TidBITS

Hard link

Securing Your Disks with PGP Whole Disk Encryption

I've been using various incarnations of PGP (Pretty Good Privacy) encryption software for almost as long as I've been a Mac user. I won't go into PGP's long and interesting history (for that, see this Wikipedia entry), but since 2002, commercial Mac versions of the software have been available exclusively from PGP Corporation. PGP is commonly used for encrypting email and chat, and the PGP Desktop software can also create encrypted disk images that offer capabilities unavailable with Apple's Disk Utility.

In addition, for some time PGP Desktop has been capable of encrypting an entire disk or partition - but until recently, you could do this only for non-startup volumes. Now, however, with the release of PGP Whole Disk Encryption for Mac OS X (also included with version 9.9 of PGP Desktop Professional for Mac OS X - though not with PGP Desktop Home), that limitation has finally disappeared. It may sound like a fairly trivial change, but this is something I've been waiting for since the days of Mac OS 9, and in my opinion it's a Pretty Big Deal (PBD). I've frankly been surprised that this new capability has received so little attention, so allow me to do my small part to rectify that.

Why Encrypting a Startup Disk is Interesting -- Suppose your Mac's hard disk contains sensitive information of some sort - confidential business plans, personal financial records, secret love letters, or whatever. You could put all that information on an encrypted disk image, which is plenty secure but potentially awkward to use; you must be careful not to store any private information anywhere other than that disk image, and every time you want to mount it, you'll have to enter your password. Or you could use Apple's FileVault feature, which encrypts everything in your home folder (including your iTunes music, your iPhoto photos, and so on). That should cover most of the bases, but FileVault introduces some complications when it comes to backups (in particular, it's only partially compatible with Time Machine), and the way it stores information makes it potentially susceptible to large-scale data loss from random disk errors. In addition, FileVault must periodically perform time-consuming maintenance to free up disk space, and it doesn't protect any data stored outside your home folder.

Speaking of backups, I always recommend creating bootable duplicates of your entire startup disk - and, for extra safety, I suggest making two or more copies and keeping one offsite at all times (for example, at a friend's house). You should do this, of course, even if you have no need to encrypt your Mac's internal hard disk. But if someone happened upon that offsite backup, there'd be nothing stopping them from reading everything on the disk. Even if you'd used encrypted disk images or FileVault to protect part of the disk's data, some private information could still be at risk. Although lots of backup programs offer encryption, they invariably do so by wrapping up all the data from your disk in a special archive file or disk image, preventing the disk from being bootable. So, until recently, the only way to get bootable duplicates that were also totally encrypted was to use one of the few, and expensive, hardware-encrypted enclosures, which require a physical key to unlock your data.

Now suppose you could encrypt every last byte of data on your startup disk - any startup disk, even an external FireWire or USB bootable duplicate - all at once, without fiddling with disk images or FileVault, without any backup caveats, without any intrusive rituals to interrupt your work, and without any performance penalties. As a matter of fact, you could do just this, years ago, with any of several classic Mac programs that encrypted entire disks at the driver level. (My personal favorite was a component of FWB's Hard Disk Toolkit - may it rest in peace.) But for a variety of reasons, none of these utilities made the jump to Mac OS X. That means ten-year-old Macs (not to mention brand new Windows PCs) could do something that modern Macs couldn't do. But earlier this year, for the first time, that changed.

The first company to introduce whole-disk encryption for Mac OS X was Check Point, which released Check Point Full Disk Encryption in May 2008. I haven't yet tried Check Point's product, but then, it's not marketed or sold to individual end users; it's designed for large-scale deployment in businesses and requires non-trivial setup procedures to be performed by a system administrator. Luckily, PGP released its Whole Disk Encryption products just a few months later, and they're readily available to ordinary folks like you and me.

Incidentally, both PGP Whole Disk Encryption and Check Point Full Disk Encryption can work their magic only on Intel-based Macs. To be more precise, PGP's products can run on PowerPC- or Intel-based Macs, and can encrypt entire volumes on either variety of Mac, but encrypting a startup disk requires a Mac with an Intel processor.

How PGP Whole Disk Encryption Works -- To encrypt a whole disk (whether a startup volume or not), you open PGP, select PGP Disk in the program's sidebar, and click Encrypt a Disk. The program then walks you through a few brief steps, such as selecting a passphrase, and begins encrypting the disk in the background using the AES-256 encryption standard. The process takes some time, depending on the speed of your computer, the size of the disk to be encrypted, and how much other work you're doing. In my case, it took about 10 hours to encrypt a 250 GB disk on a 2.4 GHz MacBook Pro, but I was keeping the machine extremely busy with other tasks at the time (installing Windows in a VMware Fusion virtual machine, for example). I didn't find that the encryption slowed me down unreasonably, but if I had, I could have clicked a Pause button and resumed the encryption at my convenience.

When you encrypt an entire disk, you can normally choose between a manually entered passphrase and a public key (which could, for example, let someone else decrypt the disk without your having to know their passphrase). With startup disks, you must always choose a passphrase, but after the disk is encrypted, you can grant access to more users, each of which may use either a passphrase or a public key. (To access a disk encrypted with a public key, someone would use their corresponding private key; see the Wikipedia for more on how public-key cryptography works.) If the need arises, you can change the passphrase for any user after the fact without decrypting the disk; you can also re-encrypt an already encrypted disk in much less time than it would take to start from scratch.

