MonthSeptember 2009

Cat and mouse with a hacker

Clifford Stoll once noticed a hacker breaking into a system he was working on because of a fractional difference in the totals for the timesharing accounts – something like 0.13cents, if memory serves.

Well, there’s a hacker attacking the Free Our Data site (not, apparently, blog), but we’re not on timesharing yet. Detecting what they’ve done is a lot easier: they stuff loads of pharma spam into the bottom of the front page (not, to repeat, the blog front page, nor any of the links).

The spam, which comes after the closing /html bracket, hides itself using “font style=’position: absolute;overflow: hidden;height: 0;width: 0″ and then points to a slew of links at http://www.math.utsa.edu/~eduenez/modules/Cataloger. (I’ve nofollowed the link so search engines won’t go there.) However, if you try to access that directory, it’s blank. (Blank via curl too, so there isn’t anything at all.)

But if you try to access one of the links, especially via curl, you find a page that includes the text “Home Page of Eduardo Dueñez” with a load of guff generated by CMS Made Simple version 1.3.1. Hello, CMS Made Simple! Your stuff is used by spammers and scammers! Do you feel happier now?

(The real Eduado Dueñez lives here, by the way – he’s an assistant maths professor at UTSA. Might email him, actually.)

However, closer examination shows that it loads a Javascript (at that then redirects you to its pharma if you are not a search engine.

I’ve found this spam in there and killed it a couple of times, and it’s come back. That’s worrying of course – it suggests that this is drive-by, automated hacking that is done when the links are found to have been removed from Free Our Data, or against some schedule.

So I still have some way to go in discovering what’s going on. There seem to be plenty of other sites out there which have also been hit – so it must be an automated drive-by, at a guess.

But what? There’s a faint possibility that it’s a PHP hack – my own site (here) is unaffected, and uses a bit less.

How I saw what was going to happen to (Sir) Alan Sugar, and to the music industry in 2000

I thought you might enjoy these: the first appeared in The Independent in April 2000, and the second in July 2000.

Notable how many of these forecasts – for the music industry, notably not the book industry – have come true. Why, how farsighted of me to see things that were right in front of my face.

What I’ve always and consistently said is that the music industry should have worked with Napster: encouraged it to become a paid-for service (say, a monthly fee) and take a slice of revenue based on reproduction rights according to which songs are swapped.

Sort of what it’s ended up doing with Spotify, in fact – except this is nine years and millions of pounds/dollars of lost sales later.

But first, a little bit of Sugar to leaven your day. Remember, this ran in April 2000, and the article following in July 2000. Don’t want you getting the wrong idea.

BY CHARLES ARTHUR
Technology Editor

Alan Sugar really hoped that it would all turn out right yesterday. He even made a rare appearance on Radio 4’s Today programme, sounding uncomfortable answering questions about his Amstrad company’s new product.

Why? Because if Amstrad were a pop group, people would go about asking each other “What was the name of their last hit?”Alan Michael Sugar badly wants Amstrad (the name stands for AMS Trading, set up in 1968 when he was 21) to recapture the halcyon days of the 1980s.

Then, it seemed to dominate the consumer electronics market, making BSkyB’s satellite receivers, PCs which sold by the thousand, and a range of hi-fi and video systems which though never pretty (and sometimes not too reliable) had made the gruff, bearded Sugar into a household name and a media icon for the rough diamond who kept sparkling. The stock market loved him too: his company was worth £1.2 billion at its peak in 1988. This, for a man whose first electrical product (in 1970) was the £17.70 Amstrad 8000 amplifier which he later described aas “the biggest load of rubbish I’ve ever seen in my life” and the 1976 EX range of radio tuners with a meter to indicate the sound quality – which always showed as perfect, no matter what it really was.

The trouble is that lately when the Amstrad button has been pressed, it has showed up anything but perfect. The hit computers of 1984, which sold hundreds of thousands, could not succeed today. After failing to merge with the handheld computer maker Psion in 1996, in 1997 he spun off the company’s most effective side, the computer maker Viglen, leaving Amstrad to focus on consumer electronics. Since then it has not come remotely close to hitting the big time.

So it mattered to Amstrad that people should notice the introduction of a product that he promised would “bring e-mail to the mass market for the first time” and “become the all-in-one communications centre in the home”. Days ahead of the launch, City journalists had pronounced that it would be “the most important mass-market electronic product since [Amstrad] kick-started Britain’s personal computer market 15 years ago… a revolutionary electronic device for surfing the Web.”

