Those pesky Safe Harbour Provision in DCMA …

Viacom sued YouTube. Old News. Google, YouTube’s owner, initial response was lousy, saying things such as “Viacom should see YouTube as a market opportunity rather than sueing it”.

YouTube lawyers obviously know how it can defend itself against this kind of lawsuit. So does Google’s lawyers before they even considered purchasing YouTube. To an extent Microsoft’s, Yahoo’s and, yes, Viacom’s lawyers know it to. It is widely known as the “Safe Harbour Provision” under DCMA. Loosely speaking, it means Internet Service Providers are immune from lawsuit if it takes down infringing materials quickly after being informed by the copyright holder.

This safe harbour provision is one that the “Content Industries” and “Consumer Industries” had compromised in the drafting of DCMA. The use of “take down notices” in practice means the onus is on the copyright holder to police their copyrights.

YouTube’s lawyer rally behind the shield of this provision. Viacom’s lawyers tried to sidestep this provision. Now that Google has the time to digest and distill the lawsuit down, it decided to go on the offensive by highlighting this. Google home in on the fact that the wording of the lawsuit can be interpreted as since Viacom find it impossible for it to police YouTube, so it wants YouTube to do the policing for it. Google is doing a song-and-dance over it. And it is likely that it will win, provided of  course, it can argues that it fits the definition of “internet service provider”. This point is something Viacom’s lawyer will probably find it difficult to penetrate. Indeed, in the original complain, it did not try to do so, but rather argued that Google knows and has benefited by encouraging infringement, the charge that was the downfall of one of the P2P companies in the post-Napster period.

Some commentators argued that this lawsuit is simply both sides positioning for a better copyright deal. May be. It will be more interesting if it get decided by a law court.

Copyright holders had the responsibility of policing their work since day 1 of the copyright law. Its nothing new. They do get help from the authorities in the form of criminal penalty for large scale piracy. Lately, we see move in which they are trying to get more help by offloading their responsibility, in the form of EU’s new copyright directive making copyright infringement a criminal offense rather than a civil one (i.e., asking the state to take over copyright policing) or to get private entities to do the policing for them, as in this lawsuit. We need to help them police their work, but we cannot and should not take over the policing for them, nor allow them to shift that burden to a third party.

Copyrights holders’ record on defending their copyright work are being drag through the mud more and more these day. The poster child is of course RIAA, whose legal tactics can sometimes be seen as attempts to intimidate persons into submissions, sloppy and unreasonable. Sloppy because  when someone digs into the actual “infringement”, it can be easily argued that the evidence is simply not there. Unreasonable, because their lawyers choose to impede every attempt for the defendant to get information to defend themselves. Their latest tactics, i.e., asking Universities to deliver “settlement offers” letters to their students, hit the brick wall in several universities. Interestingly, one even demanded reimbursement to send the letters to the students.

Well Done DOJ

BBC is reporting that Dell might sell Linux computer preinstalled. This reminded me of the DOJ’s anitrust case against Microsoft, i.e., the first one.

One of the outcome of that case is that Microsoft can no longer threaten big PC vendors for shipping other operating systems. Before this, even the mentioned of possibly shipping other OS can incur retaliation from Microsoft.

It is really a bit strange, but on the server market, where alternative OS is available and is a viable business, Dell had decided to sell servers with no operating system but throw a copy of FreeDOS floppy disk inside it. I can see the logic since servers are managed by IT pros and if they had decided not to use Windows, they probably are quite choosy on the exact configuration of the alternatives available.

However, the long trumpet of Linux on Desktop never materialized. This lend some support to the argument that Linux on Desktop probably does not make the business case. Then come the news that Dell’s new customer website has been deluged with request for Linux desktop. I note that it had become increasingly easier to get a refund on Windows from Dell and other manufacturers lately. Probably an coincidence.

I have doubt that Dell, or indeed any other companies, dare to incur the wrath of Microsoft for even mentioning shipping an alternative Operating System without DOJ’s intervention so WELL DONE DOJ!

