http://jerans-den.blogspot.com/2008/08/gas-prices.html

Gas is down to $3.79 at the Valero I normally fuel up at. That's a 60 cent drop, nearly 15%, over the last 6 weeks.

http://silverglass-tech.blogspot.com/2008/08/dmca-copyright-owners-must-consider.html

Copyright owners must consider fair use before filing a DMCA takedown notice. The full decision is here. The basic upshot of this is that copyright owners are required to consider whether a use of their material would reasonably be considered fair use under copyright law. The DMCA requires that the copyright owner have a good-faith belief that the use is infringing before they can file a takedown notice, and if the use falls under fair use and a reasonable person would have concluded this beforehand then the "good-faith belief" test fails. That, BTW, leaves the copyright liable for damages and penalties if the target of the notice wants to push it. The downside, of course, is that showing bad faith is a difficult thing to do in court, but still it's nice to have the principle upheld.

The judge says he's not sanguine about the defendant's chances of proving bad faith on the part of the plaintiff. I'm not so sure, at least if the judge is unbiased about it. The infringement in question is a song playing in the background of a baby video posted to YouTube. The Supreme Court has set forth 4 factors to consider in determining fair use: the nature of the use (commercial vs. non-commercial), the nature of the infringed work, the amount and substantiality of the portion used and the effect of the infringement on the potential market for the work. It's going to be very hard for a record label to argue that people are going to put up with watching someone's baby video repeatedly just to save the cost of buying the song. They're also going to have a hard time arguing commercial use, YouTube may put ads on the page but the uploader doesn't get any money from them and has no control over them and the entity that does get the money (YouTube) isn't the one the plaintiff's making a claim against. Even the nature of the copyrighted work works against the label. The work is a song, and it's merely incidental background noise in a video whose point is to showcase the uploader's baby. The only factor that works anywhere near in the plaintiff's favor is the amount of the song audible, and that's countered by the fact that the song's purely incidental background. As I said, it's not likely anyone's going to look at this video mainly for the music, any more than anyone watches a football game mainly to see the advertisements pasted around the stadium. Given all that, if the defendant's got a good lawyer I think they can make a very strong case that plaintiffs couldn't reasonably have believed the use wouldn't meet the qualifications for fair use. And proceeding when you know or should know otherwise is the very definition of bad faith.

Why when I'm viewing my friends list, and I select previous posts, I can't seem to go back more than one page before nothing else appears?

Ie, go to main page: insanejournal.com
Click on "My Friends"
Click on "Previous 25" ( URL changes to: http://agtiger.insanejournal.com/friends?skip=25 )

And now the only link I get where I should see both a Previous 25 and Next 25 is just... Next 25.

If I change the URL to: http://agtiger.insanejournal.com/friends?skip=50
I see no entries.

Huh?!

This is not making searching my friends journals for old posts they posted within the last 6 weeks (when I can't remember exactly WHO posted the interesting article) any easier.

*grumble*

http://silverglass-tech.blogspot.com/2008/08/google-session-vulnerability.html

At DefCon there was a presentation on a way to hijack a Google Mail session. Google's implemented a new option to counter it, the option to always use SSL. Now, important point: the attack is not the one that sniffs your session cookie if you're using an unencrypted link. That attack can be prevented merely by using SSL all the time. This attack will work even if you use SSL for everything. It works by inserting code on a non-GMail page that'll cause a request to the non-SSL GMail pages, and the browser will send the session cookie in that unencrypted request without you being aware of it. When you use Google's fix, setting your account to always use HTTPS, Google does more than just force you to an "https:" URL. It also wipes your existing session cookie and creates a new one with a flag on it to tell the browser to only send this cookie in secure (HTTPS) requests. This prevents the cookie from being sent in the clear ever.

http://jerans-den.blogspot.com/2008/08/doctors-and-discrimination.html

CA Supreme Court rules that doctors can't discriminate based on sexual orientation.

