On this blog and in my USA Today column from last week, I wrote about how Sony was selling CDs infected with a nasty program that installs all sorts of software on your PC — software that opens up a variety of security holes. (Read the column for the full story.)

Now it turns out there’s more. The Sony software I wrote about is called XCP. But it turns out that other Sony CDs install a different piece of software called MediaMax.

And get this: Even if you decline the end-user license agreement, it still installs itself. And if you insert another Sony CD, it activates itself, even if you don’t play the disk and decline the agreement. The software sends information about you, your computer, and the disks you put into your CD drive to SunnComm, the company that makes it.

MediaMax phones home whenever you play a protected CD, automatically installs over 12 MB of software before even displaying an End User License Agreement, and fails to include an uninstaller.

This is without your consent. And, had the good folks at Freedom to Tinker not discovered it, without your knowledge.

You can read the full story here.

It seems Sony feels that if you dare to insert a Sony CD that you purchased into your computer, it can do whatever it wants to your machine.

Here’s my advice: Don’t buy anything from Sony. You simply don’t know what you’re getting. It’s possible that Sony computers have hidden software that sends information back to the company. It’s possible that Sony CDs (music or otherwise) install other software that hasn’t been discovered yet. So why take chances?

(Via Superfrankenstein.)

There’s a terrific interview with my favorite author, Terry Pratchett, over at Science Fiction Weekly.

I’m fascinated with steam engines, and the telegraph, and intricate mechanisms. I think technology was at its very best just before the electronic age, because what you could use electricity for was just turning motors. By the time telephony replaced telegraphy, they had found ways of getting 12 messages simultaneously along one telegraph wire. Real, genuine, Jules Verne ingenuity had been applied to a world of cogwheels and vibrating reeds.

And, for me, anyway, this falls into the category of “Boy, I can relate to that”:

I’ve got a kind of tourist’s mentality. I take an interest in things. I learn a lot about them, but I’m never going to get that hooked. So I was into short-wave radio. I built myself a receiver and listened in, and that was fun, and then moved onto something else.

I have an interesting story in The Roanoke Times about Andrew Knight — stop me if you’ve heard this — a guy who has filed a patent for a plot. Read it here.

From MSNBC.com:

Intelligent design taught … as mythology

University of Kansas course explores flip side of science controversy

LAWRENCE, Kan. - Creationism and intelligent design are going to be studied at the University of Kansas, but not in the way advocated by opponents of the theory of evolution.

A course being offered next semester by the university religious studies department is titled “Special Topics in Religion: Intelligent Design, Creationism and other Religious Mythologies.”

“The KU faculty has had enough,” said Paul Mirecki, department chairman. “Creationism is mythology. Intelligent design is mythology. It’s not science. They try to make it sound like science. It clearly is not.”

Link

My wife discovered the following while peeling sweet potatoes (or were they yams?) for Thanksgiving dinner:

(Click for larger.)

I don’t know if this goes anywhere, but I’ll toss it out.

I was thinking about Internet advertising — banner ads, text ads (like those on this site), flash animations, pop-ups — and I realize that I tune them out. They usually aren’t annoying; they’re simply part of the landscape that I ignore or scroll past.

Like a lot of people, I have a popup blocker; in my case it comes with Firefox, but you can certainly get the Google toolbar for Internet Explorer. All to avoid ads.

What’s interesting to me is that I wouldn’t think of clicking on a Web site’s ads except to do it as a show of support for the site. (Many of them make their money based on click-throughs.) And I realized, in part, why that is.

You need a lot of money to advertise on a major television network or in a larger newspaper. That means, for the most part, the products are self-selecting; they’re made by large companies and are probably pretty decent.

That’s because there is a limited number of major networks, and even smaller ones, and there’s a limited number of newspapers. Space there is at a premium.

Not so the Net. So many sites, so many ads at so many prices. Futher, when television first got started, the barrier to entry was even higher. With the Net, many of the first advertisers were junk — and many are still here today, making the flashing ads promising “You’re a winner!”

