not-distant future, I envision a hedge fund starting to algorithmically trade with XBRL-based balance sheet and P&L data in real-time as it’s disclosed by companies. At that point, we will all know that interactive data has won the day.

Imagine that. And that’s just the tip of the iceberg. The number of tools that one can create to digest, compile, report and analyze numbers is limited only by one’s imagination. I can also imagine the potential impact that this could have on data vendors who charge quite a bit to provide archived financial information – often in rather archaic forms.

Surprisingly, I’ve not heard of many companies or startups that are working on new products (particularly on the software front) either to help in generating XBRL, translating information into XBRL, or crunching XBRL reports (though admittedly, I haven’t been following it that closely).

Anyway, if you’re in this space, and you haven’t yet looked into XBRL, you should certainly consider doing so.

Vista Capable – Capable of Booting – And Not Much Else

Posted on by No Comments ↓

Just a small quick one. Story in Computerworld about how 4GB is the optimal amount of RAM to run Windows Vista. Sure. Fine. Fair enough. Goes on to critique vendors like Dell who have “Vista Capable” machines. And what as does that mean, you ask?

For instance, Dell offers a Windows Vista Capable configuration that isn’t capable of much, according to what Dell says about it on its Web site: “Great for … Booting the Operating System, without running applications or games.”

I thought surely they must be leaving a bit out right? Nope. Not the case. That’s it. That’s all. Scroll down and see for yourself on the Dell site.

So, if you plan on buying a “Vista Capable” machine, enjoy, um, booting up your machine and, well, I guess, admiring the boot process as it boots.