Barely a week into the new year, several stories broke suggesting that the National Telecommunications and Information Administration had run out of funding to provide any more coupons for the upcoming digital television transition. Responding to this news, the Obama administration began an immediate campaign to delay the transition, fearing that as many as six million households would be unable to meet the transition deadline.

After a new bill was drawn up, it was quickly rammed through the Senate. Yet, in a surprising turn of events the bill failed to make it through the House of Representatives. Undaunted, however, by this initial defeat, the bill was resubmitted, and on the second pass through, it was voted into law — 264 for, versus 158 against.

So, now that the DTV transition date has been officially moved back, to June 12^th, 2009, what does that mean for the average consumer?

Well, for one, there’s going to be an awful lot of seriously confused consumers. For months now, the air waves have been saturated with the public service announcements urging consumers to get ready for the transition to DTV. When the first announcements were made that such a transition was in the works, there was a tremendous amount of confusion regarding the exact purpose of this transition, how it was to be implemented, how it would occur, and whether or not services would be lost.

The first batch of public service announcements weren’t very helpful; only those who had read about the issue in the paper, or on the Internet, knew what was going to happen, and how they might be affected, if at all. However, as the advertising campaign continued, a little more effort was put into explaining, in lay man’s terms of course, what was supposed to occur and how it would affect those with “rabbit ear” antennas.

At least one thing all those commercials was consistent: February 17^th, 2009.

That was supposed to be the date that all analog over-the-air broadcasts had to cease or be converted over to digital. That date, February 17^th, 2009, had been on the books for well over a year, and as we entered the new year, it seemed as if everyone at least knew that something important was to happen on that day.

Not wanting to upset any of its constituents, the government quickly put a financial aid program into place:

Between January 1, 2008, and July 31, 2009, all U.S. households will be eligible to request up to two coupons, worth $40 each, to be used toward the purchase of up to two, digital-to-analog converter boxes. The coupons may only be used for eligible converter boxes sold at participating consumer electronics retailers, and the coupons must be used at the time of purchase. (Please note that these coupons will expire 90 days after mailing). Manufacturers estimate that digital-to-analog converter boxes will sell from $40 to $70 each. This is a one-time cost.

The point of these converters would be to take the newly mandated digital broadcast and convert it back to an analog signal so that it can be processed by older generation televisions that lack a digital tuner.

Those in favor of the coupon program argued that every household in America should be able to receive at lease some sort of a television signal, so that, in times of emergencies, everyone can be kept informed and safe.

On the other side of the fence, the oft heard argument against the proposed delay was the the government ought to get this transition over with as soon as possible for the benefit of everyone involved: Congress has an economic crisis to deal with; broadcasters are tired of wasting precious revenue-generating airtime to keep the public informed; retailers can’t wait to clear the converter boxes of the shelves in order to start selling other electronics with higher profit-margins; broadcasting stations already have plans and equipment in place, and just like like everyone else in the industry they, too, are ready to just get this whole transition over and done with, once and for all.

Well, maybe it’s just me, but in my opinion, the government should have had far less of an involvement in this entire process than it has had; the industry could have taken care of this all on its own.

Not only is the delay going to cost the industry a lot of money, it’s also going to cost the tax payers, who will inevitable have to foot the bill for this ridiculous coupon program. The first coupons were made available at the start of 2008 – that’s more than a year of advanced notice for consumers to save up $40-$70 dollars for a one-time investment in a converter box, and that’s if they even need one in the first place.

If it’s really so much of a problem that several million households might be without TV for those few days it’ll take to figure out what’s going on, then the government should have told those people to just turn on their damn radios! Remember those? That little box, with the shiny antenna that makes noise. Putting that message out would have been far easier, and cost way less, and trying to explain where people can go to sign up for a government issued coupon.

Oh, and speaking of coupons, if those six million households can’t afford a radio, give them a $10 coupon to go get one, not a $40 coupon to get a converter box. So, assuming that there are about 100,000,000 households in the United States, and that about 6% of them need a coupon, issuing a radio coupon instead of a converter-box coupon would save the taxpayers about: (100,000,000)(0.06)(40-10) , or a 180,000,000 dollars – and that’s a conservative estimate! Saving money is so hard, isn’t it?

