googling credit card numbers

Posted on by No Comments ↓

Interesting story about someone who happened to be happily googling about and ran across some lout’s hidden (albeit rather poorly) cache of stolen credit card numbers, along with other details:

I found more than that: login details to people’s web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. Nothing more complicated than that. (And no, don’t email me for the search details!)

For whatever reason, a hacker has broken into a number of sites and stored the resulting DB dumps into text files that Google came along and indexed, all because this guy’s site’s directories were set to display their contents when no default file is present.

To be honest I’m not all that surprised. The hacker in question probably had put the information on a location that may have only been partially commandeered, giving him or her a place to stash his loot but possibly not being able to block index listings. Anyway, goes to show once again that, no matter how safe anyone tells you their system is, there is always room for mistakes. The gentleman’s article, in that regard, provides some good advice to make sure that its not your credit card number that shows up on a google search.

Well, perpahs except for one:

So here’s the suggestion: search Google for your credit card number.

If I may be so bold as to disagree, I’d strongly discourage everyone from doing this. Not necessarily that someone at google will be salivating over the fact that you’ve just given up your credit card and will shortly be going to the nearest Fry’s to cash in (given their options, I imagine they could care less…), but rather because that same info will be going to google by way of any number of intermediaries in a completely unsecured, unencrypted form. Not that its a huge risk – the chance of someone who happens to be listening in to your particular transmission may well be low. Then again, it ain’t rocket science to set up a filter to pick out certain number patterns in internet traffic. I guess the only point is, why take the chance in the first place?

mozilla prism

Posted on by No Comments ↓

Prism is a very interesting little development that the Mozilla folks are working on. Don’t recall where I read about it – probably slashdot. The nub:

Prism is an application that lets users split web applications out of their browser and run them directly on their desktop.

With an illustration that neatly captures the reason for the name and functionality:

I haven’t yet tried it myself but find the concept of further blurring the distinction between the network or server and the local machine quite intriguing.

ebay and buyer’s remorse

Posted on by No Comments ↓

Ouch. The Times Online ran a story on how eBay isn’t all too happy with their multi-billion purchase.

Aaron Kessler, an analyst at Piper Jaffray, the US investment bank, said: “The problem for them has always been trying to get their 200 million users to pay for services. They haven’t really figured out a way to monetise their clients – they haven’t introduced new services such as search engines.”

To be honest I am a bit surprised. When the deal was first announced I had some difficulty understanding the reasons for the purchase, since it didn’t make much sense to me. But then again, if I could figure out such things I’d be a dot-com billionaire jetting around the world in my private jet, rather than a little tech lawyer with a little blog. So, naturally, I assumed the powers that be at eBay did have in mind a grand plan, either to monetize Skype in some really cool way that, perhaps, would also tie into their existing biz and result in some really very cool new business or killer feature, even if the Skype service itself didn’t generate the bucks. Sadly that doesn’t appear to be the case – or at least the case at present.

Perhaps what surprises me most, however, is that they’ve come out publicly to express their regret. I don’t recall many companies (particularly in the tech industry) that have done so. To be honest its also unclear to me why they would say so publicly – at least in the way they’ve done so. Can’t imagine it would really be a heck of a morale booster for the remaining folks at Skype. And surely there’s a way to make such popular technology spin off a little more cash. I remember thinking of a few things that I thought they would probably do (and how much I would expect to pay for them) but which never seemed to happen. For good reason, I imagine.

Anyway, I’m sure they’ll figure out something to do with it, being the resourceful Canadians they are…

ibm withdraws patent claim

Posted on by No Comments ↓

Interesting release from IBM on Bob Sutor’s Open Blog:

IBM has put into the public domain and withdrawn its application for patent number US2007/0162321 – Outsourcing of Services. This patent application covers analyzing work flows, skills, economic costs, etc.

Now, I’ve not reviewed the application at all, but a patent for outsourcing? My first thought echoed the first comment made on the entry, to wit:

Comment

October 4th, 2007 at 6:13 pm

Wow, I thought this was a joke. Apparently not.In gratitude I’ve decided not to patent Money for Old Rope.

Where did I put that patent application on using written documents to evidence legally binding agreements?

first us gpl lawsuit filed

Posted on by No Comments ↓

Surprising. I’ve read about cases going to court in Europe and naturally assumed, given the litigious environment of the US, that something had happened long ago stateside. So, I was a bit surprised to hear about the first GPL lawsuit down there.

