Stop SOPA (and PIPA)

Stop PIPA, too.SophSoft, Incorporated opposes SOPA legislation.

You may have noticed that today several sites have “gone black” to various degrees.  You need look no further than the main page of Google (on January 18, 2012) to see a good example.

The reason for this is to draw attention to the dangers of the Stop Online Piracy Act (SOPA), which is proposed in the U.S. House of Representatives, and its counterpart in the U.S. Senate, the Protect IP Act (PIPA).

We at SophSoft, Incorporated oppose these acts because, despite the ostensible goal, namely to stop computer piracy (a laudable aim, which we fully support), if SOPA and/or PIPA were to become law, they would fundamentally change the free nature of the internet, while doing little of substance to prevent actual piracy.

The rise of the internet has been the most important cultural shift in the past two decades, bar none, and it has been a catalyst for change throughout the world.  These bills could reverse that progress by allowing sites to be blocked in the United States without due process, and it shifts the burden of policing users to legitimate sites, requiring defacto censorship.  It also provides a blunt tool for unethical practices against online competitors or, in the best case scenario, merely (in essence) assigns much of the control of the internet (in the US) to large media corporations.

One of the most troubling aspects of these acts is that they show a profound lack of understanding of the actual issues, and without due process of law, there would be no opportunity for one to make a case, nor even to correct a misunderstanding.  The “fair use doctrine” is not a bright line rule that is always clear, and these acts could force a company out of business simply because of a complaint about the fair use of an item, or due to an errant blog comment with a bad link (or a good link that was compromised later), nevermind the threat of simple malicious complaints.

Here is a very realistic scenario:  Your sister-in-law gets a tattoo of Winnie the Pooh (Disney artwork) on her butt and thinks it would be fun to post a picture of the tattoo on Facebook; legalities of the tattoo notwithstanding, the litigious owners of Disney find a link to said picture, file a complaint, and Facebook itself could be shut down.

Another example, just for good measure:  A small company like ours produces a game and includes background music contracted legitimately from an artist who is fully paid for his work; EMI decides that one measure sounds a little too similar to something from one of their artists, files a complaint, and our website is blocked.

Clearly, SOPA and PIPA are very dangerous approaches to resolving a significant problem for those of us in the software industry (though, in truth, the acts are still all about protecting large media conglomerates).  If Congress really wants to help the problem, it could provide an expedited legal process for suing those who deliberately infringe copyrights, perhaps with a schedule of default judgment amounts, so small companies could afford to go after the real pirates.  I have no problem with a court shuttering a proven pirate website, but the government already has that power.

For different takes on this issue, please see the Wikipedia and Google (“End Piracy, Not Liberty“) responses.

Finally, let me simply say that any U.S. bills that would use the same methods as those used by the governments of China, Iran, and Syria to suppress political dissent, and are rabidly supported by Rupert Murdoch, whose News Corp saw nothing wrong with tapping phones and illegally listening in to private phone conversations (until they were caught), are definitely to be avoided.

 

Network Explosion

Wired router spontaneously bursts into flames.

Well, that is not entirely true.  There was, in fact, not even any smoke, but one of our wired routers got extremely hot and failed in a worse way.  Instead of a spectacular failure, one that would be immediately identifiable, this router simply began dropping packets randomly, but only on certain paths and for certain protocols.  A complete reboot of the entire network (all servers and equipment) had no effect on the problem.

The way the issue manifest was by almost completely cutting off my office machines from the internet.  I was not able to fetch my email or read web pages from my systems except (annoyingly) every once in a great while when the properly routed packets aligned correctly.  However, I have a rudimentary diagnostic script (pings from a batch file) that I use to identify the source of a failure, and it registered 100% success; I was able to ping to any reasonable internet address and get a proper response.  Likewise, I was able to connect directly to the servers without any difficulty; it was only when trying to use them normally (via the internet) that I got no response.

