http://blogcritics.org/ A sinister cabal of superior bloggers on music, books, film, popular culture, politics, and technology - updated continuously. en Copyright 2005-2007 by the authors Mon, 18 Jul 2005 18:45:12 EDT http://backend.userland.com/rss Blogcritics.org custom software http://blogcritics.org/ Phillip WinnSunday, August 26, 2007, marks the switch of all Blogcritics.org article feeds from full-content to short-content. This is the result of several converging factors, and is unfortunately a permanent decision (as permanent as any decision can be on the web, that is). We are aware of all of the reasons that this is a Bad Idea, and we are aware that some of you will be quite upset about having to click on something to read the free content, and we're sorry. Unfortunately, despite great effort, full-content feeds are not currently economically viable. Two other factors are involved: full-content feeds have resulted in an unprecedented level of content theft, with BC content appearing on many websites, usually spam sites, without attribution or permission. This duplicate content causes a cascading set of problems, not the least of which is that search engines generally aren't favorable to duplicate content, and don't always guess correctly. Finally, our RSS advertising partner is strongly in favor of short-content feeds. We hope that you'll continue to subscribe to BC via RSS, and when an article grabs your eye, it's only a click away, still free on the BC website. Thank you for your understanding. Administration0@blogcritics.org Sun, 26 Aug 2007 12:00:00 EDT http://blogcritics.org/archives/2005/07/18/184512.php The ProprietorSunday's New York Times (registration required) had a very interesting article about spyware-infected PCs being thrown out instead of being repaired. The introduction to the article provides much fodder for commentOn a recent Sunday morning when Lew Tucker's Dell desktop computer was overrun by spyware and adware - stealth software that delivers intrusive advertising messages and even gathers data from the user's machine - he did not simply get rid of the offending programs. He threw out the whole computer.Mr. Tucker, an Internet industry executive who holds a Ph.D. in computer science, decided that rather than take the time to remove the offending software, he would spend $400 on a new machine.He is not alone in his surrender in the face of growing legions of digital pests, not only adware and spyware but computer viruses and other Internet-borne infections as well. Many PC owners are simply replacing embattled machines rather than fixing them."I was spending time every week trying to keep the machine free of viruses and worms," said Mr. Tucker, a vice president of Salesforce.com, a Web services firm based here. "I was losing the battle. It was cheaper and faster to go to the store and buy a low-end PC." My initial reaction was sheer amazement that the holder of a Ph.D. in computer science would not invest any effort in trying to salvage or repair the machine. Admittedly the spyware wars are getting much nastier, where the active countermeasures against removal have been accepted and implemented by the more "mainstream" malware providers (e.g. Direct Revenue's Aurora, a nasty piece of work that is the constant topic of discussion on spyware removal forums), however, isn't it odd that someone who should be providing thought leadership toward academic and commercial computing wouldn't wish to even take the simple expedient of formatting his hard drive and reinstalling his operating system? Surely as an Internet executive he has access to some resource in his company capable of performing that relatively simple task, or his academic connections could certainly find him an intern or student willing to wipe and restore the machine. The idea of throwing a perfectly good computer out merely because of a spyware infestation is so astonishingly wasteful (perhaps some student or deserving organization could use it?) that it boggles the mind.Although many organizations (especially in financial services) will swap out a PC at the first sign of this kind of trouble, the infected PC will quickly be wiped and reimaged and put back into service as soon as it's needed by another user. It's somewhat instructive that a computer science Ph.D. could not think of taking the simple precaution of having something like Norton Ghost at the ready to reinstall his operating system in the event of a massive meltdown, nor is there any mention of his data protection strategy. There are many, many good and dedicated volunteers on various anti-spyware forums that give many hours of their time to eradicating these pests from strangers' computers, and yet I find it interesting that someone such as the gentleman mentioned in the article would not even expend the effort to keep his own system free of malware much less even try to seek out a solution to his issues and share that experience such that hopefully another person will not be as impacted as he was.Then again, consider the environmental impact. Lord knows I'm not a tree-hugger, but I really am appalled that someone would simply throw out a computer, fill up landfills, and not consider his actions - it's obvious that more people are taking this course of action, and it says something rather sad about our society's need for immediate gratification and not taking the long-term view. Sci/Tech32793@blogcritics.org Mon, 18 Jul 2005 18:45:12 EDT http://blogcritics.org/archives/2005/05/20/134720.php The ProprietorI made a commitment to myself and my blog readers a long time ago to stay far away from referring to Mr. Jackson until the conclusion of the present affair unless the situation positively demanded it, and other than the odd snarky