For the first time in the U.S., a company and software vendor, Monsoon Multimedia, is being taken to court for a GPL violation. Previously, alleged GPL violations have all been settled by letters from the FSF (Free Software Foundation) or other open-source organizations, pointing out the violation. (Linux Watch)

Hmmm. Maybe not – recent news is that they’re now in settlement discussions. In any event, this gives me yet another excuse to rant, once again, about open source software, or for that matter, any third party code that companies out there may wish to use or build into their products.

As some of you may know, I personally quite like open source stuff. In fact, this blog is written using a giant truckload of the stuff, which works remarkably well for something developed by folks who aren’t paid (for the most part) to develop any of it. Open source can also be a great asset to many companies out there, whether in use or in development.

BUT (and surely you must be expecting a but by now), to the extent you are going to develop with open source code, public domain code or for that matter ANY third party code, you absolutely, positively, MUST keep track of it and make sure you use it both in compliance with the terms under which it is licensed and: (a) make sure the license terms are appropriate for the intended purpose; and (b) make sure you comply with the license terms.

Why is (a) important? To give a very simply illustration, if you plan on building a company whose primary asset and value is based on closed and (ostensibly) proprietary code, you should not be putting GPL code into your product, since one of the requirements of doing so would be an obligation to make your code publicly available on the same terms. This is probably a vast oversimplification of the terms of the GPL but I hope it illustrates the point. And if you don’t think this is likely to have an impact on your company, well, think again. Regardless of what you may think about (b) (which we’ll be getting to in a second), a potential acquiror of your company may feel quite differently about the risks of unintended use of open source code if, for example, it has been told your product is proprietary. And they definitely will find out about it. In fact, there are very, very effective tools to do so, like the one provided by Black Duck. And it is becoming a rather normal practice in acquisition due diligence to run code through Black Duck or something similar if there is the possibility of undisclosed open source.

Why is (b) important? Well, in addition to what’s described above, there is a real risk associated with contravening the GPL, the LPGL or other open source licenses. Just because its free does not mean that someone will not invest the time and effort to find out about contraventions of such licenses and make sure their terms are complied with, including the Software Freedom Law Center. In addition to institutions like those, there are also many, many folks out there keeping an eye out for possible breaches of GPL and reporting them to bodies like the SFLC.

All that being said, I should make it clear that I do think that open source software does have a place in profit-driven companies, as do open source development models. JBoss, MySQL, and Sleepycat are just a few in the latter category that have been quite successful. The key of course, is to make sure that how you use those tools works consistently both with your intended business model and with the terms under which apply to their use. Which will be a good topic for another day.

regrettable absence

Posted on by 1 Comment ↓

Apologies to all ten of my loyal readers for the absence. It has been a very, very busy summer and, unfortunately, when it comes to relative priorities, getting work done for clients, playing with my 2 year old, sleeping and then blogging take priority, in that particular order. I’ve also been surprised so far by some of the informal comments I’ve received (not on the blog but in person), most of which have been negative or have negative implications. I must say that has also played a bit of a role in my absence. So who knows, this little blog may not be around much longer. Still giving it some thought.

In any event, a brief quote from one of my colleagues that you may find amusing: “The practice of law is very much like a pie-eating contest where the prize for winning is more pie.”

web 2.0 & the law

Posted on by No Comments ↓

Another story from  The Register communicating a warning from the EFF about the inherent legal risks of Web 2.0 stuff. The nub:

The Electronic Frontier Foundation (EFF) has given Web 2.0 media sharing start-ups some non-technical advice: run your ideas past a lawyer first to stay on the right side of copyright law.

Can’t argue with that. Continuing on:

“One of the big mistakes I see in this space is failure to engage legal counsel soon enough. Often these involve business issues – like how do you want users and employees to interact on the site,” staff attorney Fred von Lohman said.

The choice of whether to offer buzzy features like mash-ups or to profit from other people’s content on the server may also have a bearing on a company’s legal exposure. “Techies will tell you it [server-side computing] is about efficiencies, the reality is lawyers will tell you to think hard about it,” von Lohman said.