Just the other day, I reported that HD VMD was looking good to be the third candidate in the race for supreme leader in the HD format wars.Apparently three wasn’t enough, and so now there’s a fourth contender: the Chinese-made CH-DVD. Slated for an unspecified release in 2008, the new format isn’t looking all that impressive. It’s pretty much what’d you’d expect to see from China, an HD DVD knock-off.

According to Ars Technica, this isn’t the first time that China has tried to steal – uhm, I mean “create” – a standard for technology that’s already in wide use around the world. Back in late 2003, China tried to introduce the Enhanced Versatile Disc (or simply EVD) with the intention of stealing some of the DVD’s popularity. China’s efforts to “innovate” have also extended into the world of 802.11 Wi-Fi encryption; in late 2003, the Chinese tried to impose their WAPI standard on the international community by forcing companies who wanted access to the Chinese market to partner with one of eleven Chinese firms that licensed the standard. Needless to say, this effort, along with countless others, like an XML alternative, failed as well.

The reason behind this seemingly rampant copying of standards is actually a simple one, namely cost. With the current state of Western patent systems (both here and in Europe), companies have little problem patenting every action they undertake. As a result, it’s practically impossible for anyone to introduce a product for which they won’t have to pay a laundry list full of licensing fees. Going back to the EVD example, if China had managed to introduce their own DVD standard, they would have saved anywhere from $13 to $20 per player in CSS and MPEG-2 licensing fees – and that’s only for video playback, so add a few bucks more for the rest of the machine. The severity of the problem becomes even more evident when you consider China’s historically poor economy (yes, I know it’s expanding rapidly), as well as the fact that you can walk into any Wal-Mart and pick up a DVD player for next to nothing.

The same applies to China’s attempt to introduce a new Wi-Fi standard. The profit margins on electronics are razor thin, and in some cases (such as with the PS3 and Xbox 360), they don’t even exist! So, anything that (legitimate) Chinese companies can do to avoid having to pay additional fees is going to be attempted. Even though we might never actually see CH-DVDs here in the US, I’m sure that we can continue to see more and more tech-clones out of China.

For anyone who’s followed the rumors and speculation leading up to today’s announcement, there really wasn’t anything all too surprising: the “classic” iPod got it’s usual size upgrade, the Nano gained some weight; and, as everyone expected, the new kid on the block is the Touch, an iPod-only iPhone. However, despite the fact that nothing Apple did today was all too stunning, Apple fans everywhere still went wild as usual.

Like most of these things, the keynote started off pretty tame and got more exciting as it went along – albeit only a little. Apple CEO Steve Jobs spent the first few minutes praising the success and popularity of the iTunes music store, and then got down to business.

Ringtones

The first announcement was met with quite some applause. Apple will now – finally – allow iPhone owners to customize their ringtones. Amusingly, the applause quickly died down when everyone realized how ludicrous Apple’s ringtone customization system really is. If you want to make your favorite tune into a ringtone, you’d better hope that it’s one of the 500,000 “participating songs,” because if it’s not, you’re simply out of luck. And if you manage to find a tune you like, you’ll have to pay another 99 cents on top of the song price to actually make it into a 30-second ringtone. So, do you still want that custom ringtone?

The New Shuffle…huh?

After a little more iPod praise, Steve was ready to “start out easy” with the new “refreshed” iPod Shuffle. It took me a while to figure out what was new with this model: Was it the design? No. Maybe the size? Nope, same old. Steve’s ego? Possibly. Oh wait, it’s the color!

All Apple did to the Shuffle was give it a new paint job. The player now comes in silver, blue, green, purple, and (Product) Red. It still only holds 240 songs (on 1GB), and it still costs $79.

The Overweight Nano

A little further up the price curve, you’ll find the new iPod Nano, which Apple’s site still describes as being sleek. Yeah right! If a video iPod ever mated with a first generation Nano, the resulting product would be short and disproportionately wide, and that’s exactly what this new Nano is. Fortunately, some of the better traits from each of its possible parents are also present, like a solid state drive, a stainless steel enclosure, and the ability to play vidoes, run basic games, and display images.

The screen is 2 inches wide, and sports 76,800 pixels – that’s 240 up, and 320 across. Apple claims that you’ll be able to get up to 24 hours of battery life out of the device if you’re listening to music, but only 5 hours if you do little else but watch videos. The new fatty Nano comes in two size: 4GB and 8GB. The 4GB weighs in at $149, while the 8GB model will go for about $199.

