Slashdot Mirror
Shakedown: How the Business Software Alliance Operates
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
Perhaps I'm not 100% informed in what the BSA does, but how can they just march in and start installing software and demanding licensing documentation? They are not a government organization, right? It looks like they operate Internationally, so where do they get their jurisdiction to start making demands?
Once the BSA has its sights set on an organization, then that organization had better have either the licenses or the money to pony up FAST to buy them. I have seen cases where the BSA isn't satisfied with responses and comes back with Federal agents (yes, guys armed with subpoenas and guns.)
If you are reasonably sure that your licensing is OK, then you could probably stave them off. It would be a unique Uni that licenses all of the software being used though, based on my experiences.
Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
If the Gestappo comes by asking if you've seen any Jews, do you ask them to explain what Naziism is all about?
Until this IP law is overturned, cower and hide if you're not williong to put your ass on the line to do something about it. In this case, your guy put his ass on the line, it's only natural that he takes what's coming to him. Consider it a form of back-assward martyrdom.
I'll hit the second one first. If the personally-owned computers are on the network, they're close, maybe, to being able to audit those. Maybe. But that's really grey. I know I, for one, wouldn't let them on, and if they came into my office and said "let me look on that machine," I'd simply disconnect it and say "no."
For the first one, though, I have a much bigger problem. Can anyone cite any other [industry / realm / product space] where one is required to retain all receipts in order to prove ownership? I don't need a receipt to show that I own the shirt I'm wearing. If someone wants to accuse me of stealing it, show some evidence. I don't need a receipt to verify that I own the couch in my living room -- if someone thinks I stole it from my neighbor, fine, prove it. So, why on earth do I need a receipt for software?
I can understand the technical complications that are entailed here -- like when you've got 1 CD for 100 machines. But the legal issues are what I'm more curious about. In no other situation am I, essentially, guilty until proven innocent.
Does anyone know if anyone's fought the software industry on those terms? You can't prove I stole it, so go away. Seems like it should work, but then again, maybe I'm being idealistic.
(Okay, I thought of two examples -- cars and real estate. But those are tracked for me by the government, and if I lose a copy of my title they can send me a new one, for a modest fee.)
have you purchased most of your software from one vendor? if so, note that to the BSA...
Do your users install applications themselves (do they have the ability to?) if not, note that as well
As i understand it, the BSA is primarilly concerned with mass piracy either A. a company using multiple copies of say win2k server or windows 2000 professional... and/or B. people installing lots of applications themselves.
just my 2 cents haveing delt with a forced audit from M$ in the past...
if you are sure you are not using lots of pirated software, ie. you buy windows with every computer and you don't let users install software (policies help alot here, in fending of responsibility) then you'll be fine... just give them the info you have...
I do not believe you have to comply with software based auditing software, specifically state that you manage licensing on the purchasing, policy, and physical software installation prevention end NOT at the client... you can probably find millions of documented analysists that would show that such software would prohibitavly increase TCO out of sight...
I am sure that somewhere in the university there is a disgruntled, or ignorant employee that is more than willing to have private discussions with the BSA regarding the software that they and everyone else uses. Once armed with the conversations with "Insiders" then the BSA has a leg to stand on to get in with the law enforcement types and really force you to do things.
Oh, and so far as them requiring audit software on your computer... NO WAY can they do this! They would have to take you to court, sue you and win with some of the terms being software licensing monitoring.
They tried to force the company my mom worked at to do this. She called me, and we went ahead and just removed MS office from every machine and installed StarOffice.
Followed by a nice letter to the BSA and MS saying that they are going to go open source now b/c of the BS of the BSA
Their right is CIVIL.
It stems from an EULA which is probably illegal.
They have to show in court that the EULA is legal and that they can invade.
The stories are just marketting to scare you.
Tell them to go fuck themselves and when they try the legal process you go after the EULA they use and have it invalidated. That will piss them off no end, but it will teach them.
As far as whether or not they can do this, if anyone (person or organization) who wants to audit you like this is not an official department of a Government Law Enforcement Agency, whether it's federal, state, or city, then tell them to fuck off. Otherwise, you are guaranteed due process and they will need to obtain a search warrant.
Privately owned PC's would be a separate search warrant - as they are not owned by the University they the University is not liable for it's contents.
Too bad the powers that be at the University won't do this. But what they should do is just install the Open Source, Free OS of their choice and tell the BSA jackals to burn in hell.
And to any member of the BSA who might be reading this: I run Red Hat Linux 7.1 at home. Go away. Kapisch?
