Benlog

On Arianna Huffington’s new blog, the Huffington Post, we find out that Hilary Rosen is begging Steve Jobs to “let her music go.” As the Recording Industry’s ex-president, she’s peeved because she can’t play songs from “other music stores” on her iPod. Allow me to quote the juiciest part:

But keeping the iTunes system a proprietary technology to prevent anyone from using multiple (read Microsoft) music systems is the most anti-consumer and user unfriendly thing any god can do. Is this the same Jobs that railed for years about the Microsoft monopoly? Is taking a page out of their playbook the only way to have a successful business? If he isn’t careful Bill Gates might just Betamax him while the crowds cheer him on.

Oh the irony, the irony! Where to begin?

There is, of course, the delightful point about how “preventing anyone from using multiple […] systems is the most anti-consumer and user unfriendly thing.” Yes, that’s true. Kind of like the DVD encryption and DMCA enforcement that prevents people from viewing their legally-purchased DVDs on Linux, the operating system of their choice.

Then there is Ms. Rosen’s rhetorical question about whether having a monopoly is the only way to run a successful business. We should put that question before the music label cartel and see what they think.

And then there’s the Betamax reference, which is oh-so ironic given how much the MPAA, the RIAA’s cousin, fought so hard to outlaw VCRs in the first place. Also, I think Hilary got it backwards. If MS is the “lesser technology” that eventually wins out, then Bill would be “VHS’ing” Steve’s Betamax, not the other way around.

But the most ironic part of it all isn’t this amazing pro-consumer attitude we see from the ex-RIAA president. It’s her complete failure to realize the RIAA’s responsibility in creating this music format compatibility mess we have today.

In the beginning, there was Napster v1 filesharing. And mp3.com. And online personalized radio. And all sorts of other innovative models that built on Ms. Rosen’s idea that anyone should be able to play a given song file anywhere. That music would be ubiquitous. But Ms. Rosen and her team of lawyers killed these models. Because the RIAA couldn’t stand to change its well-established, tightly controlled world view of nicely-packaged, sterile song selling.

And the RIAA wanted Digital Rights Management (DRM) and a strong law (the DMCA) to protect it. Not so much because people would buy fewer songs if they could copy them, as the RIAA so loudly and falsely proclaimed, but because freely copiable songs might enable alternative music distribution business models. Alternative models that might threaten the established music labels.

The RIAA dictated the way music should be sold online. They set the terms of the Apple iTunes store, of the Napster v2 online store, of the Microsoft online store. No more than 5 CDs can be burned. No more than 3 computers you can share these songs with. No direct conversion to MP3 format.

The RIAA set the rules. And with those rules, there isn’t much wiggle room. Is it surprising that the only remaining business model is to try to build the best DRM platform there is? That’s what Apple is trying to do with iTunes/iPods. It’s what Microsoft is trying to do with Windows Media, only their platform is software-only: it appears more open to the untrained eye, but don’t expect Microsoft to let me build my own Windows Media reader without paying them royalties.

The RIAA imposed DRM, and with DRM came inevitable incompatibility. Ms. Rosen, meet DRM. It’s your baby.

I’ve been keeping an eye on the people at 37 Signals, particularly David Heinemeier Hansson who founded the Ruby on Rails web development project. I’m quite impressed.

They really get it. Their web applications are very easy to use and very useful, and the Ruby-on-Rails development platform is incredibly interesting (if only they favored PostgreSQL over MySQL… but I digress). You should check out their two applications: BaseCamp and Backpack. Backpack is particularly interesting because it looks a lot like the small applications I’ve constantly built for myself in order to organize my work… only it looks like they’ve done a much better job.

I have yet to find the time to really dig into the Ruby-on-Rails platform in detail, but I strongly support the basic ideas: dynamic typing, radid development cycle (no compilation), easy, non-XSLT, templating, and not being afraid of SQL, are all ideas that have been around for a long time (Naviserver back in 1995), but David has managed to package them and market them more effectively than anyone else.

