It seems some of the “freetard” community has decided that it’s unacceptable that Apple provides even a nod towards copy protection in its operating system. I’m referring, of course, to the PT_DENY_ATTACH flag that can be passed to ptrace() to prevent debugging tools from examining a process.

The fact is that without this type of measure in the operating system, it would be trivial to misuse debugging tools to circumvent copy protection measures in applications, and I don’t just mean iTunes. A lot of shareware and commercial software calls this function to prevent casual debugging of its registration and/or activation code. And that should be no surprise. Casual piracy over the Internet is a huge problem for software developers; it’s much worse than the old problem of people swapping floppy disks or letting their friends have copies of programs that they’ve bought… much worse, because people allow everyone to have copies, which fundamentally undermines the value of software. As a result, those of us who write software for a living have to do something to prevent that from happening.

The very idea that Adam Leventhal, Brendan Gregg et al. have some right to be offended at this feature just beggars belief. It is complete and unmitigated rubbish to suggest that this is about “preventing defects from coming to light” or that it is in some way a slight to Open Source software that Apple has done this (indeed, DTrace is released under the OpenSolaris License, which explicitly allows modifications; it doesn’t disallow modifications that the original developers don’t find politically correct).

It may be true that the current blocking of DTrace has some unintended consequences, in which case Leventhal should file a bug report with Apple, just the same way the rest of us do when we find things that are wrong or that we don’t like. But this business of grandstanding about it because of some anti-copyright ideology is just plain wrong, as is Landon Fuller’s intentional sabotage of PT_DENY_ATTACH, both in ptrace() and DTrace, which, in addition to being immoral¹, is probably illegal under DMCA/EUCD.

Update: Landon Fuller says that he’s pro-copyright and even pro-DRM, but in spite of that I get the impression that he still feels that it’s appropriate to publicly distribute a workaround for PT_DENY_ATTACH, in which case I stick by my assertions above.

Chris Lintott on why it’s just a rock.

The government here in the U.K. is planning to issue identity cards. This is a great idea, in principle, as if it is done properly it could end or at least significantly curtail identity theft. The problem is that if it’s done wrong, it will just be a pointless waste of time and money.

The BBC is currently running a story about how the ID card scheme is to be delayed, in which it says:

They have also come under fire from experts, including Professor John Salt, of University College, London, who has advised the government on migration trends. Asked by a House of Lords Committee on Tuesday if ID cards would help curb illegal immigration, Professor Salt said: “No, if they are capable of being forged - and that is probably likely to happen.”

I think it’s a little mischievous of the BBC to use that quote like that; Professor Salt is a Geography professor, and since preventing forgery of these identity cards is a technology issue, it seems reasonable to question his expertise in suggesting that it is “probably likely to happen”.

Certainly I see no reason why it should not be possible to prevent forgery using smart card technology. You would ideally want a tamper-proof mask over the chip to prevent probing, and you would need a well-designed cryptographic system as well as careful software design for the card. But if those elements are in place, it shouldn’t be possible to forge or even copy a card, since the card wouldn’t provide any data except to a central government-run system, and even then it wouldn’t be possible to intercept the information given proper use of modern cryptography.

I don’t think forgery is the primary threat. On the contrary, I think the primary threats come from the mechanisms for (a) issuing cards in the first place, and (b) replacing cards that are lost or stolen. The issuing mechanism is an obvious point of attack, since people can present false documents in order to obtain a legitimate ID card. The replacement mechanism, likewise, requires some sort of identity check, which could potentially be defeated (that’s true even for things like iris scans, by the way).

Personally I’m broadly in favour of an identity card, and I think it probably will reduce the problem of identity theft, provided it’s relatively difficult to falsely obtain legitimate cards from the authorities themselves. The big question is how the government plans to solve that problem.

It must be pretty humiliating for Gordon Brown to have had the first run on a British bank in more than a century, but even worse is the government’s subsequent failure to get a grip on the situation and the £25bn of taxpayer-backed loans that have subsequently been extended to the failing Northern Rock bank.

The government should have nationalised the Northern Rock when it became apparent that there was no way for it to continue in private ownership without substantial taxpayer support. The fact is that even under the proposed rescue scheme, we, the taxpayers of the United Kingdom, are still going to be heavily exposed to the Rock’s uncontrolled borrowing for the foreseeable future. Yet the taxpayer is not going to see one penny of the Rock’s profits (should it make any).

Of course, I can see why the government is reluctant to nationalise the bank. It will trigger legal action from shareholders (but, frankly, too bad… they should have kept their Directors under control, but instead they allowed them to borrow huge sums of money and as a result have created a problem of such a magnitude that it could now affect every man, woman and child in the land). But worse, it is likely to mean that as the housing market deflates, the government would be put in the unenviable position of having to repossess peoples’ homes. My guess is that it is that that is putting the Brown government off nationalisation, but that is no excuse for saddling us with all the risk and allowing private shareholders to run off with any profit derived from that risk.

UNEASYsilence published a story two days ago about connections to 2O7.net from Adobe CS3 applications.

It’s scaremongering of the worst sort. The connections to 2O7.net are happening because the splash panel fetches a Flash graphic from Adobe’s website when you start the app. It is used to fill the bottom right corner, like this:

Anyway, when you load that graphic, it connects to Omniture (who own the 2O7.net domain) who provide site access statistics and the like. Big hairy deal.