comment occasioned by something too painful to pass up, I've kept to that. It's been mildly amusing to observe the fanatical defenses offered up by his hugely partisan fan base (I mean, come on, quitting your job in order to stand outside the courthouse to scream "Innocent!" does raise a few questions about people's connection to reality), but the entire affair has been extremely low on my radar (and for the record, my position on the current affair is innocent until proven guilty, and not being there nor following the events in any manner, I have no reason to change that outlook). For the non-cognoscenti, Godwin's Law states "As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one", and some of the corollaries are applicable to the subject matter (although of course The Gloved One isn't explicitly mentioned, then again, Sir Isaac Newton had no way of imagining a Saturn V when he came up with F=ma). Case's Corollary to Godwin's Law states "If the subject is Heinlein or homosexuality, the probability of a Hitler/Nazi comparison being made becomes equal to one", and of course the intelligent reader can subsitute Michael Jackson for Robert Heinlein in this case. So what does Michael Jackson have to do with Godwin-ing a thread? The thread is occasioned by an interview given by a second-hand source, Shmuley Boteach. In an op-ed in the May 19th issue of the Jerusalem Post(registration may be required), Rabbi Boteach recounts a conversation he had with Michael Jackson at one point, regarding how he could reach the good even in the most evil of people: SB: What if they were like the Nazis, just evil people?MJ: I can't imagine that I couldn't reach their hearts in some kind of way.SB: So you believe that if you were face to face with Hitler you could...?MJ: Absolutely. Absolutely! He had to have had a lot of yes people around him who were afraid of him.SB: You believe that if you had an hour with Hitler you could somehow touch something inside of him?MJ: Absolutely. I know I could.SB: With Hitler? Come on. So you don't believe there is anyone who is completely evil and there is no way to touch them? So you don't believe in punishing the wicked because then...?MJ: No I believe you have to help them, give them therapy. You have to teach them, that somewhere something in their life went wrong. They don't see what they do. They don't understand that it is wrong a lot of times.SB: But Michael, there are clearly people who are irredeemable. Like Hitler. He was evil incarnate. There was no humanity there for you to address. You'd be speaking to the abyss, to a darkness like you never before witnessed. What about someone who has killed a lot of people? Don't you believe that there should be no therapy for them? They are murderers and they need to face extreme punishment.MJ: I feel horrible about it. I wish somebody could have reached their hearts. If indeed the recounting of the conversation is accurate, the naivete of Michael Jackson is appalling. For someone who was quite willing to play the race card when it suited his purposes (Tommy Mottola, anyone), to think that he could "heal" and "give therapy" to Adolf Hitler is absolutely mind-boggling. Of course, some of the more naive peace activists of the past thought similarly. Gandhi's letters to Hitler addressing him as "my friend" in his naive peacemaking effort are interesting footnotes to his canonization - not to mention his infamous "I do not consider Hitler to be as bad as he is depicted. He is showing an ability that is amazing and seems to be gaining his victories without much bloodshed" and his notorious interaction with his biographer: When his biographer, Louis Fischer, asked him in June 1946 if, in light of the Holocaust, he regretted the words he had addressed to Germany's Jews, Gandhi said: "Hitler killed five million [sic] Jews. It is the greatest crime of our time. But the Jews should have offered themselves to the butcher's knife. They should have thrown themselves into the sea from cliffs." Fischer asked: "You mean that the Jews should have committed collective suicide?" Gandhi answered: "Yes, that would have been heroism." Of course, other celebrated naifs made comments about how they could have "healed" Hitler - most notoriously a certain Beatle wife (hint - it wasn't Cynthia, Linda, Heather, Patti, Olivia, Maureen or Barbara) said she would've only needed ten days with the Fuhrer to address his issues.As to Mr. Jackson's comment (if indeed it is accurately recounted), its obliviousness is staggering. While there is of course the concept of religious redemption in many sects, the thinking, ethical person cannot fail to be amazed at how someone could feel that Hitler (or for that matter Stalin, Bin Laden or Pol Pot) could be redeemed by a pop singer. Mr. Jackson likes to cite his healing and good works, of which there are many. However, for all those good works, he insults the intelligence and fortitude of those who fought to remove that greatest of evil, as well as the victims of it with a comment of appalling hubris. It seems that Mr. Jackson's craving of sainthood will be facilitated by his self-positioning as a martyr. Culture29826@blogcritics.org Fri, 20 May 2005 13:47:20 EDT http://blogcritics.org/archives/2005/05/02/212120.php The ProprietorThe highly anticipated reunion concert series began last night, opening with "I'm So Glad", and the full gamut of Cream classics, including an encore of "Sunshine Of Your Love". The interesting thing about last night's photo of Cream is the difference in instrumentation from Cream's classic period. Clapton of course was known for Gibson guitars through Marshall amplifiers, with the tone controls rolled back for what became beloved by guitarists and aficionados as the "woman