Finding the source of failure became a bit more difficult because of the particularly aberrant behavior of this router.  The servers that reside behind that router were able to access the internet without any signs of a problem.  Complicating the matter even more was my own failure to confirm the network topography and, instead, incorrectly assuming that the wireless router (which clients had no trouble, either) went through the same router.  Since my office seemed to be the only area affected, the obvious suspect was the local switch, or else the cable (or port) connecting it to the rest of the network.  I had, in fact, already sent out for replacements when I was able to determine (with about 80% certainty) that it was actually this odd failure of the router on the main network.

Replacement router serves its purpose, barely.

As usual, the router failure came at a very inopportune time, right in the middle of a big development push.  Instead of any network reconfiguration, I made the call to simply replace like for (almost) like.  In theory, I could just drop in the new router, configure it the same as the old router, and carry on.  The problem was that the old hardware was Linksys, of pre-Cisco vintage, and the available replacement was D-Link.  Most of the settings translated fairly directly, but differences in era and manufacturer meant that it took a little extra time to find everything and figure it all out.

The biggest issue, however, is that the new router has an apparent design problem not inherent in the old Linksys.  The replacement hardware cannot properly handle loopback connections.  The link explains this in detail, but the gist of a loopback connection error is that a router sends internal packets out to the internet even if they are destined for an address the router handles.  In other words, I can reach my servers behind the router using a private address, but if I try to use the public address (say, ‘sophsoft.com’), it sends my packets to Neverneverland.

Fortunately, the problem only impacts machines behind the same router as the servers, which in practical terms means that it only affects me and my development systems.  I reconfigured a few settings here to work around the limitation in the hardware, and everything seems to be working fine.  The weird thing is that the rest of the world could reach the servers fine, but it is hard to accept that when the closest systems to them (both physically and in network terms) could not.  I was able to test from other systems and from external services.  In particular, I found SuperTool from MxToolbox particularly helpful.

In the midst of this, I also dealt with a stupidity problem with Linux, but that tale will have to wait for another day…

15 Years of SophSoft.com

We have had a web presence for a decade and a half.

On November 14, 1995, our original registration of the sophsoft.com domain was approved.  Back in those days, our online activity was conducted via BBS, CompuServe, America OnLine, and Delphi (albeit briefly).  At the time, we spent about $150 in various fees to secure the domain name, having originally failed to obtain sophisticated.com by about a month.  We had to go through our dial-up provider (before the term “Internet Service Provider” [ISP] was coined) to register with InterNIC, which (as Network Solutions) was in the process of change, including the institution of fees for registering domains.  The domain was a shortening/concatenation of our company name, Sophisticated Software Systems.

Within a year, our company had incorporated as SophSoft, Incorporated, using the domain as the basis for its official name.  Our provider was bought out by another company, ACD.net (which is now our ISP, and one of the largest providers in the state), so we had to figure out how to navigate the domain system ourselves.  At the time, one had to email a specially formatted text message to a particular address in order to make any changes, which (of course) took time to take effect.  We also got broadband via one of the very first commercial cable modems in the country, and were soon running our own servers (which is probably a bad habit that continues to this day).  Our early websites were fairly minimal, built originally via HTML in a text editor.

Today, domain names are easy to purchase and manage, changes are close to immediate (with propagation issues being just a side note), web pages are much simpler to create, broadband is much faster and nearly ubiquitous, and expectations for internet communication are far higher.  All of that makes it fairly ironic that our first site has hardly been touched in five years…

Guilt by [non-]Association

There goes the “neighborhood”.

Going into the past weekend, one of our product sites had a problem in which accessing the page caused a very scary (and completely incorrect) “Reported Attack Site!” message in Firefox browsers, and a similar message in Safari (and Chrome as well, reportedly).  Of the major browsers, only Internet Explorer was allowing direct traffic to two specific pages, because it was the only one that does not (by default, anyway) subscribe to the StopBadware.org database.  To access our site, a user would have to click to ignore a message that said, more or less, “Run away from here and never come back.”

