Slashdot Mirror

I'm presenting a talk at the O'Reilly p2p conference entitled "Attack Resistant Sharing of Metadata".

It's based on an idea of Raph Levien's, somewhat similar to the Advogato trust metric. Basically, you only trust meta-data from your friends, or from people whose meta-data has been good in the past, and then to a lesser extent you trust their friends, but you dynamically adapt if someone starts distributing bad meta-data. We can't really prove that it will work, but it has some promising characteristics.

We are going to implement it on top of Mojo Nation.

Regards,

Zooko

I'm presenting a talk at the O'Reilly p2p conference entitled "Attack Resistant Sharing of Metadata".

It's based on an idea of Raph Levien's, somewhat similar to the Advogato trust metric. Basically, you only trust meta-data from your friends, or from people whose meta-data has been good in the past, and then to a lesser extent you trust their friends, but you dynamically adapt if someone starts distributing bad meta-data. We can't really prove that it will work, but it has some promising characteristics.

We are going to implement it on top of Mojo Nation.

Regards,

Zooko

Users are given a certain number of karma points. They can attach those points as positive or negative values, to other accounts. Once they use up those karma points, they're gone -- but they can re-arrange those points if they want

Think of "attaching karma points to an account" as "certifying that account" and you've just described Advogato. Too bad Advogato AFAIK doesn't even let you reply to articles without having been certified by a number of other users.

There are many on-line communities that are beginning to understand the need for reputations: Slashdot has karma; Mojo Nation uses mojo, a private currency; even SourceForge has implemented user ratings. And much more is being done in the private, closed source sector, unfortunately often driven by a requirement to more accurately target specific market segments.

The holy grail here would be an open source, fully distributed, open yet secure reputation system can satisfy this need. If in addition, this system put the user in full control over their personal information and how - and with whom - it was to be shared, then privacy could be assured while reputations at one site could safely cross boundaries into other sites.

As information begins to drown us, reputation-driven services that can accurately direct our limited attention to what we want to see when we want to see it will drive the new economy. We have the technology - let's build it!

--

There are many on-line communities that are beginning to understand the need for reputations: Slashdot has karma; Mojo Nation uses mojo, a private currency; even SourceForge has implemented user ratings. And much more is being done in the private, closed source sector, unfortunately often driven by a requirement to more accurately target specific market segments.

The holy grail here would be an open source, fully distributed, open yet secure reputation system can satisfy this need. If in addition, this system put the user in full control over their personal information and how - and with whom - it was to be shared, then privacy could be assured while reputations at one site could safely cross boundaries into other sites.

As information begins to drown us, reputation-driven services that can accurately direct our limited attention to what we want to see when we want to see it will drive the new economy. We have the technology - let's build it!

--

• The Web is the Ultimate Copy Protection

But with a web-based application, the publisher keeps the executable binary, and even with copylefted code, the GPL's source code distribution requirement does not come into play because the binary is never distributed.

This will ultimately lead to disaster for ordinary users as web applications make the move from news, shopping and entertainment to functions that people depend on in their daily lives or businesses.

Michael D. Crawford
GoingWare Inc

So just yesterday I wrote:

• Why We Should All Test the New Linux Kernel

It's got some helpful, practical tips on downloading and building a kernel from sources as well as providing feedback to the kernel developers. All of the information in the article is available somewhere, but when I first began testing with 2.4.0-test1, I found some things difficult to figure out, so I felt that it would be nice to put what I learned all down in one place.

This is part of an overall effort to improve the quality of Free Software. Another part of the effort is the just-founded Linux Quality Database, so far just a proposal - contact me at crawford@goingware.com if you want to help.

And finally, some interesting trivia for you:

After a long beta testing period and many delays, Windows 2000 shipped with 64000 documented bugs of which 25000 were considered serious by Microsoft itself (the figures are quoted from memory, I might be a bit off). The Windows trade press reported that the opinion was widely held by IT managers that one should not install Windows 2000 on any machine until a few service packs had been released, with Windows 2000 server not being considered ready for use until much later than the desktop user version.

The BSD/Mach based Mac OS X, derived from the NeXT operating system and now in beta testing, is Apple's first operating system to support protected memory that is expected to be widely used. (Another was A/UX, Apple's Unix port, but it served only a niche market).

Apple has been trying for ten years, longer than Linux has been in existence, to write a modern operating system. The first was Pink, renamed Taligent when Apple collaborated with IBM on it. In the end all that came of it was a little-used object-oriented programming framework.

The next was Copland, and I don't know why it was never completed exactly, but I was offerred a job as a performance engineer on the Copland project when I worked at Apple, but I turned it down - I didn't tell them this but I had the sense that Copland was a project that would never ship.

And Linus wrote Linux when he was a college student, which combined with the GNU utilities forms the operating system we know and love today.

These huge, well-funded corporations can't get it together to program their way out of a wet paper bag but a bunch of freaks on the Net have written the fastest growing operating system in use today.

Michael D. Crawford
GoingWare Inc

So just yesterday I wrote:

• Why We Should All Test the New Linux Kernel

It's got some helpful, practical tips on downloading and building a kernel from sources as well as providing feedback to the kernel developers. All of the information in the article is available somewhere, but when I first began testing with 2.4.0-test1, I found some things difficult to figure out, so I felt that it would be nice to put what I learned all down in one place.

This is part of an overall effort to improve the quality of Free Software. Another part of the effort is the just-founded Linux Quality Database, so far just a proposal - contact me at crawford@goingware.com if you want to help.

And finally, some interesting trivia for you:

After a long beta testing period and many delays, Windows 2000 shipped with 64000 documented bugs of which 25000 were considered serious by Microsoft itself (the figures are quoted from memory, I might be a bit off). The Windows trade press reported that the opinion was widely held by IT managers that one should not install Windows 2000 on any machine until a few service packs had been released, with Windows 2000 server not being considered ready for use until much later than the desktop user version.

The BSD/Mach based Mac OS X, derived from the NeXT operating system and now in beta testing, is Apple's first operating system to support protected memory that is expected to be widely used. (Another was A/UX, Apple's Unix port, but it served only a niche market).

Apple has been trying for ten years, longer than Linux has been in existence, to write a modern operating system. The first was Pink, renamed Taligent when Apple collaborated with IBM on it. In the end all that came of it was a little-used object-oriented programming framework.

The next was Copland, and I don't know why it was never completed exactly, but I was offerred a job as a performance engineer on the Copland project when I worked at Apple, but I turned it down - I didn't tell them this but I had the sense that Copland was a project that would never ship.

And Linus wrote Linux when he was a college student, which combined with the GNU utilities forms the operating system we know and love today.

These huge, well-funded corporations can't get it together to program their way out of a wet paper bag but a bunch of freaks on the Net have written the fastest growing operating system in use today.

Michael D. Crawford
GoingWare Inc

Here's an excerpt:

There's a fairly major controversy with TrueType right now, that there a number of patents that are owned now by Apple. It's kind of interesting to me that that is the case even though it's for the most part derivative work of what was in Metafont.

I've been very unhappy with the way patents are handled. But the more I look at it, the more I decide that it's a waste of time. I mean, my life is too short to fight with that, so I've just been staying away. But I know that the ideas for rendering... The main thing is that TrueType uses only quadratic splines, and that Type1 fonts use cubic splines, which allow you to get by with a lot fewer points where you have to specify things.

The quadratic has the great advantage that there's a real cheap way to render them. You can make hardware to draw a quadratic spline lickety-split. It's all Greek mathematics, the conic sections. You can describe a quadratic spline by a quadratic equation (x, y) so that the value of f(x, y) is positive on one side of the curve and negative on the other side. And then you can just follow along pixel by pixel, and when x changes by one and y changes by one, you can see which way to move to draw the curve in the optimal way. And the mathematics is really simple for a quadratic. The corresponding thing for a cubic is six times as complicated, and it has extra very strange effects in it because cubic curves can have cusps in them that are hidden. They can have places where the function will be plus on both sides of the cubic, instead of plus on one side and minus on the other.

The algorithm that's like the quadratic one, but for cubics, turns out that you can be in something that looks like a very innocuous curve, but mathematically you're passing a singular point. That's sort of like a dividing by zero even though it doesn't look like there's any reason to do so. The bottom line is that the quadratic curves that TrueType uses allow extremely fast hardware implementations, in parallel.

Here's an excerpt:

There's a fairly major controversy with TrueType right now, that there a number of patents that are owned now by Apple. It's kind of interesting to me that that is the case even though it's for the most part derivative work of what was in Metafont.

I've been very unhappy with the way patents are handled. But the more I look at it, the more I decide that it's a waste of time. I mean, my life is too short to fight with that, so I've just been staying away. But I know that the ideas for rendering... The main thing is that TrueType uses only quadratic splines, and that Type1 fonts use cubic splines, which allow you to get by with a lot fewer points where you have to specify things.

The quadratic has the great advantage that there's a real cheap way to render them. You can make hardware to draw a quadratic spline lickety-split. It's all Greek mathematics, the conic sections. You can describe a quadratic spline by a quadratic equation (x, y) so that the value of f(x, y) is positive on one side of the curve and negative on the other side. And then you can just follow along pixel by pixel, and when x changes by one and y changes by one, you can see which way to move to draw the curve in the optimal way. And the mathematics is really simple for a quadratic. The corresponding thing for a cubic is six times as complicated, and it has extra very strange effects in it because cubic curves can have cusps in them that are hidden. They can have places where the function will be plus on both sides of the cubic, instead of plus on one side and minus on the other.

The algorithm that's like the quadratic one, but for cubics, turns out that you can be in something that looks like a very innocuous curve, but mathematically you're passing a singular point. That's sort of like a dividing by zero even though it doesn't look like there's any reason to do so. The bottom line is that the quadratic curves that TrueType uses allow extremely fast hardware implementations, in parallel.

It's a threat because, by running applications off a web server, you don't have the binary to an application and so the GNU General Public License's requirement that the publisher distribute source does not apply.

This doesn't apply just to .NET but to all server-based computing. I'm particularly concerned with .NET because it threatens to make server-based applications commonplace.

I guess with .NET you'll download some client-side software, but it won't be able to run without the server side software, to which you won't be able to obtain source - even if the source was originally written for a Free Software project and licensed with the GPL.

Please read my article The Web is the Ultimate Copy Protection on Advogato.

And yes, the folks who replied to the article had some very good points about how copyright does not appear to hold any hope of solving this problem, even with my proposed revision of the GPL (which RMS says he's been considering).

It's a sticky problem and a potentially disastrous one, not just for free software but for all computer users because of the losses they will face as application service providers go out of business or change focus from time to time, taking their applications and source code with them.

