TechByter Worldwide

If you enjoy today's article, please share it!

Program Date: 31 Mar 2013

Magazines Continue Trying to Put Themselves Out of Business

On my desk I have a renewal notice for Time magazine. There are offers from several other magazines and the one thing they all seem to have in common is that they were written by people who don't understand pricing. More accurately, it seems that they were written by people for whom economics is an unknown science.

Take Time, for example.

If the goal of magazine publishers is to migrate readers to online versions so that they can drop the print version and stop paying for all that printing and delivery, this is the wrong way to go about it. I can't tell you how many publications have sent offers for $10-per-year subscriptions to paper versions of the magazine but want to charge $30 to $50 per year for the online version.

This just doesn't make sense, particularly because many of the magazines that have both paper and electronic versions give print subscribers free access to the online version but they don't offer free print subscriptions to online subscribers who are paying more than the print subscribers who get both for less.

See what I mean about not understanding economics? I guess I'll pay $20 and continue to receive the print version.

WiredNot to pick unduly on Time, consider the offer from Bloomberg Businessweek: A"welcome back" discount rate of $20 per year even though I've never been a subscriber. It doesn't matter, though, because I can read this magazine on my Windows tablet or any computer than can run the Nook reader because that one of dozens of magazines that the library provides access to for free. That one's in the trash.

Wired has finally expanded its electronic version from Apple-only to a variety of readers. Although I qualify for a $10/year subscription, Wired would charge me $24 for the electronic version only. As long as I keep forcing them to pay for printing and postage to send the magazine to me, I can obtain access to the electronic version for just $10.

What does it cost to print and mail a large full-color magazine such as this 12 times per year? I can guarantee you that it's more than 83¢ per issue, which is what I pay.

Inc. offers a "test-rate savings form" that suggests a price of $5 for 1 year's worth of magazines, $10 for 2 years, and $10 for 3 years. No, that's not a typo. The price for 3 years is the same as 2 and I can have them bill me later. Just sending an invoice would have to cost at least $1 and they would probably send at least 2 invoices before realizing that I paid the first one. Oh, and I also get access to the Ipad edition (too bad I don't have an Ipad) for my $5 or $10. Apparently Inc. loses money on every deal but makes it up in volume.

Your "Private" Files May Actually Be Public Files

A report by Net Security says that thousands of businesses and individuals who probably believe that the files stored on Amazon's S3 servers are secure might find out the hard way that their files might be totally in the open.

When users sign up for Amazon's S3 servers, they have the option of specifying who has access to the contents. Unless they're set to "private", the contents can be viewed by anyone. Net Security says that it was able to discover more than 12,000 S3 account locations and that more than 15% of them were completely open.

These areas are called "buckets" in Amazon-speak. A bucket is "public" if any user can list the contents of the bucket and "private" if the bucket's contents can be listed or written only by specific users. Net Security says that many users seem not to understand that a public bucket will list all of its files and directories to an any user that asks.

So 15% of 12 thousand doesn't seem so bad, but wait ...

In those nearly 2000 repositories, some of which are used by large companies, researcher Will Vandevanter found more than 126 billion files. That huge number made it impossible for Vandevanter to test the permissions of every single object. He tried a random sampling and was able to review more than 40,000 public files, "many of which contained sensitive data."

To test the openness of the bucket a user can just enter the URL in their web browser. A private bucket will respond with "Access Denied". A public bucket will list the first 1,000 objects that have been stored. You can try this yourself: Amazon uses 2 formats for its buckets: http://s3.amazonaws.com/[bucket_name]/ or http://[bucket_name].s3.amazonaws.com/. Just replace "[bucket name]" with the text of your choice and see what you find.

Vandevanter says the files he found included data from a social media service, an auto dealership, and software developers. He found employee lists, vehicle sales records, and program source code. He started with a list of Fortune1000 companies and100 thousand popular websites, then used Bing's search function to find open buckets.