The key point in this decision is that the doctors had no moral or ethical objections to performing the procedure in question. In fact they performed it routinely. They simply objected to those particular patients having it. Some advocates are painting this as an infringement of a doctor's right to their own moral code. Bullshit. Under this decision, if a doctor finds artificial insemination or abortion or any procedure morally objectionable, they can refuse to perform the procedure. And they can reject certain patients based on legitimate medical grounds, eg. that that procedure would be medically harmful for that patient. What they can't do is flip-flop on moral grounds, deciding that a procedure's moral for one patient and not for another. Which to me seems reasonable. If a doctor found the procedure itself objectionable, why would they perform it for anybody? And if they don't find it objectionable, where's the problem?

Complicating matters for the doctor in this case is the fact that the doctor signed an agreement with the HMO to provide this procedure to all covered patients. The patients the doctor refused were covered by that HMO. So the doctors not only have a civil-rights problem, they've got a breach-of-contract problem.

Its funny. I have been on Tribe.net for years, seen the dead that comes in Aug/Sept for Burning Man and never batted an eye about it. My friends will be back and, once they gather themselves back to default world, they will be there and we can share laughs again.

Funny how after only one year of going to BM has changed me from that attitude to the feeling that I am missing out bigtime. I can say that I kind of prefer the more laid back approach and I guess the journey that BM is about has changed that.

I know it is for the best. My new job is closer to what I wanted to do than any other job I had. Heck, it even reimburses me for gas which is a luxury job trait here in California.

I know it is for the best. 2007 was a real hum-dinger and recovery is what Im doing in 2008, amidst further changes. Financially drained and mentally unprepared would be a bad combo out on the Playa

I know it is for the best. 2008 was full of change. The recovery was a bit of an uphill struggle due to more things trying to get me off course. So far, the casualties of 2008 have involved 2 friendships. One was a no-brainer, for this woman proved quite the instigator of my personal affairs. As of this morning, it is really becoming apparent that maybe I *should* blog some of that stuff, even if it is private or friends only.

I know it is for the best. My body has gone through some sort of second puberty and sized me out of a lot of tops I have had since high school and late middle school years. Lots of my "playa" stuff has fallen into disrepair over the last year or so and only recently do I have a job to repair or replace.

BM2009 seems to be my goal and I can safely say that I have a head start on it. Ill be saving up for my ticket come December checks.

http://jerans-den.blogspot.com/2008/08/soe-fan-faire_17.html

Had a good time. Didn't get to meet Danya (she was there but I never crossed paths with her), did get to meet most of the rest of the people I was looking to meet. Was going to meet Tora and Jeremy for lunch or dinner, but Tora had a mess of a day and by the time we got in contact I was in the middle of the attendees-only dinner and presentations. By the time I was out of that it was 11pm and we had to head back home. Life's annoying like that.

Got a good look at DC Universe Online, the new superhero MMO Sony's doing. Looks good. The game itself looks a lot like CoH/CoV, but with more flexibility and fewer pointless restrictions. You don't have tightly-defined archetypes, for instance. Leveling up doesn't involve gaining new powers or replacing old abilities with newer ones. You get your powers, travel ability and such right off at the beginning, and as you level up your powers get more powerful and you refine your control over them letting you do more with them. So, for instance, if you made a Cyclops clone, at the beginning your eye-beams could only hit one target at a time. By the time you hit 20, they do more damage when they hit, your aim's better and you're starting to be able to for instance split the beam to hit more than one target at a time. But you don't have to shell out money (in whatever form) to get those improvements, they happen as your character gets more experienced. What you can do is use rewards you've gotten from defeating villains to buy additional equipment and boosts that you can equip, for instance extra armor for your costume (making you tougher) or a new visor to boost the power of your eye-beams even more by focusing them. And you can change those out, so while you may not have enough room to equip both the armor and the new visor at the same time you can swap between them at will depending on what's needed at the moment. And no, you can't play the major DC heroes like Superman and Batman. That's not because of any arbitrary trademark rule, but because those characters are already in the game. You interact with them, generally at first and then more and more personally as your character levels up and builds their reputation, until eventually you're no longer the new kid on the block but the established hero they call on when they need help. The evil side works similarly, and there's varying degrees of PvP so heroes can always fight villains. The exact rules are going to vary by server and area within the game, so you won't be forced to deal with constant PvP if you don't want to but the possibility's always going to be there if you do want to.

http://jerans-den.blogspot.com/2008/08/soe-fan-faire_14.html

Date set. I'll be up in Vegas Saturday for a day of Fan Faire. Mostly it'll be to meet people who'll be there.