The problem began last Thursday, when FileKicker, a Digital River company that provides download bandwidth for many independent software publishers (including Goodsol Development, until recently), got blacklisted on the aforementioned database.  This meant that downloads from FileKicker generated the scary message, presumably because they delivered some “badware” somewhere, although I have no evidence (nor much doubt) that this happened.  The report was filed by Google.

On Friday, two of our pages that linked to downloads there were blacklisted as well because, I guess, Google assumed that if FileKicker was bad, anybody who linked there must be bad, too.  This is the “bad neighborhood” idea: we never linked to anything classified as badware or even any third-party software, but if we linked to a “bad” site, we must be bad ourselves.  Of course, the fact that FileKicker provided services for thousands of clients does not seem to matter.  This was bad on Windows, but devastating on Mac OS X, where Safari has the vast majority of the market.

By very early Sunday morning, due to quick action from Goodsol to remove all FileKicker links, and a subsequent retraction from Google, our pages were no longer banned, but all our direct links to FileKicker downloads (such as those stored at Apple Downloads) were still a major problem.  It took until yesterday [Wednesday] evening (i.e., six days) before FileKicker got this problem resolved for their downloads, with precious little information provided to customers in the interim.

This was a ridiculous episode, which produced many insights:

  1. The problem was first reported in the newsgroups of the Association of Shareware Professionals (by Dexter Bell of The Utility Factory, developer of FileBoss, an excellent file manager).  This is one of those situations in which ASP membership (and participation) was invaluable for rapid response.
  2. Digital River claims to be “the global leader in e-commerce”, a public company with close to $3 Billion in annual transactions, yet it took DR three times as long to fix the problem as Goodsol Development, a MicroISV, and never informed its clients until well after ASP members informed them.
  3. SWMirror, an independently operated download service run by Mitchell Vincent, was able to provide (better) services to affected publishers and have many downloads restored before FileKicker, part of a conglomerate with more than 1000 employees, even acknowledged the problem.
  4. The pattern of Digital River buying successful companies serving the shareware industry and turning them into garbage is intact; in fact, that record may now be unblemished.  Dealing with DR companies should only be done with due deliberation.  (read: “Do not touch them with a bargepole.”)
  5. The concept that Google can, with a simple electronic “report”, essentially shut down an internet business overnight, is more than a little scary.  Imagine launching a product that could compete with Google (or a blog being critical of them) and having most of your traffic cut off by a similar unsubstantiated report.
  6. The whole internet is a “bad neighborhood”. In fact, Google itself would be the worst culprit of all, since it provides links to nearly every crack site, domain squatter, malware distributor, and internet fraud out there.

Really, I am definitely in favor of a system to eliminate (or castrate) true spammers and distributors of malware, but when an honest company that has been doing business online safely almost since the inception of the web is economically impacted, things have gone too far.

Here endeth the rant.

Have you joined SpamBook yet?

A barrage of Facebook spams sets off a rant.

Last Friday, at 4:38pm, I received an email from Facebook entitled, “Reminder: 5 of your friends invited you to join Facebook…” Fine. Some people collect and count “friends” on that service, while I do not join and count the number of real life friends who have invited me to join. (My wife and business partner knows me well enough that she is not part of that group.) If I were to join, of course, I would lose count.

Then, at 11:40pm, I received another one, nearly identical, but with different ‘Other people you may know on Facebook’. Curious, I verified that the messages were both coming from Facebook, via email headers and the fact that the (accurate) list of invitations I have received should be known only to them. “Oops, duplicate message,” I thought. On Saturday, I received reminders at 4:44am, 6:47am, 12:16pm, 5:07pm, and 9:44pm. For good measure, I received another one on Sunday at 1:28am. Eight nearly identical messages within 33 hours trying to get me (now pissed) to join their silly little club. Not likely.

[I just decided to check the names in all eight messages, and two actually suggest that I may know my own brother. That I do. None of the other names, though.]

