Slashdot Mirror
Developing Subversive Software?
e_lehman asks: "Software development is increasingly subject to corporate legal harassment. Suppose I want to write a program that I know corporate America won't like without being sued or arrested. How do I covertly find collaborators? How do I distribute the code? How can I distribute patches? How can I get user feedback and contributions? How can I prevent someone with a lot of resources from tracking me down? Producing "subversive software" must appeal to a lot of frustrated Slashdotters these days. How would you really go about it?"
"Examples of the problem are familiar: development of DeCSS brought police to Jon Johansen's home (Interestingly, Jon's two collaborators remain safely anonymous). Distribution of DeCSS brought onerous MPAA litigation down on 2600 and others. Development of CPHack landed Matthew Skala and Eddy Jansson with a suit from Mattel. Distribution of a driver for a barcode reader has put Michael Rothwell under legal duress. Openly defying corporate bullying is important, but grueling. Coding shouldn't always risk martyrdom.
Here are some stray ideas and questions in this vein:
- A program could be introduced to the net via a public access terminal. How common are these? Where are they? Is it easy to upload code? How do you then anonymously publicize your program?
- Code could initially be distributed in encrypted form with its function only loosely described. Lawyers would have no solid target until the key was released, which could happen once that cat was safely out of the bag-- say, after a hundred downloads.
- Do compilers slip information into binaries that could be used to identify the author? For example, do MS compilers sneak a registration number in there somewhere?
- Version 1.0 could include a cryptographic hash of a text message included in version 1.1, version 1.1 could inclue a hash of a message appearing in 1.2, and so on. This would let users know that that a newly posted version was indeed from the original authors, without identifying those authors.
- Gnutella and Freenet are obvious distribution models. But surely RIAA and the MPAA are scrutinizing them for vulnerability to legal bombardment. Will they really hold up? A sort of free-for-all model worked for distributing DeCSS; could that work routinely?
How would you go about developing, distributing, and maintaining 'subversive software'?"
I can see the charge now: "Conspiracy to Do Something"
I don't know about how the BBS scene is these days, but up until when I closed my own board, most BBSes didn't keep very detailed logs. To provide an example, I had nothing more than when the last time a user logged in was and who were the previous five callers. Nothing whatsoever about who uploaded what file.
Don't the groups that actually put out "warez" still use an elaborate BBS-based scheme before it gets onto the internet in general?
--
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
Play each sovereign nation off of each other, they're in a constant state of disagreement anyway.
--
What sort of subversive code were you thinking about? Not to incriminate, just curious what sort of ideas there were. I probably sound like a really unstealthy corporate worm right now, don't I.
Moo
IRC Would at least be a good "injection" point for the software, then advertising on usenet etc.
Look at SATAN - Dan Farmer's employer, SGI - was none too happy... ;>
Mostly, I've been thinking about how one could run a website that is difficult to link to its author. The best I've come up with, though, is something on the order of data-laundering, where you pass your updates down a chain of people (who each only know the person before and after them in the chain) until it gets to someone who uploads it, without ever really knowing where it came from.
The trick to that is that you need a chain of people who trust each other implicitly, as you're basically asking them to enter into what could easily be a conspiracy (since they don't know what they're posting or who authored it).
usenetserver.com (and i'd imagine most others) for eg doesn't keep logs of who posted what, so any trail back to you is broken there.
Need someone to start a comp.software.persecuted newsgroup for all these types of things.
It would also seem a good way to distribute as it will be mirrored worldwide very quickly after being posted.
~ppppppppö
CPHack/DeCSS and similar software have problems that revolve around a single issue: there is some sort of secret that needs to be protected/supressed, e.g. decryption code. This sort of functionality can sometimes be factored out, into a plugin of some sort. All the grunt work like a GUI, website, mailing lists, etc can be neutral (e.g. "a program to decrypt arbitrary blocking lists), which couldn't be touched. Then you can release the legally-dubious code by using an anonymous remailer/usenet gateway, in plugin format. Sure, it might be obvious that the same people wrote the plugin, but the laywers can't prove it, assuming you've done a decent job with the remailer.
Are these "divide and conquer" tactics working? Well, they are altering YOUR methods already. If they didn't work, you wouldn't have to ask your question.
Perhaps this is a question you should take up with the EFF or some other such body. They could use as much help as you can give.
bm :)-~
US Democracy:The best person for the job (among These pre-selected choices...)
There's a difference between lawless and free. Last time I checked, members of the Russian media were being arrested and the state was taking over control of television stations and newspapers.
I would suggest a private, secure newsgroup, hosted on your own machine, to allow only your developers to talk to each other. Think of it as your very own BBS for exchanging information and services. As a matter of fact, a BBS would be a pretty good way to a casual RIAA or MPAA port sniff. So ask your developers to dial into your box direct and keep it off the net.
As far as attracting new developers, this one is a little differant. They can't join a team they don't know exists, so look for trade mags and cheap "alternative newspapers" that have a lot of er umm "escort services" advertising in them. If they can advertise witout getting investigated, so can you. Getting their attention without tipping off "the man" won't be easy. It's a lot like winking in the dark. Sure, you know you're doing it, but does anybody else?
I would post all my special tricks and secret shibboleths on a public server, certain to be parsed at least daily by M$ and Echelon, and try to get everyone else involved in "covert coding" to do the same.
I think a webcam would be good too, though I'd have to wear a mask while I programmed. But this is the proce of being a tough underground developer.
Russia was and still is anything but free. Sure you wouldn't have software companies on your ass, but if you did anything politically unapproved you would have the KGB following you around. The USA is a lot more "free" then Russia.
I have taken, and prefer the high road. Hiding, will give the enemy amunition that you are hiding, therefore knowing it's wrong.
If you do something with the belief that you are right, then stand up for what you believe. It's not easy, but large corporations can be fought and you can win. Though some will refer to you as a crackpot.
If you go "underground" anyone who knows, can always surrender your name. You can always submit it to a rogue server from a cash paid public terminal. Use the Gnu or Watcom compiler to make sure that there is no embedded identification code in the executable.
Fight Spammers!
What about requiring an EULA saying "blahblahblah I promise not to use this code to do anything evil blahblahblah"? It works for the big boys, why not for us too? If nothing else, it requires their lawyers to jepordize their own "rights" by challenging the legality of an EULA...
But anyway....
Score:-1, Funny
That's what I thought for a while, too, but I've since changed my mind.
I think that when Putin arrested that media guy, he was simply making the statement that he owed the people who helped him get into power nothing. The media owner had been running pro-Putin content in both newspapers and on television prior to the Russian presidential elections. After a week or so in prison, the man was released.
I could be wrong, of course, but that's the impression I got from it.
--
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
what if someone made a css-auth-generator in Perl. What about a Shakespeare-to-DeCSS-converter? Shakespeare can't be illegal, can it? (except in Texas, maybe)
--
This question sounds a little fishy to me. Maybe it's just my personal opinion, but we aren't ready to go underground yet, are we? For one thing, that would eliminate any sympathy that we might have from the mainstream (it's hard to imagine the public rallying behind a group of anonymous hackers.) Furthermore, our legal system will never change if we simply circumvent it. It's not designed to work that way. Without any (openly) dissenting voices, only the opponents of free speech will be heard. Hiding only reinforces the picture that the government has successfully been painting, of a tiny group of immature hooligans who pay lip-service to "free speech," but really just want to cause trouble.
I'm sure you all think I'm naive, and I'm underestimating the damage that a lawsuit can do, but it strikes me as incredibly cowardly to do otherwise. Personally, I've sent copies of the musical version of DeCSS (a link would be helpful here) to all my friends, so that they can play it on their radio shows. None of them have blinked. Like most "broadcasters" (including authors), they know that because of their position, it is their duty to be the first line of defense against the thought police.
(Aside: Why do all my friends have radio shows? Do hand them out at concerts or something? I want a radio show!)
MSK
The first peice of subversive software that must be distributed is a better distribution channel for subversive software.
