The Google-SOPA-PIPA-DNS-Copyright-Oil-and-Gas Link

What does copyright infringement have to do with scraping oil from the bottom of a barrel and an acronym soup like SOPA, PIPA, DNS and DNSSEC? The answer lies with Google, not the search engine but the company.

More specifically, the answer lies with Google's Executive Chairman, Eric Schmidt, who said the following at the University of Minnesota last week when asked about legislation (SOPA/PIPA) which would--in the name of protection against copyright infirngement--give the U.S. government the power to mess with the Domain Name System (DNS) that forms the backbone of the Internet:
“There are a whole bunch of issues involved with [SOPA] breaking the Internet and the way it works. The correct solution, which we’ve repeatedly said, is to follow the money...Making it more explicitly illegal to make money from that type of content [pirated movies, software, or other counterfeit goods] is what we recommend.”

Mr. Schmidt is entirely correct, and I love the expression "making it more explicitly illegal to make money from..." because it covers a range of actions that governments and law enforcement agencies can take without interfering with the way the Internet works.

For example, the act of distributing pirated movies would be more explicitly illegal if the pirates were identified, arrested, extradited or extracted, imprisoned, tried, convicted, and given 20-year sentences in maximum security facilities without the possibility of parole. The same goes for the makers of malicious software. Let's put a bunch of them in jail with long sentences and see if that reduces the malware problem.

I just don't see a downside to this hardline approach to making something like software piracy or handbag counterfeiting "more explicitly illegal" except that some people will say it costs too much money. Au contraire, if you do this right it will actually make a lot more money than it costs. Consider the numbers put out by supporters* of the Stop Online Piracy Act: "IP theft costs the U.S. economy more than $100 billion annually and results in the loss of thousands of American jobs" (The Austin Statesman).

If you gave me a budget of one percent of that amount ($1 billion), I would most assuredly, and within a period of 12 months, reduce the cost of that theft by at least 15 percent ($15 billion). In other words, backing the effort to crack down on piracy to the tune of $1 billion in fresh money would pay huge dividends, save thousands of U.S. jobs, and actually create jobs (without messing with DNS).

Why am I so sure of this? My answer is not a lot of hot air, but it is a bit oily, as in petroleum production taxes. Thirty years ago I was criss-crossing America auditing the state oil and gas taxes paid by petroleum companies, firms with names like Koch, Hess, Ashland, Texaco, and Hunt. During that time I learned a lot about the ways in which we humans try to cheat each other.

Consider the sludge that forms at the bottom of a crude oil holding tank such as you see next to wells in oil fields where the wells are not connected to a pipeline. Some of that sludge is recoverable oil and, from time to time, someone goes into the tank to suck it out. How much of the sludge is oil? How much gets pumped out? Where is it taken? How much of it gets there? These are all points in the oil production process where numbers and readings and measurements can be fudged, to the advantage of one party and the disadvantage of another.

Not that every case of missing petroleum tax dollars was a case of cheating. Oil companies were sometimes being cheated by employees and contractors. And every time the production output of a well is understated that also cheats the royalty owner, the person who owns the mineral rights to the land from under which the oil and gas is being extracted.

Operating on a shoe string budget my auditing team raked in millions of previously unpaid taxes within the first 12 months of operation. We used no new laws or fancy gimmicks. We just followed the money, which is what Eric Schmidt is saying when it comes to cracking down on copyright infringement. In oil production areas you don't close down the roads in and out of every county where production is apparently going missing. You go to the top of the organization, the people getting the money, and you figure out how they came by it. You examine the paperwork. You audit the heck out of the operation. If the organization is shady, you shed light. If it is in another country then you remind that country of our mutual interests.

We have already seen positive results when private dollars are used to help enforce public laws, as in the Microsoft and Pfizer funded action against the Rustock botnet. (If you're wondering why a drug company got involved, read the story, it really is a big deal.) So why not an anti-infringement posse formed and funded by the likes of Google, eBay Facebook, and Yahoo! The backers of Protect Innovation could really make a lot of friends in high places, and on the High Street, if they were seen to spearhead a new effort to put cyber-criminals behind bars.