tone". Clapton (at least in the above photo) is playing a Stratocaster, which has pretty much defined his tone since 1970 (to the chagrin of Cream and Bluesbreakers fans). Sources indicate that Clapton used his Cornell amplifier for the gig.Update: A review from the Telegraph says: When I first heard that Cream were getting back together for a series of concerts at the Albert Hall, I called out across the arts desk: "I have to be there."This, surely, was the mother of all reunions, the great sixties super group back together on stage 37 years after they called it a day - and in the very same concert hall where they performed their farewell show in 1968.I had good reason to stake my claim to that precious reviewing slot: Best of Cream was the first album I ever bought, a precocious teenager hooked on the British blues boom of the sixties, but this one was personal. Along with the excitement came the nagging worries. The three members of Cream are all now in their sixties. Drummer Ginger Baker has an arthritic knee. Bassist Jack Bruce has had a liver transplant. Would it be a night to recapture the magic of their famous semi-improvised jams, or would it be turn out to be an embarrassment, three wrinkly old rockers desperately trying to recapture their glorious youths? Well, it didn't exactly hit the ground running. Having been greeted with a huge roar of affection from the crowd, they limbered up with the lightweight I'm So Glad. Eric Clapton rattled off a so so solo. Bruce sounded tense.Song two, the slow, slinky blues of Spoonful, was more encouraging: Bruce's voice started to show some grit, the music began to click. Clapton's solo here was sharper, fiercer, more fluent. Strange, though, to see him as just one third of a band, rather than as the star of the show. When they'd been on stage for 20 odd minutes I did begin to wonder whether this was going to be a bit of a letdown: another slow blues tune, Sleepy Time Baby, reinforced this impression. Then came NSU, their first chance to embark on one of those famous instrumental excursions. Baker drove the song along in his utterly distinctive and deceptively easy going style, Bruce's fingers were flying, Clapton began to strut. Then came Badge, and Clapton gave us one of his yodels. Finally, Cream were up and running.Politician was dark and groovy. Rolling and Tumbling, with Bruce on harmonica, was sensational, an express train of a song, hurtling along with purpose, power and unstoppable momentum. For the first of many occasions during the evening, I had to sit, blink, look around the stage and remind myself that I was watching Cream at the Albert Hall - and they were very, very good. Inevitably, they were a diminished version of their former selves. There was less of the brutal physicality that used to be their hallmark. Bruce periodically reclined against a high stool, songs such as Crossroads were taken at a slower lick. They are not young men, and they were not playing, as they once did, as if their lives depended on it. But they were never less than good, often brilliant, occasionally inspired. And they got better as the night went on. White Room was massive, glorious. Many reunions are tawdry, half-baked affairs. But this one was different, special. It didn't quite live up to the expectation, but still: in years to come, I'll be able to say with pride: Cream, Albert Hall, 2005. I was there Although there's no official word, I would assume that such a momentous occasion would have an eventual CD or DVD release, if anything just to see that Cream's live legacy isn't left for posterity with the extant wretched recordings and films. Music28957@blogcritics.org Mon, 2 May 2005 21:21:20 EDT http://blogcritics.org/archives/2005/04/04/221901.php The ProprietorAn article in yesterday's "The Independent" notes that Mojo Magazine has selected its top ten rock films of all time. Most of the list is unsurprising, and I doubt you'd get much quibble about any of the top four films being on any such list, short of rankings (for what it's worth, "A Hard Day's Night" would be my personal #1). The inclusion of "The Filth And The Fury" or "Westway To The World" over "The Kids Are Alright" and "Stop Making Sense" puzzles me, and how any such list can be considered complete without "Woodstock" is altogether beyond me. Other concert classics such as "Wattstax" and "Monterey Pop" receive no mention. The article does indeed bring up the point of how do we really define what a great rock film is, whether it's a document of an event, a fictionalized version of reality, or just a related story where rock is essential to the plotline. Lists such as these are very subjective exercises, and I would be sure that there'd be six opinions on the composition of such a list for every five rock fans. I tend to lean toward the documentaries, although my personal favorite nicely captures that feel (albeit with a large helping of English absurdity; I still think that even though the concert scene was staged, it really captured the power of the music that even the great rock documentaries didn't). Some other notable omissions from the list (I really loathe the "ten best" formats for their inherent limitations and compromises) would be (IMSHO), "Don't Look Back", "The Concert For George", "Hail Hail Rock And Roll", "Standing In The Shadows Of Motown" and most interestingly (and tantalizingly unavailable, except in bootleg or severely bowdlerized form) "The T.A.M.I. Show" and "The Big T.N.T. Show".Mojo's list:1. This Is Spinal Tap 2. The Last Waltz 3. A Hard Day's Night 4. Gimme Shelter 5. The Wall 6. Ray 7. The Filth And The Fury 8. Quadrophenia 9. Westway To The World 10. Help! Music27745@blogcritics.org Mon, 4 Apr 2005 22:19:01 EDT http://blogcritics.org/archives/2005/03/26/115411.php