Archive for January, 2004

Website Hijacking


I started going through my weblogs for all the domains I host, looking for 404’s, and correcting them. Many of the domains we host have updated their pages, moved files around, etc. and other sites and servers and users still point to the old files and content. Those were easy to fix with a bit of mod_rewrite and mod_redir hackery, and it keeps the users happy and logs nice and clean.

But as I was parsing out the logs, I noticed quite a few other curious things, which led me to poke through the referer logs and start tracing some interesting hits.

..which led me to these two sites:

Both of these domains are registered in completely different states, by two completely different people, and yet… other than page color, they are identical, even down to the “testimonials” page. Whomever ripped this off from whom, can’t possibly be that stupid… or can they?

I’ve been taking a stern look at the various websites out there, especially those hosted and created by people local to me, in my community. Disgusting. There is one “designer” (and I use that term very loosely), who is trying to snatch up all of the local businesses here with his “Word-to-HTML” template sites. He charges these sites $250.00 “setup fee” and $50-$500/month for hosting and updates to these sites.

He puts them all on dynamic yahoo-based “free” storage, and rapes the customer for these prices. No quality at all behind his work, and in fact, he takes the website content from other sites directly. I found a complete rip of some CSS in one of his sites from a site in .nl, and he didn’t even edit it out. In fact, the page’s title tags still referenced the .nl site. Here are two more examples:

Both sites, competitors of each other in the same town, created by the same person, using the same design (and ugly buttons, stuck in the 80’s of web-design), and hosted on the same servers. I’m sure they’d find it interesting to know that little tidbit.

So the end-result is that I’m taking this work, all of it, and am not going to give it back to these people, until they get some sort of clue about usability, design, and proper web techniques. I’ve emailed the person who did the two sites above with a 4-page message detailing all of his mistakes on all of his sites, pointing to the proper tools he should be using, etc. and he never replied or even said thanks. Shrug.

We’re going to make a killing in this town, once these businesses see what real quality can look like, at much less cost to them in the long run, for much greater speed, usability, and prompt attention to updates.

We’ve lost another one of our own

sisob; fellow advogato’er, aka Mark Finlay of GNOME fame, passed away on Friday January 9, 2004. I’ve conversed briefly with him in the silicon world but never in the carbon world.

To his family, friends, and colleagues.. my apologies for your loss. He will be missed.

I Am Not a License Nazi


I Am Not a License Nazi (part I)

    Saturday morning, I decided to get back to some wine testing, in an effort to get the new Palm Tungsten Simulator working, so I could test some applications in and against it. (Curiously enough, there are two simulators for these two Palm models, one is modeled after the OS itself, minus the new applications that are shipping on these models in real-life, and the other models exactly what you get when you purchase one of these devices in a store. They aren’t the same, and they are not available from the same location).

    As expected, the Simulator fails to run in wine, including release, nightly, and cvs versions of wine. The problem lies upstream in either the Palm code, or the MMDRV_ portions of wine. I’m narrowing in on a workaround, mostly thanks to the helpful people in #winehq on

    So I decided to see if wine worked at all on some of these recent Windows InstallShield/Catapult installers. I dug around in my shared Windows downloads directory (I don’t have any Windows machines, only directories of downloads, which are mapped to my vmware sessions when they are booted).

    I found an application called “Foo Install.EXE” (not the real name, more on that in a moment). It purports to perform a certain action on a Palm device, in Windows, bypasing the standard Palm tools to do so. Running it in wine, threw a few errors, because wine doesn’t support USB hardware, which this device tried to communicate with. Normally, in Windows, this would be launched with a double-click, hiding any errors which might appear, behind context. Oddly, when the application errored out, I recognized the error message.. because I wrote it!

    “Wait a minute. How can a commercial Windows application contain an error message I know I wrote, which exists in a project I maintain…”

    I ran strings on the executable, and sure enough, this application has 5 function names directly copied from our library and headers, and includes one string which only appears on POSIX systems, and never actually is output from the Windows executable. The application has cut-n-pasted code from our LGPL library into their Windows tool, and were using it to talk to the Palm device, in Windows.