But as it turned out, it was none of those things. For £80 you get the “em@iler”, a fixed (rather than mobile) phone which will send and receive email and faxes. There is no subscription charge for the email service – but you will have to submit to adverts beamed to the phone’s small screen which you will not be able to turn off.

Attractive? Perhaps not when compared to BT’s Easicom 1000, launched last March. It costs £80. It sends and received email. You can also use its small screen to browse the Web – which you can’t with the Amstrad em@iler. BT claims to have sold 80,000 in the past year and expects to sell another 220,000 in the next 12 months. And you won’t get ads. Furthermore, these days one would not expect to have to pay for Internet access, since there are hundreds of subscription-free Internet service providers.

But forget all that; what did the City think? Unfortunately, the City hated it. “I can’t get excited about it,” a market-maker in Amstrad shares said after the initial stock-market announcement. Amstrad’s stock promptly lost one-sixth of its value, ending the day at 505p, after months when it had gradually risen.

So does this mean the end for one of the barrow boy legends of consumer electronics? Has Alan Sugar lost his magic touch?

When it comes to the Internet, Mr Sugar has always seemed cautious in an area where one must be a risk taker. A year ago he wrote in a newspaper column that the Internet revolution “could all go pear-shaped” – which could still come true, but is not the ideal stance from which to develop market-winning products. The development cycle for new Internet consumer products is now measured in weeks rather than months or years.

Mr Sugar remains confident. Millions of British homes do not have a computer or modem. He hopes to sell a million, and thinks that with the adverts, “If we run 20 ads a month and if we’re able to charge somebody 15p (per user) then we are in the money.” But if nobody buys the phones, then the money will stay resolutely away. The quality button may say that it is perfect. But underneath, the truth may be rather different.
end//

—-

BY CHARLES ARTHUR
Technology Editor

Unlike most of the people you will meet in these pages, Shawn Fanning never intended to achieve global domination. But also unlike most of the people here, he has truly managed to threaten an entire $10 billion global industry, without ever meaning to. If ever there were an accidental revolutionary, it’s Fanning. Though of course you won’t be surprised to hear that the catalyst for his position is the Internet.

Until late 1998 he was just another computer studies student at North West University in Boston. He had never written any software for the Windows operating system, but Fanning got interested when his roommate began complaining about the problems of using his PC to track down MP3 files – which compress CD-quality music into small, downloadable files – from Websites, and saw the chance to try his hand at his chosen profession.

To help his friend out he wrote a program called Napster (based on his Internet nickname, itself derived from his short-cut hairstyle). It was his first real programming challenge, one on which he worked for days at a time – often not pausing for sleep.

Once completed, and released onto the Internet in January 1999, it was a piece of magic. It can tell you what MP3s an individual user connected to the Net has on their computer – and start copying it from that machine if you want. No payment necessary or requested, either for the Napster program itself or, more importantly, for carrying out the download.

If you have a standard home modem, it will take you between 7 and 10 minutes to download a three-minute MP3-compressed song. A standard 45-minute album would require a few hours. Total cost to a British user, a couple of pounds.

Compared to a CD, there’s no discernible loss in sound quality: the MP3 algorithm is designed to keep frequencies that the ear is sensitive to, and ignore unimportant ones.

The big difference of course is that you haven’t paid £10 or more to a record company or retailer for the music, which you can now listen to endlessly and download into a palm-sized portable MP3 player, essentially a microcomputer dedicated to replaying MP3 files.

It’s not surprising that two things have happened. The music industry is having a collective heart attack at seeing its future revenue streams (which it insists are essential for developing and marketing new bands and artists) cut off; and computer users around the world are taking to Napster with delight. No more having to pay what they see as inflated prices for songs. In fact, no more paying at all, unless you want to spend the money to get the CD with lyrics, liner notes, photographs and the rest.

Clearly, the two business models cannot coexist. Either the record industry gets paid when you take possession of a track, or it has to find some new way of collecting its money.

Just in case you’re thinking it won’t happen to your company, consider that this is a key example of what happens when a conventional business based on making things which carry information collides with the Net. (The book industry faces a similar challenge; only the fact that reading from a screen is 50 per cent slower than from a printed page is preserving it from a Napster-like destruction at present.)

