personal

… by car. Falun is a quite small city in the Swedish landscape Dalarna.

Using my new 3G/HSDPA USB stick and it works great. I’m in the middle of nowhere and I got a high strength signal. Makes me think of how much wireless technology has evolved during the last 5 years and how widely accessible it is.

In other news, participated in my first “Readers panel” over at The Local. The questions posed are mostly about the Swedish society and this month the question was “What do you think about the Swedish alcohol policy?”. As usual I was too serious about it and ended up sounding like a politician

In Sweden the FRA-law moves ahead without any of the amendments being implemented as these are scheduled to be included in October 2009. Not good, but really no news. This was announced at the same time that the amendments were presented so I don’t really feel surprised. Same fascistic law anyhow, with or without the pink bow.

PS. For those new to this blog, posts that starts with “Q.P.” are “QuickPosts”. This means that I’m most often on the move while writing them and they won’t have any nice, illustrative, images like most of my other posts. .DS

Photo: labanex on Flickr.

Apparently the suggested surveillance and “corporate police” laws weren’t enough for Sony.

From TheLocal.se:

“Sony Pictures in Sweden has employed methods worthy of James Bond in an attempt to protect against the pirating of Quantum of Solace.

The film company is using special night vision goggles to keep an eye on moviegoers attending showings of the latest Bond film at 149 cinemas around Sweden, reports entertainment news agency TT-Spektra.”

Oh - my - god. That’s the words that best describes my immediate reaction.

If I were to be informed that someone would be lokoing at me with night vision goggles while I was enjoying a movie I had paid good money to see, I would probably sue them. Possibly just file a complaint with the police as that easily qualifies as harrasment (or is it OK to look at Sony employees in the dark with night vision goggles?).

Sick.

More here, here, here and here.

My colleague Johan brought in a new UMPC to the office today. He’s helping the distributor (a friend of his) getting an Ubuntu based linux distribution working on it as a private project, so he has it for testing purposes.

The name of the unit is “Posh-Book” (view link in IE…) and I must say it’s a bit out there. Remember me bragging about being able to handle a pink sleeve for my A1, well, I’m not sure I could carry something described as “posh”. Hehe

In all other aspects it seems to be quite competent both in hardware and design. It ships with a 10″ screen, VIA C7®-M 1.6GHz Processor (NaNo), 1 GB memory and a 2.5″ 120GB SATA drive. One cool thing is that it’s operating system specification read “GNU Linux operating systems (MS Windows Compatible)”, that is GNU first and MS second

For me, the processor being a VIA is a plus as I love everything that’s not entirely standard. On the downside it has been described as a bit hungrier for power and therefor shortening battery life.

Even though it carries a 10″ screen it’s resolution is set to 1024×600, same as Aspire One (9″ screen) and others. It’s weight is estimated by the manufacturer to around 1.3kg, including a three cell li-on battery which is estimated to deliver 2.5 hours of power. No HSDPA/3G module is built-in, so if you’re in need of such solutions you’ll still have to carry your 3G-dongle.

Something I liked was the color of the keyboard that broke of cleanly from the white shell. They orange notations on the keys looked ok IRL as well.

The unit will ship in two different versions, and the number of available USB ports is one of the thing that differs. This is the P102 model I’m guessing as it only had 2 USB ports. See the full spec. for more info.

The keyboard worked quite OK and it passed the “I can write ‘Daniel’ without breaking any fingers”-test. Not a very scientific test, but it worked out OK for me in the past when selecting a netbook

And finally some pics comparing my A1 to the Posh:

New toys are fun to look at… Too bad I didn’t get to break it open, that would have made my day complete

Cheers,

Photo: shanewarne_60000 on Flickr.

An old friend of mine contacted me today asking if I liked DRM. My answer was “haha, not much Do you?”.

Apparently he had purchased the game “Far Cry 2” from Ubisoft which ships with the SecuROM rootkit, whoops, DRM-software. During installation from DVD his free AVG antivirus protection blocked something leaving a log that looks like this:

“Trojan horse Generic11.BIAK”;”C:\Users\[CENSORED]\AppData\Local\Temp\mtka_tmp\matroschka_launcher.exe”;”Deleted”;”2008-10-27, 20:24:46″;

Edited the above line to fit, view a screenshot here.

Remember that this is a game purchased in a store. With money. Hard earned, double-taxed, money. He however ignored the warning thinking that it probably didn’t matter too much and continued on with the installation.

When the game was fully installed he tried to run it and was met by an error sign saying that Daemon Tools was installed and that the game wouldn’t run as long as it was. Disabling the Daemon Tools services did not remedy this problem and he was forced to uninstall his legitimate image opening software.

