OK, this post is a crossover between technology and government policy but I feel pretty strongly about this and think it is sufficiently relevant, given the recent developments in Egypt and the Mid-East in general to post.

As has been widely acknowledged in the news, and as evidenced by Internet traffic statistics, the Egyptian government has, for all practical purposes, shut down most Internet traffic in and out of the country. Of course it hasn’t completely cut off all lines of communication and news and updates are still getting out through alternate channels, but the point is, who should own and control the Internet.

Internet Traffic to and from Egypt during the Jan 25th Events

The Internet is becoming the primary foundation of how people get and share information, our economy and the historically unique feature of allowing us all to react to news and shared ideas almost instantly. It is obvious that its role and importance our lives will only continue to increase.

 Loading ...

1.) I see the Internet and the abilities that it gives average people to share ideas as the 21st centuries version of right to free speech, freedom of the press and even right to assemble (virtually if you like). As such, access to the network, or more abstractly, the information it hosts is a protected right in line with our constitution.

2.) Defensive measures in response to cyber warfare have a legitimate role but the danger is not nearly as great as popular media portrays it as companies and government agencies continue to adapt to threats. If a foreign government were to launch a major attack which caused significant and widespread harm (and I have trouble even imagining what that would look like) and force the US to isolate ourselves from the Internet, that probably wouldn’t help much as the attack could continue from nodes inside the US that are under foreign control. That is the nature of the Internet that it is so interconnected but the trend is for more consolidation of the access points which opens them up to control, and causes my concern.

3.) The concept of the Internet not being “owned” by anyone or any one country is at the core of its inception and the confidence that it will remain an open and accessible business tool is main reason behind its success and why so many businesses have been willing create a growing dependency on it. Given that, if a foreign nation managed to shut it down and significantly disrupt commerce, that would meet the historical test of an act of war, much as an economical blockade has in the past.

“The ability to destroy a thing is the ability to control a thing”
- Frank Herbert.

I strongly believe that free and open access to the Internet will become an accepted human right and that the need to maintain non-governmental control of the Internet should be a key aspect of our digital culture (as it is today – Google “IETF”). This involves not only protection from the draconian shutdown but the more subtle censorship that can be even more insidious to our civil rights.

I would like to see “digital rights” replace “gun rights” as the rallying cry of civil libertarians as the best bulk-ward against the future tyranny of any government.

-John

My Girlfriend and I recently won a photo shoot at a silent auction for a local charity. A professional photographer came to our house, snapped the pictures of us and the dogs and then posted them on his web site for us to preview before we came into the office to make our final selections and order prints. Standard stuff.

The photos looked great on the web site and the web preview program, PickPic version 3, used JavaScript to place a dynamic watermark over the photo when the mouse was over it to prevent people from easily saving the file to their computer and/or printing it. It also had a rather common feature of disabling right-mouse click to view source code as well as allowing users to zoom in on a section of the photos (like a magnifying glass) to see the details of a small section of the picture.

Sample Photo (obtained legitimately):

Being your garden variety propeller head, I immediately saw a few problems with this that most web developers know about but most photographers may not.

1. Relying on JavaScript to put a watermark over the picture or otherwise prevent the “save image as” relies on the user having Javascript running in their web browser. Java Script can easily be turned off on any browser.
2. Even with JavaScript running, the photo image is sent to the browser and stored in cache (local hard drive) and any modern browser will allow the user to view a list of images that are being displayed on the site.
3. The Zoom feature actually triggers the download of a medium resolution image to the browser and relies on the JavaScript program (running in the browser) to only display a section of it to the viewer. Once the user zooms in on an image, the higher resolution version is stored in the browser cache and can easily be displayed as well.

Yikes!!!

Nothing I state here is something that hasn’t been stated a hundred times on various security sites or bulletins for web developers as best practices and these issues deal with many other image programs that work the same way. Having said that, this is a prime example of how normal, non-technical people are using a program, like PickPic version 3, not knowing that they are giving easy access to their images to their clients and possibly cannibalizing their revenue from prints.

Here is an example of such a system on the Land’s End web site (and no I am not getting any affiliate benefit from the link so don’t buy anything ) which works in a very similar manner, if you want to see this dynamic in action. Even though you only see part of the image that the JavaScript programmers dictate, the full image is stored in your cache and can be easily retrieved by the following options.

Most non-technical people of course will not realize this but by implementing security through obscurity (a common phrase in computer security circles) you are relying on the users ignorance to protect your intellectual property rather than a tried and true watermark of the image which is the only way to really protect your assets. As our web browsers have become an everyday tool for most Internet users, it is not safe to assume that your clients will not have the basic knowledge to check the image cache or work around JavaScript restrictions. What is even more likely is that your average Internet user will know geek, like myself, who they can ask to walk them through the process.

As any professional photographer knows, you can easily setup a work-flow (in Photoshop, Aperture, Gimp, whatever) to place your watermark on the actual image and then post them in the PickPic program rather than relying on the dynamic watermark and trust the users web browser to enforce the required protections, which of course can be easily circumvented.

PickPic 3 has been superseded by PickPic Pro which addresses the issues by using Adobe Flash to display the image and manage the download of the higher resolution image so it does not get stored in browser cache. A large number of version 3 implementation are still out there so I can only guess how many artists have unknowingly had their potential income for prints curtailed by semi-web savvy users who consider the medium resolution images delivered from PickPic “good enough” to print decent looking 8×10′s.

OK – I had my say on the topic as it applies to most users and you can now make an informed decision on how and when to use the PickPic program.

Now a final word on a potential bug in the program that may allow programmers to download the high resolution of your image assets although I am still researching how this might be done. I started digging into the JavaScript code itself and noticed the following file which is calling a script called “imageCreate.php” and passing it parameters to generate an image on the fly.

imageSrc = "http://www.photographers-web-site.net/pickpic/scripts/previewing/imageCreate.php?&imageid=6109&color=-1&border=-1&crop=0%2C0%2C1%2C1&image=100302_SOMENAME%2F%2F100302_001_SOMENAME.jpg&cache=local";


If one were to reverse engineer the code (or grab a copy of the source) it may be possible to pass different parameters to the script to get an even higher resolution image. I started to futz with this but got in trouble with the girl friend for spending too much time so am leaving it as an exercise to the user to determine if this vulnerability exists in the PickPic program.

Note – that I am in no way promoting the theft of intellectual property from photographers. Instead, I strongly believe that the users of any software product should be fully aware about the risks and benefits of the tools they are using so that they can make informed decisions.

-John

 Loading ...

I was getting the wordpress error on some of my sites running wp ver. 2.9.2 when trying to edit theme files: “Sorry, that file cannot be edited.” Of course, all the searches I managed to find talked about other people having the same problem but not the fix.

It is totally intermittent and related to an undefined variable and can vary depending on which plug-ins you have loaded. Interesting but not very helpful.

I was able to resolve it by updating the single file ./wp-admin/includes/misc.php with the change outlined in the Worpress developers bug tacking system, ID # 12831, only affecting 2.9.x? It will probably be fixed in the next release but for now you have to fix it yourself. Luckily it is pretty easy.

If that is as much gobbledygook to you as it is to most people, then you can just copy the attached file into that directory (after renaming from *.txt to *.php) and overwrite that existing file, misc.php.

file misc.php (must be renamed to .php)

The only changes to the file are those outlined in the WordPress trac system for this bug. As such, I can take no responsibility for your use of this fix, but then… it worked great for me. Please comment and share your experience wit this bug (and the fix) with other viewers of this post.

-John

 Loading ...