Michael D. Crawford
GoingWare Inc

It's a threat because, by running applications off a web server, you don't have the binary to an application and so the GNU General Public License's requirement that the publisher distribute source does not apply.

This doesn't apply just to .NET but to all server-based computing. I'm particularly concerned with .NET because it threatens to make server-based applications commonplace.

I guess with .NET you'll download some client-side software, but it won't be able to run without the server side software, to which you won't be able to obtain source - even if the source was originally written for a Free Software project and licensed with the GPL.

Please read my article The Web is the Ultimate Copy Protection on Advogato.

And yes, the folks who replied to the article had some very good points about how copyright does not appear to hold any hope of solving this problem, even with my proposed revision of the GPL (which RMS says he's been considering).

It's a sticky problem and a potentially disastrous one, not just for free software but for all computer users because of the losses they will face as application service providers go out of business or change focus from time to time, taking their applications and source code with them.

Michael D. Crawford
GoingWare Inc

Advogato has a good discussion on this. One of the good links from this was Bazaar, in the sense of the cathedral and the bazaar, where there is a list of other peoples itches.

I guess the one major hurdle is getting a understanding of the code, because one program where I found an annoying bug, I downloaded the source, and there wasn't a single comment in the code relating to what was being done. I couldn't for the life of me figure out where to look for this bug, so I couldn't do anything about it. It doesn't matter it bugs are shallow if the water is muddy. See ESR's cathedral and the bazaar to put the last comment in context (yes, I just read it fully again).

• A Summary of Principles for User-Interface Design.
• Graphical User Interfaces gallery.
• Human Computer Interfaces (graphics oriented)
• Towards the Anti-Mac (note the comments -- is the Adventure Shell non-GUI or only moving the images into your head?)

Mojo Nation deserves a plug.
It has an ingenious solution to the freeloader problem, namely an
internal currency system, which may make the system more scaleable
than Freenet. Advogato also
runs some good discussions of these issues.

THis idea was tossed around on Advogato.org. Should be interesting to see. (On a side note, wouldn't it be cool if all these free software sites had soemthing like the microsoft wallet?)

Open Projects Net: Denial of Service Attacks

Posted 7 Nov 2000 by lilo

Open Projects provides interactive facilities for coordination and support to groups and projects involved with open source. We run between 1,500 and 2,000 clients and are home to such projects as Debian GNU/Linux and Enlightenment. We've had our share of difficulties recently, but we're continuing on.

The past few weeks have been quite an experience. Last week one of our hubs on Open Projects started going up and down like a yoyo. I'd seen that behavior in this normally very reliable server in recent weeks and not thought much of it, since the company in question was in the process of moving its facilities and reliability issues do sometimes creep in during such moves. But we soon obtained a little bit more insight into the problem. After watching the server perform a loop-de-loop, I received a /MSG from a rather peremptory and anonymous skript kiddie informing me that if I didn't permanently remove the sponsor's server from the network, he would kill my home ADSL line and take down Open Projects until he got his way. It seems he feels the sponsor owes him money. I'm afraid I wasn't very polite in my response. Feeling that one can hardly allow psychotic delinquents to dictate network policy, I explained to him that while he might very well be able to take down our network, he was not going to set policy, and specifically I would not entertain the notion of removing our sponsor's machine.

The last week has been interesting. Apparently this petulant child has something over 45Mbps to play with, and he's moderately competent with SYN attacks and so on. In various incidents throughout the week he packeted ISP's and universities and small companies to death to demonstrate his, uh, prowess with borrowed equipment. Currently he has proclaimed that he'll be taking down our network once a day for an hour until his wishes are granted. All I can say is that he's going to be doing it for a long time if that's the case; the heat death of the universe isn't due to arrive for some time.

Throughout this experience I have noticed it's very difficult to coordinate much of a response from ISPs and backbone providers. An unofficial contact at uu.net explained that we must notify his security people while an attack was taking place for them to have any chance of thwarting it. They thoughtfully provided him with an email address rather than a telephone number to give to us, explaining that this is a matter of policy. Perhaps they don't understand that packeting can affect services like email. Or perhaps they are simply extremely comfortable, their owners having cornered much of the backbone market after the last round of industry mergers. My employer's ISP was targeted, and so far the people at the ISP seem a little bewildered, though they're game to fight the good fight. Some folks with very nice bandwidth contributed a server today to see if we couldn't keep our hubbing working through an attack, and the skript kiddie seems to have gone after their routers, leaving very little in the way of evidence behind him as to his point of origin.

As a first, one of our admins contacted the FBI at our request. I'm not sure this will accomplish anything useful, but it's certainly worth a try. It is worth noting that, as a philosophical anarchist, I'm usually not inclined to bring in the muscle of a law enforcement agency to resolve such disputes, preferring to reason with the party or parties involved. But in cases where the problem user has learned his manners from repeated viewing of Robocop, well, there's not much one can do but consider the business to be a declaration of war.

At any rate, it seems to me that this otherwise very mundane set of attacks points to a long-standing problem with the Internet: Denial-of-service attackers have location indirection, but content services and users are left in plain sight as targets for their efforts. I'm hoping Corridors will helpful in dealing with this problem, though it's a fairly long-term project (and constantly in search of additional expertise to finish the design and begin the actual implementation). Meanwhile, we go on, attempting to devise kludges to improve the robustness of ircd in the face of all-out attack.

Any assistance from the readership in combatting problems which we have never experienced in quite this magnitude would be greatly appreciated.

Thanks to the Magenet people and Diane Bruce and F. John Rowan of the hybrid ircd project for their assistance. Thanks to the many users and admins of OPN, whose patience and support have been impressive. And thanks especially to VA Linux for their help and support; they've been real heroes and deserve a great deal of praise. And no, we're not going to delink their server, however many or few seconds we have to comply. ;)
--

Open Projects Net: Denial of Service Attacks

Posted 7 Nov 2000 by lilo

Open Projects provides interactive facilities for coordination and support to groups and projects involved with open source. We run between 1,500 and 2,000 clients and are home to such projects as Debian GNU/Linux and Enlightenment. We've had our share of difficulties recently, but we're continuing on.

The past few weeks have been quite an experience. Last week one of our hubs on Open Projects started going up and down like a yoyo. I'd seen that behavior in this normally very reliable server in recent weeks and not thought much of it, since the company in question was in the process of moving its facilities and reliability issues do sometimes creep in during such moves. But we soon obtained a little bit more insight into the problem. After watching the server perform a loop-de-loop, I received a /MSG from a rather peremptory and anonymous skript kiddie informing me that if I didn't permanently remove the sponsor's server from the network, he would kill my home ADSL line and take down Open Projects until he got his way. It seems he feels the sponsor owes him money. I'm afraid I wasn't very polite in my response. Feeling that one can hardly allow psychotic delinquents to dictate network policy, I explained to him that while he might very well be able to take down our network, he was not going to set policy, and specifically I would not entertain the notion of removing our sponsor's machine.

The last week has been interesting. Apparently this petulant child has something over 45Mbps to play with, and he's moderately competent with SYN attacks and so on. In various incidents throughout the week he packeted ISP's and universities and small companies to death to demonstrate his, uh, prowess with borrowed equipment. Currently he has proclaimed that he'll be taking down our network once a day for an hour until his wishes are granted. All I can say is that he's going to be doing it for a long time if that's the case; the heat death of the universe isn't due to arrive for some time.

Throughout this experience I have noticed it's very difficult to coordinate much of a response from ISPs and backbone providers. An unofficial contact at uu.net explained that we must notify his security people while an attack was taking place for them to have any chance of thwarting it. They thoughtfully provided him with an email address rather than a telephone number to give to us, explaining that this is a matter of policy. Perhaps they don't understand that packeting can affect services like email. Or perhaps they are simply extremely comfortable, their owners having cornered much of the backbone market after the last round of industry mergers. My employer's ISP was targeted, and so far the people at the ISP seem a little bewildered, though they're game to fight the good fight. Some folks with very nice bandwidth contributed a server today to see if we couldn't keep our hubbing working through an attack, and the skript kiddie seems to have gone after their routers, leaving very little in the way of evidence behind him as to his point of origin.

As a first, one of our admins contacted the FBI at our request. I'm not sure this will accomplish anything useful, but it's certainly worth a try. It is worth noting that, as a philosophical anarchist, I'm usually not inclined to bring in the muscle of a law enforcement agency to resolve such disputes, preferring to reason with the party or parties involved. But in cases where the problem user has learned his manners from repeated viewing of Robocop, well, there's not much one can do but consider the business to be a declaration of war.

At any rate, it seems to me that this otherwise very mundane set of attacks points to a long-standing problem with the Internet: Denial-of-service attackers have location indirection, but content services and users are left in plain sight as targets for their efforts. I'm hoping Corridors will helpful in dealing with this problem, though it's a fairly long-term project (and constantly in search of additional expertise to finish the design and begin the actual implementation). Meanwhile, we go on, attempting to devise kludges to improve the robustness of ircd in the face of all-out attack.

Any assistance from the readership in combatting problems which we have never experienced in quite this magnitude would be greatly appreciated.

Thanks to the Magenet people and Diane Bruce and F. John Rowan of the hybrid ircd project for their assistance. Thanks to the many users and admins of OPN, whose patience and support have been impressive. And thanks especially to VA Linux for their help and support; they've been real heroes and deserve a great deal of praise. And no, we're not going to delink their server, however many or few seconds we have to comply. ;)
--

Burris

See my detailed article on supporting Linux end-users and their needs at Advogato. I also give the weaknesses and strengths of setting up a "cooperative" to support these needs.

I think the limitation is that not much is really known about GNU/Linux end-users and what they expect. With all of the VC injected into the Linux server market, large entities really don't care about the end-users because the margins are very tight. There is not enough money to satisfy their VC obligations with a return of 15%. Server margins are upwards of 400%.

Lucas

As it so happens, I posted an essay on Advogato a few months ago that explores questions like this in great depth. If you want to make money, but forcing people to pay a price per-copy isn't an option, there are lots of other approaches at your disposal; public performance is one, but not the only one. Summarizing what I said about authors: things'll only change big-time if e-books become a preferred way to read. If this happens, authors'll likely have to rely on donations from their readership and grants to pursue authoring full time. This isn't really as outlandish as it sounds, provided the idea of offering such donations can be ingrained as a cultural norm. (I don't think this'll be all that difficult; public TV and radio stations seem to do okay for themselves.)