Once your disk is encrypted, nothing special happens until you shut down or restart your computer (or, for a non-startup disk, unmount the disk). When you attempt to start up your Mac, you initially see a special PGP BootGuard Screen, where you enter your passphrase. Once you've done so, startup continues normally. (If you mount a non-startup disk while your Mac is running, you see a simple alert dialog with a field to enter the passphrase.)

After you've unlocked your Mac with your passphrase, Whole Disk Encryption is normally invisible as you use your Mac. I did not perceive any performance slowdowns in day-to-day use (even with disk-intensive activities), and for all practical purposes, everything behaved exactly as it did before.

You can mount an encrypted disk on another computer - even a Windows computer - as long as it has the appropriate version of PGP Desktop or PGP Whole Disk Encryption installed. If you've encrypted an external FireWire or USB drive containing a bootable duplicate, you'll be prompted to enter your passphrase on any Mac when you use it as a startup disk (since the disk itself contains the PGP software, it need not be installed separately on other computers). Note, though, that because Whole Disk Encryption works only on Intel-based Macs, you can't use such a drive to start up a PowerPC-based Mac.

If you were to forget your passphrase, your data would ordinarily be gone forever: this is strong encryption, and tricks like using data recovery software will be of no use. However, if (and only if) you're using PGP Whole Disk Encryption in a managed environment - meaning an administrator centrally deploys and configures the software - there is a fallback plan. Your system administrator can issue a one-time, per-device token that gives a particular user an opportunity to recover data from a single encrypted disk. (That means the administrator could also potentially get at your data, but that's to be expected in managed settings.) Individual users have no such back-door option.

Qualifications and Gotchas -- As convenient and transparent as Whole Disk Encryption is, it comes with some limitations I wasn't expecting, and which gave me pause. These may or may not be issues for you, but it's important to be aware of what this software can and can't do.

First of all, although all the data on your disk is encrypted all the time, it's freely accessible from the time you turn on your Mac and enter your passphrase on the BootGuard screen until you shut down (or restart) the computer. You can't turn off access manually without shutting down or restarting. Crucially, Whole Disk Encryption does not disable access to your data when your computer goes to sleep or require entering your passphrase when it wakes up. So, suppose you've encrypted your MacBook's hard disk, but you normally put the computer to sleep when you carry it around. (Like most owners of Mac laptops, I do this to eliminate wasted time waiting for the computer to restart whenever I want to use it.) Now, the unthinkable happens and someone steals your computer. As long as the thief doesn't shut it down or restart it, the disk's encryption is useless - any data on it can be freely accessed directly, or over a network.

You can minimize the risk by choosing a strong login password and by making sure you must enter it when your Mac wakes from sleep (check Require Password to Wake This Computer from Sleep or Screen Saver in the General view of the Security pane of System Preferences), because in order to reset your password without knowing it, an attacker would have to restart your Mac. Still, this situation bugs me because Whole Disk Encryption seems most useful for laptops, and laptops seem most useful when you employ sleep mode rather than shutting them down after each use.

Second, Whole Disk Encryption for startup volumes isn't compatible with Boot Camp, at least not in this release. If you install Whole Disk Encryption while a Boot Camp partition is present, you'll see a warning message to the effect that you can still encrypt whole disks, just not your startup volume. If you use Boot Camp Assistant to remove your Boot Camp partition, you can then encrypt your startup disk. But you have to choose between Boot Camp and having your entire disk encrypted.

Third, if your disk requires repair or troubleshooting, you're going to run into problems. For example, with an encrypted startup disk, you can't perform a Safe Boot. Holding down the Shift key while restarting normally disables some potentially problematic software, such as third-party kernel extensions, but since Whole Disk Encryption relies on such an extension to provide access to your disk, this won't work. Furthermore, you can't use disk repair programs such as Disk Utility and DiskWarrior on an encrypted disk; if you have disk problems, or suspect you might, you must first decrypt the disk and then start up from another volume (say, your Leopard Install DVD) to run disk repair software. Unfortunately, the process of decrypting a disk is quite time-consuming - for me, it took considerably longer than encrypting the disk in the first place. So you could be looking at a 24-hour period to decrypt, repair, and re-encrypt a disk - not fun.

I also encountered a couple of less-serious annoyances. The first time I restarted my computer after encrypting its disk and tried to enter my passphrase, I had a moment of panic that Whole Disk Encryption wouldn't let me in. I had chosen a 32-character passphrase, and as I typed it, the cursor in the PGP BootGuard Screen moved incrementally across the passphrase field (though without displaying bullet or asterisk characters, as is often the case). After I typed the 21st character, the cursor was all the way to the end of the field and didn't move any further as I typed the remaining characters, so I got no feedback that my input was being registered. It was, and everything was fine after I finished blindly typing the passphrase, but I didn't like the fact that feedback is registered for a maximum of 21 characters when passphrases can contain up to 255.