* Note: Here are some of the fine companies and trade groups that back SOPA (I respect and admire many of them, I just think they are wrong about SOPA): National Cable and Telecommunications Association, National Association of Manufacturers, Pharmaceutical Research and Manufacturers of America (PhRMA), Business Software Alliance, Screen Actors Guild (SAG), the U.S Chamber of Commerce, Independent Film & Television Alliance (IFTA), National Association of Theatre Owners (NATO), Motion Picture Association of America, Inc. (MPAA), American Federation of Musicians (AFM), American Federation of Television and Radio Artists (AFTRA), Directors Guild of America (DGA), International Alliance of Theatrical Stage Employees, (IATSE), International Brotherhood of Teamsters (IBT), Comcast/NBCUniversal, National Songwriters Association, the United States Conference of Mayors, National Sheriffs' Association, International Brotherhood of Electrical Workers, International Trademark Association.

Security and Privacy Links: Marketing cybersecurity

As some of you know, I hit the ground running when I landed in San Diego at the beginning of September, happy to be back in California, wrestling with my first love, information security.

Okay, so that prose was a trifle purple--not to be confused with a delicious purple trifle--and information security is not, strictly speaking, my first love.

But hopefully you get the point: I was ready to up my game in the fight against digital malfeasance after three fun years focused on the marketing of marketing software to marketers (three highly successful years, I might add, because the marketing software, Monetate, was clearly headed for best of breed from day one and can now be found on major websites from PETCO to QVC).

There were a number of happy congruencies in this latest development. My marketing skills had been honed, my marketing experience broadened, just in time to sell a fresh message of cybersecurity awareness to a deeply digital world. That message goes like this: "The bad guys are badder than ever, better funded, more organized, but there are simple steps we can all take to make cyberspace a lot safer tomorrow than it is today."

For me, this was just the right time to run into ESET, a Slovakian company with a growing presence in North America and a strong commitment to the public good, as evidenced by a pioneering community initiative called Securing Our eCity. I spend part of my time working on this initiative and the rest on research and publication, in all its forms, including blogging, tweeting, and speaking. Here are just a few of my efforts so far:

On TV:



Speaking:



Quoted:



Published:



Bonus Security Video: Malware Delivery Scam:


CyberMonday SmartPhone Shopping Tip: Avoid CA, MA, RI, and maybe others

This is a quick tip for anyone looking to buy a new iPhone or other smartphone this holiday season:

Don't buy in California, Massachusetts, or Rhode Island. 

If you are in one of those states and can cheaply get to another state, or happen to be passing through another state on business or to visit family, you can save $40 or more if you purchase your phone out of state.

Why? The answer is in small print at the Apple store and--possibly in different words--on some mobile provider sites:

In CA, MA, and RI, sales tax is collected on the unbundled price of iPhone. 

In other words, you might be getting a great deal on the phone but these states charge you sales tax as though you did not get a great deal, and that's a bum deal.

Consider that the Apple iPhone 4S series has unbundled prices of $649, $749, and $849 for the 16MB, 32MB, and 64MB models respectively. That means a sales tax of 7.75% on the 16MB 4S you buy from AT&T or Apple for $199 comes in at $50 versus the $15.42 you were probably expecting. That's sticker shock if you have not been through this process before.

RIP: The Golden Age of Unlimited Internet, It's Been Capped

The golden age of unlimited Internet is over, capped usage is now the norm. Alas for uncapped bandwidth, uncapped bandwidth is no more, and this has serious implications for everything from programming to data security and economics.

Soliloquies aside, the pleasure of making a prediction that comes true--I have said for some time that all bandwidth will eventually be capped and metered--is often undermined by the reality of what one predicted. (For example, about every new form of data abuse I have said "Typically, this is going to get worse before it gets better" and I am, sadly too often, correct in that assessment.)

I have written extensively about bandwidth capping in the context of both satellite Internet service and 3G Internet service. I have lived with daily bandwidth caps in the 400 megabyte range, courtesy of HughesNet's premium $80 per month satellite service. I have lived with the AT&T MiFi 3G cap of 5 gigabytes a month or 166 megabytes per day (for $60 per month). Apparently I am now going to live with the 200 gigabytes per month cap of Cox Cable Preferred Internet Service, currently $40 per month. 