I think gnutella is *really* close. FreeNet is nice. Zero Knowledge Systems' Freedom is pretty excellent (from what I read, that is).
We need a free software combination of the three. A system where every node acts as a fileserver, file cache, and an encrypting/decrypting packet relay.
The only way that lawyers could catch people would be to compromise a majority of the nodes.
So, the last layer that we would have to add would be a trust system. That way lawyers would have to compromise trusted nodes. We'd be invincible.
Of course it would suck down bandwidth like the end of the world... Every firewall in the world would disallow it.
Later,
Elwood
--
There are no trails. There are no trees out here.
The only method I can think of to avoid having this happen would be to take it underground. It wouldn't be that hard to set up a private, invitation only VPN. Using the web of trust model and the threat of kicking off a node that jepordizes the rest of the network (By allowing an untrusted leaf to connect through it) we could implement a net away from the common man and the corporate fiends. One pretty much unknown to them. One where we could post program foo without having to worry about getting a phone call from some corporate lawyer the next day, or a week or a month later.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I never thought this might be necessary but it seems like we need to teach the corporate community a lesson.
Do not use any American coders in your open-source project. You heard right, no American coders. Although this might be a bit extreme, it is necessary to prove to the government and to corporations that they are killing the American IT industry. (By American I mean the United States, not Canada or any other country in North America)
If this does not make the companies get the message, then it's their own fault for killing the economy.
US businesses that currently accept chip and PIN/signature
The advantage is that if it was posted to alt.code.subversive.source from, say, Malaysia, it'd probably propogate to The Rest Of The World(tm) before reaching the US...at which point, it'd be too late for a quick-and-dirty yank of the original posting.
What you might also consider is making an announcement somewhere about how/where/when it'll be posted -- a pointer in the C sense of the word. "Look for subert.tar.gz in Base64 after the 15th of every month." The announcement could be made in any number of places besides just the newsgroup -- what if we all know that my user info on Slashdot can be checked for when v1.2 is coming out? And let's not forget the Real World. A classified ad in The New York Times would be an effective and fairly international way of announcing such a thing.
Carousel is a lie!
(Speaking only for myself!!!)
For starters, I'd get my idea to http://cryptome.org/, even though that's guaranteed to get it law enforcement attention, because John Young is a better and more trustworthy newsman as a part-timer (he's really an architect!) than 99.9% of the full timer$. Good people look at Cryptome, and I'm guessing if it upsets authority your project will interest him. You might also post it to cypherpunks, or Usenet, as has already been suggested here.
Of course, you may need to find a way to pay for it somehow, and there's a pretty good chance that some of what you're thinking of has already been done, anyway. Good luck!
JMR
Try e-gold - (contact me). I'm NOT e-
Have a look at this site for some information about anonymous publishing. I found the method they used quite interesting, not too easy to think of it... But I don't know if there are actually servers available that do stuff like this or if all of this is only purely theoretical... Greetings, Alex
Unfortunately, asking questions like these can actually endanger slashdot. Stuff like this would be the first things brought up if anyone tried to make a serious attack (legally or otherwise in the public eye) against slashdot.
At the same time, I'm glad we can still have this sort of discussion. I'm scared to think that the threat of net censorship could make things like this nonexistant, and I'm thankful that slashdot can cover this sort of material.
I realize that this is an "Ask Slashdot," and not actually material by the people who run slashdot. So what. Slashdot is run by CmdrTaco and company, but a very large portion of it is defined by the slashdot community.
In a nutshell, I think everyone should be thankful that we can still ask questions like this.
Cheers.
-- That tickles!
I'll bet he's plotting a one click web fulfillment system- the bastard! *g*
Here is how
Anyone with enough resources will be able to track you down. Big corps usually have good private investigators on the payroll - these guys don't have to play by the rules like the cops/feds do. You can take some steps to make things considerably more difficult, however.
Use a *good* anonymous remailer in a country other than your own. If possible, use several remailers in several different countries. Distribute your software through Freenet and encourage users to set up mirrors. Use encryption software, such as GNUPG.
These suggestions are perfectly legal ways to obfuscate your identity. This is good because if you are caught, there won't be a lot of "enhancement" charges thrown at you (like getting caught with a few grams of pot, a small scale, and a (legal) gun). Depending on exactly how "subversive" this software is, you may decide it's worth breaking a few more laws to reduce your chances of getting caught.
Instead of initially transfering it over the net, why not print it out on say paper, or a t-shirt, something along those lines. It is much more difficult to track anolog items, just look at paper money for example. Once the code is distributed to enough people the cat will be out of the bag and the people who recieved to code can start putting it in digital form and on to the internet.
If you are real ambitious you could hide the code into a picture. Then if you could get this picture into a highly distributed magazine then everyone would have the code and all they'd have to do is scan it and run it through a program to decode it. This picture method would also work if you want to still use the internet to distrubute it, atleast it would help a bit.
I would think if many people have the code before it is posted to the internet it would prove very difficult to prove who's code it is, and they would have to sue every single person who put it up which would take quite some time if they'd even bother.
Hi!
I think you have to decide what you want to do:
If you want to run an Open Source project, hey, that's great. But by its very nature Open Source is open--the very opposite of clandestine. If you're going to write clandestine software you need to maintain an absolutely closed development group--you simply cannot tell the world the names and addresses of all the members in your cadre of 3l33t haX0r d00dz.
Corporations? You're Aiming Too Low
DeCSS may scare the (few remaining) wits out of the MPAA--but ultimately the MPAA is just a trade organization dedicated to staging an awards ceremony. If you really want to have a little excitement, consider doing something really subversive. Say, develop Arabic-language courseware targeted at girls (particularly Afghan girls). Or Bible-club software in modernized Chinese.
I have been involved, in years past, with an ad hoc operation that smuggled Bibles and other Christian books into countries where they were (and in several cases still are) considered contraband. The operation was relatively small--because we had limited funds, and because we depended upon people in-country to handle distribution. Our funds were limited by our need for security--if we'd broadcast to the world that we were smuggling Bibles to women in the Persian Gulf the locals might have caught on. Or worse, caught our contact in-country. Security is paramount.
That said, yes--Microsoft compilers do point to unique identifiers in things like class IDs. A necessary part of the COM interface requires a globally-unique identifier--that identifier of necessity points to your machine. That doesn't make it easy to find your machine--it only means that once the authorities get to your door they can prove that a particular class or DLL was originally compiled there. (That is, it was compiled there first--subsequent compiles on other machines won't change the class IDs, so those later builds will still point to your machine.)
You said, "free country"
DO YOU MEAN free-as-in-BEER COUNTRY,
OR Free COUNTRY!
Free countries must use the Gnu Public Constitution(tm), or they're not really Free, merely free!
{grin}
WWJD -- What Would Jimi Do?
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
So a little gedankexperiment: You take to work a little palmtop something or other -- actually, this would be a perfect task for a Tiqit computer -- hook up a small hard drive (hell, you get 10 meg drives free at Burger King these days), hook it up to the ethernet at work, and stuff it behind some drywall. Voila, instant hidden server. (Best Ron Popeil voice: "Just set it...and...forget it!") You access it from public terminals/net cafes, following the usual precaustions (stay away from where you live, pay cash, don't use the same place twice), and you don't keep logs on the damn thing.
Before the flames start, IANAY (I Am Not Awake Yet), nor do I know much about networking. Is this sort of thing feasible, or is it just another cool idea that is utterly impractical? Anyone?
Carousel is a lie!
Look at the ruling in both the CPHack case and the DeCSS case. They are using the "working in active concert" bit to stop linking and mirrors.
The Napster is turning around the burden of proof on an infringement case.
Even so, big companies is using the expense of litigation to beat people into submission. That is why Jon settled with Mattel, not being able to afford to defend it. Not the issue of propriety of his acts.
Fight Spammers!
Simple: give the program to your friends on a floppy disk (or zip, or CD-R, or your media of choice).
For more effeciency, you can even attatch the disks to your school/office/organization (physical) bulletin board for anyone to use.