And now that you mention it, picking up speakers' fees for lecturing or reading works aloud could be a piece of the pie for authors, though probably not as big a hunk as live performance would be for musicians.

lkcl's diary at Advogato has a few entries regarding the way Samba development has been going, particularly this entry: http://advogato.org/person/l kcl /diary.html?start=67.

lkcl's diary at Advogato has a few entries regarding the way Samba development has been going, particularly this entry: http://advogato.org/person/l kcl /diary.html?start=67.

To me, the most important thing moderation does is pick out intelligent dissenting opinions from the sea of banal groupthink. Averaging moderation would cause the opposite result -- all posts would be ground down by the same flood of of conformity and all double-plus-ungood thoughts that might challenge a Slashdot reader's unswerving faith in Linux, Peacefire and Napster will be hidden down with the goat links.

If what you want is vigorously enforced conformity, read Advogato. Before being able to post, members must reach a minimum score on the Scale Of Being Just Like Everyone Else. Personally, I find it much more interesting to read a site where people are allowed to say something in defense of Troll Tech, or even Microsoft.

You wrote:

The new crop of us fools see moderation as tools to find the interesting points that lie in the sea of noise. Upon finding an interesting point, I personally drill down to read its responses at -1. That means I lose all the original, interesting posts that weren't responses to someone else? Certainly. I am assuming that the great majority of unmodded good posts were some impassioned response to someone else. Not perfect, but moderation is a tool to find as much good information as possible, as a computer is a tool to filter through noise to find the waveform underneath.

Of course, I also use the moderation system because this is better than having no filtering at all, given the current traffic (FYI, I browse at +2 and I expand some of the comments that could be interesting, that's how I saw yours).

However, Signal11 was pointing out several flaws of this system: the most annoying one is that it encourages people to think and behave like sheep. Any comment that criticizes Microsoft and claims that Linux or open source software will solve most problems is almost guaranteed to get moderated up. On the other hand, an insightful comment that praises commercial software has a much lower chance of being moderated up. Also, the moderation is often done on the first 100 or so comments, and the following ones are ignored unless they are attached to a comment that is already moderated up.

Think about how Slashdot would be with the following changes (I am not suggesting that all of them should be implemented, but this is some food for thought):

• No comments could be posted in the first hour after the article is published. This would give people more time to read the article and think before they post, instead of being encouraged to say something before someone else does it.
• The threshold for getting a +1 bonus would not be based on the total number of Karma points, but on the Karma divided by the number of comments posted (maybe with an exponent lower than 1). It would then be better to post some interesting comments than to post as many comments as possible.
• Karma points could expire after a few weeks, so you could not accumulate them and keep your +1 bonus when posting.
• Give a +1 bonus to the users who are certified (this requires a certification system like the one used on Advogato or one based on digital signatures). This would encourage accountability.
• Each registered used could set up a filter that would give a permanent +1 (or -1) to some users, so that their comments would appear more (or less) frequently. This would only be a local filter and would have no influence on what the other users are reading.
• The system could encourage moderators to look at all comments, not only the ones that already appear near the top of the page.

Anyway, as you wrote, Slashdot is a system with entertaining flaws. There will always be some way to abuse it...

Serious about your frustration with the RIAA and corporatism in general? Try Civil Disobedience. No, really. Be willing to get arrested for possessing the tools we take for granted. I am. But read on...

First, a summary, since this is long and will get chopped:

• We can't win if we look like the bad guys. Therefore, we must clean up our act, both public and private, and be willing to address the real, underlying concerns of our fellow artists and consumers.
• Corporations don't trust individuals; individuals don't trust corporations. Therefore, we must gather all of the individuals together on our side, artists and consumers alike, instead of allowing the corporations to divide us.
• The future is change; everyone is scared. The industry is afraid, but also opportunistic. It believes it can secure a future for itself built by legally forcing nature to behave itself. It attacks the fears of consumers to create this legal impetus.
• The "Tragedy of the Commons" is worrisome. Individual artists are afraid that if they open themselves up to a meritocracy, they'll be raped. We have counterexamples, and we also need to set expectations.

Before you don your DeCSS Shirt, it's important that we get our act together and learn the very powerful art of spin . Don't sneer and say that's beneath us. Right now, the RIAA and MPAA are mobilizing a very powerful political engine. They are engaging in a classic tactic, painting our community's members as pirates and criminals in the public's eye. It's our job to spin right back at them, to recast the debate in terms that make us clearly the good guys, and them clearly the corporate Goliath, out to trample the rights of individual artists and consumers. Here's how...

Start giving props to artists. Start decrying the fact that there's no widely available, secure, trustable infrastructure for "tipping". Start pitting the labels against the individual artists, whom you would compensate directly, if there were a reliable means to do so. Blame the corporate hegemony for this situation. Traditional corporations exist for one reason alone: profit ; profit to the exclusion of all else, including the rights of artists, and the rights of individual consumers. Start pitting the labels against consumers, by using inflammatory phrases like "abrogation of our rights" and "corporate hegemony" (please understand what they mean and be able to defend them calmly, though). As soon as we can swing the focus of our fellow consumers' mistrust and cynicism to the industry, as soon as we can paint ourselves the David in this battle, we will begin changing things.

The reasons for this are simple:

• People root for the underdog. Right now, the RIAA and MPAA are painting themselves and the artists as the underdog against the massive, unstoppable tide of digital piracy and mayhem. As it happens, they may be right, but I'll get to that in a minute.
• People fear for their own property. People want to be "secure in their persons, houses, papers, and effects". The RIAA and MPAA are casting this debate squarely in terms of theft of property because they know that will strike a chord with the public. They want you, the consumer, to believe that, if you don't side with them to stop Napster and DeCSS, you'll lose out just as much as if someone broke into your house and stole all of your CDs.

My freshman year in college, someone stole 250 CDs from my dorm room. 250 CDs that I had worked very hard to afford, and had worked very hard to acquire (many rare imports, anime, etc.). I felt hurt, violated, confused, angry, and all of that. The RIAA and MPAA are trying to connect with those feelings in the consumer public.

We need to be going for the same connection, while also making the connection between individual freedom and liberty. We need to make it clear that we're all for just compensation, and that we don't need Goliath's hand to ensure that compensation. We need to show our fellow consumers that the industry is just in the game for the sake of revenue, and that they don't give a damn about consumer rights, nor do they trust consumers in the least. Yet they ask for our trust that they will justly compensate artists, that they will respect our rights to fair use, that they will treat us as equals (IANAL, but a corporation is legally considered a person.)

The RIAA and MPAA would have you believe that every artist and "legitimate consumer" out there is on their side, and that everyone else is a pirate. We know that's wrong, but what do we do about it?

Get all the individuals on the same side. Artists are individuals. Consumers are individuals. Everything in between the two is corporate infrastructure. The internet makes that corporatism irrelevant to the kind of relationships we could be building with our fellow individuals.

If I play your song, and I like it, I'll give you a tip. If I play it all the damned time, I'll give you big tips, frequently. If Metallica pulled their heads out, they'd understand that they'd make a lot more from me letting me tip them than they are right now, since I won't buy anything new of theirs (even though I really want to).

Things we've taken for granted, as a society, as individuals, and as corporations, are all in the process of changing dramatically and radically. Specifically, traditional notions of property become more meaningless with each passing day. We know how to treat tangible items as property (you're stealing it if you deprive me of it without my consent), but we don't know how to treat intangibles as property; after all, if you copy it from me, how are you depriving me of it?

And if you think that distinction is cut-and-dried, and that it just means we need two classes of property, intellectual and tangible, think again. What's going to happen in a decade or three when nano-technology makes tangible property available to anyone with a handful of garbage, a replicator, and a design?

Now, it's understandable that corporations might be afraid. After all, they might disappear. Or have to reinvent themselves radically. I think they're pretty well aware of that fact. The issue, ultimately, is one of control. The industry wants to control its destiny, but it doesn't have that kind of power. It seeks to create that power, artificially, by lobbying to create laws like the DMCA, that curtail individual rights that are far more powerful than they were when they were granted, 225 years ago, before there was an Internet.

I don't know about you, but I don't want to be controlled by a corporation. I want the freedom to interact with my fellow individuals, to share and communicate and transact by our own rules. I want to write code and trust that you'll compensate me for it justly. And I do. Literally. I have a 100% GPL clause for the work I do. And I trust the community and individuals to be faithful to one another, and to support one another. I don't need a law or a corporation to enforce what ought to be human decency.

The idea that some people will steal all the goodies is worrisome. They can't. Unlike the commons about which "The Tragedy of the Commons" was written, you can't trample up the grass around an artist. You can't turn a director into mud by copiously copying her work.

You can refrain from contributing to their livelihood. You can enjoy their work and simply not tip them, even though you can afford to tip them. Fine. We already have a really good term for that in place: cheap asshole. Perhaps we could get it made into a legal term?

Anyway, there are natural responses to the problem of the cheap asshole. The first is the pillory, metaphorically speaking. A good tipping infrastructure will allow you to leave your tips either anonymously or with credit. An advogato-like trust metric will allow folks to rate your generosity in comparison to your means. A well-deployed micro-accounting infrastructure will make artists, producers, technicians, and so forth, accountable for how they spend the tips in pursuit of their art. All of that means that assholes will be highlighted in red, and the object of public scorn.

This is as it should be, and there is a long tradition of such treatment. Read A Christmas Carol if you doubt me. Everyone hated Scrooge because he was... well, you know. A c.a.

The second is based on what I call "laws of information physics". The two fundamental laws of information physics are:

1. Bandwidth between any two points at any given time is a finite resource.
2. Information flows freely as long as there is available bandwidth.

These laws can be exploited to prevent the c.a.'s from propagating:

• First of all, imagine if you had to pay for bandwidth by your usage. Hey, if we're not relying on king corporation any more, someone's got to foot the bill for your 128Kbps chunk of the OC48 to gratefuldead.com. Thus, when you download directly from them, there's a mandatory tip of $.05/MB ($3.00 for a 60MB album). You'd still want to tip on top of that if you liked it; that was just to cover their connectivity. Of course, they may be popular enough, and get tipped enough as it is, to not charge that connectivity fee.
• Imagine if free file-sharing networks allowed you to hook into the aforementioned trust-metric, and determine based on that whether or not you would allow your server to send files to a c.a. Through literal peer-pressure, people would find themselves either tipping liberally, or cut off from the goods.

Such infrastructure can be exploited in a lot of other ways that bring back our ability to trust one another, and to build community even in the massive scale of the Internet and a global economy. People who've had hard times could "get a break." Or if you're a real hard-liner about people overcoming circumstance, you could set your own metrics to shun anyone who claimed hard times, or anyone who was rich without working for it, and not generous with their wealth. "The possibilities," as they say, "are limitless."