Alright, now the game should run right? “No more hassle!” like the signs say in the Turkish tourist site Marmaris.

But no. The game still would not run and a generic warning sign is shown. The sign instructs him to download a fix from Ubisoft, and he follows all instructions to the point. No luck, the game still won’t run.

So he figures it’s time for some creative troubleshooting and visits TPB and downloads a crack for the game.

This solves all of his problems. Once again DRM software has failed to secure applications and once again has the legitimate users been punished for actually paying for the game.

The real reason to all of his problems was that the SecuROM application matroschka_launcher.exe (what kind of name is that anyways?) looks so weird that the generic trojan detection in AVG triggers a “false positive” (or possibly an intentional detection by AVG?).

This is however not an excuse for Ubisoft as there are threads on gaming forums all over the internet, even on their own user forum, about similar problems with the same application. SecuROM is a really badly built rootkit, whoops, DRM-tool and should not be used for any serious applications. I feel the same for all DRM crap though, so nothing special with this one.

For me it feels very strange that major game vendors such as Ubisoft (which makes a lot of kick-ass games) can fail this hard. Why not put the money spent on DRM into marketing instead, and generate a hype surrounding the launch.

To actually alienate users to the stage where they have to visit piracy sites just to get their purchased games to work.

This is the wrong way to do it people…

 
Just want to give everyone a pointer at this great WP plugin:
 
WordPress Automatic Upgrade
 
So far I’ve gone through three Wordpress upgrades with this plugin and it works great. It allows for easy backup of both files and databases and makes the transition between versions very seamless and smooth.
 
Credits to Keith Dsouza!
 

Photo: peasap on Flickr.

Apparently the swedish interpretion of IPRED1 has got the “Go ahead” from Lagrådet (those that check that everything is compatible with other legislation etc.).

Next step is that the Government gives the law to the parliament for voting. And if they vote yes, well, then we have the harshest IPRED1 implementation cemented in law here in Sweden.

So? One might ask. Well, the biggest problem is that we are giving private, commercially motivated organizations more power than our regular police. Second, we’ll be stepping into a world of hurt as all previous implementations have made those countries hellish.

In Denmark, for example, the citizens has been harassed and there has been one suicide because of the extortion attempts by these organizations. Seems harsh but I got the facts to back it up (sorry, just Swedish and Danish, try the translator.).

Anyways, I hope that our politicians see the absurd legislative situation as it is and do not grant anyone except our police the rights needed to fight real, commercially motived, piracy.

But as usual, we’ll see what happens…

The second day of Internetdagarna (22/10-08) was spent in the Security track as well, except for the last seminar where I switched to the society track.

The first seminar was “Pålitlig e-post / Anti-spam” which translates to “Reliable e-mail / Anti-spam”. The moderator for this seminar was Jörgen Eriksson from .SE.

First speaker out was Amar Andersson from TeliaSonera and he spoke about “Spam-protection that undermine their own goals”. I can honestly say that I did not follow this good enough as I was very tired this first seminar and I kind of regret it now. However, the main problem presented by him was the lack of coordination and standards in anti-spam prevention methods. He mentioned blacklisting in general and the DUL-blacklist in particular, hostname “naming” (reverse lookups which results in a name conatining either “static” or “dynamic”) and how to make sure your e-mails got delivered in this day and age where the requirements for delivery can vary quite much from server to server (correct HELO/EHLO messages, correct reverse lookups, SPF and other DNS related issues).

Next speaker up was Bengt Carlsson from Blekinge Tekniska Högskola that just announced a new project between .SE and BTH. The project name was “säker e-post hantering bland illsinnad programvara” which translates to “Secure e-mail management amongst bad software”.

After this Rickard Bondesson from Linköpings Universitet took the stage to present his research on DKIM, DKIM-milter and DNSSEC implementations. This was a quite long and very informative presentation which stepped through his research in a comprehensive way under the following bullets; Forged e-mail, Prevention of forged e-mail, DKIM, Reliability within DNS, Implementation, Tests, Statistics, Experiences.

After this there was a small moderated panel debate on the topic of Reliable e-mail.

The next seminar was “Parasitekonomin på Internet” which (roughly) translates to “The parasitic economy on the internet”. Stefan Görling from KTH moderated and had one presentation, and the other speakers were two representatives from Lavasoft (you know, the guys behind Ad-Aware) and Martin Boldt (IT-security researcher from BTH).

Görling started out by picking at affiliate systems and the easy of exploiting these services for profit and he worked out from a site that supposedly uses this format in a legit way. He did not go into the malware point-of-view very much but he touched the subject when talking about “mis-spelled domain names default pages” which contain only affiliate links.