The “Classic”

After 5 similar keynotes, this iPod needs little introduction. It’s so iconic that Steve thought it would be appropriate to name it the iPod Classic. Unlike the fatty Nano, the 6th generation “Classic” actually lost a little bit of weight, making it even thinner. Don’t let its slim appearance fool you, however, it packs a whopping 160GB of storage – if you’re willing to pay for it, that is. If you’re keeping track, that means that you’ll now be able to squeeze an astounding 40,000 tunes in your pocket, as opposed to the first iPod, which only held a 1,000 songs.

The Classic also sports a new interface, designed to incorporate CoverFlow. You’ll also be able to browse your songs on one side of the screen, while viewing the cover art for each perspective album on the other half. Well, so much for the elegance of the interface…

Much like the new fatty Nano, the Classic will also be housed in “an anodized aluminum and polished stainless steel enclosure” – no word yet on how this new combo stands up to scratches. The Classic comes in two sizes as well: 80GB, worth 20,000 songs; and 160GB, which is good for 40,000.

All of this sounds really great, until, or course, you find the Buy page and see the price. Apple wants $249 for the 80GB and $349 for the 160GB.

iPod Touch

Oh, and one more thing: remember that iPhone that never really took off and that everyone wanted as an iPod-only device? Well, lo and behold, it’s here, and it’s called the iPod Touch. The Touch is slightly smaller in size than the iPhone, but besides that, it looks pretty much exactly like it.

Not only does it look too much like the iPhone, it does almost the exact same thing, except for make calls, obviously. The Touch uses the same interface (that was not invented by Apple) to navigate through menus, photos, videos, and music. The cheap version even comes in the same disappointing storage capacity: 8GB.

The unit features a 3.5” inch display, that makes it ideal for viewing photos, watching movies, and not to mention, surfing the Internet. To make Internet access as easy as possible, Apple cleverly included a 802.11b/g Wi-Fi antenna into the unit. The touch also has an accelerometer and light sensor just like its cousin, so that it can determine its orientation and environment to properly adjust the display for the optimum viewing experience. According to Apple, the battery should be good for anywhere between 5 and 22 hours, depending on how many videos and songs you put it through.

The Touch only comes in one color, but at least you can choose which of the two meager storage options you’d like: either 8GB or 16GB. The 8GB goes for $299 and the 16GB goes for $399.

iPhone Price Drop

Steve concluded the keynote by saying that Apple will be discontinuing the 4GB iPhone, and lowering the price of the 8GB model from $599 down to $399. Interestingly, according to Engagdet.com, this annoucement elicited the greatest applause from the audience, suggesting that this was the only real piece of news that really took everyone by surprise.

Watch the Keynote

Click Here

DRM is a bitch when it comes to copying music for a friend, but pretty soon we’ll have another reason to hate it. Apple recently filed a patent suggesting that in the near future you might not even be able to charge a friend’s iPod, let alone slip him a few tunes.

Apple’s patent outlines plans for providing each and every iPod with a specific charger, without which that iPod (or iPhone) won’t charge. Each charger will come equipped with a simple circuit to determine if and when power can be supplied to the attached device. The plan behind this seemingly totalitarian scheme is actually rather benign; it’s all about protecting your iPod from theft. Actually, on second thought, it might still get stolen, but hey, at least it won’t charge. Good thinking, Apple!

According to the patent, if your iPod is plugged into an unauthorized charger, leaves a specified geographical location, or if a timer expires, and no PIN is entered, it won’t charge, causing it to slowly wither and die, producing yet another beautiful Apple paperweight.

How exactly Apple decides to implement this technology will also determine how many people they will piss off as a consequence. If Steve decides that he needs even more money, this patent might allow them to “pull a Sony,” and force customers into buying only Apple chargers, docks, and peripherals. However, if they want to avoid any more bad press about this “anti-theft” idea, then it would behoove them to license this at a moderate price to third-party manufacturers, along with having users enter a PIN before charging the device, so that it can still be used with a friend’s charger.

However, if this patent falls through, or if you just want to feel more secure, a better approach to protecting your iPod would be to simple disguise it, preferably like something that no one would ever want to steal: a brown Zune! If that sounds crazy enough to work, check out Hide-A-Pod.

Congress must seem to think that they are on a role when it comes to technology issues; first they wanted to scrutinize the Google/DoubleClick merger, then they took an interest in the iPhone and it’s exclusive contract, and how they’re coming after P2P as a possible threat to national security. However, unlike the first two high profile issues, their current crusade is just stupid; in fact, it’s downright shameful.