Note to self: at least one bottle of Arrogant Bastard for Brasse.

August 13, 2008: Measuring the "Colbert Bump"

Democratic politicians receive a 40% increase in contributions in the 30 days after appearing on the comedy cable show The Colbert Report. In contrast, their Republican counterparts essentially gain nothing.

In other news, water is wet, the sun is bright, and you can breathe air.

*facepalm* Of COURSE the Democratic candidates benefit and the party members who see their favorite candidates on the show are reminded to donate. Colbert's subject matter is aimed at capturing a Democrat demographic, and most definitely NOT a Republican one.

I'm sure you'd see the same positive effect for Republican candidates (and non-effect for Democrat candidates) for showing up on The Dennis Miller Show or The Rush Limbaugh Show.

Definitely a Ric Romero/Captain Obvious story...

Yeah, you heard that right, 3. Another Direct-to-DVD special. Another spectacularly big flop. (No surprise there...) But I wanted to see what they'd done to advance the story. Not a hell of a lot.

New weaponry: A battlemech that 7 squad members can each suit up in (each member gets their own battle suit), and a planet busting bomb.

Mindless religion starts to play a part, really sappy songs so syrupy you just want to wear hearing protection...

Ugh.

That which has been seen cannot be unseen.

http://jerans-den.blogspot.com/2008/08/soe-fan-faire.html

Well, I can't make the full 3 days of Fan Faire, the hotel room and such are just too big a drain. But I'm going to try to make one day, either Friday or Saturday. Drive up in the morning, back that night. It's only 250 miles each way, draining but doable and I'll have at least one day to recover before going back to work. Just have to find out if memberships are still available at this short a notice.

http://silverglass-tech.blogspot.com/2008/08/law-life-silicon-valley-major-victory.html

Law & Life: Silicon Valley: Major Victory for Open Source in Jacobsen Decision

http://silverglass-tech.blogspot.com/2008/08/artistic-license-is-copyright-license.html

In the Jacobsen v. Katzer case, the trial court had ruled that the Artistic License (the open-source license under which the software involved was distributed) was a contract, not a copyright license. The Appeals Court for the Federal Circuit has overturned that ruling. The case is convoluted, because it originates not out of a copyright dispute but out of a patent issue. The copyright aspect came up out of the patent portion of the case. But it's good news nonetheless for open-source software. One of the standard arguments by open-source detractors is that the GPL and similar licenses are just contracts, subject to the vagaries of contract law, and violations of them have to be pursued as contract breaches. Now it's possible to hold up this ruling and say to them "The US Appeals Court disagrees with you.". Among other things this affects are the ability to recover costs. In a standard breach-of-contract suit the plaintiff, even if they win, is expected to bear their own costs except in unusual circumstances. In copyright-infringement actions, though, the law grants the prevailing party a much greater right to recover their costs and legal fees. This makes it easier for open-source authors to find lawyers willing to help them with copyright enforcement.

http://jerans-den.blogspot.com/2008/08/georgia-ossetia-russia.html

Maybe I'm being cynical, but three suspicions:

• Russia is really funding and supporting the separatists specifically to cause problems for Georgia.
• It's about the oil, or specifically the oil pipelines. Georgia sits squarely on the main pipeline route to the Black Sea, and Russia would rather be the ones in that position.
• Russia will say anything that the rest of the world wants to hear about peaceful resolution and cease-fires, but the tanks won't stop rolling until the pipelines are solidly under Russian control.
  

Did NBC Alter the Olympics' Opening Ceremony?
Beijing Olympics Faked Fireworks Footprints
Beijing Olympics: Faking scandal over girl who 'sang' in opening ceremony


It's just show-business.