I'd recap, but you can scroll to the top for that. The bottom line is that we need to pay attention to the fears and concerns of our fellow individuals, and address those, and not just go spouting off about how we're going to do whatever we please and the industry can't stop us. We all believe the industry can't stop us, because ultimately, we can hide. But who wants to hide? And who wants a world in which sharing is a criminal act? So don't feed their fire. Help your fellow artists, consumers, individuals understand how we can build a better future together, without corporate hegemony.

And be prepared to get arrested in the meantime. But when you do, make sure you come off sane, rational, and reasonable. Make it clear that the man is putting you down. If you're not calm, careful, and likable, your fellow consumers and artists are going to see exactly what the RIAA and MPAA want them to see. And away goes your freedom and their freedom.

P.S. I'd have crossposted this to advogato, but I'm not certified by anyone as having done anything special. So if you're of a mind to, and have a decent cert there, please certify me if you think I can add value to the discussions there. Thanks.

Serious about your frustration with the RIAA and corporatism in general? Try Civil Disobedience. No, really. Be willing to get arrested for possessing the tools we take for granted. I am. But read on...

First, a summary, since this is long and will get chopped:

• We can't win if we look like the bad guys. Therefore, we must clean up our act, both public and private, and be willing to address the real, underlying concerns of our fellow artists and consumers.
• Corporations don't trust individuals; individuals don't trust corporations. Therefore, we must gather all of the individuals together on our side, artists and consumers alike, instead of allowing the corporations to divide us.
• The future is change; everyone is scared. The industry is afraid, but also opportunistic. It believes it can secure a future for itself built by legally forcing nature to behave itself. It attacks the fears of consumers to create this legal impetus.
• The "Tragedy of the Commons" is worrisome. Individual artists are afraid that if they open themselves up to a meritocracy, they'll be raped. We have counterexamples, and we also need to set expectations.

Before you don your DeCSS Shirt, it's important that we get our act together and learn the very powerful art of spin . Don't sneer and say that's beneath us. Right now, the RIAA and MPAA are mobilizing a very powerful political engine. They are engaging in a classic tactic, painting our community's members as pirates and criminals in the public's eye. It's our job to spin right back at them, to recast the debate in terms that make us clearly the good guys, and them clearly the corporate Goliath, out to trample the rights of individual artists and consumers. Here's how...

Start giving props to artists. Start decrying the fact that there's no widely available, secure, trustable infrastructure for "tipping". Start pitting the labels against the individual artists, whom you would compensate directly, if there were a reliable means to do so. Blame the corporate hegemony for this situation. Traditional corporations exist for one reason alone: profit ; profit to the exclusion of all else, including the rights of artists, and the rights of individual consumers. Start pitting the labels against consumers, by using inflammatory phrases like "abrogation of our rights" and "corporate hegemony" (please understand what they mean and be able to defend them calmly, though). As soon as we can swing the focus of our fellow consumers' mistrust and cynicism to the industry, as soon as we can paint ourselves the David in this battle, we will begin changing things.

The reasons for this are simple:

• People root for the underdog. Right now, the RIAA and MPAA are painting themselves and the artists as the underdog against the massive, unstoppable tide of digital piracy and mayhem. As it happens, they may be right, but I'll get to that in a minute.
• People fear for their own property. People want to be "secure in their persons, houses, papers, and effects". The RIAA and MPAA are casting this debate squarely in terms of theft of property because they know that will strike a chord with the public. They want you, the consumer, to believe that, if you don't side with them to stop Napster and DeCSS, you'll lose out just as much as if someone broke into your house and stole all of your CDs.

My freshman year in college, someone stole 250 CDs from my dorm room. 250 CDs that I had worked very hard to afford, and had worked very hard to acquire (many rare imports, anime, etc.). I felt hurt, violated, confused, angry, and all of that. The RIAA and MPAA are trying to connect with those feelings in the consumer public.

We need to be going for the same connection, while also making the connection between individual freedom and liberty. We need to make it clear that we're all for just compensation, and that we don't need Goliath's hand to ensure that compensation. We need to show our fellow consumers that the industry is just in the game for the sake of revenue, and that they don't give a damn about consumer rights, nor do they trust consumers in the least. Yet they ask for our trust that they will justly compensate artists, that they will respect our rights to fair use, that they will treat us as equals (IANAL, but a corporation is legally considered a person.)

The RIAA and MPAA would have you believe that every artist and "legitimate consumer" out there is on their side, and that everyone else is a pirate. We know that's wrong, but what do we do about it?

Get all the individuals on the same side. Artists are individuals. Consumers are individuals. Everything in between the two is corporate infrastructure. The internet makes that corporatism irrelevant to the kind of relationships we could be building with our fellow individuals.

If I play your song, and I like it, I'll give you a tip. If I play it all the damned time, I'll give you big tips, frequently. If Metallica pulled their heads out, they'd understand that they'd make a lot more from me letting me tip them than they are right now, since I won't buy anything new of theirs (even though I really want to).

Things we've taken for granted, as a society, as individuals, and as corporations, are all in the process of changing dramatically and radically. Specifically, traditional notions of property become more meaningless with each passing day. We know how to treat tangible items as property (you're stealing it if you deprive me of it without my consent), but we don't know how to treat intangibles as property; after all, if you copy it from me, how are you depriving me of it?

And if you think that distinction is cut-and-dried, and that it just means we need two classes of property, intellectual and tangible, think again. What's going to happen in a decade or three when nano-technology makes tangible property available to anyone with a handful of garbage, a replicator, and a design?

Now, it's understandable that corporations might be afraid. After all, they might disappear. Or have to reinvent themselves radically. I think they're pretty well aware of that fact. The issue, ultimately, is one of control. The industry wants to control its destiny, but it doesn't have that kind of power. It seeks to create that power, artificially, by lobbying to create laws like the DMCA, that curtail individual rights that are far more powerful than they were when they were granted, 225 years ago, before there was an Internet.

I don't know about you, but I don't want to be controlled by a corporation. I want the freedom to interact with my fellow individuals, to share and communicate and transact by our own rules. I want to write code and trust that you'll compensate me for it justly. And I do. Literally. I have a 100% GPL clause for the work I do. And I trust the community and individuals to be faithful to one another, and to support one another. I don't need a law or a corporation to enforce what ought to be human decency.

The idea that some people will steal all the goodies is worrisome. They can't. Unlike the commons about which "The Tragedy of the Commons" was written, you can't trample up the grass around an artist. You can't turn a director into mud by copiously copying her work.

You can refrain from contributing to their livelihood. You can enjoy their work and simply not tip them, even though you can afford to tip them. Fine. We already have a really good term for that in place: cheap asshole. Perhaps we could get it made into a legal term?

Anyway, there are natural responses to the problem of the cheap asshole. The first is the pillory, metaphorically speaking. A good tipping infrastructure will allow you to leave your tips either anonymously or with credit. An advogato-like trust metric will allow folks to rate your generosity in comparison to your means. A well-deployed micro-accounting infrastructure will make artists, producers, technicians, and so forth, accountable for how they spend the tips in pursuit of their art. All of that means that assholes will be highlighted in red, and the object of public scorn.

This is as it should be, and there is a long tradition of such treatment. Read A Christmas Carol if you doubt me. Everyone hated Scrooge because he was... well, you know. A c.a.

The second is based on what I call "laws of information physics". The two fundamental laws of information physics are:

1. Bandwidth between any two points at any given time is a finite resource.
2. Information flows freely as long as there is available bandwidth.

These laws can be exploited to prevent the c.a.'s from propagating:

• First of all, imagine if you had to pay for bandwidth by your usage. Hey, if we're not relying on king corporation any more, someone's got to foot the bill for your 128Kbps chunk of the OC48 to gratefuldead.com. Thus, when you download directly from them, there's a mandatory tip of $.05/MB ($3.00 for a 60MB album). You'd still want to tip on top of that if you liked it; that was just to cover their connectivity. Of course, they may be popular enough, and get tipped enough as it is, to not charge that connectivity fee.
• Imagine if free file-sharing networks allowed you to hook into the aforementioned trust-metric, and determine based on that whether or not you would allow your server to send files to a c.a. Through literal peer-pressure, people would find themselves either tipping liberally, or cut off from the goods.

Such infrastructure can be exploited in a lot of other ways that bring back our ability to trust one another, and to build community even in the massive scale of the Internet and a global economy. People who've had hard times could "get a break." Or if you're a real hard-liner about people overcoming circumstance, you could set your own metrics to shun anyone who claimed hard times, or anyone who was rich without working for it, and not generous with their wealth. "The possibilities," as they say, "are limitless."

I'd recap, but you can scroll to the top for that. The bottom line is that we need to pay attention to the fears and concerns of our fellow individuals, and address those, and not just go spouting off about how we're going to do whatever we please and the industry can't stop us. We all believe the industry can't stop us, because ultimately, we can hide. But who wants to hide? And who wants a world in which sharing is a criminal act? So don't feed their fire. Help your fellow artists, consumers, individuals understand how we can build a better future together, without corporate hegemony.

And be prepared to get arrested in the meantime. But when you do, make sure you come off sane, rational, and reasonable. Make it clear that the man is putting you down. If you're not calm, careful, and likable, your fellow consumers and artists are going to see exactly what the RIAA and MPAA want them to see. And away goes your freedom and their freedom.

P.S. I'd have crossposted this to advogato, but I'm not certified by anyone as having done anything special. So if you're of a mind to, and have a decent cert there, please certify me if you think I can add value to the discussions there. Thanks.

Serious about your frustration with the RIAA and corporatism in general? Try Civil Disobedience. No, really. Be willing to get arrested for possessing the tools we take for granted. I am. But read on...

First, a summary, since this is long and will get chopped:

• We can't win if we look like the bad guys. Therefore, we must clean up our act, both public and private, and be willing to address the real, underlying concerns of our fellow artists and consumers.
• Corporations don't trust individuals; individuals don't trust corporations. Therefore, we must gather all of the individuals together on our side, artists and consumers alike, instead of allowing the corporations to divide us.
• The future is change; everyone is scared. The industry is afraid, but also opportunistic. It believes it can secure a future for itself built by legally forcing nature to behave itself. It attacks the fears of consumers to create this legal impetus.
• The "Tragedy of the Commons" is worrisome. Individual artists are afraid that if they open themselves up to a meritocracy, they'll be raped. We have counterexamples, and we also need to set expectations.

Before you don your DeCSS Shirt, it's important that we get our act together and learn the very powerful art of spin . Don't sneer and say that's beneath us. Right now, the RIAA and MPAA are mobilizing a very powerful political engine. They are engaging in a classic tactic, painting our community's members as pirates and criminals in the public's eye. It's our job to spin right back at them, to recast the debate in terms that make us clearly the good guys, and them clearly the corporate Goliath, out to trample the rights of individual artists and consumers. Here's how...