Of course, it is clear that 200 gigabytes for $40 is a better deal than 5 for $60 or 12 for $80 (if you multiply the 400 megabytes per day that HughesNet 'gives' you by 30 days you get 12 gigabytes, but in reality you seldom get 12 gigabytes because you keep daily use below that, worried that you will exceed your cap, which costs $10 to reset every time you blow through it with a big download or streaming audio/video).

What is wrong about Cox Cable's cap, and I have to use wrong rather than a softer touch like "questionable" or dubious" or "unfortunate," is that Cox Cable does not disclose its cap before you contract for Cox service. I know this because I just went through the labyrinthine process of getting Cox Cable service in San Diego. While everyone from Cox with whom I have spoken has been very polite, friendly, and helpful, nobody said "That comes with a 200 gigabyte per-month cap and we reserve the right to charge you more money if you go over that."

Nobody. Not the first time I placed my order, nor the second time I placed my order because the first order went astray. In other words, Cox had ample opportunity to mention the cap and the consequences of exceeding it. They did not. Given the otherwise articulate and engaging nature of the service personnel that Cox puts on the line, I tend to assume they are trained not to say anything about the cap. 

So, the cap is here. It is not disclosed. And next I fear, it will be reduced. Once we are all hooked on whatever bandwidth consuming activity floats our boat, be it streaming video, audio, online gaming, hi-def photography, video calls, or something as yet not deployed, the bandwidth providers will start clamping down, shrinking the cap and raising the rates. So here are some potential implications:
  1. Using the Internet will cost more in the future, not less. We will pay per gig, not per month.
  2. Deployment of any security services that use bandwidth will meet resistance or get turned off if people are paying per gig.
  3. The rich will get more Internet than the poor (and of course the poor will get poor and the rich will get richer, a golden rule pretty much everywhere, from the USSR to the US of A).
  4. Programs that use bloated code or content will be penalized by bad reviews.
  5. Apps that are coded efficiently and elegantly will prevail.
I recently had the honor of speaking to a group of computer science students at the Jacobs School of engineering at UCSD. One topic we got into was the need to keep code lean. I mentioned to them a very interesting article that was mentioned to me by my good friend (and computer scientist extraordinaire) David Brussin and written by someone in Australia who also has to deal with bandwidth limitations, Troy Hunt.

The amount of 'bloat' that Troy found in iOS apps will surprise many, but it really wasn't a surprise to me. Why? Because my wife and I have used an iPad on a capped--and thus closely monitored--satellite Internet connection for over a year. We know how far the needle jumps when you add an iPad to your wireless Internet device mix. I fear the time will come when we pay dearly for that, by the megabyte.

p.s. Just noticed this report: Sprint is slowly but surely killing unlimited data

Regulator unveils plan for universal broadband - Science & Technology News

Federal Communications Commission Chairman Julius Genachowski proposed a strategy for revamping that government subsidy program to help deploy high-speed Internet service to millions of Americans living in rural and costly-to-serve areas.

Regulator unveils plan for universal broadband - Science & Technology News

So San Diego: Dog bowls and sunsets

So what happened to September? Not a single September post on the Stephen Cobb Blog? That's right, I was busy settling into my new job here in San Diego at ESET North America. I'm part of the research team and, as it  says on my business cards, my job title is Security Evangelist. But I did blog in September, seven times on the ESET Threat Blog.


Working a blog with multiple contributors is one of the many things I'm loving about this new position. Another nice thing about the job is San Diego itself. I'm sure that San Diego has "issues" that I will encounter (and blog about, right here). No city is perfect, but sometimes a city can feel like a perfect match. For someone who loves to travel--like me--San Diego is both a great place to come home to, and a great place to travel from. I can look out the window and see cars, trains, boats, and planes. Okay, so sometimes these are noisy cars, trains, boats, and planes; but like all modes of transportation, they create this great sense of possibility, of going places.


