Stop SOPA (and PIPA)

Stop PIPA, too.SophSoft, Incorporated opposes SOPA legislation.

You may have noticed that today several sites have “gone black” to various degrees.  You need look no further than the main page of Google (on January 18, 2012) to see a good example.

The reason for this is to draw attention to the dangers of the Stop Online Piracy Act (SOPA), which is proposed in the U.S. House of Representatives, and its counterpart in the U.S. Senate, the Protect IP Act (PIPA).

We at SophSoft, Incorporated oppose these acts because, despite the ostensible goal, namely to stop computer piracy (a laudable aim, which we fully support), if SOPA and/or PIPA were to become law, they would fundamentally change the free nature of the internet, while doing little of substance to prevent actual piracy.

The rise of the internet has been the most important cultural shift in the past two decades, bar none, and it has been a catalyst for change throughout the world.  These bills could reverse that progress by allowing sites to be blocked in the United States without due process, and it shifts the burden of policing users to legitimate sites, requiring defacto censorship.  It also provides a blunt tool for unethical practices against online competitors or, in the best case scenario, merely (in essence) assigns much of the control of the internet (in the US) to large media corporations.

One of the most troubling aspects of these acts is that they show a profound lack of understanding of the actual issues, and without due process of law, there would be no opportunity for one to make a case, nor even to correct a misunderstanding.  The “fair use doctrine” is not a bright line rule that is always clear, and these acts could force a company out of business simply because of a complaint about the fair use of an item, or due to an errant blog comment with a bad link (or a good link that was compromised later), nevermind the threat of simple malicious complaints.

Here is a very realistic scenario:  Your sister-in-law gets a tattoo of Winnie the Pooh (Disney artwork) on her butt and thinks it would be fun to post a picture of the tattoo on Facebook; legalities of the tattoo notwithstanding, the litigious owners of Disney find a link to said picture, file a complaint, and Facebook itself could be shut down.

Another example, just for good measure:  A small company like ours produces a game and includes background music contracted legitimately from an artist who is fully paid for his work; EMI decides that one measure sounds a little too similar to something from one of their artists, files a complaint, and our website is blocked.

Clearly, SOPA and PIPA are very dangerous approaches to resolving a significant problem for those of us in the software industry (though, in truth, the acts are still all about protecting large media conglomerates).  If Congress really wants to help the problem, it could provide an expedited legal process for suing those who deliberately infringe copyrights, perhaps with a schedule of default judgment amounts, so small companies could afford to go after the real pirates.  I have no problem with a court shuttering a proven pirate website, but the government already has that power.

For different takes on this issue, please see the Wikipedia and Google (“End Piracy, Not Liberty“) responses.

Finally, let me simply say that any U.S. bills that would use the same methods as those used by the governments of China, Iran, and Syria to suppress political dissent, and are rabidly supported by Rupert Murdoch, whose News Corp saw nothing wrong with tapping phones and illegally listening in to private phone conversations (until they were caught), are definitely to be avoided.

 

Network Explosion

Wired router spontaneously bursts into flames.

Well, that is not entirely true.  There was, in fact, not even any smoke, but one of our wired routers got extremely hot and failed in a worse way.  Instead of a spectacular failure, one that would be immediately identifiable, this router simply began dropping packets randomly, but only on certain paths and for certain protocols.  A complete reboot of the entire network (all servers and equipment) had no effect on the problem.

The way the issue manifest was by almost completely cutting off my office machines from the internet.  I was not able to fetch my email or read web pages from my systems except (annoyingly) every once in a great while when the properly routed packets aligned correctly.  However, I have a rudimentary diagnostic script (pings from a batch file) that I use to identify the source of a failure, and it registered 100% success; I was able to ping to any reasonable internet address and get a proper response.  Likewise, I was able to connect directly to the servers without any difficulty; it was only when trying to use them normally (via the internet) that I got no response.

Finding the source of failure became a bit more difficult because of the particularly aberrant behavior of this router.  The servers that reside behind that router were able to access the internet without any signs of a problem.  Complicating the matter even more was my own failure to confirm the network topography and, instead, incorrectly assuming that the wireless router (which clients had no trouble, either) went through the same router.  Since my office seemed to be the only area affected, the obvious suspect was the local switch, or else the cable (or port) connecting it to the rest of the network.  I had, in fact, already sent out for replacements when I was able to determine (with about 80% certainty) that it was actually this odd failure of the router on the main network.