Oops. The error can not be blamed on Amazon because the company defaults all buckets to "private". The person who set up the account would have to explicitly change the permissions. Maybe there's a lesson here. If so, the lesson is this: Don't allow amateurs to configure your servers, even when they're in the cloud. Perhaps especially if they're in the cloud.

Full report: http://www.net-security.org/secworld.php?id=14669

State Government in a Digital Age

All US states have websites but some are better than others when it comes to sharing information about how tax dollars are spent. The Federation of State Public Interest Research Groups creates an annual report that reveals how well states are doing. PIRG is a non-profit group and it's also a political lobbying organization that encourages citizen involvement and government openness.

The annual report ranks states by grade (A is the best and F is the worst). Because I live in Ohio, I'm interested in my state's ranking. It's a D-minus.

PIRG chartPIRG says states are getting better but even those with an A rating could improve: "State governments across the country have become more transparent about where public money goes, providing citizens with the information they need to hold elected officials and businesses that receive public funds accountable," is how Phineas Baxandall, senior analyst for tax and budget policy, described this year's results.

As an example of overall improvement, the report notes that for the first time, all 50 states now provide some “checkbook-level” government expenditure information online. Three years ago, only 32 states detailed information on specific payments made to individual vendors. And 39 state websites now include reports about government spending through tax-code deductions, exemptions, and credits; that's up from just 8 states 3 years ago.

Seven states earned “A” grades: Texas, Massachusetts, Florida, Illinois, Kentucky, Michigan, and Oklahoma because they provide detailed information on different types of payments, usually in searchable and easy-to-use databases.

Five states earned “F” grades: Wyoming, Wisconsin, Hawaii, California, and North Dakota because their websites are limited in scope, lack comprehensiveness, and are difficult to navigate.

Ohio is in a group of 7 states that PIRG refers to as "lagging" because, although they maintain transparency websites, important pieces are missing and they fail to provide spending data that are available on most other states' websites. "Only one state – Ohio – provides information on economic development tax credits."

If you think there might be a political bias to the report, you would be wrong. PRIG says that spending transparency follows no partisan pattern. On a 100-point scale, the average score of states with Democratic governors differed by less than half a point from states with Republican governors.

The full report is available on PRIG's website.

Short Circuits

This Software Could Crash Your Car

When an application crashes, it's usually not a big deal. The program shuts down and that's it. Or, in a more serious case, the computer itself crashes. But GM is recalling nearly 34,000 new Buicks and Cadillacs to fix transmission software that has the potential to cause a more serious crash.

The cars involved include about 26,600 2013 model-year Buick LaCrosse sedans and Cadillac SRX crossover vehicles in the United States and another 7500 or so in China, the Middle East, Canada, and Mexico. GM says a software flaw could cause the transmission to jump out of manual mode and into automatic mode. So far, though, GM says it hasn't received any reports of collisions or injuries related to the problem.

There are no parts to change. Instead, dealers will reprogram the transmission control module.

The recall was announced a week ago and notices started going out this week. If you own an affected Cadillac, you can call 1-866-982-2339. For Buicks, the number is 1-866-694-6546.

The federal Department of Transportation summarizes the recall this way: General Motors (GM) is recalling certain model year 2013 Buick LaCrosse vehicles, manufactured between April 25, 2012, through March 6, 2013, and model year 2013 Cadillac SRX vehicles, manufactured between May 29, 2012, through February 18, 2013 for failing to comply with the requirements of Federal Motor Vehicle Safety Standard (FMVSS) No. 102, "Transmission Shift Lever Sequence, Starter Interlock, and Transmission Braking Effect." A software problem may cause the transmission to inadvertently shift to Sport mode removing any transmission-related engine braking effect.

General Motors' number for this recall is 13053. Customers may contact the National Highway Traffic Safety Administration's Vehicle Safety Hotline at 1-888-327-4236 (TTY: 1-800-424-9153); or go to www.safercar.gov.

Spammer, Caught and Annoyed, Nearly Takes Down the Internet

A Dutch hosting company that's headquartered in an old NATO bunker provides service for spammers and, when caught, apparently decided to reach out and touch everyone. Literally. If you noticed that your website or websites you use were unreachable starting on March 15 and intermittently for the next 11 days, that's the likely cause.