San Diego Dog Bowls at Baja Betty'sAnd sunsets. San Diego has amazing sunsets. Friends and relatives are already getting tired of me emailing them my San diego sunset pictures, so I decided to illustrate this post with something else that is very San Diego: water bowls for your dog. Such bowls are a common site outside San Diego stores and restaurants (many of the latter welcome dogs in the outside eating areas, of which there are many). This particular eatery caught my eye because they had thoughtfully provided bowls in a range of sizes to suit different dogs.


So, in San Diego you can walk your dog to the local restaurant, enjoy great food in the open air, plus canine companionship and, let's face it, watch a great sunset nearly every day.


San Diego Sunset

Quick Tip: How to Change the IE8 Default Search Provider from Bing to Google or Other

This tip is for the relatively small number of people who are running Microsoft Internet Explorer 8 and cannot seem to change the default search provider, that's the one found in the Search box at the top right of the program window. By default this is Bing but I prefer Google.

I recently ran into a problem trying to change this on a system I was using. The process for making the change that was described in the Help for IE8 did not work, but after some digging I found something that did work for me. It is actually a service provided by Microsoft. Basically, you go to the following web page and follow the instructions labeled "Create Your Own" on the right (this can be used to add just about any search engine as your default):

http://www.microsoft.com/windows/ie/searchguide/en-en/default.mspx


You may need to close IE8 and then reload it for the change to take effect. Of course, you might ask why I didn't just upgrade from IE8 to IE9, but this was not my computer, just a computer I was using. However, I would agree there are some good reasons to upgrade to IE9, as described by my brother, Mike Cobb, in this article: Is Internet Explorer 9 security better than alternative browsers?

Cobb on the Trail-er: Hauling butt and taking names

Here's one name to start with, an eating place by called O'Charley's, specifically, the one just off Interstate 40 at 110 Coley Davis Court in Nashville. A great place to stop for a real meal and friendly service should you be passing through the Nashville area. I met up with friends there and had a very relaxing and enjoyable lunch. I was surprised to learn later that O'Charley's is chain, with locations in the Eastern half of the U.S. I would definitely look for one if I was driving in that region again.

Speaking of chains, I was very pleasantly surprised by U-Haul, from whom I rented the trailer for this trip (as trailer towing road warriors know, chains are used as a backup to the trailer hitch). So here's my review of U-Haul customer service.

At first I was not happy with the trailer. There seemed to be some shimmying when I picked it up, but I put that down to lack of LOAD weight. There was also a lack of any obvious way to lock the trailer to the hitch on my Jeep, so I used a pair of padlocks on the safety chains.

Unfortunately, the more miles I drove with the trailer fully loaded, the worse the shimmying became. How bad was it? People were flagging me down, honking horns, following me into rest areas. Apparently it looked a lot worse when you were following me than it did when I was looking in my sideview mirror. So, to all of those Knights of the Road who expressed concern, I say: Thank You!

While such concern from my fellow man was quite uplifting, a major breakdown seemed more and more like a major possibility, which would put a major crimp in my timed-to-the-hour travel plans. So I pushed on but cut my speed, taking heart in the diagnostic opinion of a farmer who checked out the trailer after following me into a rest area. He thought it was the rim and not the axle, because the hub was not hot. By the end of that day I was in Forrest City, Arkansas, staying at a surprisingly comfortable Hampton Inn just a block from a delightful Mexican restaurant.   

After a robust repast of Chile Rellenos at Done Jose, I began to consider my trailer options. My biggest concern should have been breaking down but it was the thought of unpacking and repacking that really bothered me, should the trailer need to be replaced. That and the time involved, which involved, in my mind, a ton of paperwork and sitting around, even if I did manage to find a U-Haul dealer. In the morning caution won out and, bracing for the inevitable hassles, I called the 800 number on my U-Haul contract from the hotel parking lot.

And wow! U-Haul was great! I felt the agent really understood what I was going through. Not only that, they had an authorized garage right there in town, White Motor Company, just a few blocks away. I hauled the trailer over to White Motor and some very cheerful chaps changed out the wheel in a matter of minutes.

I was on my way with no more than 30 minutes of time lost and zero cost or hassle. Shortly after I hit the Interstate the U-Haul agent called to confirm that everything was okay. I am definitely getting a U-Haul next time I need to shift stuff across the country!