What would any rational entity do if they noticed that their sensitive data is being leaked to P2P networks? They would most certainly not do what Government Reform Committee Chairman Henry Waxman and Representative Tom Davis are currently doing, which is blame the P2P networks for leaking national secrets to potential terrorists. During the hearings, Mark Gorton, the chairman of LimeWire, was actually accused of harming national security by offering his P2P product. Waxman even mentioned that he’s thinking about proposing laws to regulate peer-to-peer file sharing. Oh boy.

According to Ars Technica, Waxman stated that his intent was not to “shutdown P2P networks or bash P2P technology,” but to determine if such applications as Limewire create an “unacceptable risk for consumers, corporations, and government” entities. He went on to say that they conducted a few simple searches with LimeWire, the most popular P2P client, and found “personal bank records and tax forms, attorney-client communications, the corporate strategies of Fortune 500 companies, confidential corporate accounting documents, internal documents from political campaigns, government emergency response plans, and even military operation orders.”

LimeWire isn’t the one creating the “unacceptable risk,” it’s the foolish employees who do so. In no way, whatsoever, is it the fault of LimeWire, and other such programs, that the average government stooge is woefully uneducated when it comes to the proper use of a computer. The problem lies with those handling the computers and the sensitive information on them, not with the P2P programs.

Anyone who installs LimeWire is explicitly told that any information in the shared folder will be accessible to anyone on the network. And it’s not like this folder is names “My Shared Documents” or anything like that either. So, how bloody stupid would you have to be to place sensitive information in this folder?

Why isn’t Congress assailing the governmental IT departments of the various agencies critical to the maintenance of national security for even allowing users to install third-party, unauthorized software in the first place? Any network that has information on it sensitive enough to potentially harm an entire nation should simply not have direct access to the outside world, and should be locked down so tight that every mouse movement and keystroke is carefully scrutinized and logged.

The fact that Mark Gorton was even called in to testify, clearly shows how absolutely clueless the members of Congress are when it comes to the Internet. Their ignorance is downright infuriating. Instead of places the blame on P2P technology, they should spend their time passing legislation demanding that employees have a minimum degree of computer knowledge and security awareness.

Let’s suppose for a minute that you are a customer of Sprint, Verizon, or T-Mobile and you want an iPhone. Chances are that you’re still caught in the death grip of your current service contract, and unless it’s about to expire, you’ll probably have to lighten your wallet by a hefty $200 to cover the early termination fee. Ok, so you decide to pay the fee. At this point you aren’t tied to a contract; but, then again, you don’t have a phone either. Off to the Apple store to get that gorgeous new iPhone!

With iPhone in hand, you walk out of the store, drive home, and with a huge grin on your face, you happily unpack your brand new phone. At this point you might want to wipe the drool from you chin and make your way over the nearest computer to activate the thing. You happily log on the site, and proceed to fill in the necessary details. Then, all of sudden, that awesome grin of yours fades and you’re pissed. You’ve just realized that, in order to actually use the phone, you’ll have to sell your soul all over again – this time to AT&T, the exclusive iPhone carrier.

To the vast majority of brand new iPhone owners, this might not be a problem at all. I bet most Apple fans would be willing to do a whole lot more to get their hands on the so-called “Jesus Phone.” However, now that the iPhone is out and other companies see what their phones should be like, what happens when the next super-phone hits the market. Will you be willing to bite the bullet and lay down another $200 to redeem your soul?

This question, along with a variety of others, is currently being debated in congress at the insistence of the Open Internet Coalition. Since these hearings are clearly a by-product of Apple’s world famous phone, they have been unofficially dubbed the “iPhone Hearings.” But, many will be happy to know that if these hearings are successful, everyone will hopefully be able to get whatever phone they desire.

Wireless service providers, and monopolies in general, love doing everything they can to limit the amount of money that they have to throw towards research and development, marketing, and support, while maximizing their profit margin. One way of retarding the inevitable advancement in technology is by locking people into contracts, and, by doing so, isolating them from the competition. According to Chris Murray of the Consumers Union, contracts with termination fees work wonders to virtually eliminate competition.