Soldiers pay bag fee on travel to war
VFW seeks airline waiver, not reimbursement form

- Soldiers have to pay American Airlines extra baggage fees when heading to the Iraq war zone.
- The soldiers can apply for the fees back.
- American Airlines has a right to charge extra baggage fees. (They also have the right to watch their business tank further as more and more former flying commuters elect to drive longer distances.)

I can see the soldiers not wanting to go through the hassle. If the military wants to fly its soldiers on commercial airlines, why are they not picking up the tab and paying the airlines directly to minimize hassle on the soldiers?

Perhaps the Air Force could take over the transportation job, and American Airlines can go back to flying civilians around.... or am I missing something obvious here?

Caught wind that one of the politicians (doesn't matter who, let's focus on the statement) said something about just making sure we all inflate our tires to the right pressure, and this would offset the need for Offshore drilling.

[ Read that again, just to let the obvious mismatch of scale hit you fully. ]

Not only is that a ridiculously naive statement on the face, but any conservation is only a stop-gap tactic until you can build enough energy to meet growing demand.

A phrase I'm known to say in response to Ontario Power Generation and Hydro One's constant requests for everyone to conserve more power: You can't conserve your way into new levels of production.

Given that, anything short of building more nuclear power plants, expanding drilling and refining for oil, natural gas, and propane, building more modern clean-exhaust coal fired plants, expanding into more wind and solar, and investigating new sources of energy is just plain negligent. It can take years to make some of these things start producing. If you even think you'll need them someday, start planning and building in earnest, now. You will need them down the road, so it's an utterly safe bet.

Diversification is good, and pushing the envelope in all types of energy is worthwhile until you prove that something is technologically viable. If it's not economically viable, back-burner it, but don't do away with it.

But inflating our tires to the right pressure will take away the need to drill offshore... No.

Too bad you've lost how many customers by now who will NEVER go back to your awful software?

Security That Won't Slow Down Your PC [ Tiger says: Unfortunately, such software isn't available yet from Symantec, they just want it to be. ]
Symantec is scrambling to get the bloat out of Norton software—and stop the slide in market share

In 2006, Rowan Trollope, a top executive at Symantec (SYMC), declared war on his own engineers. The company's Norton computer-security software was getting so overloaded with features that his best friends told him they turn off the software rather than deal with the problems it causes. "I realized then we were pigs, taking up way too many PC resources," says Trollope, senior vice-president for consumer products.

...

He's betting two innovations will help him hit the goal. One is a technology, dubbed Mr. Clean, that makes virus scans more efficient. Instead of checking every photo and document on your computer, Mr. Clean will skip over any files associated with an application it judges to be "good." Bash, the other technology, uses a similar approach. Instead of checking each application against more than 500,000 viruses, it will zip through scans by looking only for "virus-like" behavior. Together, the two could cut scan times by more than 90%.

It took your friends to tell you this? What, you didn't hear the screams of thousands upon thousands of customers complaining to your support department? Dude, in my gaming clan people complain that they're playing the game and it suddenly crawls. Why? Symantec anti-virus software has decided it's time to update, or time to scan the system. It isn't just the bloat of features in your software, even its simplest functions suck, and don't play nice with the system. THIS IS YOUR MAIN PROBLEM.

Forget it guys, you've lost a lot of us as customers and you are NEVER getting us back. Your new "Mr. Clean" and "Bash" methods of scanning just sound like ways to miss things that need to be caught.

You'd be better off at cpu processor sharing, and only requesting maximum resources when NOTHING else user-based is running on the system and the user isn't interacting with it, otherwise work in the background asking for only a mere portion of resources such as cpu/bus bandwidth/access to the storage devices. Ever hear of the unix/linux NICE command? NICE+10 your background processes which bulk-scan the system (as opposed to scan interactive stuff that happens on the fly.) Scan silently and in a way the user will never normally notice you're doing it, and they will love you. However, if you fail to identify actual malware or infections or attempts to infect, and your customers will hate you even worse. Mis-identify non-threats as threats and they'll learn to distrust and ignore you.

