Mental Spasmastics

In this week’s episode: the slow, ponderous march to war continues. At the risk of inducing the mental equivalent of a charlie horse, I’ve continued to try to follow the United States’ logic in its argument for attacking Iraq. Let me get this straight: the US is pushing for the UN to punish Iraq for breaching an earlier UN resolution and if the UN doesn’t comply the US will…breach a UN resolution?!? Ow, ow, ow! Can anyone say “doublethink“?

Meanwhile, the United States continues to act like a spoiled frat jock, delivering political wedgies and noogies for all who oppose them. Consider this little gem:

“Going to war without France is like going deer hunting without an accordion. All you do is leave behind a lot of noisy baggage.”

Who said it? If you said “Donald Rumsfeld, US Secretary of Defense”, you win the grand prize: unilateral US military action!

Don’t get me wrong, Saddam’s a bad guy. But there are a lot of bad guys in the world and the US doesn’t seem to normally have any problem trading with any of them on a regular basis. Heck, they’ve even armed and trained them on occasion. And only now the US chooses to play John Wayne and clean up the Wild West? Oh, that’s right. Now there’s more money in ousting them than arming them.

The problem is the US doesn’t recognize the hypocrisy it displays in promoting its own brand of democracy: freedom, liberty and democracy for all, just as long as you agree with us and let us do whatever the hell we want. As Bill Maher pointed out in his recent book, “When You Ride Alone, You Ride With Bin Laden“, the reason the outside world hates the US is because it is so painfully clueless about why the outside world should even have reason to hate the US.

Politicians such as Rumsfeld are supposed to not only possess the ability to adeptly build consensus but also the intelligence to use that ability. Incendiary comments such as those of Rumsfeld only reinforce the stereotype of the US as a spoiled, self-absorbed child that takes its ball home when people don’t play by its rules. And then it wonders why people want to do crazy things like, say, fly planes into buildings.

Software Wars

Last week Hewlett-Packard attempted to use the Digital Millennium Copyright Act (DMCA) to crush security research company SNOsoft for revealing a particular nasty exploit allowing a remote attacker to access to machines running HP’s Tru64 Unix operating system. While this is not the first attempt to disrupt legitimate security research using the DMCA (see earlier attempts by the RIAA against Dr. Ed Felten), this represents a true departure from previous attempts: to a casual observer, SNOsoft didn’t even violate the DMCA!

The DMCA, as its name suggests, is about protecting copyright in the age of technology that enables perfect digital copies of copyrighted materials. Part of the act outlines terms that make it a crime to circumvent copyright controls or distribute tools for that purpose. What’s interesting is that the “technology” distributed by SNOsoft had nothing to do with copyright protection technology, it only really enabled a malicious user to access a system running Tru64 without proper authorization. Is that wrong? Undoubtedly a person using the exploit against a third-party’s system would be breaking the law, but they, not SNOsoft, would be prosecutable under US federal computer fraud statutes, not the DMCA.

Did HP honestly expect it would be able to sue SNOsoft for damages resulting from the release of the exploit, despite the fact that the problem was a direct result of HP’s own faulty software? Most software today is distributed under an End User License Agreement (such as this example Microsoft EULA) that stipulates the software is provided “as is”, under no warranty, and not even guaranteed to be suitable for any purpose! If HP is not liable to its own customers for faults in its Tru64 Unix, how can it contend that SNOsoft should be liable for any damages that result from an exploit that someone other than SNOsoft used to breach a Tru64 system?

Perhaps recognizing the possibility of setting a software-liability precedent, HP hastily recanted its legal threats.

Software companies want to be able to sell a product, but they don’t want to be liable for any damage their product might inflict. They want to sell something, but a person who purchases their product doesn’t actually own it, they only own a “license” which can be revoked by the manufacturer at any time. They want to be able to access a user’s machine without their knowledge. They want. They want. They want.

How about what we, the users, want?

It’s time that software development companies realized that they’re just regular companies and, like every other company (recent examples notwithstanding), they have to follow the rules. Play time is over. Grow up or go home.