Despite the radio and television commercials suggesting that he'd get fined up the ying yang, nothing happened. I have since concluded that the BSA is all bark and no bite. Here is my story.
I'm pink therefore I'm Spam
Fight fire with fire. Its just as trivial for the BSA to accuse you of copyright violations as it is for you to accuse the BSA of employing felons. Get as much information as you can on the employees of the BSA and pass them on to your local law enforcement agency. It should be job #1 for your administration to protect the health and welfare of their students. Having non-investigated members of a third party organization on campus seems irresponsible. Even if they are not felons, they may hold memberships in violent hate groups or organizations that discriminate against others based on their sexuality, race, gender or disability. Your school could lose federal funding by having a business relationship with a company that promotes discrimination through the practice of hiring bigots. But you will never know unless you audit the auditors.
Sorry, I posted this under anon. Just don't feel like F-in' with the BSA this month. I have real work to do. Bless you open source.
When I worked as a SysAdmin for our local University, we received a letter from Microsoft that basically amounted to the same thing. "We're coming, we're auditing, be ready"
Now, we were mostly in compliance as far as we knew due to our large per-seat volume licensing through dynamic pooling, but we were pretty sure that we'd come up short in the end. Given that we weren't running any auditing software on the PCs it was difficult to impossible to know what was on every machine. So we called Microsoft and told them we needed time. They agreed to grant us two months, but then went on to specify exactly what software we were to use to perform the audting. We replied that we were going to choose our own that was less expensive, but were told that we must use this particular software, because they knew it to be honest and compatible with Access. (Like that should make a shit bit of difference) In the end we just bent over and took it rather than deal with the auditors showing up, and purchased this lame auditing software. It had to be deployed manually from machine to machine. Almost 2000 computers later, we had our audit. We wound up ponying up some pretty serious bucks for our machines. It slaughtered our entire budget for the next three quarters.
Point is: Microsoft probably didn't have the right to just announce that they were coming, but we knew that, as a public institution, we couldn't afford the battle to fight.
No one ever totaled up how much money we lost on that piece-of-shit software and in man-hours for manual deployment, but if you add it to the big fat check we wrote in the end to keep Microsoft off our campus, it was a hell of a lot of wasted grant money intended for student use.
You can pontificate for days on replacing Windows with *nix, or killing Office for StarOffice. God knows I went to the shared governance committee more than once trying to get them to see the light. In the end, however, everyone winds up signing a fat-check.
Cynical perhaps, but a truism all the same
..cage goes into salsa. Shark's in the salsa. Our shark.
Exactly. What companies need to start doing is taking the BSA to court for attorney's fees and consulting fees when faced with an audit. Then the BSA would think twice about writing threatening letters. Better yet, have a company which only uses Open Source file a fraud complaint against the BSA, and get the organization dissolved...
Everyone else replying to this called the guy a scumbag and wished him a similar fate. I would like to know something though. Just to be sure I understand this correctly isn't OEM software all marked clearly with something along the lines of "Not for resale" or "not to be sold seperatly"?
If that's the case and I am correct in my understanding (Being right up front I might very well be mistaken) then wouldn't his competitor in all likelyhood be selling OEM copies of this software far cheaper than he could sell retail versions? Following then what's the real problem with busting someone who is undercutting you by doing something outside the lines?
Personally I think the guy creatively used the system to smack down an unethical competitor to his own advantage assuming all of this was true of course. The other guy was trying to work the angle and got caught. Tough shit.
I just can't find anything wrong with that.
Most of the major Chemistry commercial software out there is available to run under Linux. Sure, it ain't free. But it doesn't imply you have to run Windows to use it.
*Gaussian runs under Linux (although they are pretty draconian about licensing in their own rights).
*QChem runs under Linux (hell, Martin Head-Gordon's research group only has one Windows box, and they only use it for the occasional PowerPoint presentation).
*CHARMM runs under Linux.
Furthermore most of the major commercial chemistry packages don't contract out with the BSA. Most of the people I know in theoretical chemistry don't run Windows. Why? Because if your jobs take months to run, you sure as hell don't want an uptime that is order days. Sure, you can't go totally open source (yet). But you can evade the juggernaut.
And for reference purposes, the next generation of theoretical chemists is pretty geek-happy. Give us another twenty years, and I'm sure you'll start seeing GPLed versions of molecular modeling programs. Hey, I'd consider doing it. The point of all this is that you *can* do things in stages. You can run whatever commercial software you want, scientifically, under Linux. And it's only going to get better. Why? Well, I know people who have license credits on Gaussian/QChem. And you know where they get their thrills? It sure ain't from the royalty check. It's from the fact that *everyone* who uses their software cites them in their articles. Citations are power in the academic world. Money is nothing.
