Forging The Future

Before You Lies A Riverscape That Features The Sun Relfecting Off The Hudson River Thrugh Cirrus Clouds As Seen In Ossining, New York.

News and Views from The Institute for End User Computing!

Archive for July, 2009

Windows Vista Activation Woes – In Defense of Dongles

Saturday, July 11th, 2009

Consumer Nightmare: Quite inexplicably, a legally purchased copy of Windows Vista which used to activate and run flawlessly under both Bootcamp and VMware Fusion on a MacBook Pro decides that some combination of software bug patches and device driver upgrades has transformed its host hardware into a different computer on which its Vista license code may no longer be used since it was already in use on a different machine — never mind that it is still running off the same disk partition on the same physical computer.

We should all be quite sympathetic to Microsoft’s concerns about software theft, but it is unconscionable to employ an authentication system that causes legitimate End Users so much anguish.

Particularly irksome is the Vista Help System’s Activation FAQ which omits the all too common question of:

“What do I do if a previously activated copy of Vista has deactivated itself and online activation fails with an erroneous report that one’s license code is already in use on a different machine and can’t be reused?”

Over the Summer Microsoft Research in Cambridge presented some extremely impressive demos of the Windows 7 user interface, but if their new OS employs a similar activation scheme to that used in Vista, one would have to very seriously think twice before investing in the upgrade.

That means that it is in both Microsoft’s and its End Users’ best interest to find a more workable alternative. One that protects Microsoft’s IP Rights but recognizes the reality that today’s End Users frequently upgrade their hardware and move legacy operating systems into Virtualized environments possibly under other host operating systems.

This strongly suggests that Microsoft shouldn’t try to tie Windows licenses to particular hardware configurations.

The next Windows should instead be licensed for the use of a single copy at a time by a single individual on any current or future hardware or emulation software he or she may currently or subsequently own. If one needs to run multiple copies on different machines at the same time, that would call for multiple licenses.

This model corresponds to the real world notion of using a physical Key and its computing equivalent, the Dongle!

A dongle is a small plug that goes into a communications port on a computer like a USB jump drive that contains custom hardware to authenticate a user.

Granted that some early dongles were usability nightmares (e.g. they lacked the now common pass-through port allowing other devices to be connected through them). But much has been improved over the years and this technology has much to recommend it.

Indeed, today, a dongle could be designed as a cryptographic co-processor to improve user security, handle licensing management for 3rd party software, and automatically store and retrieve passwords to access secure web sites.

Such functionality would be seen as a major feature that would drive up system sales, particularly if any given copy of the OS would accept any licensed dongle.

Then if one had 3 family members, each could purchase a license dongle, which would unlock his or her personal file space and identity, or perhaps even temporarily and securely access a cloud-based home folder from a total stranger’s PC.

One could even imagine the development of families of dongles, where one could purchase one or two master dongles and several subordinate ones allowing parents to access their children’s accounts.

If the dongles also incorporated a fair amount of nonvolatile memory, additional OS version and 3rd party licenses could be burnt into them to avoid having a proliferation of dongles chained together. In effect, each user would have one master keychain to pop into a USB port in lieu of a traditional easily guessed password login.

Of course, a conventionally encrypted copy of such licensing and configuration data, protected with a really long and truly random password, could be stored by the system provider on a remote server which would also facilitate sharing protected files with friends, transferring licenses between individuals, and invalidating any stolen dongles’ encryption codes.

This would entail sharing keys or deleting license keys and passwords from one dongle while adding them to another as part of a single secure transaction as well as changing the password used to encrypt any online authentication credentials. This would also permit the True Owner of local content to use the online backup of a lost dongle’s codes to access his or her encrypted files long enough to re-encrypt them with a replacement dongle.

In effect, such an approach would limit any data loss/exposure or unauthorized software access to local content/credentials stored on devices that fell into the wrong hands along with one of the matching dongles with which such data was encrypted.

To eliminate this final risk, some dongles or devices could readily be augmented with fingerprint readers or some other form of biometric authentication control to offer industrial grade security at a premium price point.

Such scenarios would offer countless benefits for platform vendors and their loyal customers including new revenue streams from dongle sales & cloud based security services for the vendors and improved security & ease of use for their customers.

Of course in a world of new hardware devices of every imaginable form factor, with OS X and Linux steadily on the move, Windows 7 in final development, and Google’s own OS just around the corner it is just a matter of time before such innovations reach End Users!

Posted in Consumer Advocacy, Technology | 1 Comment »

Happy 4th of July — Personal Computing is Freedom!

Friday, July 3rd, 2009

On the 4th of July, we celebrate The Founding of the United States of America.

For all peoples of the world, this holiday represents the potential for individual freedom to triumph in the eternal struggle between Liberty and Tyranny.