And if you don't want the disk traceable to you, wear gloves while handling it and don't let anyone see you handing it out.
Then when the program makes it's way onto the 'net, it won't be *your* problem...
Sweet Skepticism of the Heart --
That knows -- and does not know --
And tosses like a Fleet of Balm --
Affronted by the snow --
Invites and then retards the Truth
Lest Certainty be sere
Compared with the delicious throe
Of transport thrilled with Fear --
-------------
Anonymous Emily Dickinson LIVES!
Jesus Christ, how in the world did this woman manage to anticipate all these slashdot articles so many decades before they were published? +1, Interesting, +1, Ontopic!
Another poetry lover remains,
Gratefully yours, WDK - WKiernan@concentric.net
Come on, it's a BIG MONEY involved!
American lawyers/companies do not have any morals; they do what they need to protect their money. It's enough to sue the shit out of you if you live in the US, but if you live in Russia, they send some money to mafia (or cops, that are basically another mafia branch anyway), and the mafia breaks your neck and/or "confiscates" your server, so that other people think twice before doing anything like that.
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
---------
Of course, you could write a DeCSS worm and aim it at the MPAA and RIAA.. with the legal address books they have it would probably hit Kevin Bacon's list on the second mailing and then everyone in the world would have it by noon. .. dare anyone suggest the MPAA or RIAA is not
using Microsoft Outlook as their primary tool? .. no comments from the monkey farm.
David Madore wrote a paper about using XOR to be able to publish information without the author being trackable. I suggest you read it.
I wrote a program called Pad which implements this scheme, if you're interested. I also have a public pad repository, one of many repositories which have links on David's page.
--
--
grep "xercist"
I've always wondered how feasable it would be to set up a LARGE virtual network on top of the internet. The problem would be making sure that only trusted people get onto it.
Once you have this large network, you'd be free to do whatever you wanted on it, with not much worry of law enforcement, government, or clueless people interfering with your work.
Think about it, multiple IPSec tunnels to different nodes, and gated running with OSPF or BGP4 for dynamic routing updates in case someone elses node goes down.
Of course, you'd be reliant upon owners of the other nodes keeping them secure. Maybe a linux distribution that is specifically for making a node for the network would be better rather than trusting each user to set up and secure his own box. Run the installer, give it an IP, and tell it where a couple of nodes are. Make extensive use of encryption, especially for authentication, an you're all set.
For an nice layer of anonymity, it would be nice if freedom.net allowed IPSec tunnels through their network. Although ssh works, and you can always do ppp over ssh.
There's endless possibilities to how this could work, but it would certainly be an interesting project.
Need Free Juniper/NetScreen Support? JuniperForum
I caught that Mattel making inconsistant arguments and used it against them. They claimed that they should have an unfettered right to file lawsuits, but they filed (and lost) a lawsuit against someone for filing a lawsuit against them.
Fight Spammers!
- Libarays
- Cyber Cafes
- Schools
Unfortunatly you do not have control of where your "subversive" software is going to go. Though I think piracy is one of the best things in the world for a software company (look at what doom did for id) when you are writing war programs and hacking programs and they are good they take on a life of their own... Along time ago I wrote a simple mail program (that didn't have good intentions hehe) and gave it to one friend. About 2 years later I was looking for war scripts for irc and about 7 out of the ten that I checked out came with my lil old program (that didn't have good intentions). This is from writeing a simple program for my use and that of that one friend I let use it. I had no control of it. Information is free and wants to be seen. It will find its way to the masses if it can...Do you know that the phone company has a log of all phone calls going through its system ???
:bbs_number;
This way a small BBS will be "decrypted" immediately; FBI just needs to run a query like:
SELECT DISTINCT originating_number
FROM all_phone_calls
WHERE target_phone_number =
against the phone company's data warehouse.
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
Go to IRC meet some geek from Europe. PGP the source and send it to him. He can then safely redistribute it (because he lives in a free country). The net is soo large and if you are careful there is no way they can catch you. Good luck!
p.p.s. stalin wasn't russian, he was georgian, and spoke russian with a georgian accent. russia has a history of being controlled by foreign powers. i'm thinking China hits 1.5 billion people, goes 'wtf' and charges across siberia, storms moscow, and subsequently controls 1/4 of the world landmass.
;-)
Don't even hope!
No such thing happens while the world has nuclear rockets.
As for the government, IT IS mafia, or at least the significant part of mafia.
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
if you are planning to use the Sorensen codec .DLLs to view Sorensen Quicktime files, don't release your software under the GPL. You'll get it from both ends!
Stating on Slashdot that I like cheese since 1997.
I'm not going to talk about the ethical arguments and/or benefits of not publiching subversively, just give you my ideas:
1) Usenet - Post anonymously, using a chain of remailers. Some info Here.
2) E-mail - Sign up for an account that won't be logged or tracked, like Hushmail
3) Access - Floppy disk and public-access PC, like in a library.
4) More - You could try Crowds.
5) More - Take a look at The EFGA Anonymity page
Michael
...another comment from Michael Tandy.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
You seem to have an overly high opinion of the "conformity", if you will, of corporations. There are companies that let you gamble and buy drugs, steal music and videos, and hire prostitutes, all over the web.
What on earth could you be doing thats is worse than this?
I have a funny feeling that you're a minor-league developer who has let the slashdot "black-helicopter" club feed your paranoia.
- Start with an anonymous remailer as described in The Anonymous Remailer FAQ.
- Next, create a NEW PGP key (that's not related to your name, DUH!) and upload it to one of the many PGP Keyring servers, such as at pgp.mit.edu.
- Next, create an internal CVS tree with your source code. Tar it up, split it, md5sum the file, and attach both to a mail message pgp signed with your anonymous key. Mail this to the remailer with a USENET news header of your favorite newsgroup (make certain all your friends know the correct newsgroup to puruse).
- Now, all your friends need only suck down the attachment from the agreed upon USENET newsgroup and create their own CVS trees.
- They all follow the same steps, only they post patches, along with an MD5 sum of the patch+original CVS source tree (tar'd, or individual file)... this way you know when you're applying the patch that it's against a current revision).
There you go, because you're using an anonymous remailer it's completely anonymous. Because everyone is signing the USENET post with their (anonymous) PGP keys it's absolutely certain proof of authenticity from the author, and because you're MD5 suming either the source tree tarball or individual files you can be certain that the patch is against a particular revision of the source tree/file.Answer your question?
Come on folks, you've all been watching a bit too much X-Files.
Is it still possible to send out tarballs & updates to a binary newsgroup through the anonymous remailer systems?
Then there's just a chain of logs to follow--a subpoena of proxy n's logs yields the address of proxy n-1. The boundary condition at n=0 is the IP address of your machine, and the process server is at your door.
If I were inclined to distributed such software, I'd start with Usenet, via an anonymous remailer, via freedom.net specifying three offshore servers in different countries. And I still wouldn't feel really comfortable that I was anonymous.
Cool story on your link about the Radio Moscow stuff--but the FBI finding him probably wasn't as hard as it would seem:
:>.
1. The letter was probably mailed from a relatively local (30 miles) post office.
2. At the time, there probably weren't a whole heck of a lot of Teletypes within 30 miles of his town. (I don't think that characteristic would have been obfuscated by the thermal copying--in fact, there may not have been many thermal copiers, either.)
3. Simple human interviewing probably led the FBI to the "troublemaker" type.
In other words, I don't think the FBI had to analyze the paper in the envelope, track the manufacturer, find out where the envelopes were sold, etc.
(This sounds like some pranks I've thought of, though mine aren't near as clever.)
Back on topic, the lessons learned would be:
1. Don't use your home machine in any way (compiling, copying, etc.).
2. Don't use a machine anywhere "near" you (geographically or organizationally), or at your school, or employer, or somewhere easily connected to you.