Start giving props to artists. Start decrying the fact that there's no widely available, secure, trustable infrastructure for "tipping". Start pitting the labels against the individual artists, whom you would compensate directly, if there were a reliable means to do so. Blame the corporate hegemony for this situation. Traditional corporations exist for one reason alone: profit ; profit to the exclusion of all else, including the rights of artists, and the rights of individual consumers. Start pitting the labels against consumers, by using inflammatory phrases like "abrogation of our rights" and "corporate hegemony" (please understand what they mean and be able to defend them calmly, though). As soon as we can swing the focus of our fellow consumers' mistrust and cynicism to the industry, as soon as we can paint ourselves the David in this battle, we will begin changing things.

The reasons for this are simple:

• People root for the underdog. Right now, the RIAA and MPAA are painting themselves and the artists as the underdog against the massive, unstoppable tide of digital piracy and mayhem. As it happens, they may be right, but I'll get to that in a minute.
• People fear for their own property. People want to be "secure in their persons, houses, papers, and effects". The RIAA and MPAA are casting this debate squarely in terms of theft of property because they know that will strike a chord with the public. They want you, the consumer, to believe that, if you don't side with them to stop Napster and DeCSS, you'll lose out just as much as if someone broke into your house and stole all of your CDs.

My freshman year in college, someone stole 250 CDs from my dorm room. 250 CDs that I had worked very hard to afford, and had worked very hard to acquire (many rare imports, anime, etc.). I felt hurt, violated, confused, angry, and all of that. The RIAA and MPAA are trying to connect with those feelings in the consumer public.

We need to be going for the same connection, while also making the connection between individual freedom and liberty. We need to make it clear that we're all for just compensation, and that we don't need Goliath's hand to ensure that compensation. We need to show our fellow consumers that the industry is just in the game for the sake of revenue, and that they don't give a damn about consumer rights, nor do they trust consumers in the least. Yet they ask for our trust that they will justly compensate artists, that they will respect our rights to fair use, that they will treat us as equals (IANAL, but a corporation is legally considered a person.)

The RIAA and MPAA would have you believe that every artist and "legitimate consumer" out there is on their side, and that everyone else is a pirate. We know that's wrong, but what do we do about it?

Get all the individuals on the same side. Artists are individuals. Consumers are individuals. Everything in between the two is corporate infrastructure. The internet makes that corporatism irrelevant to the kind of relationships we could be building with our fellow individuals.

If I play your song, and I like it, I'll give you a tip. If I play it all the damned time, I'll give you big tips, frequently. If Metallica pulled their heads out, they'd understand that they'd make a lot more from me letting me tip them than they are right now, since I won't buy anything new of theirs (even though I really want to).

Things we've taken for granted, as a society, as individuals, and as corporations, are all in the process of changing dramatically and radically. Specifically, traditional notions of property become more meaningless with each passing day. We know how to treat tangible items as property (you're stealing it if you deprive me of it without my consent), but we don't know how to treat intangibles as property; after all, if you copy it from me, how are you depriving me of it?

And if you think that distinction is cut-and-dried, and that it just means we need two classes of property, intellectual and tangible, think again. What's going to happen in a decade or three when nano-technology makes tangible property available to anyone with a handful of garbage, a replicator, and a design?

Now, it's understandable that corporations might be afraid. After all, they might disappear. Or have to reinvent themselves radically. I think they're pretty well aware of that fact. The issue, ultimately, is one of control. The industry wants to control its destiny, but it doesn't have that kind of power. It seeks to create that power, artificially, by lobbying to create laws like the DMCA, that curtail individual rights that are far more powerful than they were when they were granted, 225 years ago, before there was an Internet.

I don't know about you, but I don't want to be controlled by a corporation. I want the freedom to interact with my fellow individuals, to share and communicate and transact by our own rules. I want to write code and trust that you'll compensate me for it justly. And I do. Literally. I have a 100% GPL clause for the work I do. And I trust the community and individuals to be faithful to one another, and to support one another. I don't need a law or a corporation to enforce what ought to be human decency.

The idea that some people will steal all the goodies is worrisome. They can't. Unlike the commons about which "The Tragedy of the Commons" was written, you can't trample up the grass around an artist. You can't turn a director into mud by copiously copying her work.

You can refrain from contributing to their livelihood. You can enjoy their work and simply not tip them, even though you can afford to tip them. Fine. We already have a really good term for that in place: cheap asshole. Perhaps we could get it made into a legal term?

Anyway, there are natural responses to the problem of the cheap asshole. The first is the pillory, metaphorically speaking. A good tipping infrastructure will allow you to leave your tips either anonymously or with credit. An advogato-like trust metric will allow folks to rate your generosity in comparison to your means. A well-deployed micro-accounting infrastructure will make artists, producers, technicians, and so forth, accountable for how they spend the tips in pursuit of their art. All of that means that assholes will be highlighted in red, and the object of public scorn.

This is as it should be, and there is a long tradition of such treatment. Read A Christmas Carol if you doubt me. Everyone hated Scrooge because he was... well, you know. A c.a.

The second is based on what I call "laws of information physics". The two fundamental laws of information physics are:

1. Bandwidth between any two points at any given time is a finite resource.
2. Information flows freely as long as there is available bandwidth.

These laws can be exploited to prevent the c.a.'s from propagating:

• First of all, imagine if you had to pay for bandwidth by your usage. Hey, if we're not relying on king corporation any more, someone's got to foot the bill for your 128Kbps chunk of the OC48 to gratefuldead.com. Thus, when you download directly from them, there's a mandatory tip of $.05/MB ($3.00 for a 60MB album). You'd still want to tip on top of that if you liked it; that was just to cover their connectivity. Of course, they may be popular enough, and get tipped enough as it is, to not charge that connectivity fee.
• Imagine if free file-sharing networks allowed you to hook into the aforementioned trust-metric, and determine based on that whether or not you would allow your server to send files to a c.a. Through literal peer-pressure, people would find themselves either tipping liberally, or cut off from the goods.

Such infrastructure can be exploited in a lot of other ways that bring back our ability to trust one another, and to build community even in the massive scale of the Internet and a global economy. People who've had hard times could "get a break." Or if you're a real hard-liner about people overcoming circumstance, you could set your own metrics to shun anyone who claimed hard times, or anyone who was rich without working for it, and not generous with their wealth. "The possibilities," as they say, "are limitless."

I'd recap, but you can scroll to the top for that. The bottom line is that we need to pay attention to the fears and concerns of our fellow individuals, and address those, and not just go spouting off about how we're going to do whatever we please and the industry can't stop us. We all believe the industry can't stop us, because ultimately, we can hide. But who wants to hide? And who wants a world in which sharing is a criminal act? So don't feed their fire. Help your fellow artists, consumers, individuals understand how we can build a better future together, without corporate hegemony.

And be prepared to get arrested in the meantime. But when you do, make sure you come off sane, rational, and reasonable. Make it clear that the man is putting you down. If you're not calm, careful, and likable, your fellow consumers and artists are going to see exactly what the RIAA and MPAA want them to see. And away goes your freedom and their freedom.

P.S. I'd have crossposted this to advogato, but I'm not certified by anyone as having done anything special. So if you're of a mind to, and have a decent cert there, please certify me if you think I can add value to the discussions there. Thanks.

Serious about your frustration with the RIAA and corporatism in general? Try Civil Disobedience. No, really. Be willing to get arrested for possessing the tools we take for granted. I am. But read on...

First, a summary, since this is long and will get chopped:

• We can't win if we look like the bad guys. Therefore, we must clean up our act, both public and private, and be willing to address the real, underlying concerns of our fellow artists and consumers.
• Corporations don't trust individuals; individuals don't trust corporations. Therefore, we must gather all of the individuals together on our side, artists and consumers alike, instead of allowing the corporations to divide us.
• The future is change; everyone is scared. The industry is afraid, but also opportunistic. It believes it can secure a future for itself built by legally forcing nature to behave itself. It attacks the fears of consumers to create this legal impetus.
• The "Tragedy of the Commons" is worrisome. Individual artists are afraid that if they open themselves up to a meritocracy, they'll be raped. We have counterexamples, and we also need to set expectations.

Before you don your DeCSS Shirt, it's important that we get our act together and learn the very powerful art of spin . Don't sneer and say that's beneath us. Right now, the RIAA and MPAA are mobilizing a very powerful political engine. They are engaging in a classic tactic, painting our community's members as pirates and criminals in the public's eye. It's our job to spin right back at them, to recast the debate in terms that make us clearly the good guys, and them clearly the corporate Goliath, out to trample the rights of individual artists and consumers. Here's how...

Start giving props to artists. Start decrying the fact that there's no widely available, secure, trustable infrastructure for "tipping". Start pitting the labels against the individual artists, whom you would compensate directly, if there were a reliable means to do so. Blame the corporate hegemony for this situation. Traditional corporations exist for one reason alone: profit ; profit to the exclusion of all else, including the rights of artists, and the rights of individual consumers. Start pitting the labels against consumers, by using inflammatory phrases like "abrogation of our rights" and "corporate hegemony" (please understand what they mean and be able to defend them calmly, though). As soon as we can swing the focus of our fellow consumers' mistrust and cynicism to the industry, as soon as we can paint ourselves the David in this battle, we will begin changing things.

The reasons for this are simple:

• People root for the underdog. Right now, the RIAA and MPAA are painting themselves and the artists as the underdog against the massive, unstoppable tide of digital piracy and mayhem. As it happens, they may be right, but I'll get to that in a minute.
• People fear for their own property. People want to be "secure in their persons, houses, papers, and effects". The RIAA and MPAA are casting this debate squarely in terms of theft of property because they know that will strike a chord with the public. They want you, the consumer, to believe that, if you don't side with them to stop Napster and DeCSS, you'll lose out just as much as if someone broke into your house and stole all of your CDs.

My freshman year in college, someone stole 250 CDs from my dorm room. 250 CDs that I had worked very hard to afford, and had worked very hard to acquire (many rare imports, anime, etc.). I felt hurt, violated, confused, angry, and all of that. The RIAA and MPAA are trying to connect with those feelings in the consumer public.

We need to be going for the same connection, while also making the connection between individual freedom and liberty. We need to make it clear that we're all for just compensation, and that we don't need Goliath's hand to ensure that compensation. We need to show our fellow consumers that the industry is just in the game for the sake of revenue, and that they don't give a damn about consumer rights, nor do they trust consumers in the least. Yet they ask for our trust that they will justly compensate artists, that they will respect our rights to fair use, that they will treat us as equals (IANAL, but a corporation is legally considered a person.)