So with television, we grew up respecting, in a sense, the advertisers we saw on the tube. That’s why so many silly products tout “As Seen on TV!!!” There’s still a certain cachet, a distinction, to being seen there. With the Net it was the opposite. While there are plenty of excellent companies with excellent ads, my gut still tells me that clicking on a banner will only lead to junk.

That isn’t to say this will continue. Others came later to the Net than I did, and thus don’t have the same instinctive reaction of “No way will I click on that!” But the virtually unlimited size of the Web will always, I think, mean a lower barrier to entry and thus a lower average product advertised there.

Amazon is not only doing what the title says — offering its customers a full refund, even on open CDs infected with the Sony rootkit — but it’s sending those customers e-mail to that effect.

Contrast Sony which, when news of what it had done spread, made a rootkit uninstaller available, but didn’t tell anyone about it. The press had to dig through the Sony site to find it and spread the word.

Last month, the Government Accountability Office quietly released a finding — a detailed report (the GAO being a government body and thus incapable of brevity) saying there were in fact problems with the voting in Ohio in 2004.

Having friends there who told me first-hand about the problems — Democratic districts not having enough machines, for starters — this wasn’t news. What is news is now an official government report says so.

The full report is available from the GAO Web site. I’ll post more after I do some reading.

Additions to my column on the Sony rootkit fiasco are in the USA Today section.

Oh, so much to say. I’ll get around to adding more as I can, but first of all I should point you to a couple of great “round-up” sites with information about the Sony copy-protection debacle:

BoingBoing, which has the distinction of being the most popular blog on the Net, has two round-ups. The first one is here, and the second one is here.

What’s great about BoingBoing is that is provides links to everyone quoted, so you can get back to the source for the nitty-gritty details.

The question that tops my list: Do Sony computers have this rootkit technology built in?

Sony originally claimed only 20 disks were infected. This was a lie, and the bloggers called the company on it. Bloggers found at least 47; now Sony has released a list of 52 infected titles.

So let’s see… Sony hid the nasty rootkit without in the installation of its music player, denyed its existence, claimed it wasn’t a security issue, released a “patch” that added nastiness and created a worse security whole, claimed only 20 titles were infected….

Anyone else see a pattern here?

More:

Microsoft’s anti-spyware tool, Windows Defender, now removes the Sony rootkit.

Symantec already had a removal tool available.

Update: Thanks to Deon Robinson for pointing out that Sony’s virus, er… DRM, also affects the Mac:

The user then is prompted by the program for a user name and password. After that information is provided, the program seemingly quits. However, it actually installs two kernel extensions, PhoenixNub1.kext and PhoenixNub12.kext, in the OS X system files.

Take a guess: In the third quarter of 2005 — that’s three months — how many complaints about indecency do you think the FCC received?

The answer: five. 1-2-3-4-5.

Oh, plus an additional 23,542 from the Parents Television Council, a right-wing Christian group. Translation: Americans aren’t offended by what’s on TV, only the PTC is.

If you’re planning to kill your wife and dump her body in the river, it’s probably best not to Google terms like “neck,” and “snap.”

From a WRAL story about the trial of one Robert Petrick:

DURHAM, N.C. — Robert Petrick searched for the words “neck,” “snap,” “break” and “hold” on an Internet search engine before his wife died, according to prosecutors Wednesday.

And…

Last week, a forensic investigator discovered that Petrick allegedly researched lake levels, water currents, boat ramps and access about Falls Lake just four days before he reported Sutphen missing on Jan. 22, 2003.

One quick thing: I mentioned a program called eePire in the column without saying where to get it. You can find it on NR4’s site: /www.nr4.com/www/eepire_expired_domain_finder.htm.

It’s not the most intuitive piece of software, but it works. You can select pre-made list of words (it comes with several, including “All two-letter”), or choose “Generate names” in which you give it some letters to work with.

