In a blog post at http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html Mark Russinovich reveals that a CD he bought from Sony installed a rootkit as part of its DRM (Digital Rights Management) software. I don't oppose the right of Sony or anyone else to protect their software/music/intellectual property but when they resort to installing rootkits that could be used to hide other malware then they have gone too far. I haven't purchased a copy protected CD and after the problems that some Mac users had years ago where they couldn't eject the copy protected CDs I was a little skeptcal of their value. Now I am really beginning to wonder if the marketplace shouldn't speak up loud and clear that this is totally unacceptable behavior.

Lately it seems that there has been a lot of discussion about the Google Library project that aims to digitize and index a lot of books. Yesterday there were two well written articles in the opinion section of the newspaper. The first article expounds on the virtues of the project and how it will bring the great literature of the world to a larger audience. The second article is from the point of view of an author who is saying that the whole idea would cut authors out of the royalties that they deserve.

I have to admit that I am torn about this whole idea. For novels and other articles I can see the Google argument that they would protect fair use by only allowing downloads of a few pages at a time so it would be impracticle for anyone to read a novel start to finish without being very good at guessing which search terms would bring up the next set of pages. For technical articles, however, I think that the damage would be huge. I read a lot of articles start to finish but I also spend a lot of time looking for specific answers. If the Google Library would allow me to read a paragraph or two that would answer my question then I don't need to buy an entire book. I think it would lead me to decide that I didn't need to buy the book because I could get the information on-line.

I have heard the argument that I could do the same thing at a book store or at the library but I don't think those arguments are valid for two reasons. The first reason is that unlike Google that gets revenue from advertising, neither the library nor book store make any money off of me because I entered their store. There is no company that is offering them money for "impressions" on the advertising that exist in the store windows. So even if I don't find what I am looking for Google can gain money off of the fact that I was even looking. The second reason is convenience. While there is a library just a few blocks from where I work it still represents several orders of magnitude more effort for me to physically go down to the library, look in the card catalog, find the book on the shelf, and puruse in it to find the information I am looking for, and to copy the information so I can take it back to work and use it there than it is to just use Google from the office. I am not a legal expert but I think this is equivalent to the protection given to people taping shows off of broadcast TV vs. the people downloading MP3s from illegal file sharing services. One is fair use and the other is not.

I have never been paid royalties for anything that I have written but I do sympathize with the authors. For most of the writing that I have done the hourly rate comes out to something well below minimum wage. I do it because I am interested in the topic and think I have something to say not for the money. One of these days I might decide to write a book or more likely an e-book that I self publish. If I do write a book I would hope that there would be a market beyond Google for it.

I think the easy way to solve the controversy is to either only index books that have no copyright protection on them or to secure the permission of the copyright holder first. If you only index old books it might reduce the relevancy of the searches for technical and timely ideas but would still preserve the great works of the past. By securing the copyright holder's permission Google could figure out a way to pay the holder of the copyright. Napster and iTunes are able to figure out a way to pay for music downloads so there should be a way for Google to pay for book downloads.

The finalists for the Connected Systems Developer Competition have been announced. You can see them at http://csdevcompetition.com. Congratulations to all of the finalists. I know that I reviewed a lot of really good ideas. While I didn't reveiw all of the finalist entries I was fortunate enought to review the SQLCLR Z-Machine entry. I really liked it because it brought back memories of a project we did in college. The assignment was to get in a group and write a word processor to show not only text input, spell checking, formatting, etc. but that we could work together as a team and do project management. As a team we decided that a word processor was boring and proposed to create a text based game that had all the same functionality. The game we produced wasn't as polished as the SQLCLR Z-Machine but it was a lot of fun to make and I learned a lot about working in groups and some of the problems and advantages that groups can give a project.

I got in to work Monday and had an e-mail that said it was from our corporate IT and that my password had been changed as part of the weekend maintenance. I don't know what made me do it but I opened the attached .zip file to see what I needed to do to get into the affected systems. When WinZip opened it showed an empty file. I thought that was strange and just closed WinZip and went on with putting a CD into the drive to install some software that I needed. A few seconds later the "run as" dialog popped up telling me that I didn't have administrator rights and asking what user to install the software as. I assumed this was from the CD I had inserted and closed that dialog as I was already running "MakeMeAdmin" to install the sofware in my user account. It wasn't until I read the next e-mail that things started to fall into place. The e-mail was also from our corporate IT department and said that the previous e-mail and another one with a different subject and text were spoffed to come from them but really were a result of the MyTob virus. I checked and the CD did not have an autorun that tried to install software so the dialog box was caused by the virus trying to install. So the lessons that I should have learned over 15 years ago when I picked up my first computer virus are:

1. Don't run as administrator. I am currently doing this and it has helped me to avoid this virus by asking me who to install as. If I had not just put a CD in the drive it would have been very obvious that something was wrong when the message popped up.
2. Keep up to date on patches. According to the virus detection/removal tool that I ran I need 2 patches from Microsoft to avoid being infected by MyTob. I had both installed thanks to Windows Update.
3. Never trust e-mail. Back in college I had a project to write an e-mail client. As part of that I learned the SMTP protocol and would regularly send e-mails with a return address of the.monster@under.your.bed (sorry if you got one of those). I should have thought that the e-mail telling me that my password has been changed was in a system that I used the supposedly changed password to access and therefore spoofed but I didn't.
4. Don't ever open e-mail attachments. Well never can be a problem if you are expecting a word document but you should at least attempt to verify attachments. I was reading the e-mail through the web mail interface. Outlook would have flagged the attachment as having some other extension (probably .exe, .scr, or .cmd) past the .zip and would have warned me.