AT&T and friends will probably try to convince Congress that they are forced to lock consumers in if they want to continue offering cheap and free phones. Sure, if that’s the case, then the companies may indeed need some assurance that you’ll stay with them for a certain amount of time, so that they can pay off the costs of giving phones away for next to nothing. However, this excuse quickly falls apart when the asking price for an iPhone is $600 (for the 8GB model). As soon as the cost of a phone reaches those kinds of numbers the only reason for locking consumers in is stifling competition and simple capitalist greed.

Another issue that the iPhone hearings are taking a look at is the notion that the wireless spectrum should be open. As it currently stands, there are four major wireless broadband providers, each with their own closed network. Together, these for behemoths have managed to take absolute control over roughly 96% of the nations broadband network; in other words, creating a new, competitive company is downright impossible.

With the explosion of the Internet, a whole slew of new communication methods have become available. One of those is VoIP (Voice over Internet Protocol), which allows the use of an application like Skype to make regular telephone calls. The Big Four see the rise of Skype, and the hundreds of other services like it, as a real threat to their livelihood. VoIP is dirt cheap in comparison, and totally void of contractual obligations. What Christopher Libertelli, the senior director of regulatory affairs for Skype, would like to see happen is for congress to open up that 96% of closed networks to more competition. Back in 1968, there was a landmark case, which resulted in the Carterfone decision, which basically allowed for third-party devices such as caller-ID systems and fax machines to use the existing AT&T networks. Hopefully, this decision will be able to help consumers win this battle once and for all!

Even though the Xbox 360 is statistically speaking the current leader in the next-gen console wars, it’s pretty far from perfect as many disappointed users will gladly tell you. From the beginning, the console has suffered from a variety of problems: some overheat and die, some scratch discs beyond repair, and all of them make you think there’s a jumbo-jet in your living room. However, there might still be hope for a better console, since Microsoft announced that their current project, code-named “Falcon,” is well on its way to deliver a completely revamped 360 to consumers.

With summer in full swing, temperatures are on the rise and so are the complaints. Over the last few months, Microsoft has had an unusually high number of complaints about its consoles sticking it to users with the now infamous “Red Ring of Death,” meaning that the console suffered one or more fatal hardware failures. Many have come to suspect that the failures are due to the consoles inability to deal with heat – a problem that has plagued the 360 since the first batch.

Earlier this month, Microsoft crunched some numbers and came to the conclusion it would be in their best interest to extend the warranty, again. However, this new extended three year warranty only applies to the consoles that have been afflicted by the ominous red ring. So, this means that if your console suffers (or has suffered) a heatstroke, you can send it back to Microsoft to have it repaired and shipped back to you; all of this, free of charge. All of this benevolence does come at a cost to Microsoft though. According to the press release that went out, the company is expecting this move to cost them an estimate $1.05 billion to $1.15 billion – for this quarter alone!

So, what’s the solution to this entire mess? Well, redesign parts of the console, of course. Microsoft wasted no time Monday evening at E3, and was quick to announce that the gaming division was already hard at work designing a cooler 360, based on a 65nm design. The goal of the “Falcon” project is to have the more robust console on store shelves by this fall. The redesign will apply to both the triple-core CPU as well as to the AMD/ATI GPU.

Updating the console with smaller, cooler parts will not only improve the airflow and heat dissipation inside the unit, but will also mean cheaper fabrication costs for Microsoft. In the long run, keeping current with the manufacturing cost curve will allow Microsoft to save tremendous amounts of money. Sony’s latest redesign of the PS 2, for example, allows the company to produce smaller, and thus cheaper, chips all the time. The current chip costs of the PS 2 is a mere 13% of what it was originally. It’s not all simply about the heat.

For Microsoft’s sake, let’s hope that the Xbox “Falcon” 360 will be able to mitigate the tremendous failure rates that have been rumored about on the Internet. The rumor mill has put the failure rate for the current console somewhere between 30 to 50 percent!

So, to sum it all up: warranty on red-ringed consoles extended to three years; a new 360 console, codenamed “Falcon” is on its way; the 90nm chips will be replaced by 65nm chips; console longevity will improve, but technical performance will stay the same…

The public was angry; they had had enough of the harsh oppression, the unrelenting control, and the panoptic supervision of the ruling elite. No longer was a distant monarchy going to exert its tyrannical oppression over the well-meaning individual; and the events that would soon come to pass where going to definitively prove that times were changing. Dressed up to disguise their identity, a passionate group of men boarded the HMS Dartmouth and dumped 45 tons of English tea into the harbor. The Boston Tea Party sent an unmistakably clear message to the British parliament: enough is enough; either policies start changing right away, or there will be far more serious consequences. The events of that day, the 16th of December, 1773, symbolized the final spark needed to light the fuse of unanimous revolt. Today, 233 years and 138 days later, a similar contempt lingers in the air, albeit in the digital realm.

