CB Services

Modern digital cameras can take very high quality photos. This is great if you want to print them, use them for publication in a magazine, or something along those lines.

What it isn’t great for, though, is emailing these photos to someone. The sheer file size usually is too big for the restrictions on a typical email account, especially if you have to send more than one. Even if this isn’t the case, the resolution of most cameras far outstrips the resolution of even the best computer monitors, making viewing them kind of like studying a barn door through a pinhole, unless some sort of scaling is used. But when you do scale, you lose the resolution that the camera is capable of anyway, so you might as well send the smaller image to begin with.
Resizing a single photo is an easy enough job with a free program like Irfanview, available at http://www.irfanview.com/. But what if you’ve got several photos, and you need to do it several times a month or more?

That’s where a program like Visualizer Photo Resize (http://www.freeimagebrowser.com/resize/) comes in. It’s free for personal use, and very easy to use. It only resizes JPEG files, but that’s the file format that most modern digital cameras seem to use, so it shouldn’t be a problem.
In this tutorial, we’re going to use the sample pictures that come with Microsoft Windows XP. By default, these are located in C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures

If you haven’t yet downloaded and installed Visualizer Photo Resize, do that now.

Double-click the icon on the desktop for the program, seen to the right of the Sample Pictures window in the above image.

If this is the first time you’ve started the program, you’ll see a splash screen. You can easily disable this on future starts by checking the box in the bottom left corner.

When the program starts, you’ll see a window that looks something like this:

On the right are the options, which you configure for the files you want to resize.

Click the folder icon to the right of the Read JPG images from path: box, and it will bring up your folder selection dialog.

To use the Microsoft sample pictures, we’re going to select the folder C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures then click OK.

The default location for the resized images is in a folder called resized. This is found within the folder that the original images were from. So in this case, our resized images will be in C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\resized
A Max Pixel Width of 640 and Max Pixel Height of 480 respectively is a pretty good standard size to email, so make sure these two values are set to this for now. As you get used to the program, you can play with these values as needed.

Now, click the Resize button at the bottom right corner of the window, and the process will start. All files in the selected folder ending with the .jpg extension will be resized. If you also use the .jpeg extension, which some photo software does, make sure the Read JPEG extension checkbox is checked before clicking Resize.

When the process is complete, you can easily access your resized photos by clicking the folder icon to the right of the Save to subfolder text area. This will pop up an explorer window to the resized folder.

As you can see, the folder on the right is the resized folder, and the one on the left is the original. In this case, we’ve changed an 800 x 600 27.8 Kilobyte image to a 640 x 480 20.0 Kilobyte image. This isn’t really much of a difference, but we’re only dealing with sample images, here. A 3.2 MegaPixel digital camera puts out images at 2048 x 1536 resolution, which can easily reach filesizes of a MegaByte or more. Obviously, resizing images from such a camera will have a much larger effect than the sample images used here.

I’ve come to the conclusion that computer service, and especially security, is something that you cannot learn how to do. You have to already know it. It’s not knowledge. It’s a whole way of thinking. If you don’t have it, you’re never going to get it from a book.

How have I come to this conclusion? Well, it’s fairly simple, really.

Among the techy goodies on my Christmas wish-list this past year was The Art of Intrusion, by Kevin Mitnick. One of my relatives took pity on me and bought it for me, and I’ve done a fair amount of reading since, both this book, and various others.
Computer security has always been fascinating to me. Not in the sense of intending to break into other computer systems, but in that it’s an intellectual challenge, not unlike a good game of chess. You’re either the one breaking in, or the one trying to stop others from breaking in. Either way, it’s trying to stay one step ahead of your opponent, to outthink, outwit, and outplan their strategy.

Well, reading this book has got my brain percolating over various security concepts, even moreso than usual. I started doing some more research online into various problems that could exist with typical home users and their Windows-based systems. Well, what I found shocked me. I’ve always known that the majority of computer systems were pitiful in their insecurity, but even I didn’t expect things to be this bad.

I used no special tools, nothing I’d written myself, nothing fancy at all. Nothing except a standard Windows XP Pro computer, and a tiny, free program available to any Internet user.

