Chris @ Olstrom (.com)

There has been some controversy laterly over at Newzbin. Seems the MPAA is extending their witch hunt into Usenet. Through the debacle, many parellels have been drawn by community members between torrents and NZBs, which is inaccurate.

There is a fundamental difference between torrents and NZBs. Torrents need the tracker to connect the swarm, in order to know who has which pieces and who needs what (though there are decentralized models).

With NZBs, it’s pointing to files located elsewhere. Those files are available independent of Newzbin. You don’t NEED an NZB to get a binary. You can grab the headers from your newshost, and then grab the files that way. All an NZB does is save you the legwork by telling you that hey, these are the article IDs you want. Like somebody saying “hey, this is the ISBN of the book you’re looking for”. You can find the book without it, having the ISBN just makes it a bit easier.

Search engines should not be held accountable for the content they index. The distributors of that content should be. If a search engine can direct you to objectionable content, great. If you want it taken down, now you have a way of finding that it’s there.

Without Newzbin (or another indexing service), it’ll be a lot more work to remove copyright-violating content from Usenet. I’d think that it would be better to use it as the tool it is, locate the content you want removed, and send removal requests to the major newshosts. If I recall, Usenet servers support article cancellation (though under what conditions I don’t know), usually for spam removal.

Newzbin is not in the same boat as a torrent tracker (though both can be used for legitimate purposes). It is much closer to a traditional search engine, but rather than indexing the web (HTTP), it indexes usenet (NNTP). Different protocol, same function.

You can’t fairly disallow search, because some people are using it for illicit purposes. Should we shut down a web search because people are searching for information on illegal things (manufacturing of drugs, explosives, whatever)? Should image searches be banned because people could search for unlawful images?

Disallowing these sorts of things is a dangerous blow to freedom. In any system, the innocent should not be made to suffer for the actions of a few guilty individuals.

</rant>

There are those who hold the view that being self-taught is a disadvantage. As an individual of this sort, my views will be inherently biased. Please forgive me for this, and look past it. If you disagree (or agree) with my rationale, add a comment. I will respond to all comments.

The situation is such that there are advantages to both sides. It is my position that self-taught individuals are more specialized in their chosen areas of expertise, at the cost of versatility.

Consider if you will: the range of exercises most Computer Science students undertake. Many of these are tasks that illustrate a particular concept, and will likely never be (directly) applied to any future work.

Many self-educated individuals will not take the time to study areas outside those that interest them (and why would they?). At the same time, such individuals are not wasting the time they save by not learning otherwise dull concepts. These are replaced with things that capture our attention, and hold it.

There are those who hold the view that those trained through traditional channels (universities, formal training programs, etc) are being ’shaped by the system to be drones’. While I think this is a bit extreme, I agree somewhat, though I think the defining factor is motivation, rather than environment. It just happens that most of those outside of traditional training models (the self-taught) share a common motive: Passion. We thirst for knowledge, and it is this that drives us to expand our understanding of a subject. An individual who enrolls in a training program, or structured study of a field may share this desire, though it can safely be assumed that not all who take a course do it for the knowledge alone. Many undertake such training to secure positions in a related field.

I believe that one who learns something to become employable is setting themselves up to be a drone. The mindset required to know that ‘I spent four years studying to get this job’ puts the individual in a position to be directed. The goal was to get the job, and to fill a specific role.

The self-taught individual is more often driven by passion for their art. Where a classically-trained developer may complete a project to the specfication, the passionate developer is more likely to infuse their work with that extra spark that makes it truly exceptional.

Those trained in a traditional sense are often more versatile than the passionate programmer, and may be stronger in a wider range of tasks, the self-taught developer is often unparalleled in his expertise in a select few areas.

The question I would pose is this: If you required critical brain surgery, who would you rather have do it? The surgeon who is very good at a range of operations? Or a neurosugeon who excels at his chosen field, but only at his chosen field?

Written in response to:

• 
  Who Needs a Computer Science Degree When There’s Wikipedia?
• University versus self-taught

As noted by Lauren Weinstein, Rogers is modifying HTTP data sent to their users as illustrated here:

Note: This is not speculation. Rogers’ Vice President of Communications, Taanta Gupta has confirmed that they are experimenting with this technique ( via Wired ).

What this means is that they are embedding additional content in web pages served to their clients, without explicit permission. This is not something clients can opt into. As a privacy-aware netizen, I find this to be a blatant abuse of any Internet Service Provider’s power, for a number of reasons.

Security

When I connect to a site, my browser requests a page from the server hosting that site. I expect that the page I receive is the one that the server sent to me. What Rogers is doing breaks this implicit trust. As a user, I can no longer have faith in the authenticity of a page I view, because it may have been modified somewhere between the server that generated the page, and me.

Such action (when initiated by an individual) is considered malicious activity, and controversial at best. When a telecommunications carrier is responsible, it is also illegal.

