HBO strikes back

Any new TV series that generates any interest, is quickly put online by people who pull the episode off their PVR. Of course, the best spontaneously organising P2P networking software today is provided by BitTorrent trackers and clients.
BitTorrent works by dividing the file into chunks — each with their own checksum. Clients advertise which chunks they have via the tracker, and other clients request those chunks from them. The order of preference is dependant on the ratio of how much you have shared with other clients on the network, so that clients who have already shared lots of their chunks with others get a higher priority than others.

BitTorrent is hard to shut down, because anyone can run a tracker — there is no central server that runs all the trackers, as was the case with Kazaa. This has caused the MPAA some headaches.

There have been several ‘attacks’ on BitTorrent networks in the past. One was a hack by which clients ‘lied’ about how much they had shared with others, giving them a higher priority over others. While this slowed down the downloads of other clients, this did not incapacitate the network. As such, it was more of a hack than an attack.
Last week, there was the story of corrupt trackers which had been advertised on major BitTorrent index sites, but which sent only a load of random bytes and kept the download at 95%, thereby wasting everyone’s time. Still, if you knew that a tracker was corrupt, you could steer clear of it and you’d be fine.

But yesterday came the news that HBO is ‘attacking’ BitTorrents of it’s new show Rome. Basically, they have clients that advertise that they have the whole file, but send garbage data when asked by other clients for a chunk. Of course, with the whole checksum, it is easy for the receiving client to determine the chunk is bogus — but due to the very nature of checksums, this can only be determined after the chunk has been downloaded. And there is no guarantee that, when you request the same chunk for another client, you do get the valid chunk then.
Eventually, due to trial and error, you will get the whole file, but it will take you a lot longer, and generate much more data traffic (which is bad news for people on a data limit).

Of course, the BitTorrent people are already on the move — blacklisting clients have already appeared (just don’t accept any chunks from someone who sent you a bad one), but if there are enough bogus clients out there, then this strategy may still make you download lots of bad chunks.

There’s a lot of bitching about this, but I think it’s pretty neat: HBO is using the technology against the group of people who engage in a behaviour that HBO does not want. Good for them. Cyberwarfare at its best.

Everyone who has ever tried to download music from P2P file sharing networks knows that ‘someone’ (it is a public secret that the RIAA pays people to do this) advertises with MP3 files that contain only static or corrupted sound.

Now the fight has been taken to BitTorrent: BitTorrent listing sites are confronted with corrupt BitTorrent trackers. Of course, they can’t corrupt the workings of trackers that are set up with genuine files. Just steer clear of the trackers in this list.

(No, you don’t have to be afraid of a lawsuit from the MPAA if they harvested your IP-address from using those trackers — they can’t sue you for downloading stuff they themselves offered for download, now can they? On the other hand, they might keep an eye out for your IP-address in the future…)

The Peruvian government voted in favour of a law to promote the usage of Open Source Software by the government. An overwhelming majority voted for this law (61 for, 0 against and 5 abstentions). I am not aware of any other country in which Open Source is promoted on a national level.

The translated text of the bill is here. I found one of the reasons for the law very interesting: it is pointed out that the usage of OSS is good for national security. I’m pretty sure Microsoft and other closed-source vendors will contend that OSS is more prone to hacking attempts (because the source is publicly available), but of course they forget to mention that security-through-obscurity never works.

The idea is that access to lots of important information should not be dependent on access to software by foreign companies (as is the case with, for instance, Microsoft’s products).
Think about that. According to the Department of Defence, software is a munition. You can’t export strong cryptography from the US (which is why every Linux distro has a ‘non-us’ branch in their package tree that contains such things as PGP). And you can’t even export a copy of Windows XP to Iran — because that country is on the black list.

So if Peru were to get on the bad side of the US, all of their information could potentially become inaccessible to themselves. Worse yet, who is to say that the closed-source vendors didn’t build in backdoors for the NSA and CIA?
If that sounds funny to you, then I have a little story to tell you. I have this on good authority. Back in the late 70’s/early 80’s, the CIA made a deal with Wang — Wang would install a backdoor in their systems for the CIA, and the CIA would ensure that their systems would be bought by all US allies. This was accomplished via bribes, brothels and blackmail. When I worked on the photo digitising stuff in the early 90’s, every government agency was just replacing their Wang systems because they had become outdated.

It remains to be seen how this move works out for Peru. Still, I not with keen interest that Peru is one of the countries in the Transpacific Socialist Alliance (basically, a Nanosocialist alliance) in the Transhuman Space setting from Steve Jackson Games. Open Source Software is a nice step up towards Nanosocialism…

The RIAA has been harvesting IP-numbers of peer-to-peer filesharers. Via the ISPs, they determine who is behind the IP-numbers, and suing them for damages. Most file-sharers opted to settle out of court — a handy cash cow for our dear friends at the RIAA.
But one mom decided not to settle. You see, her 13-year old daughter had been using a P2P file sharing program, and she didn’t know that until the court order was delivered to her. Because the child is a minor, the RIAA can’t sue her, so they sue the mother, who they claim is responsible for the behaviour of her child.