Using these two tools I managed to find, in a matter of a half hour or so, enough information to go about several serious cases of identity theft, if I were so inclined. People commonly think you can use Google to find anything you need to know, and for the most part you can, as long as you know what you’re looking for. No, I didn’t use Google at all for this. This was solely information that was being given up by home computers, and occasionally a couple of business systems. To get this information, I didn’t have to break into anything. I didn’t bypass any passwords, or use any unpatched security flaws to get into any of these systems. This was all information that was shared using standard Windows networking, with no passwords involved. Simply put, it wasn’t a bug in the software. It was a problem with the way the system was configured.
I found one home computer giving up hundreds of megabytes of documents, photos, letters, resumes, school projects, and more. Enough that I could find out the person’s name, address, education level, work history, children’s names and approximate ages, and more. I also (and this is the only thing I went to an external source for, rather than the computer in question, although I’m sure I could have found it if I had looked hard enough) could look up their phone number on canada411.com, using some of this information. Had I spent more than the roughly 5 minutes I spent on this machine and looked further, I’m sure I could have found more information regarding credit cards or banking, or possibly a Social Insurance Number. At this point, I would have easily been able to go on a Christmas shopping spree for all the things I asked for but didn’t get.

Well, I didn’t do that. Instead, I called them, asked for them by name, and proceeded to tell them all that I had found out from their computer. The parents weren’t home, but I talked to the teenage son who answered the phone. The fact that I knew his sister’s name and age, along with some information about him shocked him. He also confirmed when I asked that they had a home network, but it wasn’t working anymore, and they hadn’t been able to fix it. I gave him the information he needed to close this huge leak, which he promptly did, as I could no longer connect to this computer 30 seconds after I hung up.

I found another computer, again offering up megabytes worth of information: budgets, account information for household utilities, including account numbers, and dozens of businesses that they were customers of. This included hydro, cable, telephone, car insurance, and pretty much everything else you could think of that involves a monthly payment. A couple of phone calls to some of these businesses, and I could easily have retrieved enough information to pretend to be this person.

That’s not the worst part about this computer, though. Not only was it giving up this information to anybody who wanted it, but it was also giving me permission to change it. If I had looked and found, for example, a half-finished business letter to their boss, explaining the benefits of a new gizmo they were considering at work, I could have added insults about the top management, ratted out coworkers for stealing company property, and tendered their resignation for them. If they didn’t proofread the whole thing before they sent it, they’d never notice, and probably get fired, along with a few other people from their workplace.

I think by far the scariest thing I found, though, was a financial services company that had their entire hard drive open for my perusal. I had access to customer lists and private financial information, quotes, names and addresses, business correspondence, and several other financial services firms that this company had some type of relationship with. The only things preventing me from making off with all of it on some million dollar heist was my conscience, and the fact that it was a french company operating out of eastern Canada. I don’t speak french. I can understand it enough to know that there was oodles of information available on this computer, but without babelfish.altavista.com translating it all for me, I couldn’t make enough sense of it for any serious information theft.

So, you might be thinking that these are home users who may be completely computer illiterate, so how does my intial statement of security not being something you can learn tie in to this. These aren’t the only computers I found. Just the most obviously dangerous ones. Here’s more:

One with the MSN Messenger chat history available, showed a chat of how someone was going to pay the owner of the computer $120 to modify their XBox to play backup and pirated games. This person obviously knew enough to be able todo hardware modifications to an XBox, but couldn’t secure their own computer. They were saying they would get the chip from somebody else, though, so it was essentially a dropin solution designed by someone else, that they were simply “plugging into the socket” so to speak.

Other systems with various security cracking tools, with a large portion of their hard drive shared with no password. Who needs cracking tools in a case like this?

A system belonging to a computer consultant, who’s resume claimed that at their last position they’d “Put in place the infrastructure for a 400% increase in growth for a home business, featuring a web-centric business model in which clients receive registration, confirmation, payment information via the Internet.” How can someone do this securely, when they can’t even keep their own system remotely secure?

