System Overlord

A blog about security engineering, research, and general hacking.


Sorry for the lack of updates lately, things have been crazy.

I wanted to take a moment to explain why I have been a member of for several years, and a moderator for about a year, and also what it's all about.

Why the AACS key is not about piracy.

The leaking of the AACS key, for many users, is not about piracy or even the ability to make 'backups' of HD-DVD disks. Like the issue surrounding DeCSS, it is about the ability to use content on a variety of platforms. I would like to build a home theater PC running MythTV. Perhaps I'd like that HTPC to be able to play HD-DVDs.

It is not even a fanatical view of Free software that encourages the distribution of this key. Many Linux users would be satisfied with a HD-DVD and DVD codec that is no-cost and works with existing software.

For these same reasons, I oppose most DRM. If I pay for the content, why should I not be able to play it when and where I want? The fear of piracy has caused the content producers to treat everyone like criminals. Whether or not we have actually done any harm, we are restricted to what they want us to do with "their" content.

Until the AACS-LA (and the entertainment industry in general) understands these issues, it seems like the solution may be to only purchase content in DRM-free form from Independent artists and studios.

If they treat us like pirates, we are forced to act like pirates to protect our Fair Use Rights.

The infamous Digg post

Show your support of freedom of speech

Edit: Oh, and Mark Shuttleworth has it again: DRM doesn't work. Who'd have guessed that the leader of the fastest-growing Linux distribution would understand the digital media market?  I'm glad someone has some sense.

How the Ubuntu/Dell deal will impact the market

Ubuntu founder Mark Shuttleworth has an excellent blog entry describing the way the Ubuntu/Dell deal will impact driver development, Dell's business, and Linux in general. Most notable is his assertion that the "free software approach is a better device driver development model" than the closed-source model.  I wholehartedly agree with this, because once a driver is mainlined in the kernel, the kernel devs maintain the driver interface to the kernel.  The only work left for the hardware vendor is supporting their hardware.

AOL: 8 Character Passwords?

A lot of people probably thought that AOL would be a company to keep with the times.  Apparently not, since their system only uses the first 8 characters of a password, silently discarding anything else.  Sounds like a sense of false security to me.

Circuit City: Incompetence or Negligance?

Note: While I try to keep entries here technical in nature, I feel that this warrants discussion and is relevant to the technical/Linux community.

Yesterday, my brother ordered a digital camera (Samsung S730, works great with Linux) package, including a 512MB SD card, from using the "in-store pickup" option.  Upon his arrival at the store, the employees attempted to give him only the Camera and not the card.  When he asked them to correct this, they told him him they would reverse the original transaction and process a new one at the original price. Eventually, (after much complaining about how this would screw up their inventory system) they were able to process this, however it was run as a second transaction.  As of today, his credit card shows two $140 charges from Circuit City.  Circuit City online technical support tells him there is nothing they can do, that the refund should process in 3-5 days.

How can a company be run so badly that employees in the store cannot simply process an already complete online order by simply getting the items to the customer? I have had reservations about Circuit City before, but now I will not be shopping with them, and I encourage you to do the same.