The ProprietorDespite my near-certainty that no Attorneys General nor other political movers and shakers read my missives, I thought I would present the outline of a manifesto regarding adware that might possibly be useful for some realistic form of legislation down the road. Realistically of course, any such legislation would immediately cause a relocation of any corporate presence of adware "providers" away from the jurisdictions in question (presumably offshore), however, a bit of teeth in the legalisms around it might actually force some form of equitable resolution. To be brutally honest about it, some form of legitimate pervasive adware is likely, perhaps not inevitable, but advertisers will do anything to get their message across (been to a movie or a stadium lately?) and while there's still time, the situation should be addressed through strong legislation (sure to be opposed by every marketing constituency) that would make things a bit less onerous on the end user. The science fiction story (was it Heinlein or Asimov?) where advertising robots followed people around ubiquitously and cannot be turned off is a depressing possiblilty if sufficient controls aren't put in place soon.First and foremost is identity. Any adware producer should clearly identify themselves, not only in any installation attempt, but there should be updated contact information in any adware control panel that will enable anyone to contact the adware provider, either in the business or technical domain. This must be complimented by strong controls on code-signing (are you listening Verisign and other CAs?) that verify the company is who they say they are, that any digital certificates issued to the company are short-lived and that there is an ongoing recertification process by the CA to continue to verify that the holder of any certificate is indeed reachable. This could of course be a win-win proposition, in that it would allow for increased fees to the CA or such other agency that would vouch for the adware provider's identity (perhaps Choicepoint?) , and that any truly legitimate provider of adware would be glad to pay for to establish that it's being constantly vetted. As to the overall economics of the situation, somebody will end up paying those fees (the advertisers of course) and as to whether it would remain economically viable is a matter of conjecture. The stick of course is that whoever issues any identity documents to an adware provider is on the hook for the adware provider's actions, and if they go rogue, the affiant will get hung for any damages incurred.The matter of identity can't be overstated enough, as any adware component must be clearly indicated with a positive indication to the customer that they are installing adware from XYZ Company, and that they are going to receive adware as part of the bargain in getting whatever else they've been promised. There's been some legal talk here and there that clicking an OK button is indeed an electronic signature indicating affirmative consent, but of course given the penchant for the installers to put phrases such as "Required Update" and the like in bold on the installers, the average PEBKAC will merely click and not think about the consequences. I would think that something requiring an affirmative response would be much more appropriate, for example the technique used by some web sites of presenting a distorted set of letters and numbers that must be keyed in by the user in order to proceed or access content, or for that matter requiring the user to respond to an e-mail, where they would need to click an URL and again affirm their desire to install the adware. Again, win-win situation. The adware guys are protected as they have a record of affirmative actions taken by someone to actually get the thing installed on their PC, the end users have multiple chances to stop any installation, and even just doing nothing will abort it.Adware should have a control panel visible to the user, be it in the system tray, some application, or even an applet in Control Panel (pardon me for sticking to the Windows paradigm for purposes of this discussion). This control panel should have the ability to turn ads on and off at the user's discretion. Of course, if there's a program such as a P2P client or other such nonsense that depends on that adware running, it of course should have the option of refusing to start or shutting down if the ad generator isn't running. Fair is fair, after all. If the PEBKAC desires the use of that program, he/she puts up with the ads. Said control panel should also provide for the complete uninstallation of the adware. That means everything, DLLs, config files, data caches, registry entries, you name it. The program should also be uninstallable through the standard mechanisms (Add/Remove Programs) and in addition, there should be instructions for manual removal if all else fails (the vast majority of people won't be able to use regsvr32 but if they have a friendly techie nearby there will at least be a step-by-step checklist available on how to get rid of the thing). Absolutely nothing must be done in a stealth manner, everything must be done through the highest-level APIs possible.The concept of an independent code review for adware is appealing, but probably wouldn't fly just on the basis of trade secrets, but the thought of putting someone on the hook for the code analogously to Underwriters Labs for electrical equipment is appealing. The question is who would best be capable of doing such reviews, and what would such reviews entail. The purveyors of certifications such as TRUSTe, BetterWeb and WebTrust would probably be logical places to look first, but their own risk management rules would probably prohibit them