Dennis Kennedy

	Web DennisKennedy.com

« July 2003 | Main | September 2003 »

August 25, 2003

Open Source Software Law Blog

I ran across Rod Dixon's Open Source Software Law blog, which looks like it may become a premier "go to" site for coverage of Open Source legal issues.

Since I have been feeling that I have inadequately covered Open Source license legal issues on my web page devoted to these issues, it's great to find a site focusing on comprehensive coverage of news and developments.

Posted by dmk at 11:04 PM

RSS Reader Reviews; New FeedDemon Beta

ExtremeTech.com has a good set of reviews on many of the major RSS readers. The article will give you a good way to get up to speed on the various reader options. The article gives the highest score to FeedDemon, which happens to be the RSS reader / news aggregator I'm using these days.

A brand new beta of FeedDemon was just released and makes some nice improvements. If you are shopping for a new reader or want to try another one, I recommend giving FeedDemon a try. Note that it is still in beta, but free. When it is "officially released" expect that it will no longer be free.

Posted by dmk at 12:39 PM

More Windows Insecurity Links

A few more good articles on the Windows security issue.

First, Rob Pegararo's Microsoft Windows: Insecure by Design, a good primer to some must-know facts about Windows. The money quote: "In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, 'Please don't steal this.'"

Fred Langa has written two useful articles. The first, called Good And Bad Online Security Check-Ups, gives you the lowdown on some online methods of testing your own security set-up. The second, called How Much Protection Is Enough?, talks about the dangers of relying on a single approach to security and advocates a "layering" concept.

Posted by dmk at 12:27 PM

August 22, 2003

Potato Famine Theory of Computer Insecurity

A fascinating article by Chey and Stephen Cobb sets out a potato famine theory of computer insecurity, the essence of which is that our dominantly monocultural world of operating systems heightens the danger from viruses and other problems, just as is the case in monocultural agriculture.

For me, the theory is compelling, but I'm not sure what are the best ways to implement practices that deal with this issue and the Cobb's article does not go into detail into what more diversified approaches would look like.

Posted by dmk at 01:41 PM

Good Critique of Windows Update Issues

David Berlind on ZDNet.com has an an article called "Why Windows Update desperately needs an update," a very good critique of the problematic workings of Windows Update.

Now that it has become vital to install Windows security patches, here's an interesting legal question: Because you can't download and install critical updates without "accepting" a clickthrough user agreement, is there any meaningful acceptance of the terms of that user agreement? Would or should a court find any of the terms of that user agreement enforceable, or, as a practical matter, does any updater have any meaningful choice in these contracts?

Posted by dmk at 10:31 AM

August 21, 2003

More Blaster Related Analysis

A couple of interesting items today on the Blaster-related onslaught against un-updated Windows machines:

First, in the excellent daily email newsletter NewsScan Daily, a short article from a hacker known as Maelstrom explaining the technique of exploting un-updated computers.

And, from Windows' authority, Brian Livingston, a good analysis of the implications of the current wave of virus/worm attacks.

Both are highly recommended.

Posted by dmk at 01:07 PM

August 20, 2003

Microsoft Insecurity: Is There No End in Sight?

Talking to a friend today whose law firm's network was shut down by the Nachi worm, I really began to wonder if, despite its installed base and market share, Microsoft can survive much longer as the onslaught against its vulnerabilities seems to strengthen every day. When people are developing software simply to help businesses manage Microsoft patches, you know that it's not funny any more.

To highlight the issue, Microsoft announced two more critical updates today.

What follows is a group of articles I've noticed just in the last couple of days. I think that it is important to read them as a group and decide how big these issues are and the patterns that continue to arise. And, most important, to come to grips with your answers to the question: what does it take to continue to live in a Microsoft environment?

"Microsoft cerebrates fifteen years of poor security" is a history of Microsoft security problems along with a explanation of some of the underlying technical issues, all of which leads to the conclusion that we will likely see more security problems.

Scott Berniato's article on CSOonline.com called "Patch and Pray" neatly sums up the issues of trying to cope with critical updates and the quandaries IS departments have in trading off security against stability. As the intro to the article says, "It's the dirtiest little secret in the software industry: Patching no longer works. And there's nothing you can do about it. Except maybe patch less. Or possibly patch more." Unfortunately, that just about sums things up.

Jaikumar Vijayan's article in ComputerWorld called "Patching Becoming a Major Resource Drain for Companies" also addresses the issues of the costs and the difficulties of implementing patches and updates.

Robert Vamosi on Anchordesk writes about the end of viruses, suggesting that firewalls and regular upgrades are becoming vitally important.

Ironically, many Windows XP users are unaware of even the firewall built into XP, let alone more industrial strength approaches.

As I mentioned above, the sheer number of patches has created a software business niche for patch management software.