The RIAA and MPAA would have you believe that every artist and "legitimate consumer" out there is on their side, and that everyone else is a pirate. We know that's wrong, but what do we do about it?

Get all the individuals on the same side. Artists are individuals. Consumers are individuals. Everything in between the two is corporate infrastructure. The internet makes that corporatism irrelevant to the kind of relationships we could be building with our fellow individuals.

If I play your song, and I like it, I'll give you a tip. If I play it all the damned time, I'll give you big tips, frequently. If Metallica pulled their heads out, they'd understand that they'd make a lot more from me letting me tip them than they are right now, since I won't buy anything new of theirs (even though I really want to).

Things we've taken for granted, as a society, as individuals, and as corporations, are all in the process of changing dramatically and radically. Specifically, traditional notions of property become more meaningless with each passing day. We know how to treat tangible items as property (you're stealing it if you deprive me of it without my consent), but we don't know how to treat intangibles as property; after all, if you copy it from me, how are you depriving me of it?

And if you think that distinction is cut-and-dried, and that it just means we need two classes of property, intellectual and tangible, think again. What's going to happen in a decade or three when nano-technology makes tangible property available to anyone with a handful of garbage, a replicator, and a design?

Now, it's understandable that corporations might be afraid. After all, they might disappear. Or have to reinvent themselves radically. I think they're pretty well aware of that fact. The issue, ultimately, is one of control. The industry wants to control its destiny, but it doesn't have that kind of power. It seeks to create that power, artificially, by lobbying to create laws like the DMCA, that curtail individual rights that are far more powerful than they were when they were granted, 225 years ago, before there was an Internet.

I don't know about you, but I don't want to be controlled by a corporation. I want the freedom to interact with my fellow individuals, to share and communicate and transact by our own rules. I want to write code and trust that you'll compensate me for it justly. And I do. Literally. I have a 100% GPL clause for the work I do. And I trust the community and individuals to be faithful to one another, and to support one another. I don't need a law or a corporation to enforce what ought to be human decency.

The idea that some people will steal all the goodies is worrisome. They can't. Unlike the commons about which "The Tragedy of the Commons" was written, you can't trample up the grass around an artist. You can't turn a director into mud by copiously copying her work.

You can refrain from contributing to their livelihood. You can enjoy their work and simply not tip them, even though you can afford to tip them. Fine. We already have a really good term for that in place: cheap asshole. Perhaps we could get it made into a legal term?

Anyway, there are natural responses to the problem of the cheap asshole. The first is the pillory, metaphorically speaking. A good tipping infrastructure will allow you to leave your tips either anonymously or with credit. An advogato-like trust metric will allow folks to rate your generosity in comparison to your means. A well-deployed micro-accounting infrastructure will make artists, producers, technicians, and so forth, accountable for how they spend the tips in pursuit of their art. All of that means that assholes will be highlighted in red, and the object of public scorn.

This is as it should be, and there is a long tradition of such treatment. Read A Christmas Carol if you doubt me. Everyone hated Scrooge because he was... well, you know. A c.a.

The second is based on what I call "laws of information physics". The two fundamental laws of information physics are:

1. Bandwidth between any two points at any given time is a finite resource.
2. Information flows freely as long as there is available bandwidth.

These laws can be exploited to prevent the c.a.'s from propagating:

• First of all, imagine if you had to pay for bandwidth by your usage. Hey, if we're not relying on king corporation any more, someone's got to foot the bill for your 128Kbps chunk of the OC48 to gratefuldead.com. Thus, when you download directly from them, there's a mandatory tip of $.05/MB ($3.00 for a 60MB album). You'd still want to tip on top of that if you liked it; that was just to cover their connectivity. Of course, they may be popular enough, and get tipped enough as it is, to not charge that connectivity fee.
• Imagine if free file-sharing networks allowed you to hook into the aforementioned trust-metric, and determine based on that whether or not you would allow your server to send files to a c.a. Through literal peer-pressure, people would find themselves either tipping liberally, or cut off from the goods.

Such infrastructure can be exploited in a lot of other ways that bring back our ability to trust one another, and to build community even in the massive scale of the Internet and a global economy. People who've had hard times could "get a break." Or if you're a real hard-liner about people overcoming circumstance, you could set your own metrics to shun anyone who claimed hard times, or anyone who was rich without working for it, and not generous with their wealth. "The possibilities," as they say, "are limitless."

I'd recap, but you can scroll to the top for that. The bottom line is that we need to pay attention to the fears and concerns of our fellow individuals, and address those, and not just go spouting off about how we're going to do whatever we please and the industry can't stop us. We all believe the industry can't stop us, because ultimately, we can hide. But who wants to hide? And who wants a world in which sharing is a criminal act? So don't feed their fire. Help your fellow artists, consumers, individuals understand how we can build a better future together, without corporate hegemony.

And be prepared to get arrested in the meantime. But when you do, make sure you come off sane, rational, and reasonable. Make it clear that the man is putting you down. If you're not calm, careful, and likable, your fellow consumers and artists are going to see exactly what the RIAA and MPAA want them to see. And away goes your freedom and their freedom.

P.S. I'd have crossposted this to advogato, but I'm not certified by anyone as having done anything special. So if you're of a mind to, and have a decent cert there, please certify me if you think I can add value to the discussions there. Thanks.

Serious about your frustration with the RIAA and corporatism in general? Try Civil Disobedience. No, really. Be willing to get arrested for possessing the tools we take for granted. I am. But read on...

First, a summary, since this is long and will get chopped:

• We can't win if we look like the bad guys. Therefore, we must clean up our act, both public and private, and be willing to address the real, underlying concerns of our fellow artists and consumers.
• Corporations don't trust individuals; individuals don't trust corporations. Therefore, we must gather all of the individuals together on our side, artists and consumers alike, instead of allowing the corporations to divide us.
• The future is change; everyone is scared. The industry is afraid, but also opportunistic. It believes it can secure a future for itself built by legally forcing nature to behave itself. It attacks the fears of consumers to create this legal impetus.
• The "Tragedy of the Commons" is worrisome. Individual artists are afraid that if they open themselves up to a meritocracy, they'll be raped. We have counterexamples, and we also need to set expectations.

Before you don your DeCSS Shirt, it's important that we get our act together and learn the very powerful art of spin . Don't sneer and say that's beneath us. Right now, the RIAA and MPAA are mobilizing a very powerful political engine. They are engaging in a classic tactic, painting our community's members as pirates and criminals in the public's eye. It's our job to spin right back at them, to recast the debate in terms that make us clearly the good guys, and them clearly the corporate Goliath, out to trample the rights of individual artists and consumers. Here's how...

Start giving props to artists. Start decrying the fact that there's no widely available, secure, trustable infrastructure for "tipping". Start pitting the labels against the individual artists, whom you would compensate directly, if there were a reliable means to do so. Blame the corporate hegemony for this situation. Traditional corporations exist for one reason alone: profit ; profit to the exclusion of all else, including the rights of artists, and the rights of individual consumers. Start pitting the labels against consumers, by using inflammatory phrases like "abrogation of our rights" and "corporate hegemony" (please understand what they mean and be able to defend them calmly, though). As soon as we can swing the focus of our fellow consumers' mistrust and cynicism to the industry, as soon as we can paint ourselves the David in this battle, we will begin changing things.

The reasons for this are simple:

• People root for the underdog. Right now, the RIAA and MPAA are painting themselves and the artists as the underdog against the massive, unstoppable tide of digital piracy and mayhem. As it happens, they may be right, but I'll get to that in a minute.
• People fear for their own property. People want to be "secure in their persons, houses, papers, and effects". The RIAA and MPAA are casting this debate squarely in terms of theft of property because they know that will strike a chord with the public. They want you, the consumer, to believe that, if you don't side with them to stop Napster and DeCSS, you'll lose out just as much as if someone broke into your house and stole all of your CDs.

My freshman year in college, someone stole 250 CDs from my dorm room. 250 CDs that I had worked very hard to afford, and had worked very hard to acquire (many rare imports, anime, etc.). I felt hurt, violated, confused, angry, and all of that. The RIAA and MPAA are trying to connect with those feelings in the consumer public.

We need to be going for the same connection, while also making the connection between individual freedom and liberty. We need to make it clear that we're all for just compensation, and that we don't need Goliath's hand to ensure that compensation. We need to show our fellow consumers that the industry is just in the game for the sake of revenue, and that they don't give a damn about consumer rights, nor do they trust consumers in the least. Yet they ask for our trust that they will justly compensate artists, that they will respect our rights to fair use, that they will treat us as equals (IANAL, but a corporation is legally considered a person.)

The RIAA and MPAA would have you believe that every artist and "legitimate consumer" out there is on their side, and that everyone else is a pirate. We know that's wrong, but what do we do about it?

Get all the individuals on the same side. Artists are individuals. Consumers are individuals. Everything in between the two is corporate infrastructure. The internet makes that corporatism irrelevant to the kind of relationships we could be building with our fellow individuals.

If I play your song, and I like it, I'll give you a tip. If I play it all the damned time, I'll give you big tips, frequently. If Metallica pulled their heads out, they'd understand that they'd make a lot more from me letting me tip them than they are right now, since I won't buy anything new of theirs (even though I really want to).

Things we've taken for granted, as a society, as individuals, and as corporations, are all in the process of changing dramatically and radically. Specifically, traditional notions of property become more meaningless with each passing day. We know how to treat tangible items as property (you're stealing it if you deprive me of it without my consent), but we don't know how to treat intangibles as property; after all, if you copy it from me, how are you depriving me of it?

And if you think that distinction is cut-and-dried, and that it just means we need two classes of property, intellectual and tangible, think again. What's going to happen in a decade or three when nano-technology makes tangible property available to anyone with a handful of garbage, a replicator, and a design?

Now, it's understandable that corporations might be afraid. After all, they might disappear. Or have to reinvent themselves radically. I think they're pretty well aware of that fact. The issue, ultimately, is one of control. The industry wants to control its destiny, but it doesn't have that kind of power. It seeks to create that power, artificially, by lobbying to create laws like the DMCA, that curtail individual rights that are far more powerful than they were when they were granted, 225 years ago, before there was an Internet.

I don't know about you, but I don't want to be controlled by a corporation. I want the freedom to interact with my fellow individuals, to share and communicate and transact by our own rules. I want to write code and trust that you'll compensate me for it justly. And I do. Literally. I have a 100% GPL clause for the work I do. And I trust the community and individuals to be faithful to one another, and to support one another. I don't need a law or a corporation to enforce what ought to be human decency.