from engaging in this "do no harm" certification, which of course would entail lots of integration testing in various configuration permutations. In essence, this would involve creating a new insurance product, but the carrot and stick would be carefully defined in such a way that any failures demonstrably linked to an adware product will have consequences for both the adware producer as well as its certifier/insurer/assurer. Needless to say I can easily envision no-fault laws quickly being drafted if such measures were taken.The behavior of adware would need to be carefully defined. The Hippocratic paradigm of first doing no harm would be essential, so at least the following characteristics would have to be required of any adware program approved for general use: Not to obscure or interfere with any other open programs on the desktop environment. Simply put, no windows for GM products obscuring your attempt to view the Ford site. Something along the lines of a small sticky note sized window (in a corner or a user-defined location), possibly flashing to get your attention (in the same manner as a program with an open dialog box might flash the taskbar) might be acceptable if unobtrusive enough. Not to transmit any identifiable URLs to a central database. I know it'll seriously undermine the data mining that they want to ahem, add value to their ahem service, but there may be session IDs, CGI parameters and the like that aren't stripped out when reporting. I would imagine that aggregated domain information would probably prove acceptable (I don't think that anyone would much care if adware said Joe Shlabotnik checked CNN eight times today, but a deep-dive into the URLs is bordering on unacceptable. Imagine checking your portfolio and having the URL reported to a central database and suddenly getting targeted investing spam..... Not to hook the keyboard interrupt. Goes without saying, as you're dangerously close to a keylogger here, and not everything is for data mining purposes. Limit the amount of ads served up. Even though they're getting increasingly longer on commercial TV, there should be a finite number of ads served up in any given time period. I would suggest that a maximum of one ad in ten minutes would probably be the absolute upper limit. Anything more will degenerate into annoyance or confusion for the user who might actually be trying to do something useful. Once an ad is dismissed, it should stay dismissed. Allow types of ads and individual advertisers to be banned by the end user. Goes without saying, as ads for porno shouldn't be popping up when the kiddies want to see Mickey Mouse. Bans should be pervasive and cannot be lifted remotely by the adware provider. No undocumented APIs should be used in the software or in its installation process. In other words, no rootkit installations. There should be no obfuscation of the adware's location, filenames and registry keys. Filenames should not be randomly generated for purposes of frustrating removal or disabling the software. All GUIDs associated with the software shall be published so as to facilitate troubleshooting systems impacted by installation of the software. There should be no changes or impairment to system function by the adware. Specific no-nos would include installation of hosts file entries designed to redirect legitimate traffic to affiliated adware sites, changes to the IP protocol stack, installation of any Browser Helper Objects, installation of dialers, installation of any toolset designed to limit the functionality of the system with respect to its status prior to the adware's installation, no attempts to "phone home" other than to pass non-identifiable aggregated data (an unlikely scenario, as the source IP addy will be quite visible on the receiving end, therefore it will still be somewhat identifiable), no attempts to download and install updates or upgrades to the adware without the express consent of a privileged system user, and no attempts to download or install any other adware or similar software A quote unquote legitimate adware provider should be required to be an active participant in computer security efforts, as their systems do provide a new infection vector for various net nasties, and increasingly often, virus writers deliver adware as a payload in addition to their other nasties, so the onus should be placed on adware firms to cooperate with CERT and the like to provide uninstallers and other toolsets to facilitate any unintended installation of their software. Then again, those virus writers who are doing this sort of thing are delivering payloads from companies that are definitely operating on the shadier side of the curtain so it leaves open the possibility of a "joe job" being done against an adware company that might indeed be playing by the rules.I would imagine that some adware companies might actually approve of some of these suggestions, particularly the more visible ones such as Claria and Cydoor in order to legitimize their perception, and there have been some steps taken such as joining COAST (an anti-spyware consortium), but given the track records, there's a perception amongst the user community that this is a window-dressing tactic. The bottom feeders will of course operate on the outskirts of any legal framework imposed, and the marketing lobbyists will fight any such attempts to impose sanity on these cowboys with all of their considerable resources.This article was originally posted by me at The Farbissiner Paskudnyak in a slightly modified form. Sci/Tech27299@blogcritics.org Sat, 26 Mar 2005 11:54:11 EST http://blogcritics.org/archives/2005/03/21/202200.php The ProprietorI had just come home from a dreary day in junior high school in 1971 and flipped on the television