Read Bujold. Free (as in
If licenses are really contracts (like everyone from RMS to Bill Gates say they are), then why do they need to see them? It would be like your landlord demanding to see your rental agreement, or your insurance agent going all nasty on you and demanding to see your insurance policy.
If it's a legally valid contract, then the manufacturer will already have a copy of the license and already possess proof of your assent. It seems to me that if they even have to ask to see the license, then it can't be contract.
p.s. Can you be in breach of contract for not agreeing to the contract?
A Government Is a Body of People, Usually Notably Ungoverned
I want to go to a school that will teach me AutoCAD. Surely what you say would make it impossible for me. No matter what you people say about how wonderful open-source software is, I havn't found anything that lights a candle to the specialized apps that Autodesk produces. Well worth the $7,000 per seat that my company pays.
I'm sure there are a lot of other closed-source software packages out there that are hands down superior to open source options. Probably for the reason that they require far more manpower and organization to produce than any open source network has yet to accomplish.
Of course, in reality this is about privacy, but most people don't realize that.
Amazing magic tricks
I am an IT manager. For a few years now, I have been advocating a migration to open source products wherever it makes sense. First it was e-mail servers, then file/print servers, then web servers. Aside from an MSSQL database that is hard to get rid of, we have M$ on the run (at least in the server area).
Now that Linux is becoming competitive on the desktop, my staff is actively trying to roll out a non-M$ PC configuration, to be deployed wherever our people can get the job done with nothing but open source. For those cases we can't go totally open-source, we are evaluating Crossover Office project, which allows us to simply pull the plug on Win2K and keep the apps we need.
We use auditing software on our PCs and try to do a good job of license management. I say "try" because it is nearly impossible to make it work in a decentralized/mobile environment.
If BSA wants to do an audit, I would say something like: "Come on in, do the audit. However, be advised that we will phasing-out of all BSA products. At the end of the audit, we'll ask you how few licenses we need going forward, since it will be far less than what we now have. We would like to invite CNN to film us as we put the extra licenses into the dumpster. Please send someone who will be able to talk to the local media about the dire consequences of license non-compliance."
I go to great pains to make sure all the software on all of my companies computer is legal, and paid for. And, if a law enforcement agency had somehow gotten a suspicious that we were breaking the law, I would have no problem cooporating with them.
But the BSA is not law enforcement. It bugs the heck out of me that they can do what they do. If they sent us a letter, the first thing I'd do is write up a proposal with an estimate of hours billing rate for them to sign before we would do business with them, another private business.
Granted, we are not a big company, they would probably ignore my proposal, and we don't have the money or the resources to fight them in court, so chances are I'd end up having to comply. But it really chaps my hide that a private orginization, with no real authority, can go around enforcing the law.
What somebody really should do is start an orginzation called 'Citizens for a drug free workplace', contact the BSA, and say that there is quite a bit of suspicion that BSA executives are in possession of, and regular uses of crack. You have one month to get off the crack, because then we're going into your offices, disrupting your business, and piss testing every one of your employees. While we have no legal right to do this, we're going to do it anyways or you're going down.
The Internet is generally stupid
(1) Tell the BSA to fuck off. You're a university, and likely have professors of law teaching there. Thus, no need to pay expensive legal fees, just ask your professors. They might not be able to win the case, but they sure can stall and drag it on at minimal cost to you while you take other measures.
(2) Archive all raw data.
(3) Wipe all of your machines -- that is, write over all data with zero's. To be safe, wipe the hard-drives a few times.
(4) Install GNU/Linux or *BSD on all of your systems, using all Office/spreadsheet/etc equivalents.
social sciences can never use experience to verify their statemen
If it were completely groundless, then yes it would be illegal. The problem here is that in these situations, there's no way for the university to 100% license everything they use. Even if they make a concerted best try effort to license everything a few licenses will slip through the cracks. The university knows this, the BSA knows this, and that is why the BSA, to the best of my knowledge, has never been challenged when these audits come up.
Let's say on your entire campus, one license is not valid. If the BSA comes knocking at your door, you face a relatively minor penalty for that license, but then you have to pay for your legal counsel, their legal counsel, damages, the auditors, etc. The BSA knows this, and they use it to their advantage.