The guys (they were two) from Lavasoft then held their presentation which more or less detailed the different types of spyware they had included during the year, and also gave a strange remark saying the TeliaSonera was gaining money from the malware circulating on the internet (as they’re an ISP, they supposedly make profit when having their bandwidth used… hrrm…). This little remark came back to bite them in the ass when a (quite upset) TeliaSonera security employee demanded that they would take that statement back during the Q & A at the end of the session.

Following this Martin Boldt from BTH that discussed reputation systems and automatic EULA analysis. He had researched these areas and they were at this moment involved in creating web browser plugins and applications to enable users to share their thoughts and score on specific applications (binary files). See their project website at www.softwareputation.com for more information. He also noted that this project is still in Alpha stage. The ideas they’re having kind of looks like Panda Security’s Collective Intelligence, except it is user generated not automatic.

When it came to EULA analyzing they’ve taken a harder route than SpywareGuide’s EULA analyzer and they used many different bayesian and similar algorithms in order to define if an EULA is “good” or “bad” with a high level of success. Ideas for the future was to make this automatically integrated into system so that any EULA boxes could be automatically read and scored.

After this there was a Q&A session and Lavasoft’s statements was quite heavily scrutinized both by the TeliaSonera employee and Netnod’s CEO Kurt-Erik Lindqvist (I think it was him but I only heard the voice, so don’t quote me on this). It seems like Lavasoft’s statement was just illustrating and that they based their assumptions on an US ISP that had misbehaved and in some ways had profited on bad software.

Here I switched room and joined the “Infrastructure and society”-line of seminars. The one I was interested in was “Integritet och övervakning” which translates to “Integrity and surveillance”.

This seminar was moderated by Johan Hallsenius (editor for Computer Sweden) and the debate panel was only populated by pro-Integrity people as none of the invited politicians and FRA-people had turned up even though they were invited. The panel members was Oscar Swartz (debater, writer and blogger), Patrik Fältström (Cisco), Fredrik von Essen (Swedish IT and Telecom Industries) and Daniel Westman (Juridicum, Stockholms University)

The focus of the debate was of course the FRA-law but also dangerous EU-directives and other laws that affect impede personal integrity. It was an interesting debate, but as “the other side” was missing no hard questions could be discussed. I talked briefly to Oscar Swartz before the seminar and he described it as a “non-debate”, as there was only one point of view from all participants (with small diversions). He wrote a post on “Internetdagarna” on his blog in which he breifly mentions this debate.

It was also to hear what Fredrik von Essen from the Swedish IT and Telecom Industries had to say on this issue.

Unfortunately I had to leave before the Q&A session that followed, so I’m looking forward to the sound recording that are to be released here.

Some pictures from this day:

Integrity debate:


Martin Boldt (from BTH):

… in the north of Sweden to hold some seminars. As I guessed in a previous post this week has been hard so far and it’s not going to get better. I’ve got a splitting headache that I think comes from not sleeping more than 4 hours a day for the past four days. I’m gonna have to straighten that up by going to bed early tonight.

Tomorrow I’m going to try and write a summary of the second “Internetdagarna ‘08″ day, but if there’s no time or energy I’m going to finish it during the weekend.

My Aspire One (8GB SSD/Linux) is still working fine, but my colleagues Windows variant has been in on guarantee service _two times_ since he bought it. What conclusions can you make from that?

To brighten up my steamingly angry frontpage, here’s some pics of my dogs:

…and only leaves me one day in the office (Monday).

First we have;

Tuesday and Wednesday I’m attending InternetDagarna (”The Internet Days”) in Stockholm. These will be packed with interesting seminars ranging between DNSSEC, youths on the internet to IT in the politics. It’ll be a very interesting two days and I promise to take a lot of photos. Probably going to do some posts from the event if wireless is available. From their site:

All in all the conference will feature close to 100 national and international speakers in more than 30 sessions, organized in five parallel tracks:

1. IP and networking
2. Security
3. Public Internet policy
4. Web / Mobile web
5. Domain names

The central theme for Internetdagarna 2008 is the transition to IP version 6. We dedicate a full day on the IP and networking track to various aspects of IPv6, from a basic tutorial to experiences from those who have taken the leap.

And then there’s…

…Thursday, when I’m going up to Luleå in the north of Sweden to have a seminar on evolving malware threats and how our solutions tackle these threats. I’ll do a post on this later on.

And on Friday I travel to Umeå (also in the north) to have the same seminar.

I’m going to be tired Friday night