The idea that some people will steal all the goodies is worrisome. They can't. Unlike the commons about which "The Tragedy of the Commons" was written, you can't trample up the grass around an artist. You can't turn a director into mud by copiously copying her work.

You can refrain from contributing to their livelihood. You can enjoy their work and simply not tip them, even though you can afford to tip them. Fine. We already have a really good term for that in place: cheap asshole. Perhaps we could get it made into a legal term?

Anyway, there are natural responses to the problem of the cheap asshole. The first is the pillory, metaphorically speaking. A good tipping infrastructure will allow you to leave your tips either anonymously or with credit. An advogato-like trust metric will allow folks to rate your generosity in comparison to your means. A well-deployed micro-accounting infrastructure will make artists, producers, technicians, and so forth, accountable for how they spend the tips in pursuit of their art. All of that means that assholes will be highlighted in red, and the object of public scorn.

This is as it should be, and there is a long tradition of such treatment. Read A Christmas Carol if you doubt me. Everyone hated Scrooge because he was... well, you know. A c.a.

The second is based on what I call "laws of information physics". The two fundamental laws of information physics are:

1. Bandwidth between any two points at any given time is a finite resource.
2. Information flows freely as long as there is available bandwidth.

These laws can be exploited to prevent the c.a.'s from propagating:

• First of all, imagine if you had to pay for bandwidth by your usage. Hey, if we're not relying on king corporation any more, someone's got to foot the bill for your 128Kbps chunk of the OC48 to gratefuldead.com. Thus, when you download directly from them, there's a mandatory tip of $.05/MB ($3.00 for a 60MB album). You'd still want to tip on top of that if you liked it; that was just to cover their connectivity. Of course, they may be popular enough, and get tipped enough as it is, to not charge that connectivity fee.
• Imagine if free file-sharing networks allowed you to hook into the aforementioned trust-metric, and determine based on that whether or not you would allow your server to send files to a c.a. Through literal peer-pressure, people would find themselves either tipping liberally, or cut off from the goods.

Such infrastructure can be exploited in a lot of other ways that bring back our ability to trust one another, and to build community even in the massive scale of the Internet and a global economy. People who've had hard times could "get a break." Or if you're a real hard-liner about people overcoming circumstance, you could set your own metrics to shun anyone who claimed hard times, or anyone who was rich without working for it, and not generous with their wealth. "The possibilities," as they say, "are limitless."

I'd recap, but you can scroll to the top for that. The bottom line is that we need to pay attention to the fears and concerns of our fellow individuals, and address those, and not just go spouting off about how we're going to do whatever we please and the industry can't stop us. We all believe the industry can't stop us, because ultimately, we can hide. But who wants to hide? And who wants a world in which sharing is a criminal act? So don't feed their fire. Help your fellow artists, consumers, individuals understand how we can build a better future together, without corporate hegemony.

And be prepared to get arrested in the meantime. But when you do, make sure you come off sane, rational, and reasonable. Make it clear that the man is putting you down. If you're not calm, careful, and likable, your fellow consumers and artists are going to see exactly what the RIAA and MPAA want them to see. And away goes your freedom and their freedom.

P.S. I'd have crossposted this to advogato, but I'm not certified by anyone as having done anything special. So if you're of a mind to, and have a decent cert there, please certify me if you think I can add value to the discussions there. Thanks.

Wrong comments are an obvious plague, especially in free software where contributers may not have much stake in long-term maintenance. The saying goes: if the code and comments disagree, both are probably wrong. Excessive comments are a more subtle issue, at very least because "excessive" is a judgement call. One thing is clear: with more comments, you can fit less code on the screen or page, which is a penalty not to be ignored (I think this is part of the reason for the productivity of high-level languages). More subjectively, I tend to find that people who write copious comments can't express their ideas concisely, or aren't clever enough to express their meaning directly in code. In many cases, I would rather the author work on code quality than commenting.

When working with other people's code, there is nothing I prefer over code that is so clear, concise, and well organized that I don't notice a lack of comments. Unfortunately, this isn't possible for all problems. I recall an anecdote from Donald Knuth in which he claims he would have been unable to successfully implement an algorithm without literate programming, and I believe it.

However, I was hacking on a piece of free software (vgetty) this weekend, and when I read this article, I realized I couldn't remember whether the code had many comments. I just checked, and found that (the parts I worked with) did not (although the debug output was a partial substitute). But I never missed them, because the code just made sense internally and fit into the larger system in an obvious way.

One final point. At advogato, there is a discussion of how to encourage more contribution to existing projects, instead new projects. What I think was missed there is that an influx of casual novice programmers isn't necessarily a boon to most projects (bug reports and fixes, maybe, new content, less likely). Linux is good largely because it is optimized for sharp programmers who are willing to study the design (and the development process). This doesn't mean eschewing documentation (the in-line documentation system in 2.4 is encouraging), it means placing less value on beginner-level documentation. This is like all things a trade-off, and I think a good one. Ability to understand kernel design is a good test of who I want futzing with my kernel!

This in turn gets around the "tragedy of the commons" in large populations. In small communities one's reputation with the neigbours is important, but in large ones you don't often meet the same people twice, and hence have no incentive to be nice to those you do meet, or to let them see how civic you are.

The Advogato metric has its problems, but its still pretty interesting.

For that matter, Slashdot has its +1 bonus for those with over 20 karma. If you consistently post nice things, your postings get more attention. Same principle.

Can we build a trust metric which can help us identify and reward civic-minded people? What would such a system look like? Any ideas?

Incidentally, "Distraction" by Bruce Sterling includes a rough outline of just such a system.

Paul.

There are two solutions, I think, to the tragedy of the commons. One is to pay people for their disk space and bandwidth. As several other comments have pointed out, this is exactly what Mojo Nation does, using "mojo" micropayment tokens as the currency. I've been playing with it, and though it's been a bumpy ride, it looks very promising. Check it out.

There is another solution, I think, which is using trust to define a community. The set of "Gnutella users" is too large and diffuse to actually define a community. Why should I donate my bandwidth for other people who I don't know and don't really care about?

If, on the other hand, I were sharing files with a much smaller group of people, many of whom I know personally, then it starts feeling more like a community. Of course I want my friends to be able to listen to the music I like.

I propose that the trust system as deployed on Advogato might be a good way to define these communities. Of course, I might be totally wrong about this as well. Only one way to find out :)

Incidentally, the way Mojo Nation is set up right now, it still has Tragedy of the Commons problems. Currently, you don't get mojo for uploading tasty content. In fact, you actually have to pay for the privilege. However, when you share a file, it's not a continual drain on your bandwidth (or diskspace, fwiw). The actual distribution is handled by "block servers", who do charge for their services.

Of course, the Mojo economy is still in its formative stages. I hope, and expect, that actual markets will develop for providing and identifying tasty content.

In any case, file sharing sure promises to be an interesting ride.

Or Advogato or Bruce Perens's Technocrat.net or RootPrompt (of the Cracked! series), or even SmokeDot (though I don't frequent the last one). Slashdot alternatives are a dime a dozen, although I personally think Advogato is really neat, and that K5 was at or near its tipping point to gain equal stature with /. when it went down (which raises suspicions of /.-Andover.net-VALinux conspiracies in minds bogglier than mine). I have a paper I wrote about what makes /. popular, and what would make other sites replace /. Email me to get it.

Anyway, I don't believe Taco has an obligation to post what he thinks the /. readership is interested in. I think he should select what he's interested in and maybe then make a subselection of what he thinks would interest the readers. IMO the personality of the authors is what makes slashdot interesting and when you take that away it loses its charm.

Rob has a bit in the FAQ about that, as to why he won't do K5-type story moderation and submission. He basically says that he think /. is the way it is, and special, because of the unique, exclusive mix of editors and their interests, and he will only go so far in 'open-sourcing' the story posting process. I say, K5 was the first site to take OS philosophy all the way in a /.-style site, and the next one might be the "Slashdot-killer."

This "use it or lose it" view of intellectual property seems to be a pervasive one -- and the only reason for this, I believe, is that it allows people to feel a little better about themselves when they download old intellectual property that they have no right to.

This "pay up or go to jail" view of intellectual property seems to be a pervasive one -- and the only reason for this is, I believe, is that allows people to feel a little better about themselves when they send people to jail for downloading old intellectual property that they no longer sell.

I wrote a book, thought it was horrible, and shelved it, that I wouldn't have any rights because I wasn't selling it?

What difference would it make to you, financially or otherwise (HINT: none). These spurious strawman arguments only prove the weakness of the corpratist point of view.

And put banner ads on the site where you're distributing it at that?

You mean like Slashdot distributing M$ "trade secrets"? If that bothers you, there are other sites, you know.

Isn't it time that people got a little bit realistic here, took a deep breath, and checked if their IP morality isn't just a convenient way of justifying illegal and wrong acts?

An excellent suggestion. I reccomend you try it.

-- Floyd

Similarly, a major reason the law changed is be cause it was unconstitutional restriction on free speech, and we kept backing the government into a corner with lawsuits, lobbying, publicity, and free crypto programs - much thanks to Phil Zimmermann as well as all the academics from Diffie and Hellmann on who worked to get their crypto papers published in spite of NSA pressure on publishers.

DVDCSS is a different issue - there are some legitimate trade secret concerns (though the cat is out of the bag because of Norway's explicit exemptions for reverse engineering), rather than government-run censorship. But the DMCA Digital Millenium Copyright Act has some really terrible law that the Big Media folks got Congress to pass, and the provisions on copy protection are out of proportion and need to be overturned. They were designed to be abused by people like the RIAA and MPAA, and they're fulfilling their design goals :-)

Whoops, scoop.kuro5hin.org seems to be down right now, not surprisingly. You can still the Scoop project on sourceforge, though.

They have exactly what you need.

Thanks for the response, Eric. I was beginning to wonder if I'd gotten swallowed up in the flood of crap that's been posted to all the stories lately. One of these days I'm going to relocate to Advogato and stay there. :-/

XML parsers are readily available, and, as I mentioned above, can be quite small. As for percveived "limitations" on data types, any text-format data can be expressed as XML and sent through a message extension. For binary data, we use the jabber:x:oob (out-of-band data) extension to pass HTTP URIs for data retrieval, which keeps the data from having to be sent if the receiving client does not support binary attachments.

I'm not so sure that I'm comfortable with that. I know that with XML's namespace support, you can easily push XML-based formats inside of one another, but that strategy requires (AFAICT) anything that's not expressible in XML to be sent OOB. The OOB mechanism also would therefore require additional protocol support within the client, beefing its code up just a little more. If I'm understanding it correctly, it also offers a security risk where a sniffer could grab his own copy of the OOB file.