3. If you use a public terminal (direct analogy to the post office here), make sure it's more than 30 miles away
There are some exceptions to this to watch out for. Members aren't protected from blatantly illegal acts. You couldn't set up a non-profit to burglarize houses, for example, and expect to avoid jail time. You would also probably want to keep software generic enough that it is not obviously subverting one particular technology (I think this was mentioned in another post). You would also want to make sure that anyone publicly donating code (getting credit) is actually a member or an official volunteer, so that they will not get burned by a personal lawsuit.
As always, I'm not a real lawyer, I just play one on /. Please talk to a real lawyer before taking my advice.
First, understand military strategics. Read up on it in the library/on the web - I don't mean online terrorist sites.
If you have collaborators, maintain a distinction between the political wing and the active wing (remember the IRA/Sinn Fein dichotomy) and the asses the Thatcher govt made of themselves in the 80's when they tried to silence Sinn Fein (the political wing). this might be a good way to set up the forthcoming PATENT INFRINGEMENT UNDERGROUND(...???...)
Put stuff together in general infringemnt libraries to maximise distribution impact
Use public key cryptography to make sure that folks will come to recognise a particular release series - not susceptible to hijacking Take some care over the key
Release public specs, advising open authors how to build interfaces into the software that will streamline integration with the covert code without it being itself illegal careful - contributory infringement This could also advise other shadow coders of how to contribute while minimising direct personal contact.
Actively promote the ideas of software freedom. The right to control your own software environment. It would be good if every free software author, actually everyone who can write code, can make some contribution however small.
I'll be doing all these things (assuming I remain at liberty). As for others, we all have our own martyrdom.
How deep is your fear - and HOW DEEP IS YOUR FAITH?
My business/legal knowledge is minimal, but I think the safest way is to incoporate yourself, so to speak.
Create a business, file the proper papers, and have the software be created for the company.
Generally, the company can be held liable for the sins of its products, but the employees can't.
This is why MS may be broken up, fined, etc., but Bill Gates won't go to jail.
Any lawyers out to there to clarify or correct?
-----
D. Fischer
ShoutingMan.com
Don't post an article on Slashdot asking how to do something subversive if you plan on doing something subversive.
Possibly we should start (virtually) hanging out with some of the better crackers and warezers out there, some of them have been going forever without having been caught yet.
Another idea antiquated as it may seem would be to use the post, you write the program, drop a load of copies in the post to people you believe to be sympathetic, they get it, and drop a load of copies in the post to people they know. Pyramid distribution, nobody knows who started it, no one knows who has it...
~ppppppppö
"Martyrdom"? Sometimes the preposterous, self-righteous bs here on Slashdot gets so deep I feel like putting on my rubber boots.
So you want to do some noble "power to the people" project that "corporate America won't like". Well, two things come to mind. One possibility is that you want to create something wonderful, like an extraordinary browser (Mozilla), or a whole operating system (Linux), or any number of other superb products that legitimately compete ferociously with products of "corporate America" like IE, Solaris, Oracle, etc. If that's the case, then the number of ways you could contribute to the world is virtually limitless, and you don't need to sneak around to do it. "Corporate America" calls it "competition", and it goes on above ground, in the light of day.
The other possibility is that instead of creating something of value yourself, you feel an adolescent urge to be a big hero to other adolescents by finding ways of stealing things of value created by others. You have some cartoonish image of "corporate America" as The Evil Empire from Star Wars, and you're some noble code Jedi with a compiler for a light saber. I suspect you're in this camp. I'm mistaken, then these comments apply to those who are, but not to you.
"Corporate America", in reality, isn't one entity, and it isn't even American. It is the majority of working people in the developed world and the relatively consistent conventions they've established for cooperating as groups and individuals to convert the hours of their lives into things of value, which they then trade with other groups and individuals. It is also the relatively consistent conventions they've established to prevent people and groups from stealing from one another, forcing them to have to produce things of value themselves that can be used in voluntary trades. That increases the pot of goods and services rather than just shifting them around.
There are plenty of areas in commerce where reasonable people of good will legitimately disagree on areas of legal policy. There are also countless inequities and inefficiencies in a system that still requires human lawyers to argue the edge cases. Those with the biggest legal budgets tend to win more than their fair share of edge cases.
Unfortunately, there are also a lot of people who think it's their right to steal anything that they can get away with stealing. They frequently point to the inequities of the system as a rationalization for their base desire to simply steal something rather than trading for it.
Instead of pouring your energies into finding ways to steal from your neighbors, whom you refer to as "Corporate America" to make it sound noble, why don't you find a charity that can't afford to pay for "enterprise software" and build something for them from open source components?
Or why don't you find a way to extend the features of some open-source system to cover the needs of a group that doesn't yet have the necessary level of computer literacy to do it for themselves?
Or why don't you go out and create music or great films or whatever, and then give away what you've traded the hours of your life to produce, instead of trying to give away the hours of other peoples' lives?
"Those who have never entered upon scientific pursuits know not a tithe of the poetry by which they are surrounded."
1) E-mail
Setup a nym account with one or more of various nym servers out there:
nym.alias.net
redneck.gacracker.org
OR, you can get a paid for nym account with ZKS:
ZKS Freedom Net (They are taking applicants to beta test their Linux port now)
This takes care of having an anonymous bi-direction e-mail account that people can contact you through and will be secure from the attacks of a determined foe (be sure to change your reply blocks often though).
2) Publish the code somewhere publicly available, like the web or usenet.
The next problem is distributing your code. What you need is a means to publish the code anonymously.
Web
To contact sites like sourceforge anonymously, which provide you with a nice mechanism for releasing the code and storing it somewhere, you need a web anonymizer or an anonymous routing scheme like ZKS.
Several solutions exist to do this. In order of highest security:
ZKS Freedom Net
CROWDS
Anonymizer
Usenet:
Usenet is means of publishing your code that is even more resistant to censorship attacks than publishing the code on a website:
mail2news gateways. These allow you to post an e-mail message to usenet, preferably after you have anonymized it thru several remailers. Posting to usenet is an EXCELLENT mechanism for getting past the most determined censor. As long as you don't start spamming your distribution, and thereby driving your BI up, you can be pretty sure that your post will not get robo-canceled. If you want to be really fancy, you can encrypt the message, publish the password in another forum, and then post the conventionally encrypted message to aalt.anonymous.messages. This will defeat efforts to automatically find your post on usenet and then issue a third party cancel for it.
Here is a list of known mail2news gateways:
mail2news AT nym.alias.net
mail2news AT zedz.net
mail2news AT mixmaster.shinn.net
Send a message to one of the above e-mail addresses with "help" in the subject for instructions on how to use the gateways.
Python
Python
What if there's no money to be had? What if the individual wants to do something that he believes is of social importance but doesn't have a great deal of direct monetary worth?
There are companies that let you gamble and buy drugs, steal music and videos, and hire prostitutes, all over the web. What on earth could you be doing thats is worse than this?
There aren't any corporations selling DeCSS, though - why is that?
Just because some corporations do subversive things, doesn't mean that there aren't any problems with developing subversive things, and it doesn't mean that individuals shouldn't consider the problems they might encounter doing something like that.
On one of the DeCSS sites, the author of the site's content had a copyright statement making the content free to all, but that the MPAA and their employees and contractors were not prohibited from using (or event viewing) it. If a percentage of web sites adopted a similar policy, things might someday start to change.
Microsoft is the king of subversive, evil, and unstable code!
M$ isn't evil, they are the bad kind of good. There are good and bad kinds of evil, and there are good and bad kinds of good. Also, there is nothing subversive about unstable code. All the major companies and government agencies make horibly unstable code every day. The ignorant masses actually like them because they don't know any better. If the ignorant masses prefered subversive programs, then M$ would still be bad, and it would be evil because it wouldn't be what the people liked anymore.
-- if schools give nicoteen patches to kids who smoke, shouldn't they give
cafiene pills to those of us who drink upwards of 30 espresso shots a day?
The book Disappearing Cryptography is an introduction that explains much of the science of steganography. THere's an ample discussion of Dining Cryptographers nets which are a fairly basic way for several people to hold a discussion without revealing who is speaking. The book is a bit old (companies like Zero Knowledge are now doing cooler things), but it's not bad.