I had also set up Carbon Copy Cloner to duplicate my Mac's hard drive to a network volume on a daily schedule, and the first time this backup ran after I encrypted my disk, it failed. Consulting the logs, and cross-referencing them with the support material on PGP's Web site, I discovered that the problem was an invisible file called PGPWDE01, which PGP stores at the root level of any encrypted volume. This file can't ordinarily be read or written by backup software, so you must exclude it manually if your backup software complains (some backup programs, like Time Machine, already ignore the file).

Recommendations -- When I first heard about Whole Disk Encryption, I allowed my excitement to get ahead of reality, and I pictured a complete solution to all my encryption problems; I had the idea that this product, by itself, would eliminate the need for all the other sorts of file encryption I'd tried. As it turns out, although it solves a couple of problems brilliantly, it's still just one piece of the puzzle. It does indeed provide virtually bulletproof data protection in cases where a computer is shut down when it falls into the wrong hands, at least if you've chosen a good passphrase and taken care to prevent anyone else from learning it. It also eliminates the need to separately encrypt virtual memory (which you can otherwise do in the Security pane of System Preferences by checking Use Secure Virtual Memory), because that happens automatically. And it makes encrypted bootable duplicates incredibly easy to create.

Nevertheless, PGP recommends continuing to use multiple layers of protection, such as encrypted disk images (whether generated by PGP Desktop or otherwise) and FileVault, depending on your needs. Part of the reason is that PGP's whole-disk protection doesn't help when your computer is running or asleep; another part is that even if a determined or clever attacker could find a way to get past one layer of encryption, getting past multiple layers is much less likely. Keeping especially sensitive information on an obscurely named disk image also makes it at least a bit harder to find in the event that someone did obtain access to a still-unlocked encrypted volume.

Obtaining PGP Whole Disk Encryption -- You can buy PGP Whole Disk Encryption as a stand-alone product, which costs $119 for what PGP calls a "perpetual" license - that is, a license that lets you use the version you purchased indefinitely, but which only provides free support and updates for one year. All the capabilities of Whole Disk Encryption are also built into PGP Desktop Professional (which includes encryption for email and chat, as well as support for creating encrypted disk images). Two kinds of licenses are available for PGP Desktop Professional - the perpetual license for $199, and a subscription license, which costs $83 per year. With the subscription license, you can only use the software for as long as you have the subscription. If you haven't renewed it within 90 days after its expiration, PGP automatically decrypts all your encrypted disks (after alerting you that it's about to do so), which is a potential security risk. PGP Desktop Professional 9.9 is available in a 30-day trial version, a 30.1 MB download; no trial version of PGP Whole Disk Encryption alone is offered.

�

Copyright � 2008 Joe Kissell. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

31.10.2008 22:53:12 - TidBITS

Hard link

6 GB of RAM in a MacBook or MacBook Pro

After a few weeks of Internet conversation and testing, it turns out that recent MacBook and MacBook Pro models - both the just-introduced aluminum and glass models and the two previous minor updates - can address not just 4 GB of RAM, as Apple's technical specifications pages state, but 6 GB of RAM.

(To identify if your MacBook or MacBook Pro is new enough, run System Profiler and in the Hardware Overview screen, check the Model Identifier line. After the model name are two numbers, separate by a comma, as in "3,1". If the first number is 3, 4, or 5, the Mac should be able to handle 6 GB of RAM.)

The laptops both have a pair of DIMM slots. The current MacBook and MacBook Pro models require new form of high-speed memory called DDR3, running at 1066 MHz. The previous models use DDR2 RAM running at 667 MHz. Standard configurations have either 2 GB or 4 GB of RAM, achieved by installing a pair of either 1 GB or 2 GB DIMMs.

So what if you replaced one 2 GB DIMM with a 4 GB DIMM? The answer seems to be that the MacBook and MacBook Pro both operate reliably with 6 GB of RAM, as long as it's the same type and speed of RAM. However, reports indicate that the next logical step - installing a pair of 4 GB DIMMs for a total of 8 GB of RAM - does not work properly. As yet, it's unclear if the problem could be resolved in software (such as by Snow Leopard, the next major update to Mac OS X), or if there are hardware issues.

There are some downsides to jumping to 6 GB. First, you must install mismatched DIMM sizes (one 2 GB DIMM and one 4 GB DIMM). When working with a pair of identical DIMMs, the Mac can take advantage of dual-channel architecture to increase the speed with which data can move from RAM to the CPU. However, for most usage patterns, a dual-channel architecture provides only a slight speed improvement, and losing that is probably outweighed by the benefit of reduced virtual memory disk swapping.

At the moment, there is another problem: price. Ramjet just announced the first 4 GB DDR-1066 DIMM for the recently released MacBook and MacBook Pro models, and it's not cheap, at $599. In comparison, a 2 GB DDR3-1066 DIMM costs only $75 from Ramjet. For the previous generations of the laptops, a 4 GB DDR2-667 DIMM is a lot cheaper, at $159.99 from Newegg. Personally, I'd wait for the price to come down on the 4 GB DDR3-1066 DIMM.

And lastly, I must stress that this is an unsupported configuration, and I have not tried it personally. If you have problems and call Apple for help, they will be entirely justified in giggling at you. Don't say you were warned!