I also found one that, according to a resume on the computer, was owned by a programmer for Bell Canada. This machine was set up to be a webserver for a blog site, using the exact same blog software I’m currently running, WordPress. Large portions of his hard drive were shared, again, allowing me to change files on his computer. I editted one of the source files for WordPress, adding a comment that would be ignored by the webserver, so it wouldn’t show up in the viewed page. I intended to send him an email saying “Check this file…” Before I got around to doing that though, he found my comments, removed them, and disabled write access to his hard drive.

Quick, and commendable, you might think.

What he hadn’t done, however, was disable access for me to be able to read his hard drive. In one of the source configuration files for the WordPress software was a username and password to access the MySQL database server the WordPress software uses to keep track of articles, comments, etc. This database password was the same as the administration password for WordPress. That means I would be able to write articles under his account. It’s also the password he uses for his GMail account, and another couple of accounts that he has at various online services.

Not so quick, or commendable, after all. And this is a computer programmer. If his computer is in this state, what on earth chance does the average user have?

The last one I’m going to mention was, again, someone who should have known better. Again, large sections of the hard drive were writable from the Internet, again, with no password. Again, I found a resume on the computer, stating that the owner was a computer technician. According to that same resume, he was also an MCP. That stands for Microsoft Certified Professional.

So, a Microsoft certified computer technician can’t keep a Microsoft Windows-based computer even remotely secure. I can’t decide what that says the most about: Microsoft’s certification procedures, Microsoft Windows, or this particular person.

The problem that most people have with computers and security, is that a computer can appear to be functioning perfectly, but still be wide open for abuse. Unless you can actually think like the people in China or Russia (not racist…just that’s where the majority of breakin attempts on my servers seem to come from) that would want to break into your computer, you’re never going to know if it’s safe or not.

And unfortunately, most people, including most computer technicians, just aren’t cut out for that kind of thinking.

I had a laptop to repair from a fairly regular customer the other day. This was a customer who’d recently sold his business and gone to Florida for a few months to begin his retirement. While there, he signed up with a local broadband company for his Internet access.

He’s running Ad-Aware, on my recommendation, and while he was there, he noticed that it would no longer complete a scan, or do any definition updates. When he got back from Florida, he brought the machine in for me to have a look at, as he was a little concerned, and rightly so.

Well, starting a scan with Ad-Aware showed a few items that it had discovered, but it froze partway through, after it started scanning files. One of the items it discovered was a program that was running. I’ve seen plenty of cases where some spyware will actively try to prevent anti-spyware applications from running properly. Viruses do the same thing, killing anti-virus software, so this isn’t really anything new.

I started another scan, and stopped it partway through before it got to the point where it froze. The scan results showed the running spyare program was an Internet Explorer toolbar. I did a little bit of digging around on the system, and it turns out this toolbar was installed with the software that his ISP in Florida provided.

Yes, you read that right. His Internet provider was installing spyware as part of their software package.

Can we trust anybody nowadays? We pay someone to give us access to the Internet, and the first thing they do is stick spyware on our machine? Although, considering 90% of computers have some type of spyware on them, and the Internet is full of it, I suppose they could argue that they were just providing the full Internet experience.

At what point do we say enough is enough? When do we say that this corporatist view of profit above all is crap, and we won’t stand for it anymore?

His system is clean again, now, and he’s going to avoid that ISP like the plague if he ever goes back to Florida. But how do they justify doing this to their own customers? The customer pays them money to provide a service, and before the customer has even used it, they’ve already been sold out to advertisers and data collectors.

Disgusting.

Originally published on April 2nd, 2003.

The music industry has been concerned for years over digital music piracy. Someone can take a CD, rip the audio tracks from it, convert them to MP3 format, and post them on a website, peer-to-peer network, ftp site, or any of many other places where they can be downloaded for free by visitors to the site. This bothers the music industry. They are continually saying that CD sales are dropping, and it’s exclusively the fault of online pirate P2P networks, the like of Napster, KaZaA, Gnutella, and others.