Lost in Translation

When reading ECMA’s response to National Bodies, one thing that strike me as rubbish is ECMA’s argument that it is possible to translate from EOXML to ODF, and therefore, there is no contradiction between EOXML and ODF. At that time, my thinking is if we accept this argument, there can never be any contradiction when it comes to software, as there is always a way to translate bit patterns. However, I did decided that the abbreviated style used for EOXML element/attribute name and predefined values did not matter, as I work with XML every day and can reasonably guess those value. Moreover, EOXML document package, although different from ODF, is just another document package and most people should be able to figure out its contents without reading the specs anyway. Unfortunately, less than a month after forming that two opinions, I was proven to be mistaken.

Last Monday, I was trying to do an ad hoc demonstration the ability to use XML to get an application to data in and out from MSOffice’s new EOXML format. I tried to demo it by hand as the person I am targeting is a developer and she can connect the dots. The reason why I attempted the demonstration is that she just got a copy of MS Office 2007 and I thought it is a good idea if I can persuade her to modify her application to read/write data in EOXML because this reduce the chances that users cut-and-paste results wrongly.

Well, I am a pro-ODF person. However, this demo was not set out to discredit EOXML. It is in my interest to see EOXML succeed in this case. If I succeeded and she adopt EOXML, it actually make it easier for me to translate it to ODF using XSLT for example. There are two key targets in the ad hoc demonstration. First is the ease of getting hold of the correct XML file and second the ease of modifying the XML file. Let’s face it, in both EOXML and ODF, it is not easy to create a document from scratch. Most developers, like me, will simply use Office applications to create a dummy document then modify it appropriately. These two key targets may be specific to academics but it is likely to apply to the majority of developers.

The demo is simple. Create a dummy spreadsheet, save to file. Then using a simple text editor, change one value in the dummy spreadsheet and reopen it in MSOffice. Did I succeeded? Well you guessed it: NO.

After I unzip a EOXML spreadsheet file, my first problem is that I have to hunt for the XML file containing the spreadsheet data. Lets call this the content file. I was looking for a filename that is really obvious, but nothing jump out. Not a good start. Then I decided to follow the EOXML standard by locating the file that explains where it is. Lets call this the TOC (table of content) file. I know this file is held in subdirectories but again, no directory jump out. I end up doing a wild goose chase searching the document package until I finally located it. (Yes, I know if I just read the EOXML standard I will know what the subdirectory and filename this TOC file is.) I opened the TOC file and quickly located the content file.

The next stage is to edit the content file. I opened it in Visual Studio’s XML editor. The first thing that hits me is, I cannot really tell what the single letter XML tags “r”, “c” and “v” etc really means. This surprised me. Never mind, lets gloss over this by proceeding to modify the values. That should be easy since I created the spreadsheet. I changed a number to a string. I repackaged the document and open it in Excel 2007. Puff…. it complains that the document contains error and cannot open it. My error, as it turns out, is that I did not realize that by changing a cell value from number to string, I should had changed the cell type as well.

My demonstration just gone up in smoke. Not surprisingly she is not convinced. For reading the document, I just demonstrate that she need to do the extra work of hunt for the correct content file by reading and understanding a TOC file. The problem here is since some other application created the content, one cannot assume the location of the content file unless the document format mandate it. I also demonstrated that it is not easy to read the it (BIG thank you to the “r”, “c” and “v” tag designer). As for writing to EOXML, again the abbreviated tags make it difficult to write the data correctly.

Was I to blame for the failed demonstration? Yes, but only partly. I should had read the specs and practiced the demo first but that’s it. The need to locate the TOC file is just a small speed bump. The need to read and understand the TOC file just to locate the XML file just make things complicated the casual EOXML users like us. However, the biggest problem is the difficulty in understanding the EOXML tags, attribute and value. Although this sounds like I am trying to put the blame for my failure on someone else by saying that EOXML should had made it easier for me to demonstrate the beauty of XML-based office document format, it is not. After all, how many people bothered to read the specs for something before using it? I did not do this when I started using XML, text editor or other technology.

What I learned from this experience is the danger of cryptic abbreviation. It constitute a new vocabulary and becomes a new language. To me, the content file must as well be written in a foreign language. May be a non-English speaker will find the abbreviation easier to use. Even if this is true, why create a new vocabulary and a new language? Reusing existing ones means at least a subset of users can understand it easily. Yes a translator can help, but why design one when it is not necessary?

Microsoft given time to explain why its licensing program is fair

BusinessWeek is running an article saying that Microsoft is given time to explain why its licensing program is fair.