�

Copyright � 2008 Adam C. Engst. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

31.10.2008 22:49:34 - TidBITS

Hard link

TidBITS Watchlist: Notable Software Updates for 03-Nov-08

• iKey 2.3.1r2 from Script Software is the first major update to the popular keyboard macro tool in a long time, after a new programmer took over the code. Version 2.3 fixes a number of user interface problems that cropped up when running in Mac OS X 10.5 Leopard, along with a Leopard-specific problem related to shortcuts that type text. The subsequent 2.3.1 and 2.3.1r2 updates fix new issues that caused problems in Mac OS X 10.4 Tiger. ($30 new, free update, 5.2 MB)
• TextExpander 2.5 from SmileOnMyMac updates the typing shortcut utility with several new features and some minor bug fixes. Added features include customizable date and time math snippets - enabling users to add or subtract years, months, days, hours, minutes, and seconds from the current date and time. A new Internet productivity snippet group includes AppleScripts that automatically shorten URLs by utilizing online services such as TinyURL. And finally, a Symbol snippet group adds the capability to enter commonly used symbols such as copyright, trademark, euro, Command, Option and Control. Bug fixes are unspecified other than one that, according to SmileOnMyMac's Web site, enables, "%- and %+ to abandon or keep delimiter on a per-snippet basis." ($29.95 new, free update, 5.6 MB)
• SpamSieve 2.7.2 from C-Command Software is the latest update to the powerful Bayesian spam filtering software. Changes include improved filter accuracy, enhanced performance, refined error reporting, a training program bug fix that prevents the possibility of interruption, and a break into two separate plug-ins for Apple Mail - one for Mac OS X 10.4 and one for Mac OS X 10.5 and later - that auto-install based on your version of Mac OS X. ($30 new, free update, 5.6 MB)
• Fission 1.6 from Rogue Amoeba updates the audio editor with several new features and bug fixes. The most significant addition is the MakeiPhoneRingtone feature that enables users to save any file, in any format, as an iPhone ringtone. According to Rogue Amoeba's Web site, other changes include "...the ability to Insert Silence into a file, a command to set the exact location of the playhead, software updates via Sparkle, and almost two dozen additional improvements and bug fixes." To find the full list of changes in version 1.6, from within the program go to Help > Fission Manual > Version History. ($32 new, free update, 3.2 MB)

�

Copyright � 2008 Doug McLean. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

31.10.2008 21:26:07 - TidBITS

Hard link

Take Control News: Set Up a Fast, Reliable, and Secure 802.11n Network

We are pleased to announce the release of the significantly rewritten "Take Control of Your 802.11n AirPort Network," the latest in our line of Glenn Fleishman's Take Control titles about AirPort networking. With his usual good-natured enthusiasm, Glenn has created a fully updated ebook about AirPort networking, covering not only the practical details and real-world steps that you need to set up a fast, reliable, and secure AirPort network, but also lots of details of interest for everyone from the beginner (basic terminology and concepts) to the experienced user (tricky IP addressing scenarios, IPv6, and software base stations). The 242-page ebook (perhaps our most comprehensive yet!) is available for $15, although those of you who already have one of his AirPort books should have already received email about free or discounted upgrades. Topics covered include:

• Real-world advice - and diagrams - that covers setting up the 802.11n models of the AirPort Express, AirPort Extreme, and Time Capsule
• Advice on whether the 2.4 GHz or 5 GHz band is best for your network
• Tricks for including older 802.11b and 802.11g Wi-Fi gear without damaging performance
• Step-by-step instructions on connecting from Macintosh and Windows clients
• Details about handling complex Internet addressing configurations
• The ins and outs of sharing USB disks, including a Time Capsule
• Help with connecting shared printers to Leopard, Tiger, and Windows
• A discussion of networking with and configuring an Apple TV
• How to set up a multi-base-station network to extend the area of wireless coverage
• The scoop on the up-and-coming IPv6 standard for handling IP addresses

Although the ebook focuses on Mac OS X 10.5 Leopard, it also covers Mac OS X 10.4 Tiger, Windows XP, and Windows Vista.

�

Copyright � 2008 Adam C. Engst. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

30.10.2008 18:39:26 - TidBITS

Hard link

Authors and Publishers Settle with Google Book Search

Google wants to index all knowledge, and it thought that scanning a few tens of millions of books might be a good addition to the compendium of billions of Web pages, PDFs, and Word documents they already offer. The only trouble? Most of the books they wanted to scan are still under copyright protection. This caused the Association of American Publishers (AAP), the Authors Guild, and other organizations to gnash their teeth - and file lawsuits.

This week, Google and a host of these complainants agreed to a settlement that a court must still approve. Google will contribute piles of cash - $125 million - to settle outstanding issues and fund a new copyright clearinghouse that will enable authors and publishers to receive funds for online viewing of works.

The settlement also clears the way for far greater access to orphaned works: books (and other material) that remain protected by copyright, but which are out of print or out of production, and largely unavailable even through lending libraries.

Unlike the outcome of many lawsuits about copyright and access, this settlement could be a big win for authors, publishers, readers, and libraries. Could such a thing be possible?

(Full disclosure: I am a member of the Authors Guild. Although I did not support the particular form of the Authors Guild lawsuit, neither did I cancel my membership as a result of the legal action.)