The Founders were very much the Hackers (in the constructive sense) of their day, using the best technology of their age to spread the radical idea that ordered liberty and the civil society could empower every individual to reach their full human potential. They knew that as human beings, those serving in office aren’t perfect, and that on the broader scale, to achieve the consensus necessary to launch the new republic short term political compromises would have to be made.

But they never lost sight of the ideals espoused in The Declaration of Independence. This is why they crafted our system of checks and balances between the branches of government. It is why they established Constitutional mechanisms by which the deeper defects of our founding documents could be cured and why countless American’s laid down their lives to end Slavery and establish racial equality.

Such epic statecraft is very much like programming and those entrusted with governmental authority could learn much from the lessons of good software engineering principles — since code, be it legal or computer, shares many of the same qualities and ought to be approached with a similar mindset.

Sadly, it is hard to convey the sense of exhilaration and personal mastery that one can derive from the act of programming. There is no greater sense of freedom than realizing that aside from a very few fundamental limits on what is “computable” by any machine, you have the power to make a computer do nearly anything you can dream of and thanks to cheap hardware, Open Courseware, Free Software, and the global community of professionals and hobbyists eager to help you, anyone anywhere on the planet can teach themselves how and by so doing amass the skills and knowledge needed to elevate their lot in the *real* world.

Tyrants everywhere quake at this potential of Personal Computing and Ubiquitous Communications to educate and rouse their citizenry to enlightenment. This is why it is so threatening to authoritarian power which would filter The Net and censor The Press.

Our Declaration of Independence and Constitution along with our technological innovations in Personal Computing that have made so many other advances possible are our gifts to the world which we most joyously share with you on this 4th of July.

Posted in The Executive Director's Personal Log | No Comments »

These notes from the field hold our latest thoughts and research pointers. Those of lasting value will be merged into our main website as time permits.

Recent Posts
Categories
July 2009

M T W T F S S

« Jun Aug »

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31
Archives
Blogroll
Meta

July 2009
M	T	W	T	F	S	S
« Jun		Aug »
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Legal Notices — Revised June 1st, 2010

We apologize for having to plaster this legal boilerplate across the bottom of every one of our pages, but you really should read it through at least once since it concerns your legal rights if you are considering donating to us or citing our work. It may be updated from time to time so look for blog entries tagged with "Legal Notice" for timely updates on when things change and be sure to consult our Current Legal Notices for a comprehensive listing of everything you should know.

A number of State and Federal regulations require various legal disclaimers and at present there is no settled law permitting us to rely on a link to dedicated page of legal notices to discharge this burden.

Our major legal filings can be found in The IEUC Archives.

Since we have to go this far, we are also including some useful related information that isn't explicitly required by law, just to keep everything law related in one place. In any case, this footer is the same on every page so you don't need to scroll down to it again.

Privacy & Security

We are currently developing formal privacy & document retention/destruction policies. Until they have been officially adopted and indicate otherwise, assume that any contacts online or offline with The IEUC are matters of public record that might be shared, disclosed, or used in any manner for any purpose. This notice is effective with this release of our website and supersedes any prior statements regarding privacy with respect to any contacts with the Institute from June 1st, 2010 onward, until such time as a newer version of this policy supersedes it with respect to subsequent contacts from that point onward.

We hold no Personally Identifying Information in digital form on any residents of Massachusetts.

Third Parties hosting our website and email infrastructure, contracting with such provider(s), or (in the case of Google) providing us with website analytics, may have digital and/or physical access to records related to your visit or email to us over which we have no control and which must accordingly be excluded from any privacy guarantees we may directly offer.

In any case, we will release any material that we are compelled to disclose by force of law and we reserve the right to comply with any information requests made by government or law enforcement authorities.

201 CMR 17.00: M.G.L. c. 93H Exempt

The Institute for End User Computing, Inc., is not subject to Massachusetts's Data Privacy Law 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH because it does not own or license personal information about any residents of the Commonwealth of Massachusetts as defined in the statute. Any such information coming into our possession will be destroyed as quickly as practicable, so if you are a resident of Massachusetts we ask that you do not disclose any Personal Information to us.

FEDERAL TRADE COMMISSION —16 CFR Part 255 Disclosures

The following disclaimer is required under the FTC's Guidelines Concerning the Use of Endorsements and Testimonials in Advertising via Section 5 of the FTC Act (15 U.S.C. 45):

§ 255.0 Purpose and definitions. Our site may contain "badges" and/or links to some of the software used in its development. We are not "endorsing" them for use by any other individual or organization.

§ 255.1 General considerations. All comments with respect to products/services mentioned on our pages represent the honest opinions, findings, beliefs, or experience of each page's respective author and are factually truthful to the best of his or her knowledge and have not be solicited with any financial renumeration.