I attended a Microsoft event last year where Steve Ballmer spoke directly to security issues and pointed out that many of the viruses and other exploits are written to vulnerabilities for which patches are available. Blaster and the recent round of viruses are examples of this and patches have been available, along with warnings to install them.

Our general laissez-faire attitude to security patches (in no small sense aggravated by the hours of time required to download patches over a dial-up connection) certainly does not excuse Microsoft, but the combination of Microsoft vulnerabilities and a completely unsuccessful system of patch delivery has create a warm and friendly environment for viruses to grow and play.

Still, when we hear that Microsoft is consider ways to force updates automatically, we get very nervous, especially after earlier updates hosed a good number of computers.

Add to that the other dirty little secrets of metadata or hidden information automatically stored in documents and weaknesses in how Windows handles passwords, and it seems like we are doing enough damage to ourselves that "cyberterrorists" really don't have to do anything.

There's really no end to the constant drip-drip-drip of security updates because Microsoft will not release a ServicePack 2 for Windows XP (presumably collecting all fixes) until the second half of 2004. This means that there will likely be a 2 year gap from SP1 to SP2. Will that help matters? I can't see how it would.

Expect to see even more articles like "Small Firms Ignore Security Protection," "Geeks Grapple with Virus Invasion," "Worm Exploits Weak Link: PC Users," and the like.

Finally, where are law firms today? One I know is completely down today due to a virus. According to Law.com, some of the most prominent law firms in the country have been hit hard by the recent series of viruses and worms. Given the preventability of these problems and the well-known refusal of many lawyers to learn even the most basic common-sense approaches to dealing with potential email viruses, firms that are shut down by these exploits really need to take a look at what they are doing wrong and get it addressed quickly.

Posted by dmk at 06:43 PM

August 19, 2003

More Than Just a Big Scar After All

It was distressing to hear lately that the old smallpox vaccinations may no longer provide any protection. I have this nice big scar on my arm and I was hoping that I at least would get some value from it.

Well, apparently new studies indicate that the old smallpox vaccinations will still provide some protection. I've been reading a number of books on bioterrorism this summer and this article gives me a little comfort.

Posted by dmk at 12:12 PM

PDF for Lawyers

It's good to see that Ernie the Attorney has reinvigorated his PDF for Lawyers blog. It was clear to us from the feedback on TechShow 2003 that Acrobat and PDF are big topics for lawyers, especially in the context of electronic filing, and Ernie's blog should be a good source of continuing, lawyer-specific information.

My favorite general PDF resource is PDFzone.com, which has a ton of resources, a good email newsletter and features like PDF Champions.

Posted by dmk at 11:38 AM

Elawyering Blog - Virtual Law Firms

I'm honored to have been invited by Jerry Lawson to participate in his new group blog, eLawyer Blog. As usual, Jerry has some cool new ideas and has assembled quite a group of commentators.

I posted my first entry today on virtual law firms, a subject several people have brought up with me lately.

I've tried to raise some of what I think are the right questions to think about on this topic.

Last night, I started to read Fast Food Nation and was struck by how much today's large firms reflect the assembly line, industrial model. That makes the topic of virtual law firms even more interesting to me.

Posted by dmk at 11:25 AM

August 18, 2003

Costs of Using Dated Technology

I had the chance at lunch today to discuss Lewis Kinard's Law.com article Beware the Underlying Costs of Using Dated Technology. There's no question that this is an important and timely issue that is receiving far less attention than it deserves in many law firms, and Kinard does a nice job of covering some of the major issues.

Unfortunately, I think the article will not convince many law firms. I think that it's simply a matter of emphasis.

For me, there are three main reasons that outdated technology will cost a law firm dearly.

First, using outdated and non-upgraded software means that you are begging for a massive security and/or virus problem. This kind of problem will cost a firm a lot of money, but it will embarrass or even humiliate a firm with its clients and the public. If client confidentiality is compromised because a firm is running outdated software, the firm will have little or no defense in litigation on the matter - in addition to losing the client. It's surprising to me that law firm malpractice insurance carriers have not pushed firms harder on this issue.

Second, many business people these days laugh at the technology of their law firms. Then they get frustrated. Then they get new representation. Clients think, reasonably, that part of customer service should be giving them work product in a format they can use. If you can't open documents or work with files because your software is too old, they will start to look elsewhere.

Third, firms with outdated technology will not only have difficulty attracting excellent new lawyers, but they will lose some of their best lawyers. Want to embarrass your tech-savvy lawyers? Send them to a meeting with a three-year-old laptop computer. In almost every case I know where a lawyer left a large firm to start a new firm or practice, frustration with outdated technology played an important role. Almost everyone today has a better computer and newer software at home than what they have in the office. I have a friend in an AmLaw 100 firm that still runs Office 97 and he is genuinely embarrassed by that, especially when I razz him about it.

The great irony, of course, is that lawyers would be horrified if their clients wanted to rely only on the law as it was a few years ago.