Much like the Boston Tea Party, the revolt that Digg, a user driven social content website, is experiencing has not gone, and will not go, unnoticed. The rebellion is one of the first en masse protests against the forceful establishment of a DRM-driven society; a society in which everyone who wishes to use, sample, or share creative content must pay – over and over again. However, the enforcement of such a policy can only be truly effective through the placement of restrictions on the rights of the user, through the establishment of a system of Digital Rights Management, or DRM.

Unfortunately, the DRM systems currently in place are fundamentally flawed in their implementations and are also completely obvious to the notion of Fair Use, and as such they only really present a hindrance to casual users in their futile attempts to eradicate digital piracy. A paying user ought to be able to play, store, back-up, and share the content that he has legally bought without having to worry about such idiotically restrictive laws as the DMCA – sure, the DMCA does have some legitimate uses, but for the most part it has only managed to piss off the casual, well meaning consumer.

The fact that not a single content protection system has yet been able to reliably do what it was meant to do, has seriously upset an extremely passionate and dedicated group of individuals. Most of these individuals have no intention of illegally distributing copyrighted content, but the fact that varies companies and organizations are in essence forcing their users to become pirates to do what they would only naturally want to do has really taken its toll.

Tuesday, May 1st, a single submission which contained a recently discovered decryption key code for the AACS content (…or should I say “revenue”) protection scheme used to protect HD-DVDs found its way onto Digg. In near-record time the story secured a place on the coveted front page of the site. It didn’t take long for the watch dogs over at the Advanced Access Content System consortium to take notice and react with yet another DMCA takedown notice. Jay Adelson, the CEO of Digg, was naturally concerned about the continued, hassle-free existence of the site and as such decided that it would be in everyone’s best interest if he followed his lawyer’s advice and removed the submission. Furthermore, Jay also made it abundantly clear in his blog post that the reason for removal of the story was purely legal in nature, and that it had nothing to do with censorship:

Whether you agree or disagree with the policies of the intellectual property holders and consortiums, in order for Digg to survive, it must abide by the law. Digg’s Terms of Use, and the terms of use of most popular sites, are required by law to include policies against the infringement of intellectual property. This helps protect Digg from claims of infringement and being shut down due to the posting of infringing material by others.

Our goal is always to maintain a purely democratic system for the submission and sharing of information – and we want Digg to continue to be a great resource for finding the best content. However, in order for that to happen, we all need to work together to protect Digg from exposure to lawsuits that could very quickly shut us down.

Unfortunately, the removal of the story did not go unnoticed – far, far from it. Within hours of the removal of the story, the entire Digg community seemed to be in uproar over the fact that their favorite news website would kowtow to bigger company. In response to the removal of the original story and also to illustrate to the AACS consortium how futile their efforts were, Digg die-hards flooded the front page with countless stories that in some way revealed the leaked hexadecimal key. Some stories were blatant in their purpose, while others found very creative ways to sneak the code in.

At first, the executives over at Digg tried to keep up their end of the law by deleting and preventing the submission of further stories about the key code. However, it soon became apparent that their efforts were just as futile as those of the government. This is where things took a surprising turn – supporters of a DMCA-free world might say this next event represented a small victory, but I contend otherwise. At 9 PM that evening, Kevin made a surprisingly stupid move; he actually posted the key code along with a concession that the efforts of the Digg community were beyond his power to control. Here is the post in its entirety:

Digg This: 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c1

Today was an insane day. And as the founder of Digg, I just wanted to post my thoughts…

In building and shaping the site I’ve always tried to stay as hands on as possible. We’ve always given site moderation (digging/burying) power to the community. Occasionally we step in to remove stories that violate our terms of use (eg. linking to pornography, illegal downloads, racial hate sites, etc.). So today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code.

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.