[Editors' disclosure: With our Take Control hats on, we've worked with Google Book Search for years, and it pains me to say that the experience has been nothing but frustrating, with literally months of delay between uploading a fully searchable PDF - no need to scan anything - and having it posted. Plus, although Google's support people responded quickly to our queries, they were universally useless at addressing any complaints, such as posting delays or the existence of guaranteed broken links to Amazon.com for our titles, given the fact that Amazon doesn't resell our ebooks. I certainly hope that the settlement will mean increased exposure for Google Book Search and our content, and additional sales. -Adam]

The Backstory -- After a couple of years of prep work, Google announced in 2004 its Google Print program, later renamed Google Book Search, as well as its Library Project, the controversial part.

Google started partnering with major publishers first, followed by smaller houses - a total of 20,000 so far - to make their books available in some form online.

Google's bigger objective was to partner with major academic libraries around the world, scan books using high-speed techniques it had invented, and use optical character recognition (OCR) technology to turn the scans into searchable text.

Google Book Search made it possible for anyone to search the contents of any scanned book and, depending on the copyright status of the book and other factors, view or even download some or all pages. (Microsoft started two similar programs which avoided many copyright issues, but the company shut those projects down in May 2008.)

This behavior rankled many because Google claimed the right to scan copyright-protected books because the company wasn't per se distributing the books, even though it had full digital copies. Google maintained - in a rough approximation - that because it was working under contract with libraries that owned physical copies of the books, that making archival digital copies was perfectly legitimate, as was turning the copyrighted works into text and images that weren't revealed in whole on the Web.

The various parties aligned against Google disagreed, and filed suit in 2005.

The Variety of Works under Discussion -- Part of what publishers and the Authors Guild found problematic, and part of how the settlement on which parties agreed was designed, centers around separating works into three categories: public domain, in copyright/out of print, and in copyright/in print.

• Public domain works are no longer covered by copyright, and may be used in essentially any form and any fashion. Many publishers, notably Dover, reprint public-domain works in various forms and compendiums. Copyright holders can also release all rights on works they control, placing a creation in the public domain. Google Book Search makes the full text available, including for download.
• Books that are in copyright, but out of print, are often called orphan works. This category covers books that are no longer stocked or available from the commercial book trade, but which remain under copyright. The copyright may be owned by a living person or his or her estate, by a trust, by a publisher, or by a company. Orphaned works make writers cry, because their hard-wrung prose - fiction or non-fiction or reference - is unavailable, even if the market desires it, because the economics of print publishing have until recently put their children in the gutter. Google Book Search makes the full text searchable, with snippets of context presented.
• Active books are in copyright and in print. Books that are actively sold by publishers through booksellers or directly, even if they're 30, 40, or 70 years old, fit in this category. Amazon's special-order books program, launched at the same time as the bookseller's overall store in 1995, was the first simple way to obtain in print books that weren't routinely stocked by either bookstores or book distributors. Prior to Amazon, special order books required time and effort on the part of a bookseller, and were often regarded as a giant pain to fulfill. The same searching and results are allowed as with out of print titles. (Publishers often refer to their frontlist, books that are relatively new and actively promoted, and their backlist, titles still in stock and available, and which may even sell well, but which aren't promoted.)

These three categories beg the question: what's covered under copyright, anyway? I'm glad you asked. Google Book Search makes the full text searchable, with snippets of results presented.

Copyright's Increasing Longevity -- Copyright law in the United States has been tweaked quite a bit since the right was granted in the Constitution, and because of this, there's quite a bit of complexity involved. The U.S. Copyright Office has a brief explanation, as well as a more extended discussion of terms.

If I can try to boil the discussion down for published works copyrighted in the United States:

• Everything copyrighted - registered with the Copyright Office - before 1922 is in the public domain.
• Nearly everything registered as under copyright starting in 1922 was under copyright initially for a term of 28 years, which could be renewed on the 28th anniversary through the Copyright Office for another 28 years.
• Works registered starting 01-Jan-50 are grandfathered through a variety of rules to extend their copyright with no renewal being required. There are a lot of niceties involved, but this is the general rule.
• Any work copyrighted from 01-Jan-78 on is under copyright protection the moment it's created for the author's life plus 70 years, or for 95 years from publication for works owned by a company - so-called "work for hire," in which a work was created by a statutorily defined employee of a firm or institutions, or for which copyright has been transferred by the individual or people involved to a company. No registration is required, but it ensures both a proof of ownership along with the maximum statutory damages (treble!) for successful proof of violation. (Before the Sonny Bono Copyright Term Extension Act of 1998, the duration was 50 years following death or 75 years for works for hire. This was also pejoratively known as the Mickey Mouse Protection Act, because Mickey's appearance in Steamboat Willie would have entered the public domain in 2000.)

A lot more explanation, which I'll avoid here, is necessary for rules surrounding other countries' copyright regulations prior to general international agreement in the 1970s about copyright terms, and rules in the United States for anonymous, pseudonymous, and unpublished works.

If you read this carefully, you'll notice a gap. If a work was registered starting in 1922 and before 1950, it would wind up in the public domain if a renewal notice were not filed. It's unclear how many hundreds of thousands or millions of works may have fallen into that gap.

But you can see that there's a giant divide. Before 1922, essentially everything. After 1922, nothing that anyone paid attention to.

Fair Use -- Copyright law contains a giant set of exemptions that are supposed to balance the U.S. Constitution's language against the public good. Article 1, Section 8, states that Congress shall have power "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."