Now, keep in mind here that they are suggesting a product is not legally licensed if you don't have the paperwork to proove it. Therefor, if you aren't totally pristine in keeping track of the licenses for all your software that is, in fact, 100% legitimate, you can still get screwed by the BSA. Although I do wonder how well that would stand up in court, that is, unless the BSA can proove those copies are pirated, is simply not being able to proove them legitimate enough to get you into hotwater. I'm sure their license provisions make certain statements about this, but I don't know if they would stand up in court.
What it boils down to is that the BSA takes advatange of our legal system to extort businesses and it's about time that something was done to put an end to this. For example, I would propose that any organization that licenses software for more than say 50 computers, they should have certain protections from this sort of action. I would suggest the following protections:
1) Provide protection for good faith effort. If your company makes a good faith effort to license your software (at least say 80% of the value of the software is legitimately licensed), then all you can be held accountable for is the cost of licenses at retail price. No damages, no attorneys fees, no auditing fees. It would still cost you the attorneys fees to fend it off, but at least the expense would be clear and reasonable. If you have more than 90% compliance, then your legal fees would be covered by the suing party (though you'd still have to pay for the licenses). Thus, there's a strong disincentive to go after an organization that's not blatantly violating the law.
2) Receipts or other proof of software purchase should be considered valid proof of legal license. If you buy a thousand copies of a piece of software, you shouldn't have to keep track of a thousand pieces of paper. It would be impossible to proove that a piece of software is pirated, so it makes sense for the purchaser to be required to demonstrate ownership in court, but the burden of what needs to be proven should be much more reasonable.
This sig has been temporarily disconnected or is no longer in service
I have a friend who is the IT manager for a ski hill and Microsoft demanded a license audit.
The lawyers came back and said no, companies have no Common Law Right to enter property and demand inspection. They could however, request the number of computers in use with Microsoft software and examnine the licenses for these computers.
The important difference was that Microsoft cannot enter private property and inspect the computers and software of that company. This is apparently a very specific legal right in Canada, party from our Common Law and partly from court decisions regarding our Charter of Rights.
And it seems like some members of the community are not playing nice, so why not kick them out of your yard? The BSA's IP range is: 204.180.189.0/24 (props to arin.net whois), if enough of us routed that to the bit bucket it would make it more difficult for them to do their jobs, hopefully reducing their profit and their supporter's interest in them. Ev1l Gr1n %^>
Interesting idea for a EULA case..
Ask the IP holder to produce the EULA that you specifically agreed to. Request proof that it was you/your institution that accepted the EULA, and not the OEM, shipper, independant IT person who installed the software, etc..
Not only can they not prove who exactly accepted the EULA, they can't even prove the EULA was presented in the first place.
"No your honour. Nothing that said click to proceed came up on my screen. Could be a bug in this copy of their software I guess, I dunno, I didn't make it."
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
The BSA won't be satisfied if you remove
licensed/unlicensed software from a computer
when you're threatened with an audit.
They'll treat this as a violation.
I know I had to prove that a version
of Office had been removed 7 months
prior to the audit notice and wasn't
an attempt to foil the audit.
We STILL GOT PENALIZED!!!!
Being as I currently work for a law firm that is an advocate for businesses that are trying to fend off the BSA and we also offer audits (but not using any M$ product...), I felt compelled to write a quick note about this.
Software audits are becoming more and more common. The BSA announces targeted cities and conducts audits of businesses of differing sizes and industries. One of the ways to avoid a BSA investigation (audit) is to take a pro-active approach to software management practices.
Auditing all of your software and reviewing all of your licenses is the only way to ensure compliance with BSA standards.
The unfortunate truth of this is that it requires a very attentive IS department and/or an outside audit. This is what it sounds like the university in question is in need of (both, not either/or).
To date $68 million has been collected from companies (mostly through settlement) that failed to comply with BSA standards. As the problem of software piracy continues to grow the BSA will increasingly take a zero tolerance approach to this issue.
We know of no other firm that offers complete software management services on a cost-effective basis as well as the protection of Attorney-Client priveledge.
Any first year law student, or third-year business student should be able to tell you that contracts law, which covers EULAs, do NOT protect people from bad or unfair contracts. Only a contract which attempts to enforce illegal terms can be voided (for example, selling oneself into slavery, or attempting to enforce a contract with a minor). Otherwise, as long as there is a valid contract (goods or services exchanged for consideration) both parties are bound by the contract. If the EULA says the user submits to an audit, then you're stuck. You might get a lawyer to dig around in the definition of an "audit" under your specific EULA, but considering how much time, effort and money M$ and others put into writing and enforcing their EULAs, they'll probably be able to hold out a lot longer than most users.
