Surely the BBC broke the law?

Tomorrow the BBC technology program 'Click' will demonstrate how botnets are used to send spam and attack web sites. Botnets are networks of compromised PCs running malware that can be controlled to undertake distributed computing tasks usual for nefarious activities.

What has caused concern is the fact the BBC bought its own botnet to do the job. The murky backwaters of the internet is full of sites and chat rooms where hackers and criminals are happy to sell their wares - apparently.

The BBC took control of almost 22,000 computers to create up Click's network of hijacked machines, which has now been disabled. Which they used to launch a Distributed Denial of Service (DDoS) attack and to generate spam.

However as a number of experts have pointed out, they have broken the law in doing so. From The Telegraph

Security expert Graham Cluley from Sophos, a UK-based antivirus company, pointed out on his blog that: "The Computer Misuse Act makes it an offence in the United Kingdom to access another person's computer, or alter data on their computer, without the owner's permission." He says:

Sure, a TV report like this can raise awareness of the serious problem of computers being controlled by hackers. But is it appropriate for a broadcaster to use innocent people's computers without their permission for the purposes of their experiment?

Struan Roberrtson, a technology lawyer with Pinsent Masons confirmed that the BBC "appears to have broken the Computer Misuse Act," adding: "It does not matter that the emails were sent to the BBC's own accounts and criminal intent is not necessary to establish an offence of unauthorised access to a computer."

The maximum penalty for the offence is two years' imprisonment, but Roberrtson does not expect a prosecution "because the BBC's actions probably caused no harm. On the contrary, it probably did prompt many people to improve their security," he said.

The BBC responded that there was

"a powerful public interest in demonstrating the ease with which such malware can be obtained and used," and that it would enccourage people to defend their PCs from such attacks. Also: "The BBC has strict editorial guidelines for this type of investigation, which were followed to the letter."

That makes it ok then!

EFF Surveillance Self-Defence Website

Spotted this "Civil liberties hero of the week" today on the Liberty Central section of the Guardian website.

It is the Electronic Frontier Foundation (EFF) for its Surveillance Self-Defence website, which aims to educate the public about "the law and technology of government surveillance ... [as well as] providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it."

The Guardian point out that "Although much of the legal advice is only applicable to American readers – fingers crossed EFF Europe produces EU-wide and British versions soon – the details on what information is stored about you by third parties, such as your ISP and telephone providers, is relevant to British citizens.

The practical technical advice will be an essential read for investigative journalists, who have expressed concern that the Regulation of Investigatory Powers Act 2000 and the communications traffic superdatabase could impede their ability to protect sources. It details how to securely delete your files or how to use encryption to protect private communications, including emails and instant messages."

Very useful indeed

TwonkyScrobbler V1.0.3

Forgot to post that I have now released V1.0.3 of the TwonkyScrobbler, this releases fixes issues with 'special' characters and literal strings in the RSS feeds.

TwonkyScrobbler V1.0.1

I have released an update to the TwonkyScrobbler. A user on the Twonkyvision forum highlighted a problem when using it with an older version of the server.

TwonkyScrobbler was developed and tested using the latest TwonkyMedia version 4.4.9. The RSS feed facility was introduced in version 4.1 and I had made the incorrect assumption that the RSS feed format had remained unchanged.

In Version 4.4.9 I observed the items in the RSS feed have the following format

<item>
<title>Gemini</title>
<link>http://192.168.0.20:9000/disk/O1$11$207905894$2623831632.mp3</link>
<description>Eye In The Sky</description>
<author>Alan Parsons Project, The</author>
<enclosure url=http://192.168.0.20:9000/disk/O1$11$207905894$2623831632.mp3 type="audio/mpeg" />
<pubDate>Mon, 01 Jan 1981 01:00:00 GMT</pubDate>
<moddatetime>Thu, 20 Apr 2006 20:38:10 GMT</moddatetime>
<playeddatetime>Sat, 08 Nov 2008 07:44:01 GMT</playeddatetime>
<class>object.item</class>
<genre>Rock</genre>
<playcount>1</playcount>
<tracknumber>32148</tracknumber>
<duration>131000</duration>
<bitrate>192</bitrate>
<frequency>44100</frequency>
<audiochannels>2</audiochannels>
</item>

The scrobbler was using the element <playeddatetime> to determine if the song was a new one, storing the value in the program configuration file.

Following the bug report I installed a much older version (4.2.1) on another PC and discovered that items in the RSS feed have much less information.

<item>
<title>Old Ghosts</title>
<link>http://192.168.0.21:9000/disk/O1$11$134217730$2550136852.mp3</link>
<description>Stormwatch</description>
<author>Jethro Tull</author>
<enclosure url="http://192.168.0.21:9000/disk/O1$11$134217730$2550136852.mp3" type="audio/mpeg" />
<pubDate>Mon, 28 Apr 2008 12:59:26 GMT</pubDate>
</item>

This obviously created a problem because the required information is missing, the <pubDate> element isn’t related to the time the song was played.

To attempt to remedy this problem I have modified the scrobbler so it attempts to find the element, however if it is missing the other information title,description and author (i.e. title, album and artist) is compared to the last scrobbled track and any difference is assumed to signal a new track and the new track is scrobbled using the current time as the played time.

Twonkyvision had made reference to this fact in the RevisionHistory.txt file

What's new in Version 4.4.3.1
------------------------------

+ DivX and WMV support for PS3 (4.4.3.1)
+ AAC support for PS3!
+ Time information for pictures on PS3
+ added Album Artist and Album Art for OGG and FLAC
+ added rss feed support for all content types. Start with http://127.0.0.1:9000/rss/feed
+ enhanced generated rss XML feed by more properties

Updating from V1.0 will require a new configuration/state file with the extra data.

TwonkyMedia Scrobbler V1.0 Released!

Tested it again last night with no problems.

So have released it to the world - have even done some documentation

http://www.insanityworks.co.uk/twonkyscrobbler/index.htm

Scrobbler nearly there!

Well the scrobbler is nearly there, done some fiddling with it's look!

Twonkymedia last.fm scrobbler

Well I haven't posted anything for a while, but today I finally completed the first stage of a programming project I hinted back in February.

It is a scrobbler for the last.fm service that sits and monitors the TwonkyMedia uPnP server and sents information of tracks it is servicing!

The TwonkyVision people added an RSS service (think it was on version 4 and primarily to support non-upnp devices such as the SonyPSP) This is available at http://localhost:9000/rss (that link won't work unless you are reading this on a computer running the server!)
By drilling down from this page it is possible to reach a 'last played' rss feed.

It is buggy, the feed isn't updated correctly, but appears the last entry in the rss feed is always the last audio file served up. My scrobbler which is based on the KexpScrobbler by Markus Palme reads this file and extracts the appropriate information from the last entry and scrobbles the data.

I have to do a bit more testing but looks like it works, and I will be releasing it on my website soon!