Of course, 13-year olds are more computer-literate than their parents. The mom in question didn’t even know what was going on. She didn’t get a warning from the RIAA, or the chance to stop the filesharing to ward off the lawsuit.
So the mom invited the RIAA to take her to court — where she claimed to be innocent of the crime the RIAA sues her for. And the judge agreed with the mom.

I have mixed feelings about this outcome. While it is no secret that I have little love for the RIAA, I do think that it is important that parents are responsible for the behaviour of their children. If a 15-year old is spreading trojans while their parents are unaware, should we let them get off the hook this easy? Somehow, I don’t think that would be a good idea.

Software development is like armed combat. There is a target functionality, and you need to cover it completely. The difference between large and smaller project teams is how they equip their troops.

You see, if you have a small target and few people, it is feasible to equip them all with rifles. Using squad-level tactics, you can deploy your troops quickly and reactively. If the target moves (that is, the client changes some of the requirements of the desired functionality), all it takes is a slight adjustment in aim to continue to cover the target. Small project teams are very agile, and are best suited for building small systems.

As targets increase in size, you can do one of two things.
One is to add more rifle-equipped troops. This has a practical upper limit, because of diminishing returns — at a certain point, your troops start to move into eachother’s line of fire, communication gets harder, and things may degenerate into chaos. See also: The Mythical Man-Month.

The second possibility is to change the equipment of your troops. Instead of four rifle-men, you could man a piece of artillery with four people. The number of people stays the same, but the power of the process is much higher — which means you can cover even larger targets in the same time. In software development, the whole set of project methodology, requirements analysis, better tools and a strict programming methodology is the equivalent of a large-caliber cannon.
However, it has a drawback: the artillery needs careful adjustment to hit the target just right. Customers sometimes balk when they find out there is a lot of ‘overhead’ associated with their projects: project managers, pre-sales consultants, requirements analists, etc. All these people add to the project, but they don’t directly build the solution. But because of their work, the actual developers can operate so much more efficient — nailing the target at the first try.

But it gets worse. If the client changes the specs mid-way (thus ‘moving the target’) all of the careful calibration of the cannon might have been useless. If you’re aiming at a bunker somewhere, but then suddenly you have to take aim at a tank that comes over a hill somewhere else — it takes time to re-aim the cannon!
So, a strict and thorough project methodology isn’t really suited for small projects. But having a cannon pays off for large projects, because you can nail the project with a single, well-aimed hit.

With me so far? Then, here’s the lesson of the past two weeks:

It all goes to hell if you try to do a large project and equip all your engineers with the equivalent of rifles. Then, when you find out it isn’t going to work, call in the guys with the artillery at the last minute — but don’t adjust your plan of attack for it (that is, don’t fix the specs beforehand). Then react snarky if they balk at doing stuff that could more easily be one by a rifleman. And whatever you do, don’t manage the project! It might cramp your style!

Triple Play

The new magic word in the telecommunications business (at least here in the Netherlands) is ‘Triple Play’. It means that telecom operators offer you both internet, telephone and television for a special price. Apparently, it is the Holy Grail of marketing.

Wednesday, when I was home on sickleave, someone rang the doorbell. It was someone from UPC, the local cable-monopolist. He wanted to talk to me about offering internet and phone services, but I invited him in to check out our cable-TV.
You see, soon after we had moved in, we lost the signal from the cable TV. We hadn’t notified UPC of our move yet, so I filled in a form on their website. And lo and behold: we did receive the bills on our new address — but no television. We hadn’t missed it that much, so we hadn’t undertaken any action to get the situation rectified.
But when someone presents himself on my doorstep, saying: “Hello Mr. Ragas! You have cable television from us…” then I will interrupt him and say: “Funny you should mention that…”

It turns out that this guy had been a UPC mechanic before he was ‘promoted’ to a door-to-door salesman, so he checked out the cabling (which looked fine to him), and he called the billing department to check it out. He couldn’t fix it right away, but I expect to be called by a mechanic some time in the future.

Next, he started to explain to me that I paid too much for my connectivity, and did the whole Triple Play song and dance routine. I have my telephone from KPN, my ADSL from PN and the television from UPC — and yes, if I did everything via UPC (or any of the bazillion other telecom operators who have jumped upon the Triple Play bandwagon), my bills would be a lot smaller.
The thing is, I live 3.5 km away from the phone exchange. I can only get 512 kbit down via ADSL (but while I thought at first that it would be too slow, I find that we manage quite nicely with this bandwidth). If I got my internet via cable, I could get 20Mbit down — or at least, the package would be sold to me as if I could get 20Mbit down. I have it on good authority (a colleague who used UPC for his internet connectivity) that they routinely ‘pinch’ the bandwidth of people who use ‘too much’.