for a quick look when I happened upon something completely unexpected on Channel 13. Our local public broadcasting station, as staid and frankly boring an outfit as one could imagine, having all of the hipness of an appendectomy, had some live rock gracing its airways. School books forgotten, I was fascinated by the taciturn guitarist playing a beat-up Fender Telecaster, coaxing some astonishing sounds out of it in ways that seemed even beyond what Page and Beck were doing. The show of course, was the now legendary "Introducing Roy Buchanan", commonly (and very incorrectly) known as "The World's Greatest Unknown Guitarist"."Introducing" was a bit of a holy grail for me to find, as it was seemingly nowhere to be found. I frequented various record shows and conventions and came up with bootlegged copies of various items of interest from the sands of time but my mention of "Introducing" only induced blank stares from most of the purveyors in the dealers rooms at these shows. I began to doubt my memory, and let the matter fall by the wayside as other priorities took over. About two years ago, when perusing eBay for various items, on a whim, I searched for Roy Buchanan video, and I was delighted to find a VHS copy for sale. No Buy It Now, so I had to sit there and snipe for it, but less than a week later the tape popped up in my mailbox, and I was once again hooked.The show had several distinct parts intercut, a rare visit home to Roy's parents in Pixley, California, which (somewhat disingenuously) tried to show his roots, a series of jams with influences and favorites, including Merle Haggard, Johnny Otis and Mundell Lowe (the latter playing an unbelievable duet with Roy on "Misty"), and a live concert staged at WNET's Manhattan studios that showcased Roy and his band at the time, the Snakestretchers. Future E-Streeter Nils Lofgren even joined Roy and the band for an extended jam on the show. The Snakestretchers were a bar band, first and foremost, a bit sloppy here and there, and a bit goofy as well (percussionist Marc Fisher's exaggerated movements make Ray Cooper's shtick seem sedate).The music is what wows you in this show. Aside from the aforementioned "Misty", Roy shows off his gentler side on his parents' back porch with his Telecaster plugged into a small amp with an astonishing display of circle picking, pedal steel-inspired licks when playing along with Merle Haggard, "chicken pickin" while backing up a church service, plus his concert tours de force, "Sweet Dreams" and "The Messiah Will Come Again". "Sweet Dreams" takes the old Patsy Cline song to another plane, with its exquisite slow bends and volume swells, and "Messiah" runs from anguished country blues to Page-like excess, again with Roy's lightning neck runs, pinched harmonics and his uncanny ability to make the guitar seem like it was crying and talking. Timing concerns caused WNET to fade out "Messiah" on the broadcast, but every time it aired, the performance generated a lot of phone calls asking about this awesome guitarist.Buchanan's career was very checkered, and other than his very first album, his records didn't really capture Buchanan's smoldering passion for playing. Most of his records were disjointed jams, and frankly, his singing was better left unheard. The recordings were corporate affairs, trying to capitalize on the "guitar hero" aspect of the times, but looking for something commercial, which truth be told, Buchanan wasn't. He was a player's player. I saw him on several occasions at places such as The Bottom Line and My Father's Place, with bands that were looser and sloppier than the Snakestretchers (if such a thing were possible). Roy could be a bit infuriating to watch if you were looking to hear only "Sweet Dreams" or "The Messiah Will Come Again", as he played whatever came into his head that evening, and maybe, if we were lucky we'd get one or the other (on one rare occasion we did get both pieces in the set), but as a guitarist sitting in the front row eagerly absorbing every note, you know you'd be challenged, frustrated and ultimately awed by seeing Roy in concert.Roy's death is still the subject of conjecture, and to some extent his recorded legacy needs to be managed better. I would imagine that releasing this and perhaps some of the other extant footage of him would go a long way to acknowledging this legendary player's talents. Music27064@blogcritics.org Mon, 21 Mar 2005 20:22:00 EST http://blogcritics.org/archives/2005/03/19/093335.php The ProprietorWhat circumstances could bring pornography, Air France, Apple Computers, Vonage, Netflix, and J.P. Morgan Chase together? The installation of adware on your computer. As I've previously posted, there's definitely a distinction between adware and full-blown spyware, but in the case of some adware, when you click on a URL that some adware advertiser is targeting (either as a competitor or an upsell), the adware will often generate an ad that obscures or obstructs your view of the site you originally intended to go to. Ben Edelman documents this behavior in articles entitled Advertisers Supporting eXact Advertising" and Documentation of Gator Advertisements and Targeting. Mr. Edelman specifically notes that in the case of eXact, a file is downloaded to your computer which has detection rules for URLs, and matches them with the "appropriate advertiser". If you read The Motley Fool, that URL is paired with an ad served up from a URL that starts at Real Media entitled "BullsEye Network Offer". In itself, this would be only a minor annoyance, were it not for the theft of bandwidth and computing cycles, however, Mr. Edelman had some very interesting observations as to the breakdown of advertisers. Out of 818 ads, approximately 281 ads (just over 