The other key lesson is about what succeeds on the Net. Even by Internet standards, Napster has been a phenomenon, with a user base of up to 10 million who have downloaded it since Fanning released the first version. And that number is growing, the company claims, by between 5 and 25 per cent each week. That makes its user base roughly equal to that of AOL, the world’s biggest Internet service provider. (AOL users can use Napster, just like anyone with Net access.)

Yet there is no business involved in Napster: no money changes hands, not even for the program, which is free. So what’s the lesson? It is this: on the Internet, if you can find something which lets consumers communicate with each other without mediation, it will explode. Imagine if you had been the person who invented email. Napster isn’t quite that, but among the younger generation, it’s not far off.

In December 1999 the music business took its first step against Napster. The Recording Industry Association of America, which represents the big labels, sued the company for “contributory and vicarious copyright infringement”. That suit will finally come to court a week from today [WED] in a Northern Californian court.

Even before that, Napster had been sued successfully by the heavy metal group Metallica (ironically, Fanning’s favourite group) and the rap artist Dr Dre. They forced the company to prevent hundreds of thousands of fans from using its servers. (Many of those fans, it is thought, simply wiped all traces of Napster from their PCs and then downloaded a fresh copy of the program and logged in again under a different name.) Metallica fans were, to put it politely, annoyed. Bad PR? Absolutely, says Alan McGee, discoverer of the supergroup Oasis. McGee sold half of his Creation Records company to Sony but then got out completely last year, tired of working under a multinational. “”How stupid of Metallica to in effect sue 300,000 of their fans,” he remarked after the case.

How does Fanning react to all this? With multi-million dollar lawuits looming he is presently incommunicado, at least as far as the press is concerned. But his opinions remain consistent through months of interviews. Is it intended to destroy the music industry? “It was… to create a music community,” he told ZD Net in March. “I thought it was pretty exciting just in terms of the technology.”

But isn’t it theft, what all those people are doing? “I can’t really discuss that,” he told the Observer in May. He thought the service would benefit independent bands without record label deals who could make their MP3s available for download without going through intermediaries such as MP3.com, a commercial Website which very definitely does store MP3s – and recently had to pay the record industry $40m in a settlement which allows it to play MP3s of known artists through its site.

The MP3.com decision was a small chink of light for the RIAA’s members. In 1998 it lost a significant case against Diamond Multimedia, which makes the Rio MP3 handheld player – effectively a Walkman for the MP3 generation. The RIAA sued Diamond and lost. “The RIAA suing us was the best piece of publicity we ever got,” says Nick Caddick, Rio’s senior European marketing manager.

The RIAA lost because, as happened before when the copyright industries sued over cassette recorders and VCRs, a judge ruled that there was a legitimate use for the products – making your own recordings of your own work. Because that legitimate use exists, the product cannot be banned, even though it can be used to abuse copyright, for example by making copies of records. It would be up to the record companies to police anyone making copies. They capitulated.

Similarly, Sony was sued by the film and TV companies when it introduced the Betamax VCR in the 1970s; the same argument was used and prevailed.

One of the arguments the company (formed last summer as Fanning was persuaded by his family to try to capitalise on his invention; in May it received $15m of venture capital funding) is putting forward in its defence is the same one: you could use it to give people access to non-copyrighted work. The fact that millions of people don’t use it that way really isn’t Napster’s fault, because it does not control what is downloaded. Nor does it store any music.

Not only does it have heavyweight arguments in its favour; Napster also has a heavyweight lawyer: David Boies, better known for his remarkable demolition job of Microsoft for breaking antitrust laws: he was the lead lawyer for the US Department of Justice. He won that case. Now he is again, in a sense, representing millions of consumers against powerful forces ranged against them.

Boies, who is in private practice, filed Napster’s defence against the RIAA case earlier this month. Besides various affidavits from members of the (independent) record industry declaring how pleased they are with Napster, he put up a number of independent planks on which the defence will rest. One is that the US’s 1992 Audio Home Recording Act (AHRA) allows individuals to share a song with as many people as they want, as long as it is a noncommercial use. (The RIAA riposted last Friday that the AHRA specifically mentions “a household and its normal circle of friends, rather than the public.”)

But Napster is also hitting back, defending itself by alleging that the record industry is acting in an anti-trust manner: by blocking new means of distributing music (that is, online and directly between users) the industry is misusing its copyright privileges, Boies said; and under (an obscure) antitrust doctrine, that would mean the industry cannot sue Napster. (The RIAA was silent. Few people argue antitrust law with Boies.)

