Yet another Iraqi blogger murdered

In all of the arguments over data portability, the pros and cons of FriendFeed, and everything else tech-geeky, it's easy to lose sight of the fact that blogging tools have made it possible for more voices around the world to be heard - if you're willing to listen. There are many such voices in Iraq, writing personal experiences that sometimes cost them more than just the time it takes to write. One such person, known as BlogIraq, was murdered this week as he tried to get some documentary evidence of corruption in a USAID office in Baghdad. It's worth remembering that this is actually what blogging is really about: discovering stories which would otherwise never be told.

Changing back to Typepad

If you're visiting the site, as opposed to reading this on RSS, you'll notice that I've switched back from a self-hosted Wordpress install to Typepad. The reason was pretty simple: I was finding some aspects of Wordpress to be pretty unreliable, and reliability is something that I really need from a blogging platform.

If you're reading the RSS, thanks to Feedburner, you won't notice any difference at all.

I'll be importing the posts which are missing from this blog, with the correct URLs, as soon as the old site stops misbehaving.

Closing for a very short while...

Normal service will be resumed as soon as possible!

Basically, I'm currently doing the switch from Typepad to Wordpress for this blog. All the posts and comments are ported over, and the DNS is currently in the middle of changing from pointing to TypePad to pointing back to my own host.

If everything has been done right, you shouldn't notice the difference if you're coming in from a link to anything on technovia.co.uk, as I've managed to mangle Wordpress into creating TypePad-like permalinks using some MySQL foo. You'll still be able to access posts directly here, by going through technovia.typepad.com.

However, if I can work out how to do it, I'm going to close comments on all the posts here - that way, no comments should be lost in the move from one to the other.

Daring Fireball on commercial malware vs commercial non-malware

First, apologies for the hideous title the post, but I couldn't really think of a better way of putting it. Commenting on my previous post on Mac security, John Gruber asks:

"But, and I’ve argued this before, it doesn’t explain why the Mac has, effectively, none. If it’s true that malware developers who want to make money will only write software for the vastly larger Windows market, then why doesn’t the same logic apply to non-malware commercial developers? "

This is an interesting question, but the answer is fairly simple: distribution methods differ. Let's look at the differing scenarios.

You're a legitimate Mac developer, and create "Wongo!", a lovely little widget for the Mac. You create a web site, post about it in a blog, people come and buy it. You send out a few review copies, it gets reviewed, and lots more people buy it. Word of mouth spreads, more and more people come to your site and buy it. Eventually, you're the Bill Gates of Mac software.

Now, for malware. You write a nasty trojan for the Mac, disguised as, say, a codec required to view porn. You upload it to a dubious site, where a relatively small percentage of people in general go. Of the people who see it, only 5% will ever be able to run it. Of that 5%, most won't bother downloading it at all. You can't advertise, or send out review copies, or - in fact - promote your "product" in any way. No one who downloads it is going to write blog posts about how amazing it is, recommend it to their Mac-using friends, or write letters to Macworld urging them to review it.

Compared to commercial software, Mac malware is like a small niche product which few people will ever encounter, and which you're not allowed to promote. What's more, it will never get any word-of-mouth coverage, positive blog posts, or reviews.

links for 2008-01-18

• Don’t believe the low bit-rate ‘HD’ lie | George Ou | ZDNet.com
  George Ou points out that "HD" download services from Apple and Microsoft are nothing of the sort, delivering quality that's actually below DVD. He's not wrong.
  (tags: HD downloads video apple microsoft tv)

Uh huh, right, so there's no Mac malware...

Note that F-Secure do not sell a security product for the Mac - so forget about that "they're only trying to spread FUD so we'll buy their product" stuff.

More details on Trojan:OSX/DNSChanger, plus a blog post about its variants - over 60 variants of this have been found by F-Secure.

And finally, yes, this is a trojan not a virus, so it exploits the user's gullibility rather than a security hole in the OS. But as this is also true of the vast majority of Windows malware, I don't think that's something to get too cocky about. And given the number of people on the Mac who take no security precautions at all, and genuinely believe there is no malware around for the Mac...

Service interruption on Sunday

Depending on what time I get back from the weekend's visit, there may be a period of downtime for this blog on Sunday. I'm transferring Technovia from running on Typepad to my own hosted version of Wordpress. All permalinks should remain working, and no posts or comments will be lost, but while I move the domain over there will be a period when it's not available. The RSS feed will also be unaffected, thanks to the lovely people at FeedBurner.