It’s good to see a rebirth of web applications. There’s more to this “web 2.0” talk than just hype, and the 37Signals and RoR teams are proving it.

A couple of weeks ago, Microsoft withdrew support from a bill that would have mandated equal opportunity protection regardless of sexual orientation. The response in the press has been so overwhelming that Bill Gates recently expressed his surprise. It seems he thought this would go unnoticed. And the best MS can say to explain its action: “we’re not against the bill, we’re just no longer in favor of it.”

That’s just weak. You’d think a company as big and strong and experienced as Microsoft would be able to better predict public response. But the fun doesn’t stop here.

Today, Bill Gates is envisioning cars that don’t crash. Even a non-nerd will utter a forced chuckle and think “oh yeah, and I envision a version of Windows that doesn’t crash.” Come on. Does any of this stuff get vetted in any way?

I feel like the Daily Show criticizing the Bush Administration: stop providing so much material, eh?

UPDATE: giving credit where credit is due – Microsoft has just re-reversed its decision. Next year, they will support any legislation that disallows discrimination based on sexual orientation. Thank you, Microsoft.

Ironically, a Republican freshman Senator who supports the party-line opposition to the filibuster here at home, recently returned from Iraq with an inspiring story about the formation of multi-ethnic democracy there. Reporting that he asked a Kurdish leader there if he worried that the majority Shiites would “overrun” the minority Kurds, this Senator said the Kurdish leader responded “oh no, we have a secret weapon…. [the] filibuster.”
— Al Gore

Whatever your political stance, whether you voted for him or not, Al Gore deserves enormous praise for his latest speech. This speech is, in my mind, the essence of what this country stands for.

Four weeks ago, a few fellow crypto people from MIT and I wrote a letter to the Dean of the MIT Sloan School concerning the applicant hacking incident.

The Dean answered. So we wrote back. And he wrote back. And the discussion was quite interesting. I fully admit that I was surprised: I didn’t expect the Dean to take as much time as he did to answer as thoughtfully as he did. And it’s not like we agreed in the end, either. We ended up disagreeing on the notion of notification of private online spaces. That said, one thing is clear: MIT Sloan did not make this call lightly, and as much as I continue to strongly disagree with their decision, I also strongly respect their decision process.

At the very least, this was a victory for honest and open debate. You can read the entire exchange.

A while ago, I served on a jury in a civil case concerning a car accident. The plaintiff incurred tens of thousands of dollars in medical expenses and lost wages. The defendent was found liable as he clearly caused the accident. Deliberation was quick, as there wasn’t a whole lot to discuss. But there was one issue we couldn’t rule on, one issue which truly angers me. The defendent’s fees were not picked up by her insurance, because her insurance had been cancelled, because, once she proved unable to fulfill her duties because of post-accident trauma and pain, her large-company employer fired her retroactively to the day before the accident.

As a close friend would say, “that’s messed up.” But what’s really messed up is that we have a system that regularly accepts such events as inevitabilities. 40 Million people without insurance. And out of those who do have insurance, most will not be able to use it for some weird technical reason, like being fired retroactively. As a consequence, individuals are left with the bill. Certainly, the defendent made a mistake. The mistake was that he cut a corner in a blind turn on a road he knew very well. Who can honestly say they haven’t done something like that, only they were lucky enough not to have an accident?

Should this defendent’s life be destroyed for such a mistake? Is that the kind of society we want? A Russian Roulette society, where a single mistake might cost you your life’s savings, your chance at a reasonable career, your health?

On the flipside, the plaintiff needs a solution, too. And the system isn’t getting any better: the recent bankruptcy bill will make it even harder to recover from such unlucky occurrences when the medical bills get astronomical.

What’s truly ironic is that the very crowd that encourages this Russian Roulette society is the same crowd that complains about frivolous lawsuits and makes it harder for the middle class to get insurance by reducing small business incentives to provide it. But what’s the real dynamic of a frivolous lawsuit? A person who simply cannot afford insurance because their employer doesn’t provide any assistance, on the brink of bankruptcy, overwhelmed with medical bills, gets accosted by a less-than-ethical lawyer who convinces this victim of fate to sue.