While I agree that software developers have a right to set licensing terms (sale, GPL, BSD, whatever) and require payment if that's their desire it is hard for people to agree that copying bits is the same thing as stealing physical property.
For example, if I break into your house and steal your stereo you no longer have a stereo. If I steal your wallet, your money is gone. If I copy Microsoft Office, Microsoft "loses" a licensing fee that they might or might not have received in the first place. If you ask 20 people if it's wrong to steal a boxed copy of Office from CompUSA it's quite likely that 19 or 20 of those people will say yes. If you ask 20 people if it's wrong to copy Office from their friend who bought it at CompUSA, I'd be willing to bet 15 to 20 of them will say "no" or "kind of, but it's too expensive to buy."
While I agree it's wrong, I don't really place it in the same category as stealing. I think that software companies will continue to have a hard time being taken seriously on this concept until they come up with a less dramatic and more accurate term. It is not "stealing" or "piracy" it's "unauthorized use" - which is still wrong, but doesn't have the dramatic effect that the BSA would like to promote. They want us to believe that anyone who has ever copied software is the moral equivalent of pickpocket, and I don't think they're going to have much success there.
Also, think about this - people will never feel guilty about ripping off Microsoft or Adobe when they perceive such contempt from these companies for their patronage. When Microsoft, Adobe or other software companies treat their customers like customers instead of potential thieves and "consumers" to have punative and restrictive licensing schemes forced down their throats, they might find people less likely to violate their licensing and be willing to pay for the software. When they charge reasonable prices for software, then people will be likely to just pay it. $400 or whatever for M$ Office is not a reasonable fee. $600 for Adobe Illustrator is not a reasonable fee. Not for the average person. You buy three "professional" packages for your computer and you've already paid more for software than you paid for the computer it runs on - and asking for people to pay more money for an intangible thing than for the tangible thing they run it on is never going to fly.
This is nothing more than an attempt by an organization created by corperations to enforce US copyright laws. I cant see how they can do this considering they are not a law enforcement agency. The only thing the BSA should be able to do is send the DA after you to press criminal charges of copyright infringement, then it would be the burden of the DA to prove that you violated the law. As far as a civil suit goes, what can they sue for? Breach of contract? and if they did those damn EULA's have so much crap in them a judge would probably nullify half of it. It will take time and money, but, how many people sitting on the jury will have unlicensed software and be sympathetic? anyway .. my $0.02
An awful lot of people are either complaining about how the BSA ignored their past employers for violations, or how the BSA went after them for "lots of money." Bah. Wait until you hear my story.
I work as a Sr. UNIX Administrator for a very large (Fortune 100) company that shall remain nameless for all the obvious reasons. I plan to leave soon, just as quickly as I settle upon a new opportunity in this less-than optimal job market.
Microsoft is currently auditing us. Granted, that is not what Microsoft or we are calling it; rather, Microsoft is "helping us to determine our licensing needs" but that is just a sugary title for what is really going on.
What is really going on is this: this company has long made an unofficial policy of pirating software. Factual, verified (by me) examples include:
* A single MSDN subscription CD of Office 2000 being installed on virtually every PC in a particular department (over one hundred machines)
* Remote sites throughout the United States being sent CD-R copies of software such as Microsoft Project and being told that it is OK to deploy it on all their PCs
* Numerous Windows Terminal Servers being setup for use by Sun workstation clients, each running Office, Project, and Visio - with at best only a handful (read: less than five) of licenses apiece, with no CALs at all - and definitely not enough licenses to cover the 300+ workstations that use them
* Mass upgrades of PCs from Windows 9x to Windows 2000, with nary a license in sight
* Another department, supposedly responsible for license compliance documentation, cannot now seem to lay their hands on any more than a third of the licenses that supposedly exist - thus leading to a deficit of more than 2,000 unlicensed copies of Office, Project, Visio, and Acrobat.
In my department alone, which is one of the smaller ones at this company, I estimated that we are looking at an easy $400,000 to "true up." Nevertheless, the departments are busy engaged in a finger-pointing battle, each blaming responsibility for license compliance on someone else. Upper management has completely ignored the issue, and as the deadline of July 31 draws ever closer, it is becoming rapidly apparent that this debacle may prove of truly colossal proportions.
If I am a business owner, why am I obligated to submit to such nonsense?
--
"I'm don't know exactly what an AS/400 is, but I'm pretty certain I wouldn't want one up my ass" --Lou
You are auniversity, right? You MUST have some IP of your own, right? Well, go the the exact same judge that the BSA goes to and present the exact same legal work tha they do and "audit" the BSA offices for illigal copies of your code.
"Your superior intellect is no match for our puny weapons!"