The major problem with any type of anonymous posting/remailing is that no matter what, logs are kept, regardless of what the end site says. Routers and such keep logs, therefore making it almost impossible to leave no logs. Would it be possible to implement a new protocol/driver without using TCP or UDP that would provide a direct connection to sites and still maintain anonymity? Also, if code were distributed in a slightly altered form, so that it would be more pseudo-code than code, would it be protected under the 1st Amendment? If so, it wouldn't matter if it was published anonymously or not, because it and you would be protected.
Come on, this "article" is such a troll!!!
in this age of communication i'm just not getting through
The identifying part usually comes from your network card, if you have one. (If you don't have one, you're actually fairly safe from this particular issue.) You could indeed use one network card to generate IDs, then hide it or destroy it, and use a different card the rest of the time. Or you could just generate IDs with your network card removed.
I think the balance of power is seriously shifted in favor of corporations. It's not just a question of "stealing" copyrighted material, it's also about the customer's right to use that material in reasonable ways. Even though I don't agree with the use of Napster to perform large-scale free distribution of copyrighted work, I think things like Napster and DeCSS are important in order to reach some kind of acceptable balance on these issues, and ultimately to declaw UCITA, DMCA et al.
"Conspiracy to Think Independently"
Oh wait, you can already get in trouble for that...
What about using some sort of radio transmission for distributing your source?
Like some sort of network of home made radio repeaters spreading the word or something.
That way you're able to bypass two main logging mechanisms, the phone company and the ISP.
Gnutella and Freenet are obvious distribution models. But surely RIAA and the MPAA are scrutinizing them for vulnerability to legal bombardment. Will they really hold up? A sort of free-for-all model worked for distributing DeCSS; could that work routinely?
I was hoping this would happen with the CueCat drivers, but apparently it hasn't. Then again, it is trivial to write a program to use it.
---
[ approaching AI ]
Put together a number or random pads and a contrived pad which when XOR'ed with a commonly available html (or similar) version of Hamlet would result in the DeCSS code. Easy.
Come test your mettle in the world of Alter Aeon!
My own answer has been along these lines- I will create to the best of my ability and use the legal system to defend the interests of the people I'm creating for. That's sometimes meant GPLing software, when I could- my software is frankly not world-class, it's not really my area of expertise- and now it's beginning to mean that I must put together not only my recording studio, but also CD mastering and duplication, and even hosting for free audio. The studio's done and quite functional- CD mastering and even Video CD mastering is dead simple- duplication's going to cost me some serious money, I'll be taking out a bank loan when I have my ADAT paid off to get a duplicator- and hosting is beyond _my_ reach though I need it desperately.
All this is needed because I can't trust the commercial sector to handle it for me. The breakdown goes like this:
- Studio: the $75 an hour I'm asking is actually very low for a studio. This part is pretty straightforward- studios are service oriented and it's more a financial question than anything else.
- Mastering: mastering houses charge a _lot_ of money for what they do- the gist of it is that you can't seriously tailor the frequency range and soundstage of your CD while listening over pathetic little nearfield monitors. The need for an extra pair of ears on the project is somewhat counterbalanced by the fact that these days, mastering houses are increasingly forced to brutally compress their results until average levels are about 1 db down from peak. This sounds appalling but is louder than the competing songs on the radio
;P
- Duplication: currently having a burner will do- one nice thing about being a geek is ability to track down things like Mitsui CD-R media with process color surface-prints: it can cost six times what you can find cheap media for, and maybe twenty times what commercial CD materials cost, but archival quality is substantially better and honestly, there is a place for a quality argument. The point at which the commercial product is cheap crap at premium prices is the point at which the quality argument at reasonable prices starts to substantially work. The trick is you have to make all aspects _look_ professional- hence the process color media print, at 400 dpi carefully color corrected (the guy who does the CD printing called this 'overkill', to which I replied 'good!'
;) ) When things develop to the point that I need more duplication, it will be time to talk to my bank about the next bank loan- currently I'm paying one off for my 20-bit ADAT studio recorder, it seems reasonable to think in terms of another to get a serious CD duplicator. I'm also excited about the possibilities of producing Video CDs- which can be played in DVD players. Hooray, an accessible format for short video that can piggyback on the leverage of the stinkin' MPAA! I may get a DVD player just to test my VideoCDs on :)
- Hosting: This is the killer. I don't have any way to offer _this_. I have done some research, however, into what needs to be out there.
This last one is the hardest one, and I'm not sure how to address it- and this post is about how I'm trying to address each issue personally instead of announcing that 'someone should' do this stuffBasically, I see a pressing need for just plain media hosting on a massive scale. It could well be restricted to mp3 and ogg vorbis (hell, include wma). It could also be restricted to 128K on two assumptions: one, it'll be important to not have everyone doing 320K and using up two and a half times the resources for their stuff, and two, it's low enough quality to justify being giveaway stuff and high enough to basically enjoy. It will not pay musicians one cent for the downloads- on the other hand it will not _charge_ musicians a cent for the hosting. Most importantly, it will have a usage agreement that protects both parties, asks only nonexclusive rights to host the material, claims no copyrights to the material, and requires any contract changes to be explicitly signed off on by the artist. (This last one is the main thing mp3.com just lost in their contract alteration).
Instead of instantly planning to fund the thing off ad banners (aren't we all sick of that by now?) I propose the hosting service be incorporated... as a 501c3 nonprofit corporation. This is a VERY IMPORTANT point for protecting artist rights in the current climate. The 501c3 must have an explicitly spelled out mission statement that it must abide by to maintain its nonprofit status. It can seek grants- it could even solicit money from the RIAA labels, 'leeching' off them to provide its services in perfect safety. It can pay server operators a relatively decent salary for doing their jobs- you wouldn't have to go hunting for MCSEs, you could spec out a proper high-load server farm and pay to have it run properly, nonprofit doesn't mean it can't pay employees a normal wage. Finally and most importantly, a 501c3 answers to the IRS and has to follow certain rules or cease to exist. It CANNOT be bought out, either in a takeover or a merger, by a commercial corporation. It can only be bought/merged with another 501c3- and for this to happen both 501c3s must have essentially (literally?) the SAME mission statement, not differing ones- and it is so hard to change a 501c3's mission statement that you might as well disband it and start a new one. And when you disband a 501c3, all assets it has must be distributed to OTHER 501c3s covering the same basic area.
When you look closely at these things (I have a friend who is expert at framing charters for 501c3s and knows all about them and has a terrific batting average for his 501c3 proposals being approved), it's amazing- almost GPL-like- it's a form of legal incorporation that uses the meanest parts of the US government (the IRS!) to protect you against rampant corporate abuses. If you are a 501c3 no commercial corporation can touch you- they can give you money for a tax break, and that's about it. They can't buy you out. They can't shut you down- even if they for some reason got totally Mafialike and pressured all your boardmembers to disband the corporation, your resources simply get distributed to other 501c3s doing the SAME JOB. It's like the liquid metal Terminator- no amount of force can destroy you! All watched over by the IRS with gimlet eyes. You don't have to vigilantly guard against, say, major labels subverting you and making you a profit-earning subsidary. The IRS will vigilantly guard against that :)
I'm not sure what the software sphere would need in terms of a 501c3 to develop ideas that need to remain free of corporate control. I do know the needs of my own sphere- music, media in general, video as that becomes a factor. The music sphere needs free hosting because a musician who's even slightly prolific will rapidly exceed the bounds of any personal site or typical hosting service, and it seems like most/all of the music/mp3 hosting services on the net are RIAA label controlled or copying their contractual provisions.
In order for musicians to be able to function outside the confines of RIAA ownership, they need to have the ability to own the means of production (easy: CD burners and duplicators and Internet sales) and the ability to circulate music to people who don't know the music yet. It really isn't necessary to have one recognizable site for people to _browse_ from (mp3.com is full of bands who've never been listened to- I always got most listens from mentioning what I do on Slashdot), but it is necessary to have a site with acceptable policies/contracts which won't need to be changed or moved. Wherever it is, there needs to be a fair amount of stability so that the musician can distribute CDs, posters, handouts with the URL on it. Because of mp3.com's change of contract, I have posters, CDs out there, even 24 cassette tapes that haven't even been _recorded_ yet, all with the mp3.com addy on them, which is now obsolete.