It simply isn’t, as UNEASYsilence were all too keen to suggest, some sort of devious invasion of privacy on Adobe’s part.

There should be a variant of Hanlon’s Razor to cover this kind of thing. Perhaps something like

Never attribute to privacy infringement that which can be adequately explained by on-line content delivery, statistics gathering or software update.

It’s not quite as succinct now though. We need something snappier (suggestions, anyone?)

Or maybe people should just stop crying wolf every time Little Snitch tells them that an application is accessing the network.

The BBC thinks that it’s newsworthy that Liberal Democrat leader Nick Clegg does not believe in God.

I think it’s much more interesting that the BBC decided to write an article about it. Most of the British population doesn’t believe in God these days, so it’s hardly worthy of a headline on the BBC News website when we find that one of our politicians doesn’t either. That just makes Mr. Clegg representative of the people, unlike Tony Blair and Gordon Brown who both hold religious beliefs.

As a result, while this kind of thing might be big news in the United States, it’s really the fact that Blair and Brown are religious that should have made headlines over here.

After a couple of previous stories about data loss, you’d have thought it would be the end of it, but sadly, it isn’t. This time it’s three million driving test candidates’ data, and while it c|net’s article says that the lost disk was “formatted specifically for Pearson systems”, the fact is that that is no protection whatsoever.

OK, so in this particular instance it wasn’t the Government that lost the data. But they did give it to someone who then didn’t take enough care with it, and after introducing legislation designed to protect the public from companies doing that exact same thing.

I’ve said it before and I’ll say it again. The fault here is that financial institutions and the Government are prepared to use facts about you as your canonical identity. This is wholly the wrong approach, because there is no authentication involved.

It should be possible for me to write all my personal details on a billboard sign in the middle of London and have no fear that someone will take credit in my name. And that means that we need a different means of establishing a canonical identity, one that includes authentication.

OK, so I found this little gem:

Yes, that’s right, someone is looking for a pirated copy of one of our products, in this case iPartition 3.

Only in this case, this someone is Mike Gibson. How do I know? Well, easy really; look at this Dave Matthews Band “fansite”, or on the gibsonweb.net wiki where it helpfully links to Mike’s blog. Yes, Mike is EmptyG and EmptyG is Mike; check out the ICQ and AIM addresses if you don’t believe me.¹

Software isn’t the only thing Mike is happy to pirate, either; there’s a copy of David Pogue’s book iPhone: The Missing Manual on Gibson’s iPhone page (there’s no link to it because you should buy it if you want a copy; what you shouldn’t do is download it from Mike Gibson’s website).

And just in case anyone doubts Mike Gibson’s pirate credentials, he’s probably also got himself an illegal copy of VMWare Fusion² (if the site I found the original post on is to be believed, where he was thanking someone for posting a link to a copy on a file-sharing site). And he recommends two other Mac-specific piracy forums, again on the same site. I’m not going to be specific about those because I don’t care to advertise them. Finally, you’ll note from the above that Mike has made 3,608 posts on the piracy board I took that screenshot from.

So if you’re wondering what a software pirate looks like, here he is, with girlfriend Dana (who I’m sure had nothing to do with any of this). If you live near Encinitas, CA, near San Diego, you might even see Mike on the street.

And Mike, if you’re reading this and wishing you had been more discreet³, you’ve missed the point entirely. You shouldn’t be trying to get hold of illegal copies of other peoples’ hard work in the first place. If you want a copy of iPartition 3, you can buy one like everyone else.

As it is, I’d say you’re hoist by your own petard. You should be ashamed.

Well it looks like I was right about the whole MacHeist/MacZot thing, according to a post from Steve Harris of Reinvented Software (via Daring Fireball).

Yes, Steve made a bit of money by selling through MacZot. Not much though, and his figures pretty much blow the you’ll-make-money-from-upgrades argument out of the water.

And following on from John Gruber’s original guesses as to the amount of money made by the organisers of MacHeist, Wikipedia notes that MacHeist I raised $200,000 for charities and took $800,000 in total. Using similar working to Gruber’s original calculations, we find that¹:

So MacHeist’s organisers could have pocketed as much as half a million U.S. dollars, some 86% of the profit after the charitable donation and expenses, as compared with a total of 14% for the developers, or an average of just 1% per developer, and more than twice as much as was paid to charity. That, frankly, is nothing short of scandalous, and I’m sure that the people who bought from MacHeist would expect most of their money either to go to the developers or to charity, whereas in fact the overwhelming majority has presumably ended up lining the pockets of MacHeist’s organisers.

So while I feel somewhat smug to learn that I was right about MacHeist and MacZot all along (as, I’m sure do John Gruber [and again], Paul Kafasis, and Gus Mueller to name but a few), I feel sorry for the developers, charities, and customers who I think were ripped off.

On occasion, when people illegally distribute our software, we end up having to revoke their licenses. I’m sure they feel that this is some sort of “revenge” measure, but it really isn’t about that; we do it for two main reasons:

• To stop others from activating copies of the files they distributed.
• To stop them from distributing future versions and updates.

As a result of one recent incident, we’ve been seeing a lot of attempts to activate illegal copies of iPartition 3. So many, in fact, that I’m quite tempted to publish the IP addresses of the people involved. Doubtless if we do that, people will whine about infringement of their privacy, but I’m not suggesting publishing their names, just their IP addresses and maybe their machine serial numbers.

I’d be interested to hear others’ thoughts on this idea.