Yenya's World

Mon, 14 Jul 2008

Lawful Ransom

My almost five years old compactflash microdrive in my camera has finally died, so I have decided to buy a new CF card. To my great surprise, about 10 % of the total price is the "authors fee". Which is law-imposed tax (a ransom, in fact) for supposed loss on authors' fees caused by distributing copyrighted work using this CF card. WTF?

Does it mean that having paid this ransom I can now legally use this CF card to transfer copyrighted work, as I have already paid the authors' fee? Or is there a way of getting this money back, provided that the card will be solely used in my camera, i.e. to store and transfer my own author's work? According to the Czech law, these fees are collected by a mafiaa-like organization named OSA, which then distributes it to their members (after subtracting their operating expenses, of course).

But in order to become a member of OSA, there is a minimum amount of author's earnings per year, which is quite high. Well, I really don't need to have a share on the total ransom collected by OSA, I just want back the money I have paid to them myself when buying this CF card. How can I do this, my dear lazyweb? A related question: is this ransom collected even for CF cards in embedded systems (think medical computers and other systems, where is no way they can ever be used for tranfering random files)?

Section: /world (RSS feed) | Permanent link | 6 writebacks

Thu, 03 Jul 2008

HTTP Referer

One of our customers subscribes to a library system, which has its users "authenticated" by verifying the HTTP Referer: header. So they have to register a single authenticated page, accessible by their own users only, and we have to put a link to the library system to that page. Leaving aside the stupidity of such an approach to the authentication, I have found some interesting facts about the Referer: header:

Firstly, we have found that going from that page, browsers never send any Referer: header. When looking into it deeper, we have discovered that when you are on a page retrieved via https, the browser does not send the Referer: header to the pages with the http protocol.

So we have decided to write an intermediate redirector application, accessed over http authenticated by a random string as a CGI parameter. This application would than redirect user to the final destination. That also did not work.

The problem was that when redirecting using HTTP 301 status code (probably 302 as well), the client also does not send the Referer: header.

The next try was redirect using <META HTTP-EQUIV="Refresh"> tag inside the generated HTML page. Also did not work.

Finally, I have tried to redirect the client using Javascript (rewriting the window.location parameter in the onLoad handler), and it worked. So non-Javascript users are out of luck, but the majority is OK. Still, this system of "authentication" is stupid, because faking the Referer: header is not hard.

Update - Fri, 04 Jul 2008: MSIE and Referer

Apparently MSIE does not send HTTP Referer: header also when redirecting using window.location in Javascript. So for now I have disabled automatic redirection for MSIE, and I am just displaying the text "Use firefox or click to the above link manually.". In the meantime, I have found a really comprehensive guide on browser type detection.

Section: /computers (RSS feed) | Permanent link | 3 writebacks

Wed, 02 Jul 2008

Owner Free Filesystem

It seems that somebody finally got the eight years old idea of Schizzors (which is essentially a one-time-pad) with respect to the absurdities of the copyright law into something useful in a real world: meet the owner free file system.

The interesting feature is that in theory, you don't need to have the whole 2*n bytes of "random" data stored for retrieving n bytes of the data you want - the "truly random" seed can be reused to some degree: for example, if I want to store the files A and B (for the sake of simplicity suppose they have the same length of n bytes), you have to generate another n bytes of truly random data (let's call it C), and then store three files: A xor C, B xor C, and (for example) A xor B xor C. From them, either A, B or C can be retrieved, while all three stored files are "truly random" data, i.e. provably by themselves bear no relations to the original data A or B.

What this brings is not (only) an easy way to commit a copyright violation, but it allows the storage subsystem (i.e. a P2P network) to plausible deny the responsibility for the actual data they store, because they are truly random and bear no relation to the possibly copyrighted material. For example - I would happily offer my free hard disk space and bandwidth to some distributed computing project or whatever, but the risk of somebody storing a copyrighted material on my file system and then police seizing my computer is too high. With OFF client and protocol, the situation might be different, as no possibly copyrighted data is actually stored.

Section: /computers (RSS feed) | Permanent link | 6 writebacks

Tue, 01 Jul 2008


On the mobile devices front, I have decided to buy Nokia E51 phone and a n810 tablet PC. So far I have got only the phone, so this is my experience after using E51 for a week or so:

I have decided to try what it means to have a supported commercial non-free OS, and asked the Nokia technical support about unicode fonts. Their reply was something like "we do not know, use a freeware sites if you want."

Section: /computers (RSS feed) | Permanent link | 2 writebacks


Yenya's World: Linux and beyond - Yenya's blog.


RSS feed

Jan "Yenya" Kasprzak

The main page of this blog



Blog roll:

alphabetically :-)