The common factor here is that it's all about giving _my_ material a base of operations that's not easily destroyable by corporate interests. I'm not attempting to, say, sample RIAA label acts and use their music as part of my composition. I am not negativland ;)
A very good question would be, how important is it to pursue development on IP that corporations have claimed as their own, and how important is it to defend IP that is actually original? Most of my response has been centered on defending the ability to produce and distribute stuff (music, video) that is original, knowing that the _facilities_ for this production and distribution are under continuous attack, but my right to produce is not actually in question.
Are programmers in danger of losing their right to produce, or is the perceived threat simply that anything programmers do will be patented by corporations and taken away from them? There is a point at which this begins to seem unreasonable. Somebody at Amazon _thought_ they invented one-click ordering, which is stupid but doesn't necessarily mean Amazon set out to 'steal' stuff from the public domain. I question the wisdom of assuming, from the start, that what YOU CREATE is so doomed that it must be 'subversive' to survive. I would suggest trying to remain visible and CREATING stuff, quite openly. Use contractual tools like the GPL to protect your interests. Don't assume you're so outclassed that you must go into hiding! We're looking at an era of much legal rule-changing. Some of the rules are changing to heavily favor corporations and piracy, by them, of intellectual property and other types of property and privileges. Some of these rules will be changed BACK once the consequences are clear. Act as if the world was fair and you had rights! Behave in good faith and don't knuckle under to the appearance of oppression. Act AS IF you had rights, know what they would be if you had them. Don't act like you are a criminal just because some other entity profits by criminalising you.
The last word is this- when you create, you set the rules. My CDs will have "All commercial rights reserved- noncommercial copying OKAY" at the bottom of every single one of them. If the RIAA manages to make (for instance) copying of tracks off audio CDs automatically illegal, I will happily participate in a test case: someone can rip my stuff and put it on Napster, and I will testify that I explicitly allow such noncommercial copying of MY CDs, thus no blanket rule can be made. The RIAA DOES NOT HAVE THE RIGHT to set MY rules, and my rules for my CDs permit noncommercial copying. I'm even spelling it out on the CD itself where it can't be missed- my wishes _will_ be respected. That's justice.
Here's what I will use when I grow up, get a job, my own address and own computer and internet account.
I am getting so paranoid and worried seeing all the basic freedoms slip away that first of all, in the real world, I will try to give as little information about me as possible. I already do this on the net.
And for my internet use, I will use Freedom from zero Knowledge. It can make your online activity totally private. So you write your program and unleash it on the unsuspecting netizens totally anonymous.
And if you're worried about compilers putting strings in the executable, why not use some free compilers like DJGPP or Cygnus? You can always find a free compiler with sources so you know exactely what it does, or just distribute the source code.
It would be a matter of "intent."
The outrageous distortions and outright lies used to demonize software such as DeCSS, combined with the sledgehammer tactics against the people who dared distribute it or merely talk about it, proves that the system is grossly broken. There are people who want to go around it until and unless it is fixed. Anonymity is a good way to do that, and I fully support them.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
The only way to keep information out of the hands of these mega-corps is to keep it from existing in the first place. In this situation, we want information to be anything but free.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
I think it depends a whole lot on what is possibly-objectionable about the software. Something like GnuPG is threatening to any repressive agency by its very nature. Something like cndecode.c threatens only one specific organization, and only if they choose to make something of it. Something like my short story Chains (ok, not software, but what is software anyway?) could be seen as really subversive and objectionable, or completely innocuous, depending on your frame of mind when you read it. Unfortunately, it's not always easy to predict what might be considered objectionable. One of the others on this topic pointed out that any free software is to some degree subversive.
One thing to think about is that if you skulk around "underground" with something, then you're implicitly admitting that there's something wrong with it. That's one reason why cndecode.c has my name on it, even though it didn't need to - a big part of the purpose of the code is to make the statement that such code is or ought to be perfectly acceptable. (Yes, I can talk about human subjects in C!)
If you're willing to be identified as the author of a work, then you have different concerns to worry about - can you get in trouble for writing it, can you be forced to give it up (as I was with cndecode.c). I'm writing another bit of subversive code right now, and intend to be very careful to make sure that it's explicitly GPLed, and copyright assigned to the FSF, before I let anyone else have a copy.
Making it explicitly public domain would be another option, and is what I'd do if I really thought the code was likely to cause trouble; assigning it to the FSF seems appropriate for my current project, which is only a little bit subversive, because then anyone who thinks they might maybe complain about it, will have to think about going up against the FSF as well as their other worries.
The key with either approach is that I don't own the copyright and can't be forced to give it up. With public domain the copyright is destroyed, with assigning to the FSF the copyright is owned by someone who can't be trodden on without making a huge stinky mess.
- Matthew Skala
It sucks, I know. But this is the way it is at the moment, and the way it will continue to be until the public gets outraged by something and DEMANDS that the corporations admit that people have rights and leave them alone. What could do that? I dunno, how about a utility to store DVD's on a hard drive so that kids can play "The Lion King" whenever they want without trashing the expensive disk? How many parents would just LOVE that? How much sympathy would there be for the MPAA and Disney if they went after the people who gave it to the public? That's the kind of thing to go for.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
A cool way of hiding forbidden code places where the corporate machine could never get to it would be in mp3s (or other files commonly downloaded and shared). Imagine embedding DeCSS in a Britney Spears MP3 (which would actually give the mp3 some *real* value ;) and then putting that in a Napster directory on your machine. Thousands upon thousands of ten year olds would download DeCSS along with the mp3 and put it in their napster directory (And a Britney spears MP3 would finally contain something of value!)Thus, DeCSS would be spread to people who never even knew they had it. While the MPAA might have a few good spiders here and there, for them to try to grab every mp3 on Napster (or Gnutella) and decode it to search for DeCSS would be futile. Especially if napster were absolutely chock full of mp3's containing DeCSS. You could even move beyond mp3s, embedding DeCSS in porn (surely to get distributed). One could write something like an apache module that would embed the forbidden code in a graphic file every time the file is served. Thus, you could embed the forbidden code right into the fabric of the internet and, again, the ____________ (fill in your facist corporate entity) wouldn't even begin to have the computer resources to check everyone's gifs and PNG's for DeCSS.
get some shitty laptop....
get a juno service and lie about everything...
(make sure that you dont register from your house or your normal connection...)
have about 6 mirrors on free web servers...
now heres teh illegal part...
jack into someones telephone interface box and dial up...upload...and get out of there.
theres still someway you could get caught but this makes it kinda tough...unless you get caught jaking into someones telephone...
you could also combine this with other peoples ideas and you could be ok safe...
Then beyond threatening someone with violence, this individual should have no problem posting his/her thoughts on the web in the US.
Hell, if NAMBLA can have a PO box, anyone can.
There aren't any corporations selling DeCSS, though - why is that?
Uh, maybe because its free?
So far the safest and most visible way to contribute and distribute code is through email and FOERIGN HOSTED websites. Anguila has no restrictions on content.
Often wrong but never in doubt.
I am Jack9.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Not true. If carefully used, modern tools like Zeroknowledge System Freedom can make it impossible to trace items back to you. All transactions are strongly encrypted, no records are kept, and the traffic can be made to pass through 3 servers in different political jurisdictions. If one used a particular ZKS nym just a few times, the likelihood of discovery of one's true identity is effectively nil.
I know that CD Burners put all sorts of information into the TOC. Take any Windows CD-R/CD-RW software; it probably burns in the machine name, the name of the registered owner of the Windows installation, I wouldn't be surprised if it put in a email addy, blah blah blah.
Vintage computer games and RPG books available. Email me if you're interested.
Get in the habit of posting Anonymously :)
Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece
XML causes global warming.