255.2 Consumer endorsements. The vast majority of items mentioned here, particularly our many literature references, are items we have individually purchased for collection in our personal libraries making us actual consumers of the technical literature (the same applies to the software items mentioned although, most of them are free open source projects). Any polls or surveys on our site are totally unscientific unless presented as being otherwise. No claims have been validated by any objective measure.

§ 255.3 Expert Endorsements. The Institute is composed of many volunteers with extremely high levels of individual technological expertise, however, our volunteers are generally not typical End Users so their experiences with and reactions to any technologies mentioned here will not necessarily bear any resemblance to those of a typical consumer or purchaser. Thus no pointers to items characterized as being useful to them or of general utility should be taken as expert endorsements for your use of them.

§ 255.4 Endorsements by organizations. Likewise, as an organization we have not undertaken to formally pool the expertise of our officers, directors, staff, and volunteers to ground any pointers to external work in a scientific vetting process. Accordingly you are on notice that anything mentioned in these pages is not being endorsed for purchase by our organization and that it is instead being pointed out by the author of the page(s) on which it is mentioned for informational purposes only.

§ 255.5 Disclosure of material connections. All Officers and Directors of The IEUC are required to disclose any direct conflicts of interest with those of The IEUC, however we have not undertaken a complete forensic accounting audit of all of all of their investments, nor of those of all volunteers contributing to our website, making it impossible for use to determine whether they might indirectly benefit from positions taken by the organization or from any attendent publicity generated by mention of any product, program, publication, standard, project, group, or individual mentioned in on our website. You should accordingly assume that anything mentioned or linked to from our pages may have been received for free in the mail, at a trade show, or as part of a beta testing program and that the page author may be a friend or colleague of the item's author/developer or a spouse/significant other thereof. Eastgate System's Tinderbox by Mark Bernstein was one of the programs used in generating our site. Mark was one of our Found Directors and now serves on our Volunteer Advisory Board. Our webmaster is a Beta Tester for Tinderbox and purchases an annual update license with his own funds. We also make use a number of free Google services. Any conferences or events discussed herein may been trade shows, lab tours, or academic/industry "open house" events with free food, t-shirts, or other minor swag intended to garner corporate publicity or have been attended with directly or indirectly vendor-sponsored free "Expo Only" passes, complimentary passes, or discounted "academic" rates (which are often sponsored by an academic unit and its corporate patrons). Some books cited may have been review copies or trade show give aways by their authors, publishers, or unrelated vendors or free books given to us by friends or as discarded items & book sale leftovers by public libraries.

Final Thoughts. The above should be painfully obvious common sense, but 16 CFR Part 255 is so broadly written and vaguely defined that we couldn't risk anything short of our best legalese to protect ourselves. Always remember that it is incumbent on the reader to investigate any potential purchases or service usages on his or her own and to asume that items mentioned may have come into the possession of potential reviewers here free of charge or have been brought to our attention in attempt to garner testimonials (which in most cases they are fully worthy of on their substantive merits since we wouldn't waste the space and risk our credibility by telling you about them if they weren't any good).

Green Advertising Disclaimer

Our web hosting provider has been promoting its efforts to power its server farms with renewable energy. Since we have no ability to independently validate these claims, we explicitly disclaim any endorsement of its Green advertising campaign. This is not to suggest that we have any cause to doubt the validity of those efforts, merely to insure that we can not be held liable under Federal or State Law in the unlikely event that those claims might not stand up to objective scientific scrutiny.

Section 508 Exempt

Section 508 is a regulatory framework aimed at mandating how web site authors should address accessibility concerns in the production of web sites funded directly or indirectly by the US Government.

No direct or indirect federal, state, or local government funds were used in support of the development of this page, nor was its development undertaken as a project for any such entity.

Therefore, this page is not subject to Section 508 or any related rule making.

The Institute Online

Forging The Future 7/30/10 — 11:06 UTC

Archive for July, 2009

Windows Vista Activation Woes – In Defense of Dongles

Happy 4th of July — Personal Computing is Freedom!

Our Weblog :

Recent Posts

Categories

Archives

Blogroll

Meta

Legal Notices — Revised June 1st, 2010

Privacy & Security

201 CMR 17.00: M.G.L. c. 93H Exempt

FEDERAL TRADE COMMISSION —16 CFR Part 255 Disclosures

Green Advertising Disclaimer

Section 508 Exempt

Advice for Disabled Visitors

Federal Tax Status

State Law Charitable Solicitation Registration Disclosure Statements

Exemptions :

Withdrawals :

Other States :

Nondiscrimination Policy

License Terms — Conditions Under Which You May Copy This Page

Trademarks

Web Standards Compliance