Digg on,

Kevin

Kevin got far too caught up in the heat of the moment, and from a legal perspective he may very well have just killed Digg. In his post he blames the Digg community for not respecting the Terms of Use that Digg has in place. However, as this scenario unfolds the number of submissions to Digg that reveal the actual key code are irrelevant as long as Kevin, as one of the main honchos in charge of the start-up, is able to maintain that he and the rest of the executives did everything in their power to prevent the posting of the key. Not only does he admit that no one will be trying to prevent the posting of the code, he actually did it himself. If the AACS consortium or another company with a big stake in the prevention of piracy decides to press charges against Kevin’s site, they’d have a field day; Kevin would have a hard time “Digging” himself out of trouble.

The events that lead up to the Boston Tea Party in 1773 were, in many ways, quite similar to what we are seeing at the moment in the digital domain. The Stamp Act of 1765 and the Townshend Acts of 1767 had angered well-meaning colonists for years, much like DRMs are doing today. Eventually, the anger over the policies became so extreme that something had to happen; something had to illustrate to the British that the colonist were fed up with the restrictions and regulations. As Steve Jobs said in his essay Thoughts on Music, “DRMs haven’t worked, and may never work, to halt piracy.” If the current restrictive trend continues then we might very well see another “digital Boston Tea Party” in the near future – (Thanks to Forbes.com for noticing that quote in the numerous Digg comments).

Flipping through channels, trying to find something to watch, I stumbled across a commercial set to an annoying tune. The commercial switched between the glowing commentaries of several different actual customers: “Vonage was so simple to install” and “No one asks, ‘hey, are you on VoIP?’” Well, they might not be asking, but seeing the dire straits that Vonage is currently in, you probably won’t be able to for much longer…

The trouble all started back in mid June of 2006, when Vonage acknowledged that they were being charged in a lawsuit filed by Verizon for supposedly infringing upon seven patents related to Verizon’s VoIP technology. The patents dealt with various protocol procedures, such as completing connections between users, authentication of callers, account validation, fraud protection, and network usage surveillance. Verizon, scared that they were being cheated out of their money, demanded that Vonage pay them a hefty $200 million, and cease and desist operations immediately.

The next significantly major event occurred on the 8th of Match in 2007, when a jury found Vonage guilty of infringing upon three of the patents held by Verizon – they were acquitted of infringing upon two others. As part of the judgment, Vonage was ordered to pay $58 million dollars, along with a 5.5% royalty rate for every new sale, to Verizon. As could be expected, Vonage felt that the verdict was unfair, and promised to appeal the decision. The patents that Vonage was found guilty of having infringed upon deal with the manner in which VoIP customers were being routed and connected to customers on traditional telephony grids; the implementation of basic call-waiting and voice-mail services; and also, how the protocol handled the use of Wi-Fi handsets in conjunction with the service. The other two patents were also found to be valid, but, according to the jury, Vonage didn’t infringe upon them.

Right after the verdict was handed down, Vonage announced that the existing Vonage customers, some 2.2 million subscribers, would not have to endure a loss of service because the company was working on getting a technological workaround in place. It quickly became apparent that the proposed workaround would probably take a lot longer than Verizon and the courts might be willing to wait. In light of this, Vonage managed to reach an agreement with VOIP, Inc. on April 3rd, 2007, that would allow them to use their infrastructure to continue service without interruption. This arrangement quickly took care of two out of three patent infringements.

Three days later, on April 6, the federal court of appeals handling the case granted Vonage a temporary stay, meaning that the company would be able to sign up new customers while the appeals process takes its course. Seeing as how the time from suit to verdict in round one took roughly nine months, this legal struggle may not end soon.

Although Verizon may have won the battle, the war is far from over. There seems to be a wide contention that the court has interpreted the Verizon patents too broadly. After all, two of patents deal with translating an IP address into a phone number – how basic is that? The third is hardly any less trivial; it deals with getting a call through to a short-range wireless device, such as a cordless home phone. If Verizon ends up winning the war as well, it could definitely set a very dangerous precedent for other big-name Telco’s. In light of the monopolistic nature of Verizon and friends, it wouldn’t seem unreasonable to assume that they might try to go after the rest of the VoIP community as well. Vonage was first, might Skype be next?

