I’ve been following the quickening saga of #JoCoGleeGate (http://www.jonathancoulton.com/2013/01/18/baby-got-back-and-glee/) over the past couple of weeks with great interest. As a JoCo fanboy since the Thing a Week days, I couldn’t help myself, even if the closest I’ve made it to en episode of Glee, was recognising it as my cue to go play Skyrim while the wife occupies the living room.
It’s been very interesting, and even spurred my to actually read the Wikipedia entries for Parody and Derivative Works, in order to better understand some of the finer points and perhaps gain an insight into why the folks a Glee would try something like this. It pretty clear at this point that Glee’s cover of Baby Got Back is a flagrant plagiarism of JoCo’s 2005 arrangement of the ‘rap classic’. In fact, it appears according to JoCo’s latest blog posts that Fox have admitted as much to Jonathan’s ‘people’ - so what could be the rationale?
I mean lets be honest, I don’t think Jonathan is a huge Glee fan, so its unlikely that he would have been overjoyed to see one of his original works being butchered for prime time, but given that this was a cover to begin with his rights are indeed limited. That said, Fox could so easily have given him a credit and come away from this whole ordeal without much incident…
Unless of course, that’s what Fox wanted… after all no publicity is bad publicity, and I very much doubt that the mid-season return of Glee would have warranted much mention with Wired, @PaulAndStorm and indeed a host of other internet savvy websites and blogs - not to mention the tumult of twitter commentary… Perhaps Fox’s social marketing people are not a dumb as we all assumed.
For any of the Computer Security or US Law buffs, there is a really nice blog post over on @ErrataBob’s security blog. Goes into some great detail about exactly where the gaps are in the current US legislation and how exactly that applies to everyday internet technologies.
Its a little scary to think that these laws are so broad that they could apply to just about everyone, but its even scarier to think that the impact of that is that almost none of them would hold up in court for the purpose of prosecuting real criminals.
I’m off to bury my router and don my tinfoil hat until all this blows over.
After months and months of tireless work, the guys on XDA who’ve been working on the getting S-OFF (disabling the hardware security measures) on the HTC One X, have had to throw in the towel. The development thread for the S-OFF exploit has been closed, and many XDA users are trying to take the fight back to HTC. The months old petition thread has been resurrected as users attempt to seek a diplomatic solution - and I would encourage all HTC owners and enthusiasts to head over the pop your name down:
A mere 36 hours after initially reporting the cleartext password storage issue to TunnelBear and I received this message from CorpBear (a.k.a Ryan) on the TunnelBear team:
I just wanted to follow-up on this. The TunnelBear team takes these issues very seriously.
We’ve posted an updated test build of TunnelBear for PC. Among other things, we are now encrypting the locally stored password. Note: This is also the latest Windows 8 build, which we believe has squashed most of the remaining Windows 8 bugs.
We’ll be testing it for 24-48 hours in beta before rolling it out broadly. We’d really welcome your feedback.
Obviously I downloaded the build and tested it out, and not surprisingly my password is no longer stored in clear text in the settings.dat file. I didn’t press for details on how its encrypted, but I’m no longer hesitant about using TunnelBear or recommending it for use by others.
Well done and a hearty congratulations to the TunnelBear team - I’ve never been as impressed by a company for taking and responding to user feedback. I look forward to seeing what else these guys get up to in the future, but for now I am one happy bear.
As everybody now knows, thanks the mainstream popularity of tools like Firesheep, when you’re using unencrypted WiFi, it would behove you to protect yourself from opportunistic ‘computer hobbyists.’ I have, for the longest time, used remote access tools like GoToMyPc or LogMeIn, but I recently had need of a VPN solution, since I was stranded in a hotel for a couple of days whose guest WiFi blocked Google Music and I was unwilling to pay the extortionate data roaming charges to stream my music over the cellular data network.
It didn’t take long to find TunnelBear - a service beloved by many for its simplicity, its cost and its adorable on-line persona. Their homepage features testimonials from Lifehacker and PCWorld and a quick Google search will lead you to hundreds of reviews from reputable publications, who appear to have unanimous approval and boundless praise for TunnelBear’s service.
I was pretty happy to try it, and I have to say that their desktop and mobile applications are very easy to use, well presented and refreshingly free of crapware and banner ads! They have however been struggling with some stability issues on Windows 8 - only natural given its a brand new OS - and so they have a Beta version available for the Windows platform you try to address some of these issues. I’ve been seeing a pretty frequent ‘Crash on Exit’ bug, so I went digging to try to find their logs so that I could submit a bug report, and I came across this little gem.
Front and centre in the install directory there is a file, named settings.dat - a fairly obvious target for anyone interested in learning more about an application and they way it works. I figured since it was a [dot]dat file, it likely wasn’t human readable, but rather a proprietary database or serialised object file, but hoping that there might be something useful that I could supply in my bug report, I chanced opening it up in a text editor. You can imagine my surprise when up popped - in CLEARTEXT - my username and password, as well as which of their regional VPN services I last connected to…
Update: I’ve contacted TunnelBear support, and now that they are aware of the issue, they have made it a high priority for their next release. Obviously this something that TunnelBear users should be aware of - I don’t think its the type of thing that would make me drop the service, but I would advise all TunnelBear users to strongly consider using a unique password for TunnelBear if you’re not already doing so.
Quote fromTunnelBear Support:
Thanks for the report here.
We agree that although the threat here would require access to the user’s PC, this is not best practice for storing login data.
We have added this as a high priority for the next release of our apps - so expect to see a fix soon.
Thanks for bringing this to our attention, and please let me know if there is anything else you have to report.