The fact that the music industry was one of the big proponents in the push to digital media in the first place doesn’t make me sorry one bit, but that’s not the point. The point is, the music industry is claiming that people are copying music, and this is directly, and, if we are to believe various music industry executives, almost solely responsible for the decline in CD sales as of late.

On the surface, this seems logical. People copy music, so they no longer have to buy CD’s. However, there are many factors which the music industry has failed to take into account.

Recession

The first, and most obvious of these is the fact that we’re in a recession. The whole economy is slower than it was 5 years ago, so why shouldn’t the music industry take a hit with the rest of us?

Technology spending is down. Does this mean people are making copies of computers, so they don’t have to buy new ones? Of course not. It simply means people are buying fewer computers.

Help wanted ads are down in the newspaper. Does that mean companies are copying workers they already have, so they don’t need to hire new people? Again, who ever heard of something so silly?

Why then, in a slow economy, does the music industry assume that the only cause of slower CD sales is online piracy? Just as a new home computer is a luxury in a slow economy, so is that new CD box set that you want. If you don’t have enough money coming in, the last thing you’re going to do is go out to the music store and buy a CD for $23.99.

For some reason, though, the music industry can’t quite grasp the basics of economics. Whether they think their product is so good that there’s simply no way anyone could possibly do without it, or their fat bonuses for signing the next copycat boy band don’t let them see that there is in fact a recession going on, I don’t know. I do know, however, that there doesn’t seem to be much of a connection between the brains of the executives at the Recording Industry Association of America, and the real world.

Fair Use

Now, I’m not about to claim that giving copies of your music to all your friends and lots of people you never met is fair use. Some people seem to think that it is, as long as you’re not charging for it. I don’t see it that way. Playing a CD at a party where some of your friends can listen to it is fair use. Making a compilation of your favourite songs from several of your CD’s to play at the same party is fair use.

Downloading and keeping MP3’s of songs you don’t have originals of, and have no intention of buying, is not fair use. This is copyright violation. RIAA executives seem to think that this is the only use of P2P networks. I would like to suggest another, however, for which I have used both Gnutella and KaZaA myself, plenty of times. I have a quite large record collection, of some 1600 albums. Not CD’s. Vinyl. Records have a tendency to get scratches, which affect the sound of the recording, and sometimes make the record unplayable without damaging your turntable. This is especially so when a lot of these albums have been purchased at yard sales, flea markets, and other such places, where the previous owner was, shall we say, less than meticulous with caring for their records.

Once I have an original vinyl LP, with some of my favourite songs on it, I can download MP3’s of all these songs, and store the LP in some dusty corner of my basement. This is fair use. I may never actually listen to the record itself, but I have an original, which was paid for, therefore I have a right to have a recording of that music in another format. The fact that the MP3 didn’t come from the record is beside the point, as the copyright licence covers the song itself, not the medium it came from.

Try Before You Buy

Many software companies have a philosophy that an expensive piece of software should have a way to try a demo copy, before the customer lays out a large investment in a program that might not even do what they want after they get it. This approach has served these companies well, with many sales coming from people and companies who first tried the demo version of the software, found it to be satisfactory to their needs, and purchased the full version.

This is the most heinous crime imaginable to the music industry. Every time a song is listened to, there must have already been a royalty payment to the companies involved. Never mind the fact that many P2P users who have been interviewed have stated that they have found artists they liked on P2P services, then gone out and bought the CD. Never mind the fact that studies done of P2P service usage have found that the heaviest users of such services are in fact the largest purchasers of new music, rather than the other way around.

Copy protection

Yes, copy protection will prevent casual copying of CD’s. It will even prevent some of the less technically savvy of us from putting protected CD tracks on the internet and P2P services. It will not, however, completely cut out music piracy. No matter how hard you try to clamp down, there will be someone out there who’s smarter than the person who designed your copy protection scheme. The people who do this kind of thing aren’t in it for the free music, however. They’re in it to beat the system.