Regardless of whether you’re into technology or not, you’ve probably heard various horror stories of how hackers have managed to commandeer the PCs of unsuspecting users to do their bidding. Traditionally a hacker would need to get a malicious piece of software – a.k.a. viruses and spyware – onto the intended victim’s machine before anything harmful can take place. Most computer users are aware of these dangers and have taken actions to prevent infection, such as installing anti-virus and anti-spyware software. The vast majority of users also hide behind some sort of request filtering system, be it a NAT router or even the standard Windows Firewall. Having these measures in place, along with some good computing habits, like not opening random links in e-mails, probably save many users a lot of potential hassle, and most likely also provide some ease of mind. Well, those days are over, because there’s a new hack in town.

A few weeks ago at the ShmooCon conference, Billy Hoffman, the lead engineer of SPI Dynamics, informed the security community of an exploit that had come to light along with a tool that he had developed that would be able to exploit the vulnerability to take advantage of any machine, running any browser, on any operating system, to do almost anything. The program, named Jikto, consists of a rather simple JavaScript that can be embedded in any Web page, and can be surreptitiously run upon loaded the page.Let’s start off with an example: With Jikto, a hacker could potentially scan a corporate network and “fingerprint all the Web-enabled devices found and send attacks or commands to those devices,” without any interference from a firewall, since all of this can be run directly from the browser. To a firewall it would this would be perfectly acceptable, since it would appear as if the user requested this to happen. Continuing with Hoffman’s example, once a hacker figures out the router brand and model it would be fairly trivial to send it a few commands to reconfigure the router to drop the encryption or change the password. And, to make matters even worse, it would also be possible for a hacker to mask the attack in such a way as fool the IT techs into thinking that the attack came from an insider, instead a hacker thousands of miles away.

So how exactly is Jikto supposed to do all this? Once a casual Internet surfer visits a site that has Jikto embedded in it, the JavaScript will execute. Jikto will essentially take over that browser and turn it into a scanning tool that can then scan other websites for cross-site scripting or SQL injection vulnerabilities and report any findings back to a third party, probably a hacker. Once a target is located, a hacker can then inject targeted code into the website through the vulnerability that Jikto has found. This code then has the potential to filter down from the website to the company’s network and into a specific Web-enabled device.

Not only will Jikto be able to find and report on cross-site scripting or SQL injection vulnerabilities, it will also be able to self-propagate, much like a worm, using these same cross-site scripting exploit. From this new location it will then be able to infect and commandeer the browsers of other unbeknownst users. Since Jikto only takes over the client’s browser, and does so silently without alerting the user, it does not affect any other part of the machine, which is part of the reason that traditional security applications will have a harder time catching it.

So, at the center of this potentially devastating exploit tool is Web 2.0, or more specifically, the ubiquitous use of JavaScript to enable AJAX—a programming technique designed to make sited more user interactive; think Digg.com. On the one hand, it may seems surprising that a tool like Jikto took so long to appear, since JavaScript as been used for almost a decade now, and the exploit that is now being used is certainly nothing new. But then again, a tool like Jikto can only be truly effective if a great number of sites have JavaScript enabled, forcing users to do the same. The success of Jikto depends on the number of PC that it can be run on, much like BitTorrent in a sense. As Steve Gibson explains, “Jikto runs in a web browser and distributes the bug-hunting task across multiple PCs.” What makes Jikto so incredibly dangerous is that it’s immune to all current anti-malware solutions. The only true way of stopping what Jikto is capable of would be to browse without JavaScripting enabled. Unfortunately, doing so would break a vast number, if not the majority, of websites today. Even for a simple blog, such as this one, to work correctly JavaScripting has to be enabled.

The reason that Jikto has managed to garner so much attention in the last few weeks is the fact that it’s a very clever way of scanning for vulnerabilities using a language that practically any browser can understand—even certain cell phone browser will succumb to its will. In the words of Billy Hoffman, “Jikto going to drastically change the scope of evil things you can do with JavaScript.” Continuing on, he states that “Jikto turns any PC into my little drone. Your PC will start attacking websites on my behalf, and you’re going to give me all of the results.” Coming from white-hat hacker Billy Hoffman, this probably sounds more sadistic than it really is, since he has refrained from releasing Jikto into the wild. Unfortunately, there have already been reports of sightings of the Jikto’s source code. The eventual appearance of Jikto, or rather some program like it, is pretty much inevitable. Once the hacker community knows that the exploit exists and how to implement it, writing a program to take advantage of it is really quite trivial.

For more information about the vulnerability of JavaScript check out Steve Gibson’s podcast Security Now! and also take a look at these webcasts for SPI Dynamics.