The RIAA’s principal riposte last Friday was that Napster “uses euphemisms like ‘sharing’ to avoid the real issue. The truth is, the making and distributing of unauthorised copies of copyrighted works by Napster users is not ‘sharing’, any more than stealing apples from your neighbour’s tree is ‘sharing’.”

The music industry has a basic problem with the whole Napster model. But in part that is because it has been so amazingly slow to realise what was happening in the digital landscape.

Besides the lawsuits, music business people like to deny that the public really likes MP3s. Last week, Nick Raymonde, the A&R (artists and repertoire) director at BMG Music, one of the biggest music companies, said in an interview that MP3 “is not a particularly good format technically” and “I don’t really see a lot of kids walking around with MP3 players yet”. As for Napster, he thinks it “a nuisance. I’d rather go and buy a CD. I don’t use it at all because, if it was a band I liked, I’d feel as if I was stealing from them.” One wonders who has it totally wrong: Mr Raymonde, or the millions of Napster users. There’s also the fact that the industry claims furiously that Napster is already depressing CD sales (one recent study claimed that CD sales within a few miles of US universities, where Napster is most commonly used, have fallen; the company riposted with studies showing rising sales.)

Belatedly, the record industry is moving towards an accommodation with the millions of people who are already online. But its problem is that while those moves might have made sense a few years ago, today they look retrograde. For instance, earlier this week EMI began offering downloads of work by Pink Floyd (including its seminal Dark Side of the Moon), Frank Sinatra and rap stars NWA, among 100 other albums and 200-plus singles.

Great; except that you’ll need a particular program to hear the music, and another program to make sure you’re obeying your download licence, and you won’t just be able to swap it around between computers (if you have more than one) and MP3 players. Basically it’ll be a pain.

But the real kicker is this: you’ll still have to pay for it. EMI intends to sell the digital music, via a new set of online retailers, for as much as the physical album.

An EMI spokeswoman said, “We want to learn what the users want, how they find the user experience.” Actually, it’s right down the digital road, at www.napster.com. You get it for free and then you decide if you’d like the physical CD too.

The amazingly slow-moving and inept reaction of the industry led Carolyn Kantor, senior vice-president of MP3.com, to say that “the music industry is a $40 billion industry locked in a $10 billion body.” By which she means that by resisting new forms of distribution that resemble Napster, it is cutting itself off from huge potential sources of revenue. “Progress is about embracing new forms of digital music distribution,” she told a London conference on the future of music in May. “Look at the film industry – it has found a way to take one product through a huge life cycle, where you pay to see a film, then you can see the film as pay-er-view on cable, then you can hire a video, and finally it’s on TV for free. But the music industry hasn’t created a model that let them make their money beyond the first release of the product.”

If Napster wins its case, the effect on the industry will be dramatic. MP3 sharing will become endemic. There is no technical way to prevent CD tracks from being turned into MP3s. Internet access is speeding up – so that in a few years, downloading a 5 Mb file (ie a four-minute MP3 song) will take less than a minute. That’s faster than it takes to actually transform the CD track into an MP3, meaning that using Napster will be preferable to buying the CD. The record industry’s only recourse would be to sue every Napster user individually. As McGee might observe, what a brilliant way to piss off your customers.

“In the short term, the industry badly needs some transparency about its prices,” admits one music executive, who asked to stay anonymous. “People are going to want to know how much the artist is getting if they buy a song, rather than download it. For the fans, that might work. But as long as all you see is the single price tag, and you don’t know how much goes to the record shop and how much to the record label and how much to the artist, you assume nothing goes to the musicians.” That attitude has been fostered by artists such as Courtney Love and Chuck D (of rap group Public Enemy) who have publicly declared that it is the record labels who are the pirates, not the fans or Napster. A growing number of bands are also using MP3s – and some even using Napster – to distribute some of their music, aiming to make money from live performances, merchandise and spin-offs. The music becomes something you just do. It’s a future-oriented way of making money that the record industry seems calamitously unready for.

Napster too is preparing itself for the future: last week it announced it had hired – “stolen” was the nose-tweaking word it preferred – an executive from one of the record companies that is suing it. Keith Bernstein started as operations director on Monday, joining from Seagram-Universal, the world’s biggest record label and a sworn enemy of Napster, which earlier this year hired an A&M legal affairs executive.

For yes, what if the RIAA wins the decision? “We’ll appeal,” said a Napster PR. “There will be a lengthy appeals process. You know, these things can just go on and on. We’re going to be around for years.” The question now is, will the record industry?

end///