If you own a gun and you're not 100% sure if I'm right or wrong, I'd advise you to look in the Yellow Pages under "Gun Safety" or "Firearms Instruction". They should be able to fill you in on such concepts as the Castle Doctrine and Disparity of Force. The book "In the Gravest Extreme" is also a good idea for a read.
Off-topic? Yeah, but I'm at the karma cap anyway. If burning three worthless points keeps one of you clowns from being victimized twice (intruder & system) then they're well spent.
Chris Beckenbach
I don't really know much about the way these sorts of things work, but while the legal dispute rages, couldn't you take advantage of the delay and destroy the evidence?
Utilities for wiping the contents of PCs matching and exceeding requirements for security in the Department of Defense are freely availible, so I'm thinking, why not just delete your habeas corpus such that no investigators will ever be the wiser?
Of course, destroying evidence might also be a crime, but you could always destroy whatever evidence might have proved that you destroyed evidence.
And so infiniditum...
Too busy staying alive... ~ R.A.
But if you're a small to mid-sized company, take a long hard look. You can do a quick roll-out, but not to stick it to the SBA. Do it for the RIGHT reasons.
A transition isn't quite as traumatic as it might seem on the face. When we needed to add an additional workstation (KVM switched) to each CSR's desk the rollout was done for about $250 apiece - most of which was for the KVM switch and cables. Each box was only $100, an old refurb. The experiment was nice, but I expected a slew of support calls. Lo and behold, there are a lot fewer!
Oh, there were issues. A little bugginess in KDE 2.2.2, a printer problem here and there. When inquiring about stability (reboot frequency), people bitch about Windows. I asked about Linux and smiled at the replies:
"Oh, I like it. It doesn't crash."
"I've never rebooted it. Am I supposed to?" (3 months+ uptime)
"Huh? Go away, I hate you."
Now I have people asking for Linux. Is this or that available, yadda yadda. It's growing here, and I'll happily replace a 1GHz Pentium III w/256MB RAM running Windows with an old 233MHz Pentium MMX w/64MB RAM running Linux. The 1GHz box becomes a Linux server, the license goes into a filing cabinet, and everyone's happy.
Do a complete IT assessment, soup to nuts. Take a long, hard look at your licensing and TCC (total cost of compliance). Are there tenable replacements for the software you're currently using? Can you improve performance AND save money with a migration to Linux (or BSD or whatever)? If so, where? Servers or workstations or both? Timetable.
I believe that I can get rid of every single Windows box in my company. I've got 2/3 of mission-critical applications running on Linux. One more and it's on like Donkey Kong.
See the CAW logo license and then my homepage.
No BSA story is complete without linking to this unverified horror story of a BSA raid.
Bleh!
"Does anyone know if this works?"
Yes - but the cable company does not drive around the neighborhood with some kind of scanner. They use an instrument called a Time-Domain Reflectrometer to do a thing called, not suprisingly, Time-Domain Reflectrometry.
How it works is somewhat like this - the TDR instrument must be connected to the cable line feed end. The instrument launches an electrical pulse over the cable then listens for 'echoes' - kind of like a radar. If it hits a tap in the line, hits a load, or hits an open (unconnected) cable, an echo is produced which is detected by the unit. They can measure the echos and see how many feet down the line is the tap.
"Do they actually do this?" Yes again, but it is not as easy as they would like you to believe.
Theoretically, this instrument can detect almost anything that is attached to the cable. In practice, it is a lot harder to catch tappers since the technician doing TDR on the line must distinguish between what is supposed to be on the lines and what is not. He almost has to 'map' the reflections and then come back later and see if the TDR 'profile' has changed to detect a tapper.
TDR is blocked by the line amplifiers they use to boost the signal on the cable lines. It has been almost 20 years since I did any work on cable systems, but at that time it was a real pain to shimmy up a pole, undo the cable from the amplifier and then run the TDR. This disrupted the service for the customers on the branch we were testing, and most of the 'tappers' we caught were in reality people whose cables became disconnected from the set-top boxes or got cut while digging in the garden. They all did not know why their reception suddenly became so poor!!
In the end we limited TDR to analyzing lines that had signal problems, and we generally depended on disgruntled neighbors to find people stealing signal. The TDR could help us find taps, but in a couple cases the tappers were real smart and used a high impedance amplifier piggybacked on our line, which would not show up on TDR. This approach does not produce a nice clean signal one would get from a properly split and terminated cable, but it got the job done.