After the Facebook “fun” stopped, a denial of service attack on our server began. Somebody started bombarding the server with random spam messages to, literally, random (GUID-like) addresses at our domain. Not a single message from the culprit had any chance of hitting a real address, since they were not even in a human usable form, but we were getting hundreds per minute, and lost the server entirely for a while.

In the middle of dealing with this mess, the home phone rang (which normally puts me on edge anyway) and I answer to find that Payless Shoes has decided to robodial me to tell me about some sale coming to an end. Seriously?!? We are on the national Do Not Call list, and the fact that we may have bought cheap shoes there once does not give them the right to call me. I have no idea how they would have my number in the first place, so it may have just been coincidence. Report filed; customers lost.

The mail arrived with a machine printed return address from “Ealge Eye Fitness”. It made me laugh, since the people that sent it out clearly did not have the Eagle Eyes that they intended to portray. Business not earned.

Once email service was returned to normal, “Michael Jackson” became only the second actual name inducted into my spammers hall of fame filter, joining “Oprah”, as subjects (or subsubjects) that guarantee a message is not intended for nor of any interest to me. The sheer number of “surveys” and “news items” about his death was astonishing, especially from an industry which still regularly sent me (in June) special offers for Valentine’s Day.

Now that it is officially July, let me simply say that the greatest musical loss last month was definitely… Koko Taylor, who died on June 3 at the age of 80. (I saw her pitch a Wang Dang Doodle live more than 20 years ago, and she kept tearing it up right to the end.)

Here endeth the rant.

A Tale of a Good Anti-spam Tool

Spam, spam, go away… You are not welcome ANY day.

My approach to my primary email address, from the very start (more than 13.5 years ago) was that potential clients and customers should be able to contact me without jumping through hoops, so I have never bothered to hide or obscure my address: seelhoff@sophsoft.com . I have always published it in plain view (and to do otherwise would now be closing the barn door long after the horse has bolted and gone on to live free and happy until dying of old age).

Of course, this also allows any spamming slimebag with an address harvester to easily add me to each and every email database on the planet, so I do get spam. Lots of spam. To be honest, though, the level of spam to my “open” account seemed to plateau fairly quickly, although I never really kept track. Over the years, it may have been slowly and steadily rising, but I know that my patience has been slowly and steadily declining, so a while ago, I added some tools to stem the tide.

Let’s talk numbers, first. Since the beginning of April, my primary email account has received 75,000 email messages. Of those, almost exactly 98% are spam. Of the other (legitimate) messages, 80% are business (1.6% of the total), and the remaining 20% (0.4% of the total) are personal. Both of these categories include active mailing lists, such as Carbon and DirectX development (business) and community events (personal). I set up my email client to automatically sort these (and marketing messages) into appropriate folders, and the number of messages specifically to me, from clients, customers, family, and friends, is just a handful per day. These are the only ones that actually hit my inbox and trigger a notification sound.

To be honest, not all Bayesian filtering is created equal, and my email client is probably about average. It handled much of the junk, but an annoying number of spams were being missed, and signalling me (incorrectly) that I had a legitimate message. When I finally had enough, I downloaded and installed POPFile upon a recommendation from somebody in the ASP. I had been leery about installing an interim mail server on my system simply for filtering email, but it turned out to be an excellent choice.

After several months of training, POPFile is 99.92% accurate selecting among business, personal, and spam classifications and, importantly, I have gone for more than a month without a false positive for spam. (Most of the classification “errors” are simply unclassified messages that need to be trained.) Used in series with my email client, I can review messages that either think may be legitimate (ideally, to never miss a valid email), but I am only notified of incoming mail if they both agree on the validity. This has greatly reduced interruptions and made my days more productive.

Of course, there is some training involved so POPFile can “learn” the difference between legitimate messages and spam, but the initial process goes pretty quickly (and when one averages more than 1000 messages per day, there is lots of data). If I were to start all over again, I would not have chosen to have business and personal messages separated, since that distinction is not particularly necessary for me (and not always clear, either, such as when a family member reports a server problem, or a business associate invites me to a party).