While BusinessWeek says it is an extension of the deadline, I do not see it as such. While I am sure EU had been privately voicing its concerns about what it believe is “non-innovative” protocol with Microsoft, it only formally tell Microsoft on 1st March. This is the operative date. Asking for a reply on April 3 can be perceived as giving too little time to response. It is rather normal and I will certainly prefer, to give respondent two months to reply.

Its equally wrong to say Microsoft is given a reprieve. If Microsoft still believe EU is unreasonable and go to court, it will not be able to argue that it is not given enough time to study EU’s objections. And if it finally fails all revenue of appeal, it is still not clear whether the period of which it is liable to be fined will exclude this timeframe. It is less likely to be successful in getting the court to agree that the fine should exclude this timeframe if the appeal is dragged on for a long time.

Carrying on my John Carroll bashing which I started this morning, I am going to read tea leaves and says that if Microsoft’s share of the market increased within April 3rd and April 23th, he is going to see it as a vindication that it is the customers that want Microsoft product, and not a result of Microsoft’s monopolistic abuse.

Surge of interest int SC34 ISO

SC34 ISO is the working party in ISO in charge of approving EOXML passage through ISO. This is the first meeting held since the rather negative response to EOXML in January. It appears that the normally dull meeting is experiencing a revival as there is a surge of P countries sending representatives to the meeting. Alex Brown, who attended the meeting note that quite a large number of new arrivals are Microsoft employees.

One thing that really fascinate me is the secretary find it proper to inform the attendees that EOXML is not on the agenda. Guess (s)he noticed it as well.

Well, there is nothing wrong with Microsoft giving its employees time off to attend meeting on behalf of national bodies or even funding them to attend these meetings. Other companies do this as well. But the sudden surge in numbers are interesting. I can guess that the politics Microsoft is playing has something to do with EOXML passage through ISO. However, this is just my guess. I don’t know, and frankly don’t care, what politics Microsoft is playing here. I find it important, however, to remind Microsoft funded attendee that they are there to represent the interest of their countries, not Microsoft. Sure, there will be some cross-pollination such as building rapport with important members of the committee, but to go all out trumpeting Microsoft’s interest, particularly EOXML, will be a serious and blatant abuse of their position of responsibility.

I don’t know why so many Microsoft employees attended. At HQ level, I am sure the Standard division would had noted that this meeting has nothing to do with EOXML. It seems likely that the country divisions are oblivious to it. It is likely that they send the wrong “type” of employees, i.e., those clueless about the business of SC34. If it ever comes to any vote, all attendees would have to vote according to the position of their countries, not Microsoft. If they don’t, not only will individual countries sanction Microsoft, ISO probably will sanction Microsoft as well and this is not going to advance Microsoft’s causes.

If I were Microsoft, I send a few persons close to EOXML such as Brian Jones as they will have more impact and authority over issues surrounding EOXML.

Run Linux … and have problems claiming warranty

When I read this post at linux.com about some customer service representative claiming that simply running Linux or other unsupported operating system will mean you void your warranty, it reminded me about the same problem I have when I started working. To cut a long story short, what happened is I hit a brick wall when I mentioned that I am running Linux on the server. Despite the fact that the manufacturer in question fully expects us to, as they sold us the server without operating system and it is the BIOS fails to recognize the keybaord. All I get is “We do not support Linux”. Fortunately for me, I know what is wrong. I was also a business customer, and they cannot dismiss me that easily as they could with a private customer. In the end, they agree that the keyboard was malfunctioning and send me a replacement.

The trouble with technical support is, once you spend sometime on the phone with them and they cannot resolve the problem, they are trying to get a way out, and will start looking for something where you divert from the norm to get you off the phone. Nevermind you are paying for the phone call, and that they charge you for 10 minutes waiting before connecting you to technical support. That is why I always just stay focussed on the problem at hand, do not divulge more information than necessary and make it clear on the phone from the start that I am a technical personnel.

Her experience and mine are not unique. In some sense, as private customer, she got the shorter end of  the stick. Sometimes, in this situation, I do things on paper.  In her case, writing in black and white asking for an explaination on why  “sticky keys on keyboard” has to do with operating system usually do the trick.