Update: The fix worked fine. Made the 3,000 mile trip right on schedule, pulling into San Diego on August 31, with time to unload the trailer and return before heading to the DoubleTree for the night. 

Leaked AT&T Letter Demolishes Case For T-Mobile Merger

Interesting stuff when you compare it to what the AT&T ad campaigns say about the benefits of the deal for rural America.



"Data in the letter undermines AT&T's primary justification for the massive deal, while highlighting how AT&T is willing to pay a huge premium simply to reduce competition and keep T-Mobile out of Sprint's hands."



"AT&T, who has fewer customers and more spectrum than Verizon (or any other company for that matter), has all the resources and spectrum they need for uniform LTE coverage without this deal."



From: Leaked AT&T Letter Demolishes Case For T-Mobile Merger - Lawyer Accidentally Decimates AT&T's #1 Talking Point, as reported on DSLReports.com

Even Stephen Asks: What's in a name?

Saint Stephen (as depicted by Giacomo Cavedone)
Starting in September, 2011, I will be working for ESET, which has it's North American headquarters in San Diego. But I'm sure I won't be the only Stephen Cobb in San Diego. 

So, when my soon-to-be-employer asked how I wanted my name to appear on my business cards I took a moment to think about it. My equivocation brought to mind a recent blog post by my friend and fellow serial entrepreneur, Lucinda Bromwyn Duncalfe

Some people might know Lucinda as Lucinda Holt or Lucinda Duncalfe-Holt but in this blog post she explains why she recently decided to be Lucinda Bromwyn Duncalfe (which I think has a nice ring to it). 

I can relate to name changing, not because I'm a married woman and have wrestled with male surname adoption, but because I'm a guy who changed his name for a while, not legally, but in practice. That's right, for nearly 20 years I liked to be called Steve, even though it clearly says Stephen on my birth certificate (FYI, I was not christened or baptized "Stephen" because I've never been subjected to those rituals, but that's another story).

In packing for the move to San Diego I came across my well-worn copy of William Blake's Songs of Innocence and Experience which I received when I won the King Henry VIII School prize for English in 1970. Inside was a label that I put in all the books that I took with me to university, first Leeds in England, then McMaster in Canada. The label said: Property of Steve T. Cobb.

I blame Steve McQueen and then my school friend Steve Richardson, my college roommate Steve Donnelly, plus Steve Martin and several other Steves who seemed cooler than Stephens. It was only in the 1980s, when I first moved to California, that I decided to go back to the original Stephen. And that's how my name got recorded as an author at the Library of Congress when I started writing books about computing. Since then I have noticed a proliferation of Stephen Cobbs which frankly surprises me. I grew up in a city of more than 250,000 people and my family were the only Cobbs. Until I was 11 years old there were no other Stephens in the schools I attended.

Another surprise in recent years has been the number of people who see my name written down as Stephen and pronounce it Steffen. This often happens when I check into a hotel. I say "I have a reservation, last name Cobb" and the receptionist says something like "Yes, for one night, Steffen Cobb." I started correcting people by pointing out "My name is Stephen, like in the Bible" assuming people would know the story of Stephen, the first Christian martyr, as described in the New Testament (Acts 6-7).

That strategy really didn't gain much traction and I decided that comparing myself to a saintly martyr seemed a bit presumptuous. So I developed what I thought would be a more amusing way for people to get it right, by referring to what I thought was a well-known Christmas carol: Good King Wenceslas. The opening verse of this carol, which was sung religiously, pun intended, every year in church and school when I was growing up in England, goes as follows:
Good King Wenceslas looked out,
On the feast of Stephen,
When the snow lay round about,
Deep and crisp and even.
I would then point out that if you pronounce Stephen as Steffen, then change "even" so that it rhymes with Steffen, then the outcome of this verse is quite different, and not very religious (the snow being deep and crisp and effin'). Sadly, this got just as many blank faces as the more direct reference to the martyr. I found myself explaining that the day after Christmas is the feast of Saint Stephen, also known as Boxing Day in England, and that King Wenceslas who was actually a Duke, would himself go on to be a saint, revered in both Bohemia, of which he was Duke, and England, which is where I, Stephen, learned to sing the words you see below. Altogether now, let's hear it G G G A G G D...