How do you write a peer-to-peer file sharing system that guarantees the anonymity of it's user's/sharer's. How do you eradicate those tell-tale packet addresses?
it is called 'Public Domain'
This is like a nest of hornets colluding to sting someone. You might get some pricks in, but if you piss the person off enough, they'll be coming after your nest.
I think we need to be fighting these battles in the courts so that we won't have to worry about complicated ways to avoid the laws. The courts are the ultimate authority, and no matter how dumb the laws are, they're still law.
There are lots of ways to be disruptive. It might be cool if programmers organized a strike to protest some of this. I don't think that annoying corporations with programs is a good winning strategy. It's more like a holding action.
Anyway, it's clear that the U.S. government isn't on our side, so we may want to use this upcoming election to send a message to them. I know that Ralph Nader of the Green Party has said positive things about Free software and is opposed to the kind of corporate strongarming that is going on right now. If you know of other candidates who are on our side, speak up and let everyone know about them. If you get a chance, ask your local candidate about the DMCA, DeCSS, and other important geek topics. Even if we can't remove the establishment from office, showing them that we're an angry, voting demographic will cause them to pay attention.
Please, take a few bucks out of this month's paycheck and send it to the EFF. They're fighting the hard legal fight for us.
Snail mail was my first thought also. What I find intersting is that in the year 2000 physical mail is being proposed for security reasons.
The Password is "slashdot"
E P9kdrMuewtBLtUyp
H T2C1qZDSspEpStb3
Y Cj7BtnOYcwCg/1od
U kQRemJjuB7fM90vA
D A9Ps/o5F3AaOTL+N
h gKM9y+JOUeaaT5BJ
i FEWZiK7pwuu57Bl9
M tF0hnULURzEAJHaf
M T/8DAwIQAaB5haO1
i U2xhc2hkb3QgUmVh
X twh/CBdyorrWqULz
k hkn4DIO9ZekX1KHT
8 yWb/Ffm7/ZFexwGq
4 DUUdD3yIsxx8Wy2O
/ POGxKUAYEY18hKcK
L IhkmuquiXsNV6TIL
4 kltEfaD9bVBo2pip
G sUBYn4n6FriC4YSG
Q pI2eQBQbdJiX211r
T ckqA+Epu4VKtrrn1
B 8+GMrZtecaUdfFMS
g JZl6q86DFKCp0h5H
6 dwFlrX8=
E P9kdrMuewtBLtUyp
H T2C1qZDSspEpStb3
Y Cj7BtnOYcwCg/1od
U kQRemJjuB7fM90vA
D A9Ps/o5F3AaOTL+N
h gKM9y+JOUeaaT5BJ
i FEWZiK7pwuu57Bl9
M tF0hnULURzEAJHaf
M T7QiU2xhc2hkb3Qg
C Obp6eQQLAwECAhkB
/ AJ4sLr0EOCa/Y7gw
z Bej5UxE5T7bxbrlL
T UPj1WV/cdlJPPT2N
q 01uejaClcjrUGvC/
O 9vPJI8BD8KVbGI2O
K ctaGxAMZyAcpesqV
L OwACAgf/WDLGM2iu
p Zarv5h1/ijfcQwkf
G uK5vU7it2lezKekp
r WSyTJIEY2+inAjP6
1 p0qtHw/YcWWes6vY
S Arphv6+6mtncNo16
k HMu/AJ0aKhlfkbu9
=
So, The question is, Here you have a full, public key, a full private key, and an exposed password.
Can you not now encrypt and decrypt any messages encoded with these keys?
What's to stop me from encoding a program with thes keys, posting it, posting the password and private key on slashdot, after it's been distributed to hundreds, with a web page I have up, from an anonymous proxy used to send the files, several days before the posting of the private key in many public forums?? (also, feel free to do whatever with this key. it's not like it's secure anymore. heh.
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: PGP 6.5.2
lQHPBDm6enkRBAD31ruJ7oOE2e09RvozZveE5V9XklWqJuc
BZuInSIXZkY6rrsPPGbqcwpxs6d/z+PrB7KgvQC8fHUOBZe
jnUea6HZCIIVhlq++9Zz6AzjcOf8T2zlihLsyXANDWvoQ6E
vlTOJ3TMBdyoVA7YV9XAk2ED/R9Do2NKhWtn5oKnjn2Ybsg
kyxYppi1EwFlpiLCSsuYrqPU3Z7VXGq2sTxXsLk6b58N39M
3EmpSG04PH8xmIXrrM8QuQBvUR+x4qAGSYo6OieT5th7uWP
AXH0A/wNMokEPKXJMUhudCpp0cXJn1zi6EwPq+5mgDV4V3T
3I+CXBcij3mf6h26vxNmOueXj/GRoFpRXLuIVDqq2IhM3t4
txY0bDK8ITBhtxkNsoaOKY+yOvCKe8oCTP2YhN4h0ut0KRj
AGBtMw3jR2DxQPL33XL83dnuPkALE1v1NcGyD5pjuKXp9LQ
ZGVyIDx3d3cuc2xhc2hkb3Qub3JnPp0CUAQ5unp7EAgA9kJ
Bej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90x
UPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc5
01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w
9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr
ctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYl
OwACAgf/WDLGM2iuXLcTNszf8wz8cQ6fWSWAqUqU2FCOSes
Zarv5h1/ijfcQwkfcBBzwh/VkAywx2K/tct/Qu7566u6wHn
uK5vU7it2lezKekpOEQ+TRJg5xkI3OWQfib8vRS7XaV8m0a
WSyTJIEY2+inAjP6J/Wiq+ppX7cNw5fp98+jL8mNwpwAMc3
p0qtHw/YcWWes6vYelOV3jRvi1rA8LqOAc8Gpg6lVzggAUC
Arphv6+6mtncNo16MGtPKYMNvBwH8P8DAwLV9RR7DEY0amD
Ess/YVmGe0lMaK1oQFwGiPGJtA8Lb7b/yeaXxMaNJI4FgLp
=2U7f
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.2
mQGiBDm6enkRBAD31ruJ7oOE2e09RvozZveE5V9XklWqJuc
BZuInSIXZkY6rrsPPGbqcwpxs6d/z+PrB7KgvQC8fHUOBZe
jnUea6HZCIIVhlq++9Zz6AzjcOf8T2zlihLsyXANDWvoQ6E
vlTOJ3TMBdyoVA7YV9XAk2ED/R9Do2NKhWtn5oKnjn2Ybsg
kyxYppi1EwFlpiLCSsuYrqPU3Z7VXGq2sTxXsLk6b58N39M
3EmpSG04PH8xmIXrrM8QuQBvUR+x4qAGSYo6OieT5th7uWP
AXH0A/wNMokEPKXJMUhudCpp0cXJn1zi6EwPq+5mgDV4V3T
3I+CXBcij3mf6h26vxNmOueXj/GRoFpRXLuIVDqq2IhM3t4
txY0bDK8ITBhtxkNsoaOKY+yOvCKe8oCTP2YhN4h0ut0KRj
UmVhZGVyIDx3d3cuc2xhc2hkb3Qub3JnPokATgQQEQIADgU
AAoJEHvjUsT4cyQcMrAAn1JzMJ8NVVm5I6mpzAy7SGks+P7
ak89L0ImoIYcrbkCDQQ5unp7EAgA9kJXtwh/CBdyorrWqUL
OCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KH
286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwG
RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2
u1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKc
DNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TI
XLcTNszf8wz8cQ6fWSWAqUqU2FCOSes4kltEfaD9bVBo2pi
cBBzwh/VkAywx2K/tct/Qu7566u6wHnGsUBYn4n6FriC4YS
OEQ+TRJg5xkI3OWQfib8vRS7XaV8m0aQpI2eQBQbdJiX211
J/Wiq+ppX7cNw5fp98+jL8mNwpwAMc3TckqA+Epu4VKtrrn
elOV3jRvi1rA8LqOAc8Gpg6lVzggAUCB8+GMrZtecaUdfFM
MGtPKYMNvBwH8IkARgQYEQIABgUCObp6ewAKCRB741LE+HM
jgpzmwclHoSs39NV/wCg0CgWzbyhf87DBJM4noeWZKf6fpA
=2qKh
-----END PGP PUBLIC KEY BLOCK-----
But the rest of us folks won't have any problem getting in.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Well, I've thought long and hard about this problem and I think I might have the solution. Just put a message saying "This software is for educational use only, it must be deleted within 24 hours." Problem solved.