Many arguments have been made about what limited times means - Stanford law professor Larry Lessig argued the Sonny Bono Act all the way to the Supreme Court - but the idea that copyright is intended not solely for the benefit of "authors and inventors" but for society as a whole should be undisputed. (If you've followed the actions of the movie and recording industries, and legislative efforts to support their actions, you might believe that copyright is all about ownership, not public good.)

In that spirit, Congress defined exceptions to copyright, including fair use, which have further been refined by practice and the courts. There's a quadripartite test when a claimed fair use is examined: the commercial nature or lack thereof; the kind of work involved; the quantity of work used in relation to the original; the effect on the market of the original work. The test doesn't require every element to be met, but each part to be evaluated against the whole. (You can read about this in more depth at the Copyright Office.)

Google has argued that its efforts at scanning copyrighted books and making them available for search with only snippets of results meet the smell test: Google was making no specific commercial return on its book search (in fact, investing tens of millions into its library-scanning efforts with libraries), that the works were intended for public distribution, that snippets were infinitesimal parts of books, and that the search giant was stimulating demand for the books it provided results against. Google provided links to purchase the books, and could thus track sales, too.

The Authors Guild, among others, stated that simply the act of created electronic editions that were stored and distributed, required permission from copyright holders, much less displaying the results. With a little programming work, an interested party could extract passages or entire books, too.

Without being a lawyer specializing in this area, it was and remains impossible to determine whether Google or its one-time opponents would have prevailed. They clearly would have created a new sub-area of law, either affirming, denying, or making far more complicated the notion of whether creating and owning copies of copyrighted works were de facto violations of the law.

But these one-time opponents are now, at least, somewhat supportive of Google's efforts. What changed? Quite a lot, and in ways that all parties, and we readers, stand to benefit.

Out-of-Print Books and Book Rights Registry -- The settlement opens the way to allowing vastly improved availability of in-copyright books by separating out-of-print and in-print books into their respective categories, and collecting fees for all snippet displays, page reading, and page printing.

Publishers, authors, and other copyright holders will be able to opt-out of having out-of-print books included; by default, all out-of-print books will be available, but parties can opt out. For in-print books, those who own the rights will opt in. This allows all of Google's existing partners to continue what they're doing, and publishers to experiment by adding specific titles or simply add their entire catalogs.

If I read the settlement right, publishers who do not opt in to allow in-print titles to be included by Google will simply have their works removed if available or not added in the future. (A complete set of links to resources is available at the Authors Guild site.)

Where this agreement goes far beyond Google's current program, making it a win for Google, is that Google will now be able to provide not just snippet results, but entire pages or books (for viewing and printing).

Google would collect the fees and pass them on to the Books Rights Registry, which will be run by a board of authors and publishers, and be founded with $34.5 million of a $125 million settlement that Google has agreed to pay - without admitting that any of Google's claims are invalid.

Authors and publishers win by suddenly having a mechanism to disseminate electronic editions while collecting for per-snippet, per-page viewing, and per-page printing views. Google has agreed to a 63-37 split in favor of the copyright holder.

The public wins because the settlement calls for a free subscription license for "designated" computers at all U.S. public and academic libraries - a miserly 1 per public library building or either 1 per 4,000 or 1 per 10,000 students, depending on the institution type. Google has also agreed to pay all printing royalty fees for 5 years or up to $3 million, whichever comes first, for these qualifying locations.

Other institutions can pay for overarching printing and reading licenses, and public libraries can upgrade to fuller licenses, too. Without knowing what these more extensive subscriptions cost, it's hard to know whether public libraries will be able to afford them. Wade Roush of Xconomy, from whose writing I learned about the limits on free library access, is down on the whole deal, partly due to the scale of free access and partly due to the default pricing that Google will set on out-of-print, in-copyright books.

Anyone who researches a topic should benefit from the availability of out-of-print works, as they comprise many millions of titles that are rarely available in wide circulation. Ten libraries around the world might have a particular book you need, but that doesn't mean you can gain access to it.

Google has also agreed to pay legal fees, and at least $45 million to copyright holders whose works were scanned before a certain date connected to the lawsuit.

Now, of course, not all publishers or copyright holders are represented by the parties involved, and some may choose to sue separately in the future. The court might also require the parties to appear in court, although courts prefer settlements.

The only fly in the ointment is that copyright holders of out-of-print but in-copyright works are being de facto opted in to having their works available by virtue of this settlement, even if they're not party to it. That should fly, because most of these creators or owners can get no value out of their works at present, and few people complain about receiving additional compensation. Further, the creation of a clearinghouse gives a kind of imprimatur, allowing a party that represents authors and publishers to make sure out-of-print works see life again.

There was the notable case in the music world of James Carter, a former convict whose voice was recorded on a chain gang in 1959 by pioneering folk music collector Alan Lomax. In 2002, the song he sang, "Po' Lazarus," was used in the opening of the movie "O Brother, Where Art Thou?" The soundtrack sold 4 million copies.

Carter, who left prison in 1967 and had led a quiet life since, was tracked down after months of research by the Lomax archives, and presented with a $20,000 check; he received $100,000 by his death in 2003.