    I decided to try some of the company’s other Palm applications. 3 of the company’s 5 commercial applications uses this same code. I couldn’t test the other two, because they didn’t have any “demo” versions for download, and were clearly commercial-only. I can only assume that if they put the code into 3 of them, they put the code into the other 2.

    Now, normally this would appear to be a mistake, and I like to give companies the benefit of the doubt, but in this case, I think it was much more maliscious than that. Not only was the code clearly marked as being LGPL, but it wasn’t designed for use in Windows. This means someone took the code from our library (and potentially our headers), and put it into their Windows products, modifying the code a bit to work on that platform (/dev/ttyUSBx vs. USB::, etc.), but they neglected to add the required LGPL notices to their downloads. They also have their own license, which adds restrictions on use of their product, and they have a bland copyright notice of their own, right on the About and Help screens of their application. This could be construed as a “Lanham Act” violation (“False designation of origin…”).

    I fired off a message to their contact address, including a copy to, so everyone can be in the loop. I expressed our concerns, detailed our findings, and requested an explanation and requested that they make an effort to bring themselves into compliance. I try to give everyone the benefit of the doubt first, until they reject that offer.

    So far, no reply yet.

I Am Not a License Nazi (part II)

    I jumped on over to Freshmeat to look at some of their new Palm projects (which I do from time to time, to get a feel for the direction people are going with their Palm code), and did a search for handheld there. I found something called “BearOps Handheld”, and decided to try to download it and give it a try.

    Not only is there no download available, but their site claims that they’ve exceeded their bandwidth allocation for the month, and that downloads have been suspended. I fired off an email to tell them that I’d gladly be a mirror, but they didn’t respond. This means their email is working, and didn’t bounce.

    Ok, off to Netcraft to see what their provider is.. and I notice that they’ve switched providers in the last few years. Could they really have exceeded their bandwidth every month, across multiple providers?

    Off to The Internet Archive, and I see that they’ve been up since at least July 20, 2001. Drilling down into September 28, 2001, we see the same “suspended downloads” message on their site. Odd, is it really possible that for over 2.5 years, they’ve exceeded their bandwidth with 2 separate providers? Not likely. I’ve never even heard of BearOps, and if it was that popular, I’m sure it’d be somethiing I’ve heard of. It’s based on Debian, after all.

    I brought this up with some other handheld/Palm people in the Free Software community, and the concensus was that emails asking for the source go unanswered, offers for mirrors go unanswered, and the company simply refuses to supply any details about their distribution, unless you purchase it.

    Another possible GPL violation? Or just non-existant/dead/ignorant people?

There Is Much More To This…

    There seems to be an ever-increasing abuse of the GPL and other Free Software licenses lately. Most-recently, the MPlayer discovery of several GPL violations by a company called “Kiss Technology”.

    There’s also the BusyBox project, who keeps an active list of license violators stealing their code without complying with the license.

    I spoke with my girlfriend Erika, an avid Wall Street Journal reader, and she suggested I write an editorial/letter to the WSJ, explaining all of this. The problem, she said, was that companies and “normal people” don’t know this is happening, and that nobody reads those “geek webpages” (groklaw, slashdot, advogato), so none of this information gets where it needs to be… injected into the public media.

    The synopsis of this, is that companies are actively stealing software, violating copyright, selling products based on that stolen code, increasing their profits, firing/laying off staff (“We found something on the the web that does exactly what we’re paying you to write for us, so we don’t need you anymore. Pick up your last check at the door.”), and the economy increases, due in part, to theft, and jobs being lost.

    The economy is improving because jobs are being lost. There is this mentality among well-funded companies, that they are “safe”, because “..those unemployed Free Software hippies” don’t have enough money to bring them to court. They’re wrong. A bit of a media campaign with some truth, can be much more damaging than any lawsuit.

    We can’t let this continue like this. Chasing all of these companies down, is getting to be exhausting.

Bad Behavior has blocked 1349 access attempts in the last 7 days.