Spoutin' Off: Power to two IT heroes


January 9, 2006

As we start the new year, I'd like to introduce you to two people who, to me, stand out as role models for technology providers and consumers.

The first of these folks is a Russian software engineer named Ilfak Guilfanov. Here's why he gets my vote:

On December 27th, a critical security flaw involving the Windows Meta File system was revealed. The flaw is present in all versions of Windows from the current going backwards to Windows ME. It creates multiple points of exploitability, and since its discovery, has been identified as the avenue of infiltration in some truly virulent malware attacks.

Now of course, this isn't anything new for the Windows OS. But demonstrating even more insensitivity than usual over their inherent security issues, Microsoft rather cravenly chose to wait to provide a fix for this flaw until it was convenient to them, which in this case meant along with their next regular monthly release of patches Tuesday.

Reasonably, this was considered an unacceptable response by IT personnel with many organizations left vulnerable by this flaw. One of these people was Ilfak Guilfanov.

A developer for IT firm DataRescue in Liege, Belgium, Guilfanov says he created his own patch for the WMF flaw because "it scared me."

In an interview with CNET News.com, Guilfanov goes on to say: "I created the fix for me and my friends. But when I put it online, I realized that it is going to be a big thing."

The patch was tested, and subsequently recommended by respected Internet security firms. As word spread online about Guilfanov's patch, his hexblog.com Web site was so overwhelmed by download requests that it crashed (it's working now.) Guilfanov goes on to say that he created the patch as much as a demonstration project as anything. Proof of this lies in the fact that he released the source code for the patch at the same time as the patch itself, openly inviting scrutiny and feedback.

On Jan 5th, obviously feeling heat from the fact that their apathy elicited massive public criticism, as well as motivating someone else to fix their flaw, Microsoft released their patch ahead of the announced date.

Ilfak Guilfanov exhibits the best characteristics of the denizens of the open-source community. He perceived an urgency to which the brain trust at Microsoft was oblivious. He recognized that he was intellectually in a position to address the problem, and without thought of personal gain, acted on behalf of the greater online community. I'd say he's the early front-runner for "IT Pro of the Year."

The other person I'd like to introduce is named Patricia Santangelo.

Now, up until a few months ago, Ms. Santangelo would probably have been considered an unlikely hero. The action she chose to take when assaulted by the Recording Industry Association of America is what sets her apart.

In its unholy crusade to exert utter control over our access to the musical arts, the RIAA was conducting one of its periodic covert online sweeps of citizens' computers, when it found some music files on Ms. Santangelo's device which they determined had been illegally downloaded.

Demonstrating all the finesse of a guy clubbing baby harp seals, the RIAA engaged in a legal smackdown on Ms. Santangelo, filing a lawsuit against her, and offering to settle with her for no less than several thousand dollars.

A federal judge described Ms. Santangelo as "an Internet-illiterate parent, who does not know Kazaa from kazoo, and who can barely retrieve her email." Nevertheless, the RIAA's suit was allowed to proceed.

Around 3,700 people before her, facing the multi-billion dollar legal and political clout of this hydra-headed monster, surrendered and sacrificed themselves on the altar of corporate imperialism by paying the requisite settlement.

Rather than capitulate to what she perceived as a terrible injustice, Ms. Santangelo has chosen to stand on principle and fight the RIAA.

This single mother of five has spent over $24,000 of her own money to fight the lawsuit and is currently having to go it alone as she can't afford an attorney.

But with word spreading on the Internet about her plight and fight, those concerned about preserving some degree of personal and artistic freedom are starting to rally around her cause.

Some folks have gotten together and created a legal defense fund for Ms. Santangelo.

If you share my belief that the RIAA needs to be confronted by a consumer revolution to contain their power and influence, I believe that making a contribution to this fund, even a modest one, is a great way to start.

I don't know much about the organizers and thus can't promise how well they'll manage donations to this fund. Regardless, I perceive that they're sincere, I applaud the sentiment and effort, and thus will risk a few dollars of my own.

Here's the link: http://p2pnet.net/story/7502

It's a good fight - one worth winning. And the principled courage demonstrated by Patty Santangelo is deserving of our respect and support.

Michael Rau is a mass-communications consultant in Virginia Beach. To send feedback or view past columns, visit http://dailypress.asoundidea.com.

Copyright © 2006, Daily Press