With the rise of alternative operating systems, we will see such cases arise more frequently. Eventually it will reach a tipping point where  your choice of operating system will  automatically void your warranty and ludicrous  comment from PR that “in general, if you change the operating system, you void the warranty” will be laughed at.

By the way, this is not the most ludicrous comments I heard. The worst was one operating system company that claims if I install any software on its operating system, I void the software warranty.

Mr Carroll, why not advise Microsoft to get out of the EC?

John Carroll, a Microsoft employee, clearly love Microsoft. Nothing wrong with that and it is good to see an employee love his company.

Therefore, it is not very surprising that he did not like EC’s on going anti-trust litigation against Microsoft. The truth is, he is not the only one. However, he is on my target list because he has a blog on ZDNet and is rather vocal about it.

Sometimes, like after reading this post of his, it is really tempting to tell him to advise Microsoft to get out of the EC completely. Why not? According to him, EC is simply not seeing the “whole picture” and its judgment are simply wrong. If so, who can work in such an environment? As such, why not just leave the EC-controlled area? After all, no need to create Windows without MediaPlayer edition which nobody wants, and of course all those pesky licensing deal EC is “improperly” trying to extract from Microsoft will just vanish into thin air. Hey, may be this will cause EC to alienate so many of its constituency that in a few years time, it is either gone or be shown  the error of its way by voters.

Truth is, if any company wants to do business in any part of this world, it has to abide by the appropriate authority. The authority may be pig-headed, unreasonable and assert too much influence, but in order to do business in that jurisdiction, you just have to glean and bear it. It’s nothing new. Everyone is doing it. In a lot of cases, for example bribery cases, we even see business colluding with the authorities to the detriment of the constituency.

I, however, is not incline to dismiss all Carroll’s opinion. From time to time, he does come out with argument that send me on an intellectual debate. Unfortunately, virtually all of his complains about EC just simply missed the mark.

Thank god someone in Microsoft Security Response Centre see sense

When it comes to software security, there is only three operative words: Trust, trust and trust.

If I do not trust your software, I don’t have security. If I do not trust your software patch will come in a timely fashion in response to threats, I don’t have security. If I do not trust your threat evaluation, I do not have security. And if I do not have security, the chances that I use your software just dropped significantly.

Microsoft’s software security had been terrible, but we do see an improvement after Bill Gate send an memo telling Microsofties to concentrate on security, security, security. A few years ago most people take Microsoft talk of security as a joke. The attitude is changing and for the good. While Microsoft’s software is still viewed as “less secure”, but the trust on the company is increasing.

Unfortunately, before Mr Gate even leave the company, some one is threatening this trust. Michael Howard, a senior security program manager in Microsoft’s security engineering group, ask Microsoft Security Response Centre (MSRC) to take Vista improved security features into account and where appropriate, give Vista a less severe rating than XP. Thank god that MSRC decided to rebuff him and I hope pressure is not applied to MSRC to force them to change their stand. One problem with severity rating is the way it can be massaged. All software vendors are, in some respect, guilty of massaging the severity rating and Microsoft does not escape this criticism.

Existing yardstick for threat severity rating may be simplistic and too black-and-white but it works relatively well and make it easy for user to understand and trust.

If Mr Howard is trying to extol the security virtue of Vista by this comment, then he is “penny-wise but pound foolish”. Trust is the foundation of any security effort and he just lose my trust. I hope his comment does not bring down people’s trust in Microsoft security response.

“Novell’s Steinman: Novell Wants a GPLv3 that Enables Patent Deal” [Updated]

This is not my choice of title, rather, I nicked it from Groklaw’s News Pick. (Hence, the quotation). Exaggeration, no doubt, since the news item it refers to simply says Novell is trying to steer FSF into “helping develop a version of the GPL that enables that [Microsoft-Noevell] agreement to continue”.

Nevermind the impossibility of the task. Getting Richard Stallman to change his mind on anything is already difficult, let alone “Freedom ZERO”. Eber Morgan, the framer for GPL v3, did not like the way that agreement workaround Novell’s GPL responsibilities, … and that are just two alpha males around GPL v3 creation. Their herds, like me, are happy with the way FSF is going about to negate the irresponsibility of Novell. Nevertheless, Novell can do whatever it can to influence the GPL v3 process and good luck to them.