Avoiding Collision with the Future -- I'm a writer. I make my living by sitting down and typing, as I am now. The notion of Google appropriating my words without my permission or acknowledgment always bothered me, even though I also accepted that there was a fine chance that the company was operating within the legal constraints of copyright law.

I similarly was troubled by the Authors Guild partnering with what is often its natural enemy, the AAP, in trying to prevent Google from related activities, some of which seemed to benefit me and authors, and others of which did not. (For instance, the AAP at times has suggested that public libraries should pay fees to publishers when they lend works. While this is the case in EU nations, authors generally don't believe that publishers would pass along these fees to authors; that's separate from the seemingly un-American idea that public libraries pay royalties!)

This reconciliation doesn't solve all issues, but it makes it much more likely that independent authors and publishers survive and even thrive by providing a broader marketplace, while also providing greater availability of human knowledge. While the ease of access to publicly promulgated information, like Web pages, has increased, trends seemed to suggest that books would go down the path that movies are still taking and music is slowly escaping from: being available only in highly restricted ways that interfere with technological progress.

With this new agreement in place, it's possible that you could publish a book, distribute it entirely through Google Book Search, and earn some money - maybe even a lot of money if the book goes viral - and bypass publishers entirely. That was the promise of the Internet music, blog, and podcast revolutions, too. While it hasn't come true for everyone, it's certain that many more voices are being heard by many more people around the world. And that's a good thing.

�

Copyright � 2008 Glenn Fleishman. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

29.10.2008 22:52:22 - TidBITS

Hard link

AT&T Offers Free Wi-Fi for iPhone, for Real This Time

AT&T is now providing free wireless Internet access to its iPhone-owning customers at the company's hotspot locations, which include thousands of Starbucks cafes, McDonald's restaurants, hotels, airports, and more. News of this service appeared briefly earlier in the year on AT&T's Web site and was then taken down (see "iPhone Roundup: AT&T Wi-Fi, Out of Stock, International Carriers," 2008-05-10). iPhone owners are also being notified by text message, so it's not likely an inadvertent posting error this time.

AT&T's Wi-Fi service typically costs $20 per month, but access is free for many business, DSL, and fiber customers. In participating Starbucks stores, connecting to the in-store Wi-Fi network has made a special Starbucks category appear in the iPhone's iTunes store app for purchasing music (which requires a Wi-Fi connection).

To use the service from an iPhone, go to the Settings app, select "attwifi" from the list of available networks, and enter your 10-digit mobile number. After agreeing to the Acceptable Use Policy, AT&T will send a free text message containing a secure link that's valid for 24 hours at that location.

�

Copyright � 2008 Jeff Carlson. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

29.10.2008 20:40:01 - TidBITS

Hard link

Apple Launches iPhone Developer Forums

Apple has opened up the Apple Developer Forums for talking about iPhone software development. The free forums, currently in beta testing, are available to anyone signed up for iPhone development via its three programs: standard, enterprise, and university. Standard developers pay $99 fee, which includes the right to submit software for release through the App Store, while businesses pay $299 for the right to develop software that's distributed within a company. Those signed up just to access the iPhone Software Development Kit (SDK), which requires no payment, are not allowed access.

Apple was widely criticized by programmers for keeping a non-disclosure agreement (NDA) in place following the release of the iPhone 2.0 software. This NDA prevented any public discussion of development issues, restricted the distribution among companies of software code, and put a damper even on private interactions, many developers said.

The NDA was dropped informally a few weeks ago - see "Apple Allows Developers to Talk about iPhone Software," 2008-10-01 - and the legal agreement was updated last week. The removal of the NDA covers only software and features that have been publicly announced and discussed, such as the current release of the iPhone operating system.

�

Copyright � 2008 Glenn Fleishman. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

28.10.2008 20:58:07 - TidBITS

Hard link

LogMeIn Tests Remote Screen Sharing via iPhone, iPod touch

I'm constantly beset by the need to reach a computer that's not within reach: a server located 15 miles to the south, a laptop at home, or a "headless" system - no monitor attached. LogMeIn is one of the tools I rely on to complement Timbuktu Pro and Back to My Mac's screen sharing. LogMeIn's Mac OS X version, a free screen-sharing utility, lets me manipulate my computers remotely, even those inside my ostensibly locked-away home network.

The company has now announced a limited beta test of LogMeIn Ignition, an extension of their system, which relies on client software and centrally coordinating servers that they run, to the iPod touch and iPhone.

The App Store currently offers some remote-access packages, although these rely on VNC. VNC is built into Tiger and Leopard, but it requires directly reachable IP addresses, whether you use port mapping or have a public IP address on the computer you want to connect to. LogMeIn can traverse NAT and other obstackes to end-to-end connectivity.

�

Copyright � 2008 Glenn Fleishman. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

28.10.2008 19:25:13 - TidBITS

Hard link

Netflix Starts Deploying Mac-Compatible Media Player

A few weeks ago I reported on Netflix's blog announcement that the company hoped to make its Watch Instantly feature accessible to Mac users by the end of 2008 (see "Netflix Mac Support News and More," 2008-10-08)). Netflix has now backed up their claim with the unveiling of their new media player - based on Microsoft's Silverlight technology. While it may seem surprising that the long awaited solution to this Mac-access problem comes by way of Microsoft, you probably won't be surprised to learn that the root of the problem lies in digital rights management (DRM) technology requirements from the studios. According to Netflix:

"Apple does not license their DRM solution to third parties, which has made this more difficult, but we are working with the studios and content owners to gain approval for other solutions. As soon as a studio-approved DRM for the Mac is available to us, whether from Apple or another source, we will move quickly to provide a movie viewer that enables you to watch movies from Netflix instantly on your Mac."