There was talk of some super TDR system that could be run on the whole system from the head end, but I have not seen or heard of one in use. Remember I am describing the state of the art circa 1982, and much has surely changed, so that doesn't mean it doesn't exist.
As for vans driving around picking up signals - the last I heard of such a thing was from the late '70s when HBO was broadcast over microwave, and various small cable companies and hotels would pick up the signal and distribute it over their systems. One could get downconverter kits and plans to make a box that would let you pick up HBO without a subscription. The box you could mount on your antenna mast had a local oscillator that produced a signal that would downconvert the HBO microwave signal to channel 2 VHF.
The trucks had radio direction finders that homed in on the local oscillator frequency from the downconverter boxes. I had a friend who had one set up and he actually got caught, and received a summons in the mail to appear in court.
He actually showed up in court without an attorney. He was asked to verify where he lived and evidence was produced against him that a certain frequency was radiating from his property, one which could be used to illegaly downconvert HBO. My friend got his turn to testify and much to the suprise of the prosecuting attorney, he produced an Extra class ham radio license. He then submitted a page from the ARRL Handbook showing the RF spectrum priveleges given to different classes of Amateur licenses. The frequency in question was in the broadcast privileges for his class of license! He then said that in this case the evidence against him was circumstantial. He admitted that he was "performing experiments in those range of frequencies" and went on to add that he was soon going to broadcast regularly at that frequency.
Case dismissed.
reminds me of a (true) story from my past, a distant relative of mine was the local NZ equivalent of the FCC inspector who chases down illegal transmitters (both he and I were hams which was how I heard him tell this story).
.... there was nothing special about this pole untill he looked behind it and noticed a camoflauged wire that went down the pole and disapeared into the ground - someone was onbviously stealing power. Following the wire (it was buried) he went into a nearby barn where he found a still with a noisey thermostat .... he went and grabbed the farmer and explained the problem, then helped the farmer put some caps on the thermostat to stop the emissions ... he claimed the international radio regs protected the 'confidentiality of radio transmissions' and he couldn't turn the guy in ... however I suspect a flagon or two of the local hooch may have been involved :-)
He was chasing some annoying sparky interference out in the country near where he lived, it was being radiated from a power line and he tracked it down to a particular pole
Okay, flashback a few years. To be specific, almost five years; Adobe Photoshop 4.0, Doom II. US Robotics before the 3Com merger. Windows 95, or the patched "96" if you were "l33t" enough. I'm there. Are you? Good.
I remember pirating online with my lowly 14.4 modem that was a real screamer back then, or nearly so; it went hand-in-hand with my 75MHz machine. I was running Microsoft Organic Art as my screensaver; the desktop maxed at 1024x768, and my video card had an amazing meg of RAM. My whole system beat the pack with 40MB. Remember well?
At this point, I was using a local ISP -- tfs.net -- which later merged with Birch Telecom. I'd made some pretty good friends with the SysOps, and they (they meaning Joel) would routinely help me out when I was stealing a particularly large file; to save me the hassle of trying repeatedly to snag a huge file (Quake the first, anyone?), they'd grab it using their T1 and set up a dedicated server from which I could download so I didn't have to content with web traffic. TFSnet had a six-hour time-on session limit, meaning that if I went to 6:00:01, I was disconnected, regardless of idle status. I acquired quite a bit of software in this manner, which was stored on my 100MB Zip disks.
I was a wee lad back then, living with parents and all. I had my own webpage, of course; filled with ostentatious graphics and the horrendous blink tag, my site could choke an ISDN. Of course I had the requisite pages an early teen would -- one of them included a "links" page to various warez sites I frequented around the internet. A favorite was Simon's Hideout -- http://sibervision.com/sh/ back then. Since then, Simon's Hideout (yeah, I remember you, Si) has changed to Mitosis and become ugly and member-based.
I remember the W3B, or the original World Wide Warez Board. I created the name; I created the initial graphics for the W3B, a trading board and online warez community. Through the W3B I met a fellow pirate posting under the name of Radiaki; Radiaki (Brandon was his first name -- it's always something mundane like Brandon, isn't it?) had a pretty decent warez page that offered direct downloads. Radiaki's Warez. I visited this site often to check for updates. One such day, I visited to find that Radiaki had run into a plight -- he needed webspace, as his free web provider wasn't too keen on his illicit dissemination of software.
I volunteered. I used about 500K of my few-meg limit, so I offered the rest to Radiaki; I gave him the login and password and ftp address, and off it was. I made sure everything worked correctly -- and then Christmas came.
