Yearly Database Self-Examination

Submitted by jbreland on Fri, 09/22/2006 - 16:49

I just came across a really useful post on security/privacy blog 27B Stroke 6 discussing various resources available to check what data companies may have and sell about you, as well as how to opt out of some such schemes. I recommend checking out the full article, but in the interest of saving time I'm posting the major points below.

  • If you have ever applied for health, life or disability insurance on your own, it's likely the information about your health and lifestyle that you had to provide ended up in a database run by the MIB Group. The easiest way to check your record is by phone at 866.692.6901. The group will then mail you your report if they have one.
  • ChoicePoint, the folks who sold 145,000 data reports to Nigerian identity theft scammers in 2004, sells auto and home-insurance risk scores (among other things) and you can check your file for free once a year via their web page
  • ChexSystems keeps tabs individual's banking habits and sells that data to banks vetting new customers. Give them a call at 800.428.9623. They also run a system that keeps track of people who have reportedly passed a bad check. Track down that report here or make their phone jingle with this number: 800.262.7771.
  • Acxiom, another big data broker, will let you opt-out of their marketing database for free if you call 501-342-2722 and press 5. You can also ask them to send you a form that lets you check the non-marketing information they have on you. They won't let you opt-out of this, and they will charge you $5 for the privilege. Be aware it could take them months to send out the report.
  • Stop some direct mail via the Direct Marketing Association's web page. It's free if you print it out and mail it in to them for hand processing, but costs $5 if you just want to do it online. That's how much they like this opt-out list. DO NOT join the DMA's phone or email opt-out list. That's just begging for spam and telemarketing calls.
  • Stop almost all credit card and life insurance direct mail solicitations (this won't stop ones from your own bank) by calling 1-888-5-OPTOUT.
  • And of course, the ever handy Do Not Call list is here.

Full link:

http://blog.wired.com/27BStroke6/index.blog?entry_id=1532406

Microsoft's Masterpiece of FUD

Submitted by jbreland on Tue, 09/19/2006 - 17:22

Microsoft recently commisioned research whore firm IDC to research and produce a report entitled, "The Economic Impact of Microsoft Windows Vista" (link to PDF). The executive summary essentially states that the upcoming release of Windows Vista will provide a huge boon to the European economy, and is a direct response into the Europeans Commission's inquiry into whether Microsoft is playing fair with this new release.

Now, I haven't posted much about either Microsoft or Linux in quite some time (nearly 2 years in fact, which probably isn't all that surprising given that I only posted 4 articles in all of 2005), simply because I'm content to sit and watch from the sidelines at this point. However, the news I read about this report struck me as rather odd. For example:

  • In 2007 this ecosystem should sell over $40 billion in products and services revolving around Windows Vista.
  • Windows-related employment is expected to jump by 100,000 jobs.

There are some other odd conclusions included in the report, but these are the two that are most puzzling to me. For example, the "$40 billion" statement doesn't sound like something they should brag about. To me, this reads as, "Microsoft will drain the European of up to $40 billion in the form of upgrades and license fees. Additional money must be spent replacing hardware that doesn't meet the minimum requirements of Microsoft's next OS, but could continue to function fine with current software or alternative operating systems." The only boon I see is for Microsoft, in the form of transferring an obscenely large amount of money from the European economy into its own coffers.

The second example is equally as puzzling. We're talking about an upgrade, not an entirely new or revolutionary product. IT workers today will continue to provide IT services tomorrow. The only reason I can think of that Windows Vista would provide such a huge increase in IT jobs is that it will take that much more manpower to deploy and support Vista-based systems. Again, this isn't exactly something I would brag about.

The reason I bring this up now is that I recently came across two good articles discussion the issue. The first, in Business Week, gives a broader overview of the issues involved, and is a good read to get caught up on this topic. The second, in Linux Journal takes a more focused approach by specifically discussing the IDC research report, comparing the report's "benefits" to real-world benefits obtainable through Open Source software.