It used to be that people would use portable dual cassette stereos with high-speed dubbing to make a copy of a cassette tape. Yes, the copy sounded bad. No, they didn’t have to pay for it. But chances are you could count on one hand the number of times they listened to this tape, before going on to copy another one. I got a rack full of cassettes given to me at the end of a yard sale where I picked up some records a while ago. Over 95% of these tapes were copies, they all sounded terrible, even the ones that were made on high quality Chrome and Metal tapes, and there must have been close to 100 of them. Did they listen to them? Well, they were giving them away, so probably not. None of them looked particularly worn or well used. But they had them. Are they guilty of large-scale piracy? Well, at an average of 8 to 9 songs per tape, there was roughly 800 to 900 songs that, presumably, hadn’t been paid for. This is, of course, assuming that they didn’t have the CD’s, and they had simply copied them to cassette so they could play them in their car stereo. That would have been fair use. They didn’t, however, give massive numbers of copies away, sell them, or whatever else the music industry claims pirates do. Honestly, I don’t even think they enjoyed them that much when they had them.

The Comparison to Conventional Theft

There is frequently a comparison made between pirating music, and stealing cars, bicycles, purses, etc. There’s even a TV commercial I’ve seen recently from ‘The Canadian Coalition Against Satellite Signal Theft’, which states that stealing a satellite signal is no different from stealing a car, bicycle, or purse. Presumably, this would apply to any intellectual property.

Well, I’m not here to tell anyone that I think stealing IP is OK, because I don’t. It is, however, fundamentally, and totally different from stealing anything physical.

If I stole my neighbour’s car, he’d notice within at most a few hours that his car was missing. If I stole a bicycle downtown, the owner would know as soon as they went to get on it to ride home. If I stole a purse, there would be a woman somewhere who wouldn’t be able to buy her child an ice-cream cone, because she wouldn’t have the money that was in her purse.

The point is, when someone steals an object of some sort, the original owner no longer has it. The person who rightfully owns it has to do without, or go to the trouble of replacing it, because someone stole it.

Intellectual Property, on the other hand, is different. If I make a copy of a CD that a friend has, that friend isn’t missing the CD. It’s still in their CD case, just like it always has been. If I did it when they weren’t there, they wouldn’t even know I’d made a copy, since there’s nothing changed at all as far as they see. The only way they’d know is if I told them, or they looked at the contents of my CD case.

Somehow, the music industry has taken this lack of evidence of a copy being made as proof that whenever there is a lack of evidence of anything, copies of CD’s are being made. I know it doesn’t make sense. Talk to the music industry about it. CD sales are down. They don’t have any evidence that illegal copies are being made, so that means illegal copying must be rampant, because when copies are, in fact, being made, there is no evidence.

Because there’s not actually anything missing, you’ve got to wonder how much damage piracy actually does to the music industry. Even if they knew exactly how many pirated copies of songs were floating around, it still wouldn’t help. They can and do say, “We think there’s a million copies of this song that haven’t been paid for, and at $1.20 per copy, that costs the music industry $1.2 billion each year.” This statement makes the assumption, however, that everyone who pirates a song would buy it if they couldn’t pirate it. This just isn’t the case.

I can quite easily see someone thinking a $25 CD just isn’t worth that much, and copying it from someone else so it only costs them a 50 cent CD-R. If they didn’t know anyone who had the CD, though, they still wouldn’t go out and buy it, they’d just do without.

With situations like this, the pirater is getting music they haven’t paid for, but the music industry isn’t losing a thing, because it’s not a sale they would have made if the song had not been copied. Legality aside, it could be - and has been - argued that this is in fact free publicity for the artist in question. Sure, they’re not getting paid for the one pirated copy, but if a friend of the pirate who would pay for the album hears it, decides it’s good music, and goes out and buys it, there’s a sale the artist and record label wouldn’t have got, had that music not been pirated in the first place.

Again, I’m not saying copying intellectual property isn’t wrong….but it’s not going to go away. There are some people who will simply not pay for music. But rather than spending all your time frantic about the lost sales to this unquantifiable beast called piracy, wouldn’t it be much better for your reputation, as well as your stress level, to take advantage of what a few unauthorized copies of your music floating around out there could do for you?