As I said at the begining of this post, this all happened on Monday. I intended to blog about it Monday night but got busy with some last minute details for the Connected Systems Developer Competition and getting ready for a customer meeting on Tuesday I didn't get around to blogging it but thought I would do it first thing Tuesday morning. Very early Tuesday morning I woke up with the flu. Somewhere in the wee hours of the morning in the delerium caused by the fever I found myself thinking it would be nice if I could run my body in non-administrator mode. That way when I got a virus from somewhere else I could just click on the cancel button and not have it infect me. Of course that is not possible, but it would have saved me two days of laying in bed feeling miserable.

I just read the first of what will undoubtably be a long string of articles looking at the 20 year history of Windows. You can read it for yourself here. It brought back some fond and not so fond memories of my computing experience. I didn't use Windows until 3.0 but when they talk about it being slow and buggy I can remember thinking the same thing. I kept reading on with the next link until I had finished reading the interview with Bill Gates.

For a long time now I have been running the beta version of Microsoft Anti-Spyware. I also religiously update my system, run as a non-administrator, and in general try to make sure I am protected from all sorts of malware. I had noticed for a while that I was not getting popups from Microsoft Anti-Spyware about the settings in my hosts file or showing the first web site in my approved cookies list and all the other annoying little messages that used to pop up when I booted up my system. I assumed it was due to an update to the program since I regularly got those or becuase I had checked the "report to spynet" (or whatever it said) message enough times for the software to realize that the "community" thought it was a good idea to allow my particular settings. I have also seen the results of a scan on my home computer many times. I was very surprised when I made an update to my hosts file and didn't get a message asking me to approve the change. When I went to check the program wasn't running. When I tried to run it manually I got a message that my version of Anti-Spyware had expired on July 31. I had never noticed that the icon wasn't on the tray because I have Windows set up to hide inactive icons and I never really clicked on it to make it an active one.

So now I have downloaded a new copy and I will have to run a scan with it and also with AdAware to see if I have picked up something bad in the month and a half that I didn't notice that I was unprotected. I guess I will have to add anti spyware to the list of tasks that I am proactive about instead of just relying on the "automatic" protection.

Let me start off by saying that I don't have anything against OSS per se, I certainly spend a lot of my time contributing to the community through user groups, presentations, articles, and (hopefully) this blog, but as a person who gets paid to develop software I worry about the market deciding that they will only use OSS and I will have to find a new way to feed my family. The success of Red Hat as a company has certainly caused me some worry. When I see articles like the one here on Slashdot that says a successful OSS project has decided to close its source to keep its competitors from taking the code, repackaging it, and reselling it, it gives me hope that I will still have a job long into the future.

I think there is defenitly a place for both closed and open source development in our world. It just may take a while longer to figure out what people are passionate enough to work on for free and what things take some money to make them worth developing. From the article it seems that this particular product hasn't had a lot of community development for a while. I am curious if most OSS projects, like TV shows and on-line games, follow a pattern of a lot of activity and energy at first to get the "fun" stuff done. Later, issues of maintenance and boring features come up and people start to go off in search of something more fun and fulfilling to do until only the truly devoted people and those who still have some motivation (make money, kill competition, promised to do something and can't figure a good way to back out, etc.) are left around? I don't have any evidence either way on this, just a question I thought of.

In case you missed it, Google and Sun announced a partnership today. You can read an article at http://www.msnbc.msn.com/id/9581591/. Although the official announcement just covered including the Google toolbar as part of the Java download there is a lot of speculation about Google distributing OpenOffice. What is not mentioned in the article is that if Google does start supporting OpenOffice there will probably be a lot more people take a look at it. Although I doubt that there will be any major uptake in usage at the corporate world I think a lot of users including my parents might use if if it were very easy to use and relatively inexpensive. Of course there is also the changed UI in Office "12" that will require a new way of thinking that might make people flock to OpenOffice if it maintains the familiar menu structure.

I think the real danger for Microsoft Office is that most people don't use even a small part of the Office Suite. (I remember one of the presenters at PDC saying that over half of the requests for new features in Office are for things that are already there. People just don't know how to find them.) I mean how many people really write complicated macros or try to figure out all of the formatting options. For most people just being able to change the font, text size, bold, italics, and underline will meet their needs. If people get used to OpenOffice at home it will only be a little while before they start wanting to use it in the office. Once businesses start moving off of Office in large numbers Office could be in trouble. WordPerfect had the word processing market in hand but didn't move to Windows fast enough and they also didn't have an integrated suite for a long time. Any kind of misstep by Microsoft could mean that Office could suffer the same fate.

Whether Google starts to distribute OpenOffice and whether Microsoft will respond are both topics of conjecture but one thing is for sure. If there is competition in any area, especially around one of the "cash cows" for Microsoft they have historically responded with lots of money and developers. Any time Microsoft feels threatened by competition they do incredible things to make sure that they stay on top and we as consumers will benefit from new features.