Posted by dmk at 10:13 PM

August 13, 2003

An Answer to the Never-ending Bookmark Management Issue?

Every so often I start to think about what will eventually take the place of the browser. Most of the time, I start to think this way after I get fed up with the continuing lousy state of bookmark/favorites management tools in the browsers. That means that, once again, I have a bunch of bookmarks, but can't use them in a meaningful way.

Today, I have a new sense of optimisim.

The latest issue of ResearchAgent News has a link to a new program called Snippy, which is an Internet Explorer add-in that addresses a number of the "research management" issues that still plague serious research on the Internet.

The timing could not be better for me, because I've once again hit a point where my frustration with the standard browser bookmark/favorite tools is about to boil over. And that doesn't even get to my latest question: how in the heck do I find a good way to store, track and return good items in a news aggregator?

Here's the description of Snippy: "Use Snippy to save, organize, annotate and share snippets of useful web content. Simply 'drag and drop' text and/or graphics to Snippy and save into a category or project. Snippy date-stamps snippets alongside your comments and the original URL. . . . Internet research surveys show that over 25% of user bookmarks become obsolete within a year,and over 70% are rarely, if ever, re-used."

While I can do most of these things one way or another, the process is exceedingly cumbersome. I've been thinking lately that just the ability to sort and look at my favorites in chronological groupings in just one step would be great. However, because I use category folders, that won't work with current browser tools, at least with those that I can find.

In fact, I have a concern that the whole notion of nested folders won't work well. That's my concern about the "three-pane" news aggregators. My point of view is this: "Give me enough nested folders and I guarantee that I can't find anything."

So, having reached the end of my rope earlier today, I was so excited by the way Snippy dovetailed with my wants that I want to write about it before I even try it.

My first web site grew out of my first irritation with the inability to manage bookmarks meaningfully in a browser and I've written about this issue in the past.

I'll be testing out Snippy, but I'm pleased simply that it has given me a bit of optimism on this subject.

Posted by dmk at 11:07 PM

August 12, 2003

Survey Says . . . Solo and Small Firm Tech

While I generally question the "scientificity"and the validity of the conclusions we can draw because this survey is self-reporting, BeSpacific.com notes that the results of annual survey of technology use of solos and small firms by the ABA Legal Technology Resource Center have been released. These results are based on the forms returned by nearly 4,000 lawyers and they do represent some of the best information we have on the actual state of affairs of technology in law firms and I commend the ABA for making this effort.

On the other hand, I would warn against placing too much faith in the actual results rather than simply relying on them to indicate trends. While I don't think that there is much in the survey results that will be surprising, it is interesting to note what a large percentage of respondents look to email listservs as information resources.

The report does not mention my most important finding about legal tech in the solo and small firm environment: the technology is so much cooler when you don't have to run everything through and get approval from committees.

Posted by dmk at 10:30 PM

August 11, 2003

Gently Exiting the Vacation Mode

As the song says, it's always good for me to be back home again in Indiana. While visiting my parents this past week, I did something that I realized I haven't done in many years - let myself drift into the vacation mode and let go of the need to "accomplish" some work even when on vacation. Instead, I found myself visiting with friends and family, completing a bike ride I've wanted to make since I was a child, spending time at my family's farm and even attending a pickle festival and touring a pickle factory in a nearby town.

A good time to let thoughts percolate and I have some ideas for some new directions.

The little blog break was a good thing, too, because I now have a better feel for some of the things I'd like to do with this blog - new directions, a somewhat more personal approach, and some surprises, I suppose. I know that I sure do disagree with the recent article suggesting that lawyers who blog should take care to show no personality or, God forbid, mention their interest in Nascar. How will people know how much I'd appreciate great tickets to the Daytona 500 if I can't mention it in my blog? Interestingly, in talking with friends, I notice the most eye-rolling and head-shaking about lawyers when I mention the comments of others that lawyers should take care to hide personality and opinions in blogs.

Watch this space for some new things.

Posted by dmk at 10:30 PM

August 06, 2003

10 Tips from PDF Gurus

From the always useful PDFZone, 10 tips from the PDF best practices gurus. PDFZone also has lots of other great tips and features and a handy email newsletter with recent developments and other info.

Posted by dmk at 06:51 PM

August 01, 2003

New Issue of My Newsletter Released

"What Did I Really License?" is the lead article in the latest issue of Dennis Kennedy's Practical Technology Contract Review News. Check it out.

Posted by dmk at 06:07 PM

Increased Health Risks for Law Firms Without Casual Dress Policies

Recent health findings may cause law firms to rethink prohibitions on casual dress. The concern is that tightly tied ties may damage eyesight by raising pressure in the eye, possibly leading to glaucoma. From the article: "The experts say that the ties are probably causing the problem because they are constricting the jugular vein, the main blood vessel returning blood from the head towards the heart."

Posted by dmk at 12:01 AM