Cyberbunker is the hosting company that's literally inside an old NATO bunker. When the anti-spam vigilante group Spamhaus added Cyberbunker's IP addresses to its blacklist, Cyberbunker launched the largest distributed denial of service (DDoS) attack that the Internet has ever seen. Then an organization called CloudFlare that provides worldwide mirroring of sites became involved to help Spamhaus and was added to the target list.

TechByter uses CloudFlare, particularly to provide faster response for readers and listeners who are not in the United States. The DDoS, which uses hijacked computers to send data to the target's servers, overwhelmed Spamhaus, CloudFlare, and several organizations that provide routing for Internet communications.

Spamhaus has been the target of such attack before, but this one was unusual because of its size and the techniques used. Most DDoS attacks use "botnets", armies of hijacked machines. This time, though, the attack was able to use improperly configured Domain Name System (DNS) servers, the devices that look up the IP address (such as 108.162.196.114) when people type www.techbyter.com. The IP address is what the Internet uses to route words and images from TechByter (108.162.196.114) to you.

Spamhaus is a major player in the fight against spam. Even those of us who understand the organization's motives and applaud its intent often question handing over an important function such as this to what can only be called vigilantes. Normally attacks that focus on Spamhaus affect only Spamhaus. In this case, the spammers retaliated against the Internet as a whole.

The most severely affected areas were Europe and Asia but significant congestion was apparent in the United States, too.

Eleven Days?

Apparently the attack ended after 11 days only because the attacker decided to play nice again. One can understand how it might be difficult for Dutch police to enter a bunker that was once owned by NATO, but couldn't power be shut off? Assuming Cyberbunker has backup generators, the effect wouldn't be immediate but the generators would eventually run out of fuel. Or perhaps Dutch police could locate the point at which the fiber cables enter the bunker and cut them. That effect would be immediate.

Or maybe Dutch police didn't act because they didn't have enough proof. Although Cyberbunker is at the top of everyone's list of suspects, the criminals who staged the attack covered their tracks well.

When the attack reached the unprecedented rate of 10 gigabits per second aimed at Spamhaus, the organization asked CloudFlare for help. At that point, the criminals escalated the attack to 300 gigabits per second of traffic.

R U A Reader?

Do you read books? Magazines? Newspapers? In this supposedly post-literate world, a lot of people are reading a lot of words. You're reading this (well, maybe you're listening to the podcast). But even those supposedly hopeless and helpless kids are reading. They're just not doing it while holding books or newspapers. Reading long-form articles on a phone isn't something I would like to do, but I have done it. Tablets are an outstanding choice. And those in their 20s really do read long-form articles on their phones.

Maybe you've heard of Goodreads, an online service that recommends books for people much as Netflix recommends videos. Tell Goodreads what you like and it will tell you about similar types of books. I'm a member and a client of mine has a book on the service.

This week Amazon acquired Goodreads. I should have seen that coming. Amazon wants to encourage people to read books in Kindle format. You can buy a Kindle if you want but Amazon doesn't really care because there's no profit in Kindles. The profit comes in selling books and Amazon knows that people who own Kindles tend to buy more books.

But you can own a "Kindle" by installing the free Kindle reader on your PC, Mac, tablet, or phone. So the acquisition makes perfect sense: An online service that helps people find books that they'd like to read is absorbed by an online retailer that provides books.

Amazon's Vice President for Kindle Content, Russ Grandinetti, puts it this way: "Amazon and Goodreads share a passion for reinventing reading. Goodreads has helped change how we discover and discuss books and, with Kindle, Amazon has helped expand reading around the world. In addition, both Amazon and Goodreads have helped thousands of authors reach a wider audience and make a better living at their craft. Together we intend to build many new ways to delight readers and authors alike."

Terms of the acquisition were not disclosed. Subject to various closing conditions, the acquisition is expected to close in the second quarter of 2013. Some acquisitions make sense. Some don't. This one definitely does.