I am probably in the minority, but when I buy something I think of it as mine. I paid for it so I own it.
I buy a lot of stuff I am not totally happy with, but that’s the problem with being a tinkerer. Usually I think I can improve on what I purchased, or customize my purchase to my liking. This could be as simple as adding sugar to my coffee, or having a pair of pants altered, or changing the carburetor on that rusty Camaro in my backyard. More recently it’s changing game save files or backing out ‘fixes’ that break software. It’s not the way the manufacturer designed it or implemented it, but it’s the way I want it. One man’s bug is another man’s feature. But as the stuff I bought is mine – I paid for it, after all – I am free to fix or screw things up as I see fit.
Somewhere along the line, the concept of ownership was altered. We buy stuff then treat it as if it’s not ours. I am not entirely sure when this concept went mainstream, but I am willing to bet it started with software vendors – you know, the ones who write those End User License Agreements that nobody reads because that would be a waste of time and delay installing the software they just bought.
I guess this is why I am so bothered by stories like Sony suing some kid – George Holtz – for altering a PlayStation 3. Technically they are not pissed off at him for altering the function of his PlayStation – they are pissed that he taught others how to modify their consoles so they can run whatever software they want. The unstated assumption is that anyone who would do such a thing is a scoundrel and criminals, out to pirate software and destroy hard-working companies (And all their employees! Personally!). These PlayStations were purchased – personal property if you will – and their owners should be able to do as they see fit with their possessions. Don’t like Sony’s OS and want to run Linux? Those customers bought the PS3s (and Sony promised support, then reneged) so they should be able to run what they want without interference. It’s not that George is trying to resell the PlayStation code, or copy the PlayStation and sell a derived work. He’s not reselling Halo or an Avatar Blu-ray; he’s altering his own stuff to suit his needs, and then sharing. This is not an issue of content or intellectual property, but of personal property. Sony should be able to void his warranty, but coming after him legally is totally off-the-charts insane IMO.
Now I know Sony has better lobbyists than either George or myself, so it’s much more likely that laws – such as the Digital Millennium Copyright Act (DCMA) – reflect their interests rather than ours. I just can’t abide by the notion that someone sells me a product and then demands I use it only as they see fit. Especially when they want to prohibit my enjoyment because there is a possibility someone could run pirated software. If you take my money, I am going to add hard drives or memory of software as I like. If companies like Sony don’t like that, they should not sell the products. Cases like this call the legitimacy of the DCMA into question.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich in Macworld on private browsing.
- Protect your privacy: online shopping. Mike’s first Macworld article.
- Rich quoted in the New York Times on RSA.
- A great response to Rich’s Table Stakes article. John Strand does a good job of presenting his own spin.
- Index link to Mike & Rich’s Macworld series on privacy.
- Adrian’s Dark Reading article on McAfee acquisition.
- Rich quoted on RSA breach.
- Adrian’s Dark Reading post on DB Security in the cloud.
Favorite Securosis Posts
- Rich: Agile and Hammers – They Don’t Fix Stupid. I still don’t fully get how people glom on to something arbitrary and turn it into a religion.
- Mike Rothman: Agile and Hammers: They Don’t Fix Stupid. Rare that Adrian wields his snark hammer. Makes a number of great points about people – not process – FAIL.
- Gunnar Peterson: The CIO Role and Security.
- Adrian Lane: Crisis Communications.
Other Securosis Posts
- FAM: Additional Features.
- McAfee Acquires Sentrigo.
- Incite 3/23/2011: SEO Unicorns.
- RSA Releases (Almost) More Information.
- FAM: Core Features and Administration, Part 1.
- Death, Taxes, and M&A.
- How Enterprises Can Respond to the RSA/SecurID Breach.
- Network Security in the Age of Any Computing: Index of Posts.
Favorite Outside Posts
- Rich: Why Stuxnet Isn’t APT. Mike Cloppert is one of the few people out there talking about APT who actually knows what he’s talking about. Maybe some of those vendor marketing departments should read his stuff.
- Mike Rothman: The MF Manifesto for Programming, MF. Back to basics, MFs. And that is one MFing charming pig.
- Adrian Lane: A brief introduction to web “certificates”. While I wanted to pick the MF Manifesto as it made me laugh out loud, Robert Graham’s post on cryptography and succinct explanation of the Comodo hack was too good to pass up.
Project Quant Posts
- NSO Quant: Index of Posts.
- NSO Quant: Health Metrics–Device Health.
- NSO Quant: Manage Metrics–Monitor Issues/Tune IDS/IPS.
- NSO Quant: Manage Metrics–Deploy and Audit/Validate.
Research Reports and Presentations
- The Securosis 2010 Data Security Survey.
- Monitoring up the Stack: Adding Value to SIEM.
- Network Security Operations Quant Metrics Model.
- Network Security Operations Quant Report.
- Understanding and Selecting a DLP Solution.
- White Paper: Understanding and Selecting an Enterprise Firewall.
- Understanding and Selecting a Tokenization Solution.
- Security + Agile = FAIL Presentation.
Top News and Posts
- Dozens of exploits released for popular SCADA programs.
- Twitter, Javascript Defeat NYT’s $40m Paywall.
- Apple patches unused Pwn2Own bug, 55 others in Mac OS.
- Spam Down 40 Pecent in Rustock’s Absence.
- The Challenge of Starting an Application Security Program.
- Hackers make off with TripAdvisor’s membership list.
- Talk of Facebook Traffic Being Detoured.
- Firefox 4 Content Security Policy feature. Firefox 4 is out, in case you hadn’t noticed. And it includes Content Security so site admins can define valid domains for their content.
- Firefox Blocking Fraudulent Certificates.
- US-Cert warns of SQL holes in Scada control systems.
- Google, Skype, Yahoo Targeted by Rogue Comodo SSL Certificates.
- RSA Breached: SecureID Affected.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Marisa F, in response to Incite 3/23/2011: SEO Unicorns.
Especially great Incite this week!
We should start the Securosis Blog Drinking Game* 😀
Take a drink every time someone mentions: Unicorns Drama Certs suck Twitter Quadrants “business enabler” Rage (x2 drinks if Rich swears)
Jager shot every time Adrian has to lay the Agile smack down
Shotgun beer every time Mike forgets to give props to his “boss”
Every time Mike puts up a “Firestarter”, everyone must buy him drinks
Kentucky Bourbon every time Rich calls out marketing buffoonery
Irish Car Bombs every time it looks like you guys have started a new book
*Please blog responsibly
Reader interactions
One Reply to “Friday Summary: March 25, 2011”
Whatever DLP tool and process Episilon used did not work. I got letters from Kroger, Target, Hilton and Best Buy. Please don’t tell me these companies were not inspecting their vendor for the highest levels of consumer protection.