Replacement router serves its purpose, barely.

As usual, the router failure came at a very inopportune time, right in the middle of a big development push.  Instead of any network reconfiguration, I made the call to simply replace like for (almost) like.  In theory, I could just drop in the new router, configure it the same as the old router, and carry on.  The problem was that the old hardware was Linksys, of pre-Cisco vintage, and the available replacement was D-Link.  Most of the settings translated fairly directly, but differences in era and manufacturer meant that it took a little extra time to find everything and figure it all out.

The biggest issue, however, is that the new router has an apparent design problem not inherent in the old Linksys.  The replacement hardware cannot properly handle loopback connections.  The link explains this in detail, but the gist of a loopback connection error is that a router sends internal packets out to the internet even if they are destined for an address the router handles.  In other words, I can reach my servers behind the router using a private address, but if I try to use the public address (say, ‘sophsoft.com’), it sends my packets to Neverneverland.

Fortunately, the problem only impacts machines behind the same router as the servers, which in practical terms means that it only affects me and my development systems.  I reconfigured a few settings here to work around the limitation in the hardware, and everything seems to be working fine.  The weird thing is that the rest of the world could reach the servers fine, but it is hard to accept that when the closest systems to them (both physically and in network terms) could not.  I was able to test from other systems and from external services.  In particular, I found SuperTool from MxToolbox particularly helpful.

In the midst of this, I also dealt with a stupidity problem with Linux, but that tale will have to wait for another day…

15 Years of SophSoft.com

We have had a web presence for a decade and a half.

On November 14, 1995, our original registration of the sophsoft.com domain was approved.  Back in those days, our online activity was conducted via BBS, CompuServe, America OnLine, and Delphi (albeit briefly).  At the time, we spent about $150 in various fees to secure the domain name, having originally failed to obtain sophisticated.com by about a month.  We had to go through our dial-up provider (before the term “Internet Service Provider” [ISP] was coined) to register with InterNIC, which (as Network Solutions) was in the process of change, including the institution of fees for registering domains.  The domain was a shortening/concatenation of our company name, Sophisticated Software Systems.

Within a year, our company had incorporated as SophSoft, Incorporated, using the domain as the basis for its official name.  Our provider was bought out by another company, ACD.net (which is now our ISP, and one of the largest providers in the state), so we had to figure out how to navigate the domain system ourselves.  At the time, one had to email a specially formatted text message to a particular address in order to make any changes, which (of course) took time to take effect.  We also got broadband via one of the very first commercial cable modems in the country, and were soon running our own servers (which is probably a bad habit that continues to this day).  Our early websites were fairly minimal, built originally via HTML in a text editor.

Today, domain names are easy to purchase and manage, changes are close to immediate (with propagation issues being just a side note), web pages are much simpler to create, broadband is much faster and nearly ubiquitous, and expectations for internet communication are far higher.  All of that makes it fairly ironic that our first site has hardly been touched in five years…

Guilt by [non-]Association

There goes the “neighborhood”.

Going into the past weekend, one of our product sites had a problem in which accessing the page caused a very scary (and completely incorrect) “Reported Attack Site!” message in Firefox browsers, and a similar message in Safari (and Chrome as well, reportedly).  Of the major browsers, only Internet Explorer was allowing direct traffic to two specific pages, because it was the only one that does not (by default, anyway) subscribe to the StopBadware.org database.  To access our site, a user would have to click to ignore a message that said, more or less, “Run away from here and never come back.”

The problem began last Thursday, when FileKicker, a Digital River company that provides download bandwidth for many independent software publishers (including Goodsol Development, until recently), got blacklisted on the aforementioned database.  This meant that downloads from FileKicker generated the scary message, presumably because they delivered some “badware” somewhere, although I have no evidence (nor much doubt) that this happened.  The report was filed by Google.

On Friday, two of our pages that linked to downloads there were blacklisted as well because, I guess, Google assumed that if FileKicker was bad, anybody who linked there must be bad, too.  This is the “bad neighborhood” idea: we never linked to anything classified as badware or even any third-party software, but if we linked to a “bad” site, we must be bad ourselves.  Of course, the fact that FileKicker provided services for thousands of clients does not seem to matter.  This was bad on Windows, but devastating on Mac OS X, where Safari has the vast majority of the market.