Christmas that year, I was given a new modem, a 33.6 USR Winmodem. Curse that pile of crap. I installed it that afternoon -- and didn't get it to work until literally months later, after repeated calls to tech support and various visits from friends more tech-savvy than myself. I'd sold my 14.4 the day before Christmas, so reinstallation was out of the question. It was such a frustration, watching the bird-esque beings flit by on the Organic Art screen. . . but not having an internet connection for which I was paying $20 a month!
Finally, it worked. Hallelujah. Online I was, at last! I signed on, checked my Hotmail and TFS.net mail, and signed off to do something else, something possibly productive. A few hours later, the phone rang.
His name was John Wolfe and he didn't believe anything I said. John Wolfe (or was it Woolf?) from the Business Software Alliance, the BSA. They'd caught wind of my page and the site I was hosting, Radiaki's Warez, and just happened to notice that both were in violation of Chapter 17 of the United States code (which deals with copyrighted materials). Shit.
Needless to say, the websites went down fast. The BSA took them down and put a big "BUSTED" logo on my index.htm site. I learned that the BSA was in the process of serving a subpoena to TFS.net to get the user logs.
Of course, my parents were simultaneously terrified and furious. They had no knowledge of this. They had no idea I was pirating software. They had no idea that the copy of Windows on their machine was stolen. . .
Again, I crept away offline for another lengthy hiatus. I continued working after school each day, fretting about the possible ramifications of what had transpired; I was being threatened with jail and a $25,000 fine! I was working at an outdoor garden/nursery making $4.75 an hour!
Life was hell for a while, and it was exacerbated by the fact that I'd never even had internet access to check Radiaki's page or my own.
So, finally, one day I grew tired of everything levied against me. I logged on TFSnet one last time and went directly to Simon's W3B to post a detailed summary of my tribulations. Lengthy it was and detailed it was. I logged off and didn't log back on. I called TFSnet to talk to Joel -- he'd already taken precautionary measures of deleting my radius logs, bless him. Great guy, he was. Six-foot-something, bike-driving, leather-wearing, long-haired SysOp.
A week later, I used a friend's computer to check my e-mail, and in my Inbox was a strange letter from a Russel A. Shorto. He'd seen my post on the W3B and was interested in my story.
Mr. Shorto was a reporter for a major magazine and wanted to do an article on me and the warez underground.
Russel Shorto and I kept in touch via e-mail and eventually telephone; he interviewed me extensively, I provided all sorts of facts and opinions and the ilk.
"And so, behind the cyber-moniker Twisted Ivory, there exists a 15-year-old who works at a nursery after school every day to raise money for his computer habit." and "Are these the criminals that government-subsidized corporations are chasing?"
A spot on page 49 of the November 1997 issue of Swing! Magazine (a magazine about life in your twenties!) landed me some serious publicity. Sympathy flooded in from all over the nation. From what I heard -- by snail-mail, e-mail, etc. -- there was a huge cry against the unfair and unethical movements of the BSA. Letters were sent, phone calls were made.
My case was dropped. I never heard from Radiaki or John Wolfe again.
The BSA has left me alone since, but I'll sure as hell never forget the time I spent when their focus was squarely on me.
I wasn't pirating en masse; I had an installed copy of Photoshop and a couple MP3s (hey, they were very rare back then and WinAmp didn't exist, and when it did, it shadowed WinPlay3). There was no selling involved. I hosted no actual software. I had a webpage and hosted another with links and links alone. I was just a "regular home user" -- and the BSA targeted me. I got away, but was lucky.
That's my story.
--TI
4.25.2
If you want your company to be able to avoid any BSA audit, there are a few things you can do.
The first thing is never buy any piece of software that's represented by the BSA, or at any rate don't buy it directly. Buy it through an intermediary.
Second, never register software with the manufacturer. It's hard to demand that you give someone a copy of a contract (the EULA?) if they never know you have one.
Third, set up secure areas in your company. If you have a machine running BSA-audited software in an unsecure area, then have all the licenses available right there. If they want to go further, tell them they need a search warrant, and you'll see them in court.
Fourth, if they decide to do an audit, be sure to have the senior person sign an NDA or something else like that. Be sure that your NDA contains high penalties and that you have the right to search their premises whenever to verify. Be sure to bring up that NDA in court.
Finally, if they did get that audit, and you did get the NDA, be sure to audit the BSA at least once a month. They'll be such happy campers. They know stuff about your company by checking your machines. I'm sure those criminals are selling it.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
I got a few letters from M$ accusing me of selling computers without the proper licenses. They looked like form letters so I just threw them out. I never heard from them again. I Think everyone should handle M$ and the B$A the same way.
http://Lenny.com