But sometimes, the only guilty party is fate, the luck of the draw. And the only way to mitigate the risks of chance is to insure people. Institute universal healthcare. Equalize the luck of the draw for everyone. Costs of insurance will go down with the bulk. Frivolous lawsuits will be less frequent.

Our society currently makes it hard to get insurance, hard to force insurance companies to pay the money they owe, hard to recover from medical bills using last-resort bankruptcy, and super easy to get sued or sue other individuals. And the Bush administration’s solution? Make lawsuits more difficult. Sounds about par for the course. Let the millions of middle-class Americans play Russian Roulette.

A few weeks ago, the director of the French National Library complained that Google had snubbed Europe by not including French books in the latest Google Print effort to digitize physical library books. I mentioned how I find this attitude frustrating.

And now, Agence France Press (AFP) has sued Google for copyright violation because Google News displays thumbnails of AFP photos. Why? Google only distributes small excerpts of articles and photo thumbnails. Anyone wanting to read the news must click through to the actual article. I cannot imagine how AFP is losing on this. A number of people who would otherwise never read an AFP article might become aware of them through Google News, which does a fantastic job of displaying as many sources as possible. Most companies pay Google good money for the right to have Google link to them.

Certainly, AFP is not the French National Library, but the problem seems the same: Google brings attention. AFP, for some reason, doesn’t want it. As a result, Google is now removing all AFP content from its news site. I wonder if someone will now complain that Google is snubbing French news.

The bankruptcy bill recently passed by Congressional Republicans is despicable on numerous counts. You can read more about it to find out exactly how terrible it is. The short version is that it’s now harder (if not impossible) for individuals to file for bankruptcy protection, no matter what the cause (medical expenses or shopping sprees), and easier for credit card companies to charge loan-shark-level interest rates without disclosing their exact practices to customers until they’re deep in the hole.

There is one particularly pernicious aspect of the bill, however, which has gotten too little attention, in my opinion. Democrats proposed an amendment that would have provided bankruptcy relief to victims of identity theft. Republicans struck down this amendment. Think about this one carefully: according to this idea, going on a shopping spree and having your identity stolen are equivalent in terms of personal liability.

This insanity is incredibly significant in the grand scheme of corporate liability and financial information security. Identity theft in all of its forms is a growing problem. The rise of phishing attacks and spyware promises to make this crisis far more painful than most people imagine. The way we have addressed these types of issues, historically, is by spreading the risk via insurance or by motivating the service providers to secure the infrastructure. There’s a $50 maximum personal liability on credit cards today in case of theft. That’s why the credit card companies like American Express deploy complicated Artificial Intelligence mechanisms to detect fraud early and shut it down. Because if they don’t, it’s their loss. And that makes sense, because the financial institutions are the only ones with the means to deploy security, so they should be the ones incentivized.

So what happens if we start holding individuals responsible for being victims of identity theft? We end up with financial institutions that have far less motivation to deploy security solutions to these growing problems. After all, it’s not like it’s their dime. If we continue with this type of legislation, we should stop hoping for new security solutions from the financial industry.

The unlucky ones will pay the price for a society which increasingly refuses to mitigate its citizens’ risk.

By now you’ve probably heard about Harvard, MIT, and Carnegie Mellon business schools rejecting MBA applicants who “hacked” into the admissions web site to see their acceptance status early. The problem is, what they did amounts to little more than curious exploration, not hacking: they just twiddled a URL on a horribly insecure web site.

A few members of the Crypto Group here at MIT wrote to MIT Sloan to explain how qualifying this as hacking is dangerous and erroneous. After all, if an admissions staff member mistakenly posted the results in a public hallway, students would hardly be held responsible. The web is no different.

I don’t usually link to other articles without comment. But this time, Kos hits the nail on the head. This rings very true to me.