By very early Sunday morning, due to quick action from Goodsol to remove all FileKicker links, and a subsequent retraction from Google, our pages were no longer banned, but all our direct links to FileKicker downloads (such as those stored at Apple Downloads) were still a major problem.  It took until yesterday [Wednesday] evening (i.e., six days) before FileKicker got this problem resolved for their downloads, with precious little information provided to customers in the interim.

This was a ridiculous episode, which produced many insights:

  1. The problem was first reported in the newsgroups of the Association of Shareware Professionals (by Dexter Bell of The Utility Factory, developer of FileBoss, an excellent file manager).  This is one of those situations in which ASP membership (and participation) was invaluable for rapid response.
  2. Digital River claims to be “the global leader in e-commerce”, a public company with close to $3 Billion in annual transactions, yet it took DR three times as long to fix the problem as Goodsol Development, a MicroISV, and never informed its clients until well after ASP members informed them.
  3. SWMirror, an independently operated download service run by Mitchell Vincent, was able to provide (better) services to affected publishers and have many downloads restored before FileKicker, part of a conglomerate with more than 1000 employees, even acknowledged the problem.
  4. The pattern of Digital River buying successful companies serving the shareware industry and turning them into garbage is intact; in fact, that record may now be unblemished.  Dealing with DR companies should only be done with due deliberation.  (read: “Do not touch them with a bargepole.”)
  5. The concept that Google can, with a simple electronic “report”, essentially shut down an internet business overnight, is more than a little scary.  Imagine launching a product that could compete with Google (or a blog being critical of them) and having most of your traffic cut off by a similar unsubstantiated report.
  6. The whole internet is a “bad neighborhood”. In fact, Google itself would be the worst culprit of all, since it provides links to nearly every crack site, domain squatter, malware distributor, and internet fraud out there.

Really, I am definitely in favor of a system to eliminate (or castrate) true spammers and distributors of malware, but when an honest company that has been doing business online safely almost since the inception of the web is economically impacted, things have gone too far.

Here endeth the rant.

Have you joined SpamBook yet?

A barrage of Facebook spams sets off a rant.

Last Friday, at 4:38pm, I received an email from Facebook entitled, “Reminder: 5 of your friends invited you to join Facebook…” Fine. Some people collect and count “friends” on that service, while I do not join and count the number of real life friends who have invited me to join. (My wife and business partner knows me well enough that she is not part of that group.) If I were to join, of course, I would lose count.

Then, at 11:40pm, I received another one, nearly identical, but with different ‘Other people you may know on Facebook’. Curious, I verified that the messages were both coming from Facebook, via email headers and the fact that the (accurate) list of invitations I have received should be known only to them. “Oops, duplicate message,” I thought. On Saturday, I received reminders at 4:44am, 6:47am, 12:16pm, 5:07pm, and 9:44pm. For good measure, I received another one on Sunday at 1:28am. Eight nearly identical messages within 33 hours trying to get me (now pissed) to join their silly little club. Not likely.

[I just decided to check the names in all eight messages, and two actually suggest that I may know my own brother. That I do. None of the other names, though.]

After the Facebook “fun” stopped, a denial of service attack on our server began. Somebody started bombarding the server with random spam messages to, literally, random (GUID-like) addresses at our domain. Not a single message from the culprit had any chance of hitting a real address, since they were not even in a human usable form, but we were getting hundreds per minute, and lost the server entirely for a while.

In the middle of dealing with this mess, the home phone rang (which normally puts me on edge anyway) and I answer to find that Payless Shoes has decided to robodial me to tell me about some sale coming to an end. Seriously?!? We are on the national Do Not Call list, and the fact that we may have bought cheap shoes there once does not give them the right to call me. I have no idea how they would have my number in the first place, so it may have just been coincidence. Report filed; customers lost.

The mail arrived with a machine printed return address from “Ealge Eye Fitness”. It made me laugh, since the people that sent it out clearly did not have the Eagle Eyes that they intended to portray. Business not earned.

Once email service was returned to normal, “Michael Jackson” became only the second actual name inducted into my spammers hall of fame filter, joining “Oprah”, as subjects (or subsubjects) that guarantee a message is not intended for nor of any interest to me. The sheer number of “surveys” and “news items” about his death was astonishing, especially from an industry which still regularly sent me (in June) special offers for Valentine’s Day.

Now that it is officially July, let me simply say that the greatest musical loss last month was definitely… Koko Taylor, who died on June 3 at the age of 80. (I saw her pitch a Wang Dang Doodle live more than 20 years ago, and she kept tearing it up right to the end.)

Here endeth the rant.