This article obviously got PJ of Groklaw fuming. She gone the extra length by getting FSF to deliver the final insult: FSF is unlikely to renew their membership even if they asked. And, … surprise surprise, GPL v3 will not permit the deal Novell had signed. As a side note: Novell haven’t keep up with their membership of FSF. Their last donation was about a year before the MS-Novell deal. It was for $5K, hardly a “significant” contributor to FSF by any measure.

It is difficult to “work around” GPL’s provisions. Microsoft only manage to pull the rabbit out of the hat after so many years of trying. (SCO’s endeavor is downright ricdiculous and not worth mentioning.) Nevertheless, occasionally, we get workaround like this. That is what happen when people start playing the “word game”. That is part of the reason why the license must continue to evolve. Matt Assay points out rightly that FSF should not lose sight of the thousands of people complying and supporting GPL. Until US or other legislation recognize and give weights to the “moral rights” of a licensing, not only the “wording” of the license, there will be people who try to defeat GPL through careful semantic exercise.

One is in no doubt that Novell/Microsoft will scrutinize GPL v3 in an attempt to workaround it again. Let’s not forget that it is entirely in their discretion to rework their agreement to “satisfy GPL v3”. Novell will have the biggest incentives to do this, unless of course it is getting out of SuSE and decide to “dine on scraps” from the Microsoft table.

As for crystal-ball prediction, my money is on Novell having significant problem in a few years time over GPL v3. While it will still maintains its rights to redistribute Linux because it is practically impossible for Linux to switch to GPL v3, the emergence of “GPLv3 or later” GNU tools are hard to replace. Can Novell do it? Yes, but that will increase SUSE’s cost and affect its competitiveness.

[Updated 23 March 2007. I had been bashing him in this post, so I am duty bound to report his apology to FSF when I saw his apology] Novell’s Steinman apologize for this guff.

Don’t get fan up over joint Novell-MS HSBC press release (Updated 19 Mar)

Please, please, please do not jump on the debate over HSBC’s claim that “[their] Windows environment has a lower total cost of ownership than our current Linux environment”

First of all, the statement “Windows environment” and “Linux environment” needs qualifying. I cannot see HSBC’s Windows and Linux environments serve substantially similar purposes. It is extremely likely that they serves two substantially different purposes. We are therefore comparing apples with orange here.

Most damningly, why did HSBC choose to “harmonize their Linux distributions to one vendor” to lower their Linux TCO rather than ditch their “Linux environment” altogether if TCO is higher in the “Linux environment”? Wasting money is not what a bank does.

Moreover, this is a joint Novell-MS Press Release. Novell is a Linux vendor. I cannot see how Novell is going to put its name on a press release that belittle itself. Even though Novell is stupid enough to be the whipping boy for MS’ “Linux infringes our IP” initiatives, it did not put its name on any MS Press Release where it’s Linux business was belittled.

This Press Release is about the advantages of using Novell’s SuSE and Microsoft Windows together in a heterogeneous environment. Nothing else. Even then, the technical advantages mentioned by HSBC fellow are rather generic: Windows Active Directory integration into its Linux environment is achieved via SamBA, something any Linux distribution can do. Lowering cost and complexity by using only one Linux distribution only could had appeared on RedHat’s Press Release.

I suspect HSBC decision to choose SuSE Linux is based a lot on cost. Putting your name in a PR release like this one normally brings you discount.

Don’t bash Novell either, it is free to put out press release that promotes its product. In Press Releases, Novell is free to call anything, even of questionable value, an “advantage”.

[Update: This post on Computer Business Review Online, suggests strongly that HSBC was likely to be “legally bound” to toll-the-line when it comes to  “Intellectual Property” trumpet. Admittedly, that post was written by a person who disagree with the “Novell-Microsoft” agreement. However, note the absence of quote from HSBC person about “Intellectual Property” in the original press release. It is obvious that Microsoft had a hand in drafting the part about “Intellectual Property”. HSBC and Novell were extremely likely to have seen and have to approve the PR. For HSBC, its concern is that it has not been misquoted. However, this is normally restricted to words and sentence attributed to HSBC. The drafter can insert 10,000 other items into the press release, but as long as they are not attributable to HSBC, HSBC will not be concerned about it. More worrying is Novell agreeing to be the whipping boy again!]