If you're curious about this issue, I encourage reading both articles below:

http://www.businessweek.com/globalbiz/content/sep2006/gb20060913_243817.htm

http://www.linuxjournal.com/node/1000097

Liar, Liar, and Pretexting

Submitted by jbreland on Tue, 09/19/2006 - 15:47

SecurityFocus Mark Rasch has written a great article concerning the , including consumer protection laws, deception, fraud, and spyware. From the article:

Not only does the GLBA only cover a narrow scope of records, it also has some exclusions which are, well bizarre. It excludes law enforcement agents acting within the scope of their duties. This suggests that if the cops want your financial records, rather than going down the hall to the prosecutor to get a subpoena (or issuing an administrative subpoena, getting a search warrant, a FISA warrant, a FISA order, a National Security Letter, the consent of the bank, or any of the myriad legal ways to get your information) it would be permissible for the cops to simply call the bank, pretend to be you (or anyone else) and trick the bank into ponying up your records. Pretty cool. And if you challenge the legality of the search as a violation of your privacy, a court might very well conclude that these records about you aren?t your records, but rather records of the financial institution. Therefore, even if the search is unreasonable, you don?t have what the law terms standing to challenge it. Lovely.

Full link:

http://www.securityfocus.com/print/columnists/417

What the Terrorists Want

Submitted by jbreland on Fri, 09/15/2006 - 11:29

Bruce Scheier has a great article in his latest Crypto-Gram Newsletter entitled What the Terrorists Want." His basic point is that the point of terrorism is to cause terror, and in this the terrorists have succeeded:

The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets, or buses is not the goal; those are just tactics. The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act.

And we're doing exactly what the terrorists want.

The entire article is well worth reading. Full link:

http://www.schneier.com/crypto-gram-0609.html#1

Universal Extract 1.3 Released

Submitted by jbreland on Fri, 09/15/2006 - 00:33

I mentioned recently that news was slow because I've been working on some new programs. Well, here's the payoff. :-)

I just posted Universal Extract 1.3.. This is a pretty substantial update, adding support for quite a few more formats and improving support for existing formats. Although the interface still looks the same, a whole lot of improvements were made "under the hood".

Download links and an updated format support table can be found on the Universal Extractor main page. Details about improvements in this version can be found in the Universal Extractor ChangeLog.

Enjoy!

Copyright and Intellectual Property

Submitted by jbreland on Wed, 09/13/2006 - 16:44

I just read two good articles on intellectual property and copyright law, both written by Cory Doctorow (editer of craphound.com and co-editor of Boing Boing).

The first article, published on Locus Online, discusses this history of copyright law, why it originally came to be, and how it fails when applied to end-users. The second article, published by the USC newspaper Daily Trojan, discusses a recent letter sent by USC administration to all returning students that declares all filesharing and P2P network use as illegal. It presents a solid argument as to why this is not true, providing examples and historical context to back up his points.

Both articles are very interesting and poignant in today's society, and I recommend taking some time out your day to read them.

Full links:
http://www.locusmag.com/2006/Issues/09DoctorowCommentary.html
http://www.dailytrojan.com/news/2006/09/11/Opinions/Usc-Copyright.Rules.Are.Flawed-2264120.shtml

New script - Inno Setup CLI Help

Submitted by jbreland on Wed, 09/13/2006 - 11:16

I added a new script to my software page. Inno Setup CLI Help is a set of functions in Pascal that can be included in any Inno Setup installer to display command line usage information to the user when /? is passed to the installer. This help information includes both common parameters available for all Inno Setup installers, as well as the components and tasks that are unique to each installer. The purpose here is to educate the user and make it as easy as possible for him to automate and/or customize installation to suit his needs.

Full details, a screenshot, and download links are available on the Inno Setup CLI Help page.

"If you haven't done anything wrong, then you have nothing to worry about."

Submitted by jbreland on Sun, 09/10/2006 - 21:16

"If you haven't done anything wrong, then you have nothing to worry about," seems to be a answer response these days to concerns about loss of privacy and personal rights in an age of ever-expanding surveillance. Needless to say, this is an absurd and shameful argument. Of course I have something to worry about. Everyone does. To quote Bruce Scheier from a recent article:

Cardinal Richelieu understood the value of surveillance when he famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Watch someone long enough, and you'll find something to arrest -- or just blackmail -- with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies -- whoever they happen to be at the time.

Privacy is a fundamental human right, one which can not and must not be surrendered. The next time you here this statement, consider these responses:

http://ask.metafilter.com/mefi/39312

Some of my favorites:

  • If I'm not doing anything wrong, then you have no cause to watch me.
  • Because the government gets to define what's wrong, and they keep changing the definition.
  • Because you might do something wrong with my information.
  • Mind if I make a video of you [making love to] your wife then?
  • So you trust the government completely? Not just this administration, but all of them? You trusted Nixon?
  • Yeah..., isn't that what Stalin used to say?
  • "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin

You get the idea.