The human nature of sharing vs. felony on the high seas

This recent article in Coding Horror (linked from TechBlog) at first glance appears to be at first about murder and theft on the high seas. Oh wait, sorry, need to take a closer look. Let’s change that last part to “programmers getting ripped off by unauthorized copying.”

Surprisingly, the lead-in is a quote from letter from none other than Bill Gates to the Homebrew Computer Club, way back in 1976, when we were still about three to four years away from the first popular video games, and I was probably still learning to walk. The quote (which I am retyping from the image):

The feedback we have goten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however. 1) Most of these “users” never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent of Altair BASIC worth less than $2 an hour.

The blog post then goes on to make numerous other dubious comparisons with theft and murder on the high seas and unauthorized copying of software, citing a more recent example (World of Goo) where a similar 90% rate of unauthorized copying is claimed. (The only accurate part of that is ten different IP addresses are posting a high score for every purchased copy of the game, so this could be anywhere from 25% to 99.5% of unauthorized copies, of those choosing to post their high scores online, or possibly even higher or lower.)

For titles such as World of Goo, I think any divide-and-conquer, no-sharing, don’t-you-dare-help-your-neighbor license agreement is probably a mistake. This title should have been released as free software (as in GPL v3), selling copies and related merchandise to help fund further development.

Let’s face it, there’s a reason it’s a bad idea to equate the natural human desire to share with nautical felonies. The FSF has already said something about this and the way “piracy” gets thrown around in articles like the one in Coding Horror linked above just underscores that.

Autorun, autoworm

It’s a bit old, but just today I read an entry in Ed Truitt’s blog about how the Pentagon got infected with (what I would guess is) a Windows worm.

To quote the quoted message:

Someone infected thumb drives with the WORM then dropped them around the Pentagon parking lot. The employees, picked them up, took them into their offices and plugged them into their office computers to determine the owner of the drive. (emphasis mine)

To me, it seems the real risk is not plugging unknown devices into a computer. Rather, this whole incident is a very damning indictment of Windows’ infamous autorun feature and the risks thereof. The act of merely accessing a device should never automatically run any executable that may be on it, at least not without prompting the user.

This is a security hole big enough to drive a tank through, and inexcusable negligence on the part of Microsoft. This is not something a user should have to explicitly disable (whether permanently or with an obscure trick like holding down Shift while plugging/inserting media).

OpenBSD uses the slogan “secure by default.” Here’s hoping that Windows 7 will be the first version that “insecure by default” doesn’t apply to.