Don't trust a bull's horn, a doberman's tooth, a runaway horse or me.
Well, the U.S. of A. is known to have a picky government... I think that you should simply become (or -- claim that you are) a civilian of a country that doesn't care about what you're doing, and where the folks that should become angry from your software don't live. Just like they do with code with US export restrictions.
It's... It's...
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
One of us must be missing something here. If I write some code which is considered equally threatening to commercial interests as DeCSS, by posting it on my website, I risk prosecution and legal sanctions, assuming my code falls foul of the DMCA, UCITA, etc., which is not that difficult.
This might all be more acceptable if the function of the code in question were somehow inherently against the interests of society. However, I don't see that as being the case here. For further arguments along these lines, see this message and my reply to it.
Hell, if NAMBLA can have a PO box, anyone can.
Part of the point is that online, some of the freedoms that exist in the "real" world are disappearing. You may think that would be good, in the case of something like NAMBLA, but actually that's a good case in point. NAMBLA members aren't doing anything illegal until they actually break the law. The same thing used to be true of copy protection circumvention: you could sell and own copy protection circumvention equipment or software. That has now changed. It used to be legal to buy a device to circumvent Macrovision copy protection on videos. I bought one so I could play legally purchased DVDs on my PC, through my VCR (not to tape them, just to watch them.) I haven't checked for certain, but if these devices aren't already illegal under the DMCA, certainly their software equivalents are.
> There aren't any corporations selling DeCSS, though - why is that?
Uh, maybe because its free?
Yeah, yeah. My point is that it's illegal under Federal law. A company selling DeCSS could be shut down in short order. Yes, you might be able to order a hooker online. But that's only because there aren't any big corporations who really care to stop you. That's not the case when it comes to the sort of "subversive" software raised by the original query.
Kinda good in a way, even just for nostalgia, I can remember the waiting and hoping for the postman to come when you are expecting a letter from someone you care about, and who even now doesn't know the intrinsic joy of parcels....
~ppppppppö
As far as I know, the best way to post something anonymously would be to do so on Freenet, IRC, or on web sites, and use ZKS Freedom to disguise one's tracks. Alternatively, you could always get colo at HavenCo and post it there..
Except, of course, for Pentium 3 processor IDs, or pretty much any other processor in existance, especially ones designed to run UNIX or other industrial strength OSs(SPARC, rs/6000, etc) also have ID numbers bolted in. Ever wonder why the command 'hostid' works?
Vintage computer games and RPG books available. Email me if you're interested.
As a long time coder of 29+ years, I've had a couple of ideas during my time that I thought would be beneficial to the 'community' as a whole and are not illegal, do not steal others ideas nor violate anyones IP... One idea I had that (involved me making no money from), I wanted to distribute as widely as possible with only some simple anonymous signature to identify authorship. This idea wouldnt be anything corporations would be concerned about, however by creating and releasing this idea/program would guarantee that I would suddenly become an 'interesting' individual to my own government. To become an interesting individual is not what I recommend when it comes to the govt... I still feel very strongly about this idea. Another idea I had did target a specific industry not known for organisation. However I knew if I would persue the idea I would have to establish a war chest to battle for the freedom of the product because, the idea would be seen as a threat by the specfic industry as a whole. So if I pursued this idea I would hope I had enough throwing power (distribution) to make enough money from this that I could afford any legal hassles. Only attraction to this idea was the potential money to be made. So we have two different extremes; one an idea that I thought had very strong social redeeming values where I didnt make any money off of but would put me on 'the list'. Corporations wouldnt care, but someone somewhere in our govt would. The other where I am creating money making software that would probably piss off the targeted industry (not music) and would be sued and harrassed. Neither of these ideas break ANY laws nor infringe on anyones rights but by their nature and subject matter they would be harshly scrutinized. Well gentlemen and gentlewomen this current warranted paranoia is not the condition software creation should be in. We are NOW operating under the assumption that anything we create will piss someone off somwhere. This is NOT free speech. And the current legal atmosphere HAS OBVIOUSLY CHILLED THE SOFTWARE INDUSTRY as easily witnessed by the thoughts expressed in this forum. WRITING software is just like writing a book and should enjoy the freedoms that books have. Perhaps book publishing is a way. The current crop of 'errant' legal renderings does have everyone speaking a little quieter and in hushed terms without ever even breaking any laws. This is not FREE speech nor how I envisioned software creation would be when I started 29 years ago. I have been so disenfranchised with the software industry that I gave up coding a year ago... Maybe its only a sabatical. You dont believe there is a conspiracy or a creeping of lost rights? Not to increase the paranoia level, I present to you 2 examples that I stumbled on accidentally. I dont know the inside stories on either of these but a thinking person doesnt have to look far... This first site seems to have been 'picked' on because they used too many wrong words and subject matter.. http://www.plans-kits.com/ In this case Im sure its the govt that is applying pressure to this 'interesting' individual. Let me ask you... did you hesitate at anytime visiting this site or viewing subject matter? If you did that shows you the level of paranoia that has been created. FUD. This second example (hope it is still there), once again the individual uses the wrong words and attracted attention even though they have broke no laws... But were censored. http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem& item=427604573
Its this silent creeping of 'censoring' or squelching of free expression that has me concerned.
It is indeed war... business is war. A multi-level war. (read Sun Tsu; The Art of War and The Five Rings).
The battle for freedom must be won over and over again. Whatever form of freedom you seek.
There is a want and a need that seems to be missing.
Organisation is the first step...
Anyone interested I can offer a mail list service and or message base section to fine tune or expand on any ideas presented here. Just email me.
I dont even own a Linux system...
The color of my skin is digital and you are my kind.
TrenchWarrior
The ability of this algorithm to generate "globally" or "universally" unique identifiers relies in part on the fact that network adapters contain a node address which is issued in blocks to network card manufacturers by the IEEE, so is guaranteed to be unique. Here's some info about UUID generation.
While processor IDs can be used to identify a system, there currently isn't widespread use of these numbers in standard software components.
ISPs, schools, and/or universities in the country with shoddy security.
I'd guess it would take me about 45 minutes
to steal a bushel of usernames/passwords from my university
just by putting a keylogger on one of the public Windoze boxes.
Each of those accounts is a bit of web space, of course.
Upload all your software to them with some nifty
web pages, submit it all to Yahoo, and make a few posts about
on the appropriate forums.
Sure, the wrong people might catch on that some
accts had been hacked, but by that time, the cat's
out of the bag and roaming the net, shedding on someone else's couch.
Any gaping holes in this?
dan
And if done via posting anonomously while browsing through an anon proxy server (http://astalavista.box.sk has a list) While not garunteeing absolute security it would probably keep the code distributed and allow comments to be posted.
The only problem i see is the informing of other developers where exactly to look on /.
oblisk
This a good point - our society hasn't reached the conclusion that code == speech. I hope it does, but I'm not optimistic.
On the other hand, you have to wonder if it really matters. Sure, DeCSS is "illegal", but I have a copy of it, and so do thousands of other people. Technically, J-walking is illegal too.
Of course, this is a cop-out- I understand that there is a profound difference between "legal" and "getting away with it", and it mostly has to do with society being honest about what it thinks is right and wrong.
If anyone can find the story please post a link.
"// this is the most hacked, evil, bastardized thing I've ever seen. kjb"
A couple of issues to respond to. Every ZKS server is not on a carnivore monitored network nor are they in the US or canada or even run by companies in many cases. Many ZKS servers are run by private individuals, with no legal obligation to support Carnivore (under current law). So, it does