Update: I've decided not to go ahead with the transfer this weekend - basically, I quickly realised that I just won't have time to do it, so I'm putting it off for now.

Fair use for the 21st century: if it adds value, it's fair; if it substitutes, it's not - Boing Boing

Link: Fair use for the 21st century: if it adds value, it's fair; if it substitutes, it's not - Boing Boing.

"Tim busts out a great working definition for fair use that simple enough to understand that it can be reliably followed by casual remixers and users of content, but not so simple as to be idiotic: if it adds new value, it's fair use; if it substitutes for the original, it's infringing."

The problem with this is what amounts to "adding new value" - and, more importantly, adding value to what? Does sampling a record and using it, uncredited, in a remix "add value" to the original? No, of course not. In fact, using it credited may well not add value either.

Does Gawker's use of the Tom Cruise scientology video "add value" to the original? Of course not - if anything, it removes value, both to Cruise personally and to the CoS. Of course, you can say that Gawker's using it is fair use as it's newsworthy - but that adds a second rule to what is and is not fair use.

If, of course, what Cory and Tim mean by "adding value" is simply "creating something of value from the copyright material" then that's a different matter - but it means that virtually any use of copyright material is permissible. If I take one of Cory's books, put it in an original cover, print it and sell it I've "added value" - so it's fair use, and I don't have to pay anyone. Right?

The day Steve Jobs got snubbed at his own show

The story about Violet Blue being snubbed by Steve Jobs reminded me of an incident that I witnessed a few years ago where Jobs was, himself, snubbed.

After keynotes, Jobs usually likes to head down to the show floor and look around the Apple booth, talking - mostly - to Apple employees. At one keynote, a few years ago, I found myself standing behind Jobs and his entourage on the escalators going down to the Moscone show floor.

Jobs got to the show entrance proper, where there is always a security guard checking passes. The guard, spotting that Jobs had no pass, stopped him and refused to let him in.

Steve himself looked amused, but his entourage, with the standard reaction of lackeys everywhere, were outraged on his behalf. "Don't you know who this is? You're going to be looking for another job!" one piped up.

"I don't care who he is. No pass, no entry. That's the rule" came back the answer. The guard was sticking to his guns.

Jobs smiled, something which managed to combine amusement with the look of a tiger about to eat something tasty. "I'll come back another time" he said, and turned and headed off... followed by his twittering entourage.

Technorati Tags:
Apple, Macworld Expo, Steve Jobs

Why engaging with the Mac community over security is a hopeless task

Rich Mogul talkes about his "Curious Relationship With Apple And Security" and what he wants to do in the future:

"Actively engage with the Apple community, give Apple credit for what they get right, and point out where they get things wrong while educating Mac users. This hopefully gains me enough credibility that they can’t simply dismiss me as anti-Apple and I can help the Mac community pressure Apple for needed change."

Good luck with that, Rich. The problem with talking to the Apple community at large is that there's far too many people - usually, ironically, people who haven't used the Mac for more than a handful of years - who believe that the fact that "there is no malware for the Mac" means it must be perfectly secure.

They simply refuse to believe the "security through obscurity" line which states that the Macs low market share helps it safe, by reducing the opportunities for malware to be effectively spread. As the Mac is a small target, it's simply not efficient to write a virus for it. This is largely because they have an outdated view of what malware is produced for - they simply don't understand that a lot of malware is produced not for kudos but for profit, and when you're going for profit it makes more sense to hit the biggest possible market (ie Windows.

Neither do they understand that a large chunk of modern malware exploits the least-secure part of any system: the user. Most malware which is successful over a longer term doesn't target a security loophole initially, but attempts to get access to a user's system via social engineering.

And the notion that Windows Vista's security model might be as secure as the Macs (if not more so) will be met with either blank, uncomprehending stares or outright hostility. It doesn't matter that it's true.

So Rich, my advice is simple: just don't bother. You're only going to get 1500 flaming comments whenever you dare to utter the "heresy" that the Mac might not be perfect.

UPDATE: Clarified my point about "security through obscurity", by which I mean the Mac's low market share reducing vectors for malware spreading, rather than the platform itself being "obscure" and unknown to malware writers.

UPDATE 2: I'm in the middle of transfering this blog from TypePad to Wordpress, which means that I've now exported all the posts and comments from here to the new place. As this post is still getting comments, I've decided to temporarily close comments while the DNS switches over, so nothing gets lost in the move. Once the DNS has switched, comments will be back. Sorry for the interruption - if you really want to comments desperately, you can find the Wordpress version of this post here.