In September 2000, I took a subscription to the UPC cable internet, and all was well in the world. But in November 2002, I was kicked off their network without propert notification because they thought 17GB of traffic was not ‘fair’ (as in: ‘fair use policy’). It was then that I opted for the wide-open ADSL — and I chose PN because they quantified their fair use policy.
When I told the friendly salesman that, he smiled apologetically, and said that data limits were a thing of the past. Nowadays, everybody says that — but I guess that if I were to constantly saturate my download, people will notice.

Anyway, the only reasons I would have to switch to UPC would be bandwidth — and we know that that is a shaky proposition. I am not impressed with the service UPC has given me in the past, but I am impressed with the service I got from PN.
Also, do I really want to introduce a single point of failure for all of my communications? Suppose I opt for UPC’s Triple Play deal — if my internet connection drops, I have no way to call them to notify them of this problem.

Thanks but no thanks, guys!

Since somewhen after we moved, we haven’t had cable TV anymore. So far, we’ve been watching movies and anime — and we are seriously contemplating not getting cable TV. The new TV channel that’s started this week doesn’t make it pertinent to get it either.

According to the local cable provider, we could get 37 TV channels. Which means that the new chip by Toshiba, which can record upto 48 MPEG2 streams in parallel could easily record all of the TV available to us.
Maybe I should get a PVR based on that, so that it can watch all the TV for us. A bit in the vein of Douglas Adam’s Electronic Monk (from Dirk Gently’s Holistic Detective Agency)! And not just a few channels, no, everything that’s on TV.

By my previous post, I did not mean to imply that anyone who would buy an iPod is a total idiot.

As some of you have pointed out, some buyers (most?) get one because it’s “the thing to do”. Herd-mentality like that is completely alien to me, and I have a hard time understanding their motivations. Those consumers do not think their purchase through (thereby, IMO, missing the point) — but that is their good right. My choices may be different, but if something works for you, great.

Some of you did some research and concluded that the iPod was the right choice for you. If so, great too! I do not hold myself to be the Golden Standard of things, and I totally understand that someone could make different choices than I do.

However, what set off all of my WTF-meters is the fact that someone praised Apple for making it impossible for the user to conduct an operation that is considered pretty mundane on mobile media players. That is just stupid.

iPod madness

Everyone and their brother seem to buy an iPod. Frankly, I don’t see the appeal of buying a substandard product that leads to vendor lock-in and further DRM nightmares.

But most people seem to disagree with me.

The most-cited reason to buy an iPod is the design. Apple has a name for cool design of their products. And while I am not fond of beige boxen, I find the Apple designs uninspiring at best. Also, and perhaps this is some weird habit of me that is not shared by the majority of buyers, I buy an appliance to fulfill a specific function. It’s great if it looks great, and design is allowed to up the prce a bit, but if I have to choose between a beautiful, crippled product or an ugly, fully-functional one, I choose fully functional 100 times out of 100.

Yes, I know, weird.

Last week, I read an article on Joel on Software, a blog about software development from a managerial viewpoint. Quite interesting, and this particular article focussed on whether ten cheap programmers could replace one genius programmer. Joel says that is not the case, because the cheap programmers will never hit ‘the high notes’ — that is, they will never achieve the brilliance a good programmer could, not even as a collective.
He illustrates this with examples from music (are ten cheap opera singers that can’t hit the high notes better than one diva that can?) and design. Yes, of course it’s about the iPod and how sleek and beautiful and perfect it is.
The next thing you know, he tell us how wonderful it is that you can’t change the batteries of the iPod yourself — there is no battery cover, and you have to pay Apple $66 for the privilege of using a screwdriver to change your battery for you (because, you know, no user-servicable parts inside!).

Excuse me? Anyone knows that the battery is the first thing to go in mobile media players. So why would you want to buy an expensive player that makes it impossible to exchange the batteries yourself? Why is that good? Why would anyone want that?

It is just completely beyond me. I guess it’s a good example of how people that you consider to be pretty intelligent in one field sometimes say the stupidest things in another field. Sure, be happy in your designed world, surrounded by overpriced gadgets that limit your abilities, getting all of your stuff from a single manufacturer that is willing to DRM your ass into compliance, one that doesn’t seem to find your rights as consumer too important. Heck, use the Apple design EVERYWHERE if you want.

Meanwhile, I will pay considerably less for things that have more features, and that respect my right to use the technology I buy in the way I want.

If you’re in the market for a portable media player and only know the iPod, do yourself a favour and take a stroll through Anything but iPod.