Part II, Section 36 of the Telecommunications Act states:

[Content of messages]

36. Except where the Commission approves otherwise, a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public.

Privacy

The example above illustrates this capability being used to send targetted messages to clients regarding their accounts. Two important details can be determined from this: That Rogers is in fact actively monitoring data that passes through their network (so as to not inject arbitrary code into incompatible content types) and that they are linking these data sessions to individual client accounts. It is hardly a distant thought for them to be tracking the sites a client visits, and constructing a profile about that user from that data. Again, this is done without explicit consent from their users.

Potential Impact

Right now, this technology is being used to send ‘useful’ (but intrusive) messages to clients. In the future, it would not be unexpected for Rogers to add ‘relevant data’ to pages, or deliver contextual advertising (and they would likely make a killing from it). It is possible that this capability could be used to push software onto the PCs of their users. Though local security policies would likely prevent this, it would be simple enough to install a browser addon from the Internet Setup software that bypassed the usual security measures by considering such content to be ‘trusted’. In the case of users who opt not to use the setup software, such an addon could be installed by exploiting any one of the vulnerabilities in their given browser (most commonly Internet Explorer). A user would not even have to go to a specific site, as the needed data could be embedded in any page.

In a more sinister scenario, it is also possible that Rogers could modify the owner attribute on existing on-page advertisements, effectively stealing that ad revenue from the page owners. Since this would occur after the page was generated, but prior to it being served to the client’s browser, there would be no way for the site owner to notice this (since it is common for users to have ad-blocking software installed locally, many site owners expect a certain portion of viewers to not receive the advertisements), and no way for the client to determine it either.

Extending this a bit further, it is not difficult to envision an entity with these capabilities modifying other content on-page. Altering unfavourable commentary regarding themselves, censoring content, adding content to pages and generally discrediting the validity of the web.

Some of these examples seem unlikely, others not so much. Only time will tell, but if we do not voice our concerns, if we do not defend our rights to privacy, anonymity, and security, a bleak future is all the more probable.

Note: This page should be should be served to you via HTTPS, ensuring that such content-modification schemes are ineffective.

I’ll fix it later…

We’ve all done it, and its bad enough when you’re maintaining your own code… but if you are working with other developers (or if someone may one day be working with your code), the ‘dirty hack now, fix it later’ way of coding is simply not acceptable.

Source is meant to be read by human beings. Disregarding this truth is the first step on a dark path. Taking the time to do it right the first time pays off fast.

A lot of it isn’t even hard to do. Naming your variables clearly consumes mere seconds, and pays off immediately by reducing the amount of documentation you need to write. For example, naming an object scd1 rather than OverviewMenu creates the need for documentation that could have been avoided. If you append an item to scd1, someone looking at your code may need to figure out what scd1 actually does to understand that, while appending an item to OverviewMenu probably means you’re adding an item to the menu. The code documents itself.

Indenting your code properly is trivial to accomplish (and all but the most primitive editors make it very easy to do without thinking about it), and it simplifies understanding program flow.

Doing it the ‘easy’ way now, with the intent of fixing it later is almost always a recipe for trouble, and more often than not it creates more work for you very quickly. Now you have ugly code that needs to be fixed, and replacing it can take longer than it would have to write it well in the first place. Besides, why write something just to throw it out? Your time should be worth more than that.

If you happen to be writing web code, don’t create JavaScript functions or complex code inside event handlers, or apply inline styles your HTML. JavaScript has functions, and the style tag exists to be used. There are reasons for these things, part of which is making it easy to manage your code.

If it’s worth doing at all, it should be worth doing right. Please, don’t create more work than you need to for yourself, and other developers.

The topic of copy protection, and how much is too much was raised on Marc’s blog today.

Where is the line drawn, then? He asks about software phoning home, and the sorts of data that are appropriate to report, specifically inquiring about license keys, version reporting, and installation identifiers. Responding to each…

License Keys

A license key would be perfectly acceptable by my standards. It isn’t personally identifiable information that the content owner doesn’t already have. Any information a license key can provide was likely provided in order to get said key, right?

Software Version

A software version is non-intrusive as well, since the same information is reported by most updating systems, to ensure patches get distributed to those who need them, unless the updater just queries the current version number, and compares it locally against your installed version. (On a side note, I would be interested to know how prevalent these methods are.)

Unique Installation Identifiers

A unique installation ID, though… since that information serves to identify the user (or the installation), and isn’t directly provided to the content author, and serves minimal benefit (if any) to the end user… it just feels like data mining.

How to respond in the event of more active installs than issued keys?

Regarding a threshold for disabling license keys, that really depends on how the disabling occurs. If it’s automatic, then it is probably too aggressive to disable the keys for limited apparent piracy. Especially if your software is targeted at a corporate audience. Anything that slams the brakes on productivity is a good reason to start looking for another product.

Track the number of active installs for a given key, yes. Flag the key, absolutely. Disable it… manually?

Even better, locate the contact info for the offending keys, and send a friendly notification to them, offering the purchase of additional keys at a volume discount appropriate to the number of excess installations. This turns piracy into a potential sale.

The majority of this post (excepting the introduction and headings) was originally featured here as a comment on Marc’s Musings.