If you are looking for an anti-spam solution local to your own system, I strongly recommend POPFile.

The downside of VOIP

Or, Why you should probably avoid Comcast.

Last Friday, our cable television went out. Not like ‘some services are missing‘ out, but like ‘somebody just sliced a cable‘ out. There was static on all of the analog channels, and just black (no signal) on everything digital. Many months ago we made the decision to ditch their cable modem in favor of our SDSL connection (from ACD.net), which was both faster and more reliable. We decided that the redundant Internet connectivity was more trouble than it was worth, at the added expense, and also, frankly, were just unhappy with Comcast.

For the last year or so, Comcast has been on an all-out media blitz to get people signed up to their VOIP package, bundling cable television, Internet, and telephone. The timing may have been coincidental, but the mailings seemed to intensify after we downgraded, and when we had to call about (somewhat regular) problems with the only service we kept (cable television), we always had to listen to another pitch before we could tell somebody in another state that our local HD was out… again.

Anyway, when the cable television service went completely dead, we called the customer support number. Instead of the usual sales pitch we got… wait for it… nothing. Yup. Apparently they use their own VOIP service, so when the cable system has a failure, you cannot reach anybody there by telephone. Brilliant! I was not even vaguely intrigued by the offering, but this definitely convinced me that my convictions against this technology (and Comcast) were not unfounded.

Not that I am any fan of AT&T either, but I am a believer in land lines. In the event of an emergency, when one really does need to have a phone, I am glad to have a system that will work even when the power is out. (Yes, we keep a standard handset telephone for just such an occasion.)

Our cable television signals did come back before prime time, but I think that all a satellite television company needs to do is add CBC and we are there. (Perhaps we should just move to the Bahamas where, oddly, Canadian programming is also available. Do they long for snow?)

Reminder: comp.sys.ibm.pc. games.announce

Some game marketing is still essentially free.

If you are interested in marketing games, you can post announcements to the Usenet newsgroup, comp.sys.ibm.pc.games.announce, a group for which I am the (sole) moderator.

To recycle the relevant portions of my original announcement here:

The beauty of using Usenet for marketing is that it is essentially free, making it one of those easy steps that an independent game publisher can take to get additional exposure for its titles. Google Groups carries comp.sys.ibm.pc.games.announce, so your announcement is searchable there and quickly incorporated into the Google index as well.

This is an announcement group, rather than a discussion group, so messages will stand on their own, though the (unmoderated) ‘comp.sys.ibm.pc.games.misc’ discussion group provides an outlet for conversations. For shareware authors, there are other software announcement groups on Usenet, but none that cater specifically to games, so this is an opportunity to be noticed.

Here is the official charter for csipga (as it is known for short):

This newsgroup is for announcements that are useful to the entire PC computer gaming population, including but not limited to new release announcements, software publisher news, bug information, and PC game reviews. Followups will be directed to comp.sys.ibm.pc.games.misc, or another appropriate subgroup at the moderator’s discretion.

In practical terms, I will likely approve almost any message as long as it relates to PC gaming (not in a cheap spam way) under Windows, DOS, Linux, or even Mac OS X if I am feeling generous. Press releases are encouraged, as well as product announcements that may not warrant a full press release. Note also that game reviews are allowed, so it is perfectly acceptable to have a satisfied customer post a glowing game review (though it should come directly from the author, not via the publisher).

[Back to new information…]
Since this is a low traffic group, announcements will stand out, so I encourage anybody interested to take advantage of this game marketing opportunity.

Note that, due to the way moderated newsgroups work, you do not even need to have Usenet access. Simply email your message (press release or whatever) to the submission address, csipga@sophsoft.com, and it will be queued. As long as the message is in plain text (HTML emails are automatically binned) and is on topic for the group, it will be posted. If you have any problems, you can reach me via comments here (or at my regular email address).

I look forward to some good submissions.