Friday, September 9, 2011

Michael Hart, a Pioneer of E-Books, Dies at 64

Michael Hart, a Pioneer of E-Books, Dies at 64

Michael Hart, who was widely credited with creating the first e-book when he typed the Declaration of Independence into a computer on July 4, 1971, and in so doing laid the foundations for Project Gutenberg, the oldest and largest digital library, was found dead on Tuesday at his home in Urbana, Ill. He was 64.

His death was confirmed by Gregory B. Newby, the chief executive and director of Project Gutenberg, who said that the cause had not yet been determined.

Mr. Hart found his life’s mission when the University of Illinois, where he was a student, gave him a user’s account on a Xerox Sigma V mainframe computer at the school’s Materials Research Lab.

Estimating that the computer time in his possession was worth $100 million, Mr. Hart began thinking of a project that might justify that figure. Data processing, the principal application of computers at the time, did not capture his imagination. Information sharing did.

After attending a July 4 fireworks display, he stopped in at a grocery store and received, with his purchase, a copy of the Declaration of Independence printed on parchment. He typed the text, intending to send it as an e-mail to the users of Arpanet, the government-sponsored precursor to today’s Internet, but was dissuaded by a colleague who warned that the message would crash the system. Instead, he posted a notice that the text could be downloaded, and Project Gutenberg was born.

Its goal, formulated by Mr. Hart, was “to encourage the creation and distribution of e-books” and, by making books available to computer users at no cost, “to help break down the bars of ignorance and illiteracy.”

Over the next decade, working alone, Mr. Hart typed the Bill of Rights, the Constitution, the King James Bible and “Alice’s Adventures in Wonderland” into the project database, the first tentative steps in a revolution that would usher in what he liked to call the fifth information age, a world of e-books, hand-held electronic devices like the Nook and Kindle, and unprecedented individual access to texts on a vast array of Internet archives.

Today, Project Gutenberg lists more than 30,000 books in 60 languages, with the emphasis on titles of interest to the general reader in three categories: “light literature,” “heavy literature” and reference works. In a 2006 e-mail to the technology writer Glyn Moody, he predicted that there would be a billion e-books in 2021, Project Gutenberg’s 50th anniversary, and that, thanks to advances in memory chips, “you will be able to carry all billion e-books in one hand.”

Nearly all the books are in the public domain, although a relatively small number of copyrighted books are reproduced with the permission of the copyright owner. The library includes two books by Mr. Hart: “A Brief History of the Internet” and “Poems and Tales from Romania.”

“It’s a paradigm shift,” he told Searcher magazine in 2002. “It’s the power of one person, alone in their basement, being able to type in their favorite books and give it to millions or billions of people. It just wasn’t even remotely possible before; not even the Gideons can say they have given away a billion Bibles in the past year.”

Michael Stern Hart was born on March 8, 1947, in Tacoma, Wash. His father was an accountant; his mother, a cryptanalyst during World War II, was the business manager for a high-end women’s store. The couple retrained to become university teachers and in 1958 found posts at the University of Illinois, in Urbana, where his father taught Shakespeare and his mother taught mathematics.

Michael began attending lectures at the university before entering high school and, following a course of individual study on human-machine interfaces, earned a bachelor of science degree in 1973.

Work on Project Gutenberg proceeded slowly at first. Adding perhaps a book a month, Mr. Hart had created only 313 e-books by 1997. “I was just waiting for the world to realize I’d knocked it over,” he told Searcher. “You’ve heard of ‘cow-tipping’? The cow had been tipped over, but it took it 17 years for it to wake up and say, ‘Moo.’ ”

The pace picked up when he and Mark Zinzow, a programmer at the University of Illinois, recruited volunteers through the school’s PC User Group and set up mirror sites to provide multiple sources for the project.

Shrewdly, Mr. Hart included books like “Zen and the Art of the Internet” and “The Hitchhiker’s Guide to the Internet” to expand the audience for the project’s books.

Today, relying on the work of volunteers who scan and proofread without pay, the project adds to its list at the rate of hundreds of books each month.

Even in the project’s early stages, Mr. Hart envisioned it in revolutionary terms. Borrowing a term from “Star Wars,” he referred to e-books as just one form of replicator technology that would, in the future, allow for the infinite reproduction of things as well as words, overturning all established power structures and ushering in an age of universal abundance.

One hurdle on the road to the diffusion of knowledge was the Copyright Term Extension Act, passed in 1998. The act, sponsored by the California congressman and former pop singer Sonny Bono, removed a million e-books from the public domain by extending the copyright by 20 years. Under United States law, the average copyright now lasts for 95.5 years.