34%) served up were for adult-oriented (pornographic, gambling and sexual health) advertisers. The consequences of ads of this sort showing up on a PC used by the entire family are not difficult to imagine.Mr. Edelman's pages provide a valuable service, in telling us which advertisers think so little of us, their ultimate customers, that they would support adware to get their message across. Conversely, some of the good guys, such as Verizon and Wells Fargo, who eschew adware are identified.Other than the damage adware is doing to people's computers, the amount of money involved is causing adware "providers" to file lawsuits. CloudEight, a maker of computer wallpaper and stationery, has been threatened with legal action by Hotbar, and iDownload's attorneys have been firing off threatening letters.I would hope that some Attorneys General might bring some scrutiny on the adware industry, however, the amounts of money that are undoubtedly at work here can buy an awful lot of lobbying.... Sci/Tech26968@blogcritics.org Sat, 19 Mar 2005 09:33:35 EST http://blogcritics.org/archives/2005/02/24/105059.php The ProprietorA news item on CNET yesterday brings us the intriguing news that Claria Corporation has been named by the Department of Homeland Security to a federal privacy advisory board. The board's membership includes representatives from firms such as IBM, Intel and Oracle, however, Claria's inclusion is either puzzling or very telling. You see, Claria used to be known as Gator, and is known for its adware, which as I defined in a previous post is software that delivers random ads to your desktop system occasionally targeted on the basis of what you're looking for or at. Adware of course is rarely intentionally installed, usually it's bundled with some other software which provides some functionality the end user desires (e.g. P2P clients) and it's often installed by other adware or malware that makes its way onto unprotected computers. The average end-user would probably classify Claria's products as spyware, which of course gets into the semantic issues I talked about here, and I would suppose a case could be made that it indeed is intrusive on privacy to the point where if you search for "Ford" and an ad for GM pops up, then the classification may be somewhat applicable (although if it's not sending information to a remote system for collection it's not in the strictest sense spyware). Claria's products have been documented as being targeted and designed to appear at competing sites, which has resulted in litigation in the past.The interesting question is what value does an outfit like Claria bring to the table in this context? Is it data mining expertise? If so, does that indeed take them from the adware to the spyware classification. Is it expertise in stealthily installing persistent code? Is it deep knowledge of system internals that our friends in Redmond don't care to share? Sci/Tech25948@blogcritics.org Thu, 24 Feb 2005 10:50:59 EST http://blogcritics.org/archives/2005/02/23/120440.php The ProprietorNeedless to say that attorneys have found their way into the spyware wars, and unfortunately some firms have chosen the dark side. In what appears to this layman's eyes to be a prelude to a SLAPP (or similar suit), or merely an exercise in brinksmanship, several web sites, include CastleCops and Spyware Warrior have been contacted by an attorney for a company called iDownload with a demand that they cease and desist referring to iDownload's ahem, product as spyware or malware.The problem of course is one of semantics. The average end-user cannot differentiate between adware, spyware, and malware (another interesting categorization is foistware, i.e. something that is foisted upon you either through obscurity, non-disclosure, or by making something you want to run dependent on the foistware; one of the earlier battles in the war on this type of application involved replacing a spyware .DLL file that the particular software looked for with a dummy, benign version). For purposes of this discussion let's define adware as software which serves up advertising and does nothing more, spyware as software which may have some adware components but which records information such as URLs visited and passes that information along to its master, and malware as software which may have some adware components, but which makes extreme changes to system settings, actively tries to frustrate uninstallation attempts, installs additional software without informing or obtaining the consent of the user, and which attempts to control the user's online behavior (through redirecting sites and forcing the user to go to the malware's preferred sites; the "logic" being that the forced traffic to those sites will of course increase their advertising revenue). iDownload objects to being categorized as spyware or malware, however, Symantec calls it precisely that: Spyware.ISearch is an Internet Explorer Browser Helper Object and functions as a toolbar. It is a search hijacker and also tracks user activity on a remote server at isearch.com.Microsoft AntiSpyware also categorizes it as such.The letter from the attorneys asserts otherwise: ....characterization of iSearch as Malware is damaging to the iDownload brand. As we all know, Malware is a phrase within the public conscience that has a specific meaning. A classification of Malware is usually reserved for those programs designed specifically to damage or disrupt a system, such as a virus or a Trojan horse, iSearch does not fit this profile. iSearch does not qualify as Malware. iSearch is a toolbar that in no way attempts to remain hidden or evade detection, Continuing, unlike Malware, iSearch does not gather any personally identifiable information about end users, does