The new Netflix player will use Microsoft's PlayReady DRM - new in Silverlight 2.0 - to prevent users from doing anything but watching the content. Netflix's current player relies on a Windows-only DRM system.

For those hearing about Microsoft Silverlight for the first time, it's a technology akin to Adobe Flash in that it's embodied in a Web browser plug-in and can display animations, audio and video, and interactive applications. Silverlight was first put to the test this past summer in streaming the Beijing Olympics for NBC. The player streamed thousands of hours of live coverage with generally successful results.

Unfortunately, as Mac users attempting to watch Olympic video discovered, the new Netflix player works only on Intel-based Macs, leaving older PowerPC-based Macs in the lurch. Netflix claims that Intel-based Macs account for about three quarters of the company's current Mac-based subscribers. So while a fix for the majority of Mac users is certainly better than nothing, it's a shame for that remaining 25 percent to be denied access. It's hard to imagine that Microsoft will extend Silverlight back to PowerPC-based Macs in the future.

The announcement was also greeted with irritation by many Mac-using Netflix subscribers who have been waiting to use Watch Instantly for a long time. Netflix said it will introduce the new player only to a small number of new subscribers at first, in order to test and tweak the technology before a mass deployment. That decision, rather than opening the test phase up to long-time customers, drew significant criticism in comments to Netflix's blog post. It does seem unreasonable to test a much-anticipated new technology on new customers rather than letting loyal customers try it out first. Hopefully, the wait will be short - Netflix claims that the player will be available to all Intel-based Mac users by the end of the year.

�

Copyright � 2008 Doug McLean. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

28.10.2008 15:27:12 - TidBITS

Hard link

Adam Running the New York City Marathon

Sometimes you have to attempt feats you don't know you're capable of achieving.

I turned 40 in November 2007, and one of my goals for the year was to race every standard timed distance during the year, including a triathlon and a marathon, neither of which I'd ever done. I've run competitively since my sophomore year of high school, so it's not like I was going from couch potato to marathoner, but I've always focused on the short to middle distances, everything between 1,500 meters and 10 kilometers, and I would seldom run more than 25 miles per week. The prospect of racing a marathon - more than my weekly mileage in a single shot - wasn't unimaginable, but it was daunting, to say the least.

I'm almost done with the year, and I'll be capping it off by running the New York City Marathon on Sunday, November 2nd. Honestly, I'm nervous as all hell. I've trained well and managed to avoid serious injury, but it has been harder and more time-consuming than I anticipated, both for me and for Tonya and Tristan, who had to put up with how my long runs and subsequent fatigue tweaked our family schedule.

Long runs? Before this year, I had run 20 miles once in 1984, and two 13-mile races around 1990. More recently, I qualified for the New York City Marathon with a 1:20:45 at the local Skunk Cabbage Half Marathon in April 2008, and since then I've successively raised the bar on how far I could run, with a 16-mile trail race, an 18.5-mile trail race, an 11.5-mile trail race combined with a 12-mile road run back to my car, and a full 26.2-mile training run on the roads in 3:30:24. Each of those runs caused me significant anxiety beforehand, and it was a huge relief each time I finished, knowing that I could handle each successive distance. (Tonya has been matching my efforts on her old bike, starting from scratch in late May 2008 when we bought a tandem to eliminate car miles driving Tristan to school, and working her way up to riding the full marathon distance just yesterday for her longest bike ride since 1989.)

So, if you'd like to follow me during the New York City Marathon this coming Sunday, there are a number of ways to do it. You can sign up for email alerts that track my progress, or you can watch the race on TV or via the Internet (I suspect the chances of my appearing in the video are relatively low, but it might be fun to watch anyway). There's also an interactive Athlete Tracker that will work during the race, but I can't tell how that will operate ahead of time. And if you live in New York City and would like to watch the race and help cheer me on, I gather it's easy to find a spot on the course to do that.

To track my progress either live or over the Internet, note that I'll be starting in the first wave, at 9:40 AM Eastern (remember that the clocks fall back 1 hour on Sunday for Daylight Saving Time), and I hope to be running between 6:30 and 7:00 minutes per mile, so you can calculate when I'm likely to hit specific points. Although I imagine it will be difficult to pick any given runner out of the crowd, I'll be wearing my traditional race uniform of red shorts and a blue jersey with the High Noon Athletic Club sun logo on the front and back.

My base goal is to finish, of course, with a more serious goal being to finish in under 3 hours. And if I can get down into the low 2:50s, that's just icing on the cake.

I'll report on the race next week, but thanks in advance for any support you'd like to provide, and I hope my efforts can serve as an example of how it's never too late to try to accomplish something that you had no idea was possible before.

�

Copyright � 2008 Adam C. Engst. TidBITS is copyright � 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

27.10.2008 22:42:01 - TidBITS