Lawrence Lessig, then a law professor at Stanford University (and now at Harvard), approached Mr. Hart to see if he would be interested in taking part in a constitutional challenge to the law.

He met Mr. Hart in a pizza parlor in Urbana, where, Mr. Lessig recalled in a telephone conversation on Thursday, Mr. Hart added a thick layer of sugar to his pizza while explaining that he saw the case as much more than a test of copyright law. It offered, as he saw it, a way to challenge the entire social and economic system of the United States.

Mr. Lessig, looking for a somewhat less visionary lead plaintiff, eventually enlisted Eric Eldred, the owner of Eldritch Press, a Web site that reprints work in the public domain. In 2003, in Eldred v. Ashcroft, the Supreme Court upheld the constitutionality of the copyright extension act.

Mr. Hart is survived by his mother, Alice, of Fort Belvoir, Va., and a brother, Bennett, of Manassas, Va.

How-to: Travel with your Roku Player

Ever thought about taking your Roku player along on your getaway or family vacation? Traveling with your Roku can be a snap with a little bit of forethought; we’ll show you how you can bring your favorite black box along to some of your favorite destinations.

Broadband Internet is relatively common these days, but you should still consider the following questions:

Will there be sufficient Internet bandwidth at the place I am staying?
How will Roku connect to the Internet? Will I need a router or laptop?
What type of TV will there be?

If you are staying at a friend’s or family member’s home, you can usually rely on a stable Internet connection and the ability to plug into a router or connect over a wireless network. You should let them know ahead of time that you will be using your Roku player –then tease them for not having one already *wink.

image courtesy of MoToMo on Flickr

Most hotels offer free Wi-Fi and it’s just a matter of plugging in your Roku and connecting to the wireless network.There are some however that require authentication beyond a password–like your room number and name, etc…. To share an Internet connection, even with the authentication, I use my laptop and an older Netgear wireless travel router (a travel router is just a smaller version of a typical router, and any brand should get the job done).

You will need to clone the MAC address from your computer to your router. It sounds scary, but it’s typically a check box that you select in the router settings menu, which tells the router to use the same address as your computer. As every router is different, you should refer to the proper documentation.

If you have a Wi-Fi hot-spot, your golden wherever you go. Just make sure you have a solid connection, and connect your Roku player as you would if you were at home.

What to bring:
It’s wise to pack HDMI, component, power and Ethernet cables–and don’t forget the remote. Left your remote behind? No worries, you can find a quick fix using your iPhone (or other iOS device) or Android device here.

Made by Waterfield Designs, this travel case should do the trick.

If you travel quite a bit and don’t feel like unplugging cables from the back of the TV every time you travel, you can find spare cables in our accessory shop and create a dedicated travel pack.

A few takeaways:

Internet usage at some hotels may require authentication, but once enabled, it’s usually good for a few hours.
You can use a travel router to share the Internet connection with your Roku.
Find smartphone apps to control your Roku on our blog.

Thursday, September 8, 2011

Certificate cleanup for most personal computers

Certificate cleanup for most personal computers

Susan Bradley By Susan Bradley

A little Dutch company potentially lets a flood of problems into our Windows machines.

The company manages digital certificates; after its recent break-in by hackers, security certificates for Mozilla, Yahoo, WordPress, and other sites are now suspect.

On a daily basis, no matter what our level of paranoia, we trust the companies we work with. … Well, at least our browsers and computers do. Inside all computers, both Windows and Mac, is a collection of digital certificates that everyone on the Net has agreed to trust. On Vista and Windows 7 systems, these root certificates (definition) are updated by the issuer automatically. But on Windows XP machines, they're updated manually.

Companies doing business on the Internet buy certificates linked to a root certificate and automatically become part of the chain of trust. Because your computer trusts the vendor who provided the root certificate, it automatically trusts all online businesses with associated certificates.

This process is the foundation for secure Web transactions such as shopping on Amazon, online-banking, and e-mail.

Many updates after breaks in the chain of trust

Typically, this system works well. But on the rare occasions it fails — when the chain of trust is broken — it can instantly affect thousands of PCs.

Such is the case with that small company in the Netherlands, DigiNotar. Reports from various sites indicate that hackers compromised the firm's servers and generated rogue certificates. In a Kaspersky Lab Securelist blog, lab expert Roel speculates that as many as 200 rogue certificates were generated before the hack was discovered.

With a rogue certificate in place, a hacker can make your system think it's using a legitimate, trusted certificate from well-known companies such as Google and Yahoo. The hacker can then intercept your Internet connection with the site you intended to use and redirect you to a fake site, where you are tricked into entering personal information such as your user name and password. Your computer still thinks it's connected to a trusted site.