I would instead implement an inband message send/ack/reject strategy for short messages; and for larger messages or files, an offer/accept/reject message strategy that could transfer content either on the same channel (blocking further messages) or another channel, but without the overhead of additional transfer protocols.

First of all, Jabber already supports SSL connections (via the OpenSSL library) for transparent transport-layer encryption. The only drawback here is that not many Jabber clients support SSL.

This is cool, but it is not the be-all and end-all. I've been over the protocol on a few occasions in the past and I just recently looked at the whitepaper. I don't believe this addresses the issue of how a client attached to one server can authenticate itself to another server to the point of being able to subscribe to presence changes of a user of the latter server. If you had even a simple DSA implementation, you could have the user of the latter server say "I'll accept requests from this public key, this public key, etc." and authenticate based on that.

But it's not going to be supported until it can be done right, as it's my belief that poorly-done crypto support is worse than no crypto at all.

I admire you for taking this stand.

And I might also point out that competing protocols either use no encryption, or use something that's a total joke in terms of real security (e.g., ICQ).

This is a fault of those protocols, and something that needs to be corrected by competing proposals. I respectfully submit that it is not an excuse to not implement cryptographic security and authentication. US policy is a pretty darned good excuse, on the other hand. :-/

You might want to take a look at Advogato, specially their so-called trusted metric.

From the mission statement: "The other major focus of this site is a peer certification system. The members of this site certify each other, specifying one of three skill levels. Then, I've got a trust metric that takes the whole pile of certificates and decides a trust level for each member. What makes the system interesting is that it's attack resistant. If a bunch of attackers were to create lots of accounts and mutually certify each other, only a very few would be accepted by the trust metric, assuming there were only a few certificates from legitimate members to the hackers."

Note that I'm not saying that this is better than the /. moderation system, it's just a different option.

You might want to take a look at Advogato, specially their so-called trusted metric.

From the mission statement: "The other major focus of this site is a peer certification system. The members of this site certify each other, specifying one of three skill levels. Then, I've got a trust metric that takes the whole pile of certificates and decides a trust level for each member. What makes the system interesting is that it's attack resistant. If a bunch of attackers were to create lots of accounts and mutually certify each other, only a very few would be accepted by the trust metric, assuming there were only a few certificates from legitimate members to the hackers."

Note that I'm not saying that this is better than the /. moderation system, it's just a different option.

Good luck to you if you do start your own slashdot, but don't get too disoulutioned. There's already alternatives out there, Kuro5hin, Advogato, Technocrat and even Nanodot. The quality of Slashdot really does seem to be going downhill recently. The only thing that keeps me here is that there still are a few interesting things. Bahh humbug, it was all much better in my day....

If Troll Tech wanted to have "GPL with a commercial exception", they could simply license Qt under the GPL and offer a separate commercial license for sale like other companies do.

You did read this and Matthias Ettrich's comments here?

Unfortunately, even Matthias Ettrich misses the target in several of his replies (arguing about something different for what James Ramsey wrote and not adressing the real issues).

As I wrote at the bottom of this article on Advogato, there are a few things to keep in mind when you read the articles and comments posted on Freshmeat:

• There are no problems if you distribute a GPL'd program using Qt, as long as you only distribute the source code. But the GPL and QPL are incompatible if you distribute a compiled executable, because it would be a derivative work (see the explanation below) and the GPL does not allow the distribution of derivative works unless all parts of the work can be released under the GPL, with some exceptions that are debated in the editorial. For example, according to the exception stated at the end of section 3 of the GPL, it could be possible to distribute KDE binaries if Qt can be considered to be a standard part of the operating system and KDE is not distributed together with Qt (which would be a problem for all Linux distributions).
• The GPL cannot force you to change the license of other pieces of code and it cannot force you to use the code in some specific way (in fact, it allows you to do almost whatever you want with the code for private purposes), but it can (and does) prevent you from re-destributing the GPL'd code if you do not meet some conditions. One of these conditions is that all parts of a derivative work must be distributed under the GPL (see section 2b, the so-called "viral clause").
• If you are the author of a piece of code, you are free to distribute it under any license and to change the license (for new versions) at any time. However, this is only possible if you are the only copyright holder. If you have used any code that was contributed by someone else, then all contributors must agree on the new license. This is a problem because some KDE applications (not many, fortunately) have borrowed some code from other applications and it is not easy to get the agreement on the "Qt exception" from all authors and contributors. So although more than 90% of the KDE code could be considered to implicitely have the "Qt exception" because the code was written specifically for KDE, the status of the remaining parts of the code (especially in KDE applications that are not part of the core) should be clarified.
• Some people say that we need a new version of the GPL without the viral clause, because the current version is too restrictive and the new one would solve the KDE problems. But they fail to understand that some authors of GPL'd code do want this restriction, and chose to release their code under the GPL precisely because of it (this does not necessarily apply to all authors of GPL'd code, but those who are in that category cannot be ignored).

I recommend that you read Sam Tobin-Hochstadt's diary entry on Advogato (16 Jul 2000), in which he describes what is a ``derivative work'' according to the copyright law (17 USC Sec. 101). Since KDE falls in this category, section 2b of the GPL requires all parts of the derivative work to be published under the terms of the GPL. Parts of Qt (at least the macros and types defined in the Qt header files if you are linking dynamically, or even the whole Qt library if you are linking statically) are included in KDE binaries, and therefore must be re-distributable under the terms of the GPL. This is in conflict with the QPL version 1.0 (used for Qt 2.0), which adds some restrictions that are not compatible with the GPL. Even the QPL version 2.0 (planned for a future release of Qt?) would not solve these problems, as discussed in the Freshmeat editorial.

If Troll Tech wanted to have "GPL with a commercial exception", they could simply license Qt under the GPL and offer a separate commercial license for sale like other companies do.

You did read this and Matthias Ettrich's comments here?

Unfortunately, even Matthias Ettrich misses the target in several of his replies (arguing about something different for what James Ramsey wrote and not adressing the real issues).

As I wrote at the bottom of this article on Advogato, there are a few things to keep in mind when you read the articles and comments posted on Freshmeat:

• There are no problems if you distribute a GPL'd program using Qt, as long as you only distribute the source code. But the GPL and QPL are incompatible if you distribute a compiled executable, because it would be a derivative work (see the explanation below) and the GPL does not allow the distribution of derivative works unless all parts of the work can be released under the GPL, with some exceptions that are debated in the editorial. For example, according to the exception stated at the end of section 3 of the GPL, it could be possible to distribute KDE binaries if Qt can be considered to be a standard part of the operating system and KDE is not distributed together with Qt (which would be a problem for all Linux distributions).
• The GPL cannot force you to change the license of other pieces of code and it cannot force you to use the code in some specific way (in fact, it allows you to do almost whatever you want with the code for private purposes), but it can (and does) prevent you from re-destributing the GPL'd code if you do not meet some conditions. One of these conditions is that all parts of a derivative work must be distributed under the GPL (see section 2b, the so-called "viral clause").
• If you are the author of a piece of code, you are free to distribute it under any license and to change the license (for new versions) at any time. However, this is only possible if you are the only copyright holder. If you have used any code that was contributed by someone else, then all contributors must agree on the new license. This is a problem because some KDE applications (not many, fortunately) have borrowed some code from other applications and it is not easy to get the agreement on the "Qt exception" from all authors and contributors. So although more than 90% of the KDE code could be considered to implicitely have the "Qt exception" because the code was written specifically for KDE, the status of the remaining parts of the code (especially in KDE applications that are not part of the core) should be clarified.
• Some people say that we need a new version of the GPL without the viral clause, because the current version is too restrictive and the new one would solve the KDE problems. But they fail to understand that some authors of GPL'd code do want this restriction, and chose to release their code under the GPL precisely because of it (this does not necessarily apply to all authors of GPL'd code, but those who are in that category cannot be ignored).

I recommend that you read Sam Tobin-Hochstadt's diary entry on Advogato (16 Jul 2000), in which he describes what is a ``derivative work'' according to the copyright law (17 USC Sec. 101). Since KDE falls in this category, section 2b of the GPL requires all parts of the derivative work to be published under the terms of the GPL. Parts of Qt (at least the macros and types defined in the Qt header files if you are linking dynamically, or even the whole Qt library if you are linking statically) are included in KDE binaries, and therefore must be re-distributable under the terms of the GPL. This is in conflict with the QPL version 1.0 (used for Qt 2.0), which adds some restrictions that are not compatible with the GPL. Even the QPL version 2.0 (planned for a future release of Qt?) would not solve these problems, as discussed in the Freshmeat editorial.

Several people have mentioned using a trust model. So here's an example of one http://www.advogato.org/trust-metric.html

There's been enough publicity about this issue that AOL can't quietly remove Mozilla's (very impressive) image and cookie blocking features. But we should be looking for a general solution to protect all users from tracking, not just a tweakable option that protects only people who know how to compile and configure.

Dan,

Good points and it doesn't need to be done in the browser. It can be done in several different places -- the browser, web proxy, router, name server -- and others linked to from other posts in this thread, like the Microsoft Windows Registry or /etc/hosts. Any one of them works.

Discussions like this one get technical people to block Doubleclick for others -- maybe regular users don't care about privacy, and ISPs won't do anything about it, but you can bet that company sysadmins are paying attention. Confidentiality and paranoia are all in a day's work for them. And considering that many of Doubleclick's client web sites depend on traffic from people who are supposed to be working...well, it's not too long before some of them start dropping Doubleclick. Even if a relatively small number of sites block effectively, the content providers will be increasingly motivated to switch.

And that leaves Doubleclick stock in the shitter, and sysadmins looking from banner site to banner site, saying, "who's going to try it next?"

"No inter-site tracking" will become as much an accepted net business practice as "no spam." Isn't having a villain handy?

Danny.

What if someone set up a system that let each user distribute digital signatures for given combinations of filenames and data? Then each user could distribute a list to help people find real copies of songs, and then sign the entire list. A single malicious user (someone trying to break the trading system) might report that his/her copy of a file matched the correct signature for the file, but the bogus file wouldn't get very far. dissemination of poor-quality copies of songs would also decrease.

Something similar to Advogato.org's "trust metrics" might be useful for deciding whose list of signatures to trust.

Discl: Just thought I'd toss this idea out. I'm not actually knowledgable about digital signatures, and I only skimmed advogato's page and don't know that much about graph theory.

not that anyone is ever going to read this comment, but:

I'm not convinced this Siemens PDA is anything other than a proprietry device. (although I'm probably wrong)

looks like I was