not collect data about the user's web usage, does not collect any information entered into web forms, does not share information with third parties, does not send or cause to be sent unsolicited e-mail, and does not install items such as dialers on the end user's computer. We would request that you correct your disseminated materials immediately to remove any reference to iSearch as Malware or Spyware. To the extent you fail to remedy your improper disparagement of the iDownload brand on or before February 15, 2005, we will take all necessary action against your company to protect iDownload from your continuing tortuous conduct.Hmmm... If one takes a look at the Win32.Bube.d virus making the rounds, we note that among its various payloads it delivers is an iDownload search product. I don't see any public squawking from iDownload about how their brand equity has been damaged by the authors of this particular virus, nor are they proactively reaching out to the computer security community about assistance with removing it from those end users who got infected with no intention of installing any such adware.And let's take a look at iDownload's end-user license "agreement": redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software. In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer." Notice the bits about installing additional software, including search clients or software from affiliates or third parties. Instead of using Google or whatever your search engine preference is, your searches can be filtered by parties you had no intention of contacting. This extremely interesting post at Wilders Security details precisely what happens when iDownload's iSearch toolbar is installed and when you use their uninstaller. An extremely interesting quote about the iDownload uninstaller is excerpted in the article: Please be aware that many so called "ad ware removers" and "spy ware removers" can cause damage to your computer and may alter your computer in such a way that our automated removal application will not function. At the present time, there is no third party software which is capable of removing iSearch applications. If you have purchased an application which claims to remove iSearch, we encourage you to contact your credit card company and request an immediate reversal with the reason of "Product Not As Described" and/or contact the Better Business Bureau.Aha. They've engineered it in such a way that only they know how to remove it, or are they spreading FUD?The interesting thing about this episode is that security forum operators are being targeted first, with presumably smaller security vendors (pay, shareware or freeware) on the radar. I doubt that iDownload would want to take on the deep pockets such as MSFT, but it's a rather scary broadside in that there are a lot of good folks who volunteer at various venues to help people get control of their computers back who might be intimidated by these tactics.And I wonder just which companies purchase advertising through outfits such as iDownload..... Sci/Tech25896@blogcritics.org Wed, 23 Feb 2005 12:04:40 EST http://blogcritics.org/archives/2005/02/15/204549.php The ProprietorUnfortunately, when you're known as a techie, you get many calls from friends (what we commonly refer to as PEBKACs - Problem Exists Between Keyboard And Chair) begging for help with their recalcitrant PCs. And despite innumerable lectures to them on layered defenses, I often find myself sitting in front of PCs that have outdated or no anti-virus, infested with every manner of spyware and crapware out there.Usually, the first step in cleaning out their machines (if they're indeed salvageable) is to run AdAware and/or Spybot, both of which have been generously released by their owners to assist in the ongoing war against crapware. Lately, I've found AdAware to be somewhat better at the initial scans than Spybot, as it seemed to pick up more problems than the latter, but something popped up a couple of days ago that's made AdAware suspect. This report at Spyware Warrior notes that AdAware no longer considers WhenU, a known adware (I'll refrain from calling a spade a spade in this case) "provider" as spyware. The implications are interesting.Yahoo previously inked some forms of alliance with both WhenU and Claria, another known adware provider, both of which will flood your PC with unwanted ads that are incredibly ill-targeted. This resulted in the Yahoo Toolbar conveniently ignoring the adware as a threat to a PC, and provided a tacit endorsement of adware. The fact that Lavasoft, as a very trusted and fairly ubiquitous presence in the anti-crapware field has succumbed to the lure of lucre from the adware providers underscores not only the need for layered defenses, but even for a cross-check at the same level. Going with both AdAware and Spybot is no longer enough, as I've found that using additional tools such as SpySubtract and BOClean are indicated to guard against the more serious infections (and even those may not be enough).Surprisingly enough, I've got to actually give kudos to Microsoft as they've announced that their anti-spyware solution will be free for end users. Assuming they're agile enough to deal with an evolving threat, it might actually be a workable solution. Indeed, MS AntiSpyware Beta is based on the legacy Giant Anti-Spyware, which was about the best of the lot of the scanners (although it only picked up on 70% of infections according to some studies). Being the proverbial 500 lb. gorilla, they're far less likely to succumb to the lure of ad dollars as some of the smaller firms, however, one can never say what "strategic alliances" may rear their ugly heads in the future. Sci/Tech25565@blogcritics.org Tue, 15 Feb 2005 20:45:49 EST