While you might think executives running sites that suck in other people’s content have most at risk, von Lohman pointed out that investors are also in the firing line. He cited EMI and Universal’s decision to drag Bertelsmann through the US courts over its $100m investment in the old Napster, which they claimed helped the P2P site infringe on their works.

So there you have it. Straight from the EFF.

cigarettes save lives

Posted on by No Comments ↓

Well, not quite technology, not quite law. But in a tech publication so close enough. The Register reported on a story of a woman whose life was saved by cigarettes – or rather one cigarette:

Brenda Comer, of Rock Hill, had just finished washing the dishes at around 11am when she popped out for a gasper. At that moment, The Seattle Times dramatically recalls, “an 80-foot-tall oak tree, felled by winds gusting up to 40mph, crashed through the roof”.

Of course, that doesn’t quite make up for the hundreds of millions of other deaths caused by smoking. But at least its something positive.

a rose by any other name…

Posted on by No Comments ↓

or, a study on the idea/expression dichotomy in copyright law as illustrated through flatulent dolls. The interesting decision in JCW Investments v. Novelty, Inc. centers around how copyright can inhere in toy farting dolls:

Somewhat to our surprise, it turns out that there is a niche market for farting dolls, and it is quite lucrative. Tekky Toys, an Illinois corporation, designs and sells a whole line of them. Fred was just the beginning. Fred’s creators, Jamie Wirt and Geoff Bevington, began working on Fred in 1997, and had a finished doll in 1999. They applied for a copyright registration on Fred as a “plush toy with sound,” and received a certificate of copyright on February 5, 2001; later, they assigned the certificate to Tekky. In the meantime, Tekky sent out its first Fred dolls to distributors in 1999. By the time this case arose, in addition to Fred, Tekky’s line of farting plush toys had expanded to Pull My Finger® Frankie (Fred’s blonde, motorcycle-riding cousin), Santa, Freddy Jr., Count Fartula (purple, like the Count on Sesame Street), and Fat Bastard (character licensed from New Line Cinema’s“Austin Powers” movies), among others. By March 2004, Tekky had sold more than 400,000 farting dolls.

400,000! Anyway, on to the actual law part of it. Basically, another company, Novelty, came along and developed a similar doll and the court found them offside:

It is not the idea of a farting, crude man that is protected, but this particular embodiment of that concept. Novelty could have created another plush doll of a middle-aged farting man that would seem nothing like Fred. He could, for example, have a blond mullet and wear flannel, have a nose that is drawn on rather than protruding substantially from the rest of the head, be standing rather than ensconced in an arm-chair, and be wearing shorts rather than blue pants.

Well. Good to know that one can’t own the idea of a farting, crude man – only the particular expression of a farting, crude man.

There was of course also the trademark aspect to it:

The jury found Novelty liable for trademark infringement because Novelty used the words “Pull My Finger” to sell its farting Santa dolls, and this use infringed Novelty’s mark for those words as related to plush dolls.

There you have it. “Pull My Finger” is a trademark.

all in the genes

Posted on by No Comments ↓

Wired has a story about the passage in the US HR of the Genetic Information Nondiscrimination Act. The nub:

If legislation passed Wednesday by the House of Representatives becomes law, it will be illegal to deny a job or health insurance on the basis of a person’s genetic makeup.With more links drawn between genetic profiles and disease predispositions every day, supporters of the Genetic Information Nondiscrimination Act say the bill will ease patients’ worries of being singled out for faulty genes.

As genetic technology becomes more and more advanced and accessible, it will be interesting to see how things develop. For example, although this bill makes it illegal to deny someone employment based on genes, what happens if people start voluntarily disclosing their genetic results in order to make them stand out as a better candidate? If they do, the end result could be the same. And what then? Might the result not be the same? Would there be legislation then introduced to preclude positive, as well as negative discrimination?

It also makes for rather interesting ethical questions. For example, one argument that could be advanced is that genes simply reveal various characteristics of a person that may or may not make that person suitable for a job. For example, if genetic testing determines that an individual has a 90% chance of having a fatal stroke in the next year (and no, I have no idea whether or not that is an accurate example), should that person be hired as the pilot of a 747? Why would it not be reasonable to not hire that person on the basis of those results?

Of course, that very argument, if taken to its ultimate conclusion, also has the potential to lead to truly horrific (at least IMHO) dystopian societies.

Time to go watch Gattaca again.