I like the “Full Word List,” which looks for so-called “dictionary domains” — domain names that are also real words, e.g., television.com.

Via Wonkette:

I’m a huge fan of citizen journalism. I think that incorporating what private citizens see and hear into the mainstream news is important for a variety of reasons.

Also for a variety of reasons, photos and videos are the biggest part of that, from the video of the Rodney King beating to images of the London bombings earlier this year.

But there’s a downside: The lack of editors. Not in the sense of “someone to review the copy and clean up the text,’ or even “someone to make sure we’ve hit all the right points.” I’m thinking specifically of photos.

There’s a value to limited space — to having only so many pages or minutes. It means you can’t simply treat reporting as a data dump. You can’t simply throw a lot of information up, unedited, and call it journalism.

Today I saw a perfect example.

There was many a photographer in Jordan after the attacks there yesterday, and plenty of great citizen photojournalism is likely to come out of it.

And, just as with the London bombings, many folks are uploading their photos to Flickr, which is the most popular photo-sharing site around. (Flickr allows you to create a photo “set,” for example, “Jordan bombings,” that anyone can contribute to. That saves visitors the trouble of trying to find dozens of separate collections.)

There’s one of these sets for the Amman peace demonstrations. And here we see the problem — it’s a photo data dump. A sample image:

Quite frankly, it’s a bad photo. It doesn’t show anything useful or even identifyable. It would never make it into a professional magazine or newspaper or Web site. But when you get into “data-dump journalism,” it fits right in.

That’s a problem. The purpose of editors — or, rather, editing — is to clean up the clutter. It’s to help us deal with information overload.

Of course, there’s a good argument that says, “Yes, but then you get bias. Editors are the ones who say, ‘Show the photo of the Florin Army officer holding the gun to the head of the guy from Guilder’ or whatever. They can promote or hide information to make a point. One editor’s terrorist is another’s freedom fighter.

That’s a downside to limited space; you can’t always show the nuance of both sides.

But there danger of pure, open citizen journalism: Clutter. That image above is clutter. There are plenty more like it in the photoset, and they take time away from the good shots. The set needs an editor.

To be great, to truly make a difference, good citizen photo- and video-journalism needs to be a partnership between the folks who are there with the cameras and the folks who can look through their images and videos to best tell a story.

A dedicated editor, like those in the mainstream media, would work. So would a visitor-voting system — it might bring the best images to the top and save all of us the time and effort of wading through the chaff to find the wheat.

But whatever system is in place is going to make a better end product for all of us: One that balances completeness with objectivity, and one that takes advantage of the unlimited space of the Web to tell the most compelling stories.

So Sony’s content-protection system is backfiring in a big way. The company put software on its music CDs that hides itself in your PC (see my original post here).

Now it turns out that the company has opened the door to viruses, not theoretically, but in reality. (PDF here.)

Here come the lawsuits.

It’s all about priorities.

“Higher Percentage of Americans Using Work Internet for Personal Use than Home Internet for Work According to the latest survey of adults”

(from a Simmons Market Research, spring 2005 study)

This is in the comments of my entry about the danger posed to Kansas schoolkids by the state’s “science” curriculum, but I liked it so much I wanted to put it on the main blog.

Joseph Chiaravalloti has a great list of suggestions for the state to incorporate into its new “science” classes. (You might recall that Kansas has redefined science to include supernatural explanations — miracles, witch doctors, voodoo, etc.)

Some ideas Chiaravalloti suggests:

Unbiased comparisons of flat earth and global earth theories. All relevant historical and ecclesiastical authority for the former should be included.

and

Compare Newton’s laws of motion with those of Aristotle using only home-made laboratory equipment. The day to day practical utility of Aristotle’s theory should be emphasized.

He describes this as satire, but what’s disturbing — and bad for students — is that the state’s new standards not only allow for this, but the tone of the school board seems to favor it.