Fortunately for most of us, this particular attack appears to have targeted Internet users in Iran — it's the only country where these rogue certificates were spotted.

Soon after the breach, browser vendors offered updates that removed the Dutch root-certificate holder from their browsers' list of trusted certificate issuers. An August 29 Chrome Online Security blog reported that Google had disabled the DigiNotar certificate authority in Chrome 13.0.782.218.

The next day, Firefox followed suit in a Mozilla Security blog, announcing the release of numerous updates for Firefox (versions 3.6.21, 6.0.1, 7, 8, and 9), Thunderbird (3.1.13 and 6.0.1), and SeaMonkey (2.3.2) that revoked the DigiNotar root certificate.

On September 6, Microsoft released an out-of-cycle update — KB 2607712 — for Windows 2003, XP, Vista, Windows 7, and Server 2008 that not only removed all DigiNotar root certificates from the trusted list but also moved them to the untrusted-certificate store. If you find any DigiNotar certificates in the Trusted Root Certification Authorities list, I recommend you install KB 2607712.

If you do not see these certificates in your trusted-root store, you probably ignored all previous root-certificate updates. You can safely wait until the next Patch Tuesday to install the patch.

Manually removing the certificates from XP systems

Windows XP users have the option of deleting the certificates manually or merely looking over the list of certificates installed to see whether the DigiNotar cert. is there. Here's how:

Start out by clicking on the start button and typing mmc.exe. into the Run box, as shown in Figure 1. You'll see a window pop up typically labeled Console1.

Launching MMC
Figure 1. Opening up the mmc snapin

Click File, then Add/Remove Snap-in. In the Add/Remove Snap-in box, click the Add button, select Certificates (see Figure 2), and then click Add again.

Add Standalone Snap-in
Figure 2. Adding the certificate snap in

Yet another dialog box will open, with three choices. Select Computer account and click Next. Select Local computer (the computer this console is running on) and click Finish. Now close the Add Standalone Snap-in box. In the Add/Remove Snap-in box, click Okay. That returns you to the certificate-management console.

In the left-hand pane of the console, you should now see Certificates (Local Computer) with a small + next to it. Click on the + to expand your selection. You'll now see numerous folders, starting with Personal and including Third-Party Root Certification Authorities, as shown in Figure 3.

For more information on what folders you might typically see, check out the superuser post, "What are the Windows system certificate stores?" (In my example, the Windows XP system is a client of Windows Home Server and thus has a WHS certificate folder you probably will not see on your XP machine.)

Console Root certificates
Figure 3. Reviewing the list of certificate types

Now expand the Trusted Root Certificate Authorities folder and click on the certificates folder underneath. You should now see a list of certificates in alphabetical order (see Figure 4). Find any DigiNotar Root CA certificates and remove them from your computer.

An alternative way to remove certificates is through Internet Explorer. In IE, click Tools/Internet Options/Content and then Certificates. Click Trusted Root Certificates. Find the listings for DigiNotar Root CA (there are two in Figure 4) and remove them by clicking the Remove button. Click Yes to the warning that removing these certificates may prevent Windows from working properly. Then click Close and Okay.

Removing the DigiNotar root certificate
Figure 4. Removing the DigiNotar certificate.

If you don't see these two certificates in your trusted-certificate store, it's because you've probably used the "if it ain't broke, don't fix it" rule of updating and thus ignored previous root-certificate updates. (I found one system without the DigiNotar certificate, and when I installed the latest root certificate — KB 931125 — the rogue certificate appeared.)

Think you're safer running the Apple platform? Guess again! Apple also included DigiNotar in its trusted root certificate program. In Apple it's a little more complicated to remove this rogue cert — a FairerPlatform blog has the details. Apple will most likely release a patch for its platform soon.

This issue exposes the vulnerable underbelly of trust of certificates, a process we may really need to start questioning. The listing of certificate authorities includes companies from countries that aren't always friendly to one another — and companies that have already been in the news for security breaches. If one small certificate authority in the Netherlands can be used in this type of potential spoofing attack, I hate to imagine what mischief can be done with a larger organization.

Needless to say, I may recommend holding off on future root-certificate updates until they have been examined more closely. In some cases you might be better off editing your existing root certificates rather than blindly adding updates.

Bottom line. If you have the DigiNotar certificate in your trusted-root certificate store, I recommend installing KB 2607712. On XP and Server 2003 systems, this will force a reboot — so plan accordingly. If you do not have the DigiNotar certificate in your trusted-root certificate store, simply wait for the next Patch Tuesday and apply it then.