Just play nice with the system as it stands and work in the BACKGROUND.

Feh, I have no time for Norton/Symantec since Peter Norton left the company over a decade ago. Years and years of crapware.

Idiots.

http://silverglass-tech.blogspot.com/2008/08/credit-card-system.html

You know, we need a change to the way credit-card purchases are handled. Card-present transactions, ones where you're physically there with the card to swipe, are OK. But when the card's not present, we need a change. Currently the system works by the merchant pulling money from your account. We need to change it so the card-holder pushes the payment to the merchant. That would eliminate the whole need for the merchant to store credit-card information, and eliminate a bunch of fraud in the process.

How would it work? Well, for a one-shot payment (your standard on-line purchase), check-out would proceed as normal except that when you told it you'd pay by credit card it wouldn't prompt for the card number. When you got to the confirmation page, it'd give you a merchant identity code and a transaction number. You'd then go to your credit-card issuer's Web site, log in and use those two numbers to generate a payment to the merchant. You'd of course verify that the merchant's identity code gave you the expected merchant name. You'd make the payment for exactly the amount the merchant gave as the total, and your card issuer would charge your card and transmit the payment to the merchant. The merchant could match the transaction number they got along with the payment with their order records, and ship your order only once they'd received your payment. The merchant's account would be solely for receiving money, nothing could be pulled out of it, so it'd be impossible to steal from the merchant. Nobody who knew your card number and other information could run a transaction, regardless of how much they knew, unless they also had the password for your account at the issuer and could log in as you to generate the payment. It'd be impossible for merchants to make unexpected charges to your card. And if the merchant claimed you hadn't sent the payment, you'd have your bank/issuer's record of the merchant accepting the payment as proof you had. This could all piggy-back on the bill-payment systems a lot of banks already have in place.

For recurring payments, it'd work two ways. For payments where the amount's known, the merchant could give you a customer identifier to use as the transaction number. Then you could simply set up an automatic recurring payment for that amount with your bank. For payments where the amount wasn't known beforehand (eg. utility bills), a back-channel could be provided where you give the merchant your card number or other bank-provided customer identifier and the merchant can send a payment request to your bank using that identifier and providing the payment amount and a transaction number. That'd go into a payment-request list you could view, and you could generate payments to the merchant directly from that list. These payment requests could even be used for non-recurring charges too, with a checkbox in the payment-information step to indicate whether you wanted the merchant to generate a payment request or not and a way to give the merchant your customer identifier. For full auto-pilot operation, the bank might let you flag requests from certain merchants for auto-approval, preferrably with a limit on the payment amount (eg. if your electric bill was normally $45-55 you might put a limit of $75 on auto-approved payments, with anything above that requiring manual approval) and timeframe (eg. auto-approve the utility bills for the next 2 months while you're possibly on vacation). Of course auto-approval removes a lot of the protection from fraudulent and unauthorized charges.

For people without Web access, it still works. They obviously won't be buying on-line, not when they can't get to Web sites at all, so the impact's mainly to mail-order and telephone purchases. Payment authorization can be added to ATMs easily enough. It can probably be added to telephone banking systems, although it's easier with voice-recognition systems than with ones that depend on the touch-tone keypad to enter information. And of course it could be done by a teller at a bank branch. In the worse case, a simple interface to turn auto-approval on for payment requests from merchants you needed to pay would turn the system back into the traditional pull-payment system.

http://silverglass-tech.blogspot.com/2008/08/california-ip-and-non-compete-law.html

As a follow-up to the last post about non-competes, I thought I'd repost links to the relevant California codes on intellectual-property and non-compete agreements:

• California Labor Code 2870-2872 on intellectual-property agreements
• California Business and Professions Code 16600-16607 on non-compete agreements

Anyone in the tech field in California should be familiar with these, because tech companies routinely put terms in their employment agreements that exceed what these laws allow. I made sure, when I signed my intellectual-property agreement, to add a notation referencing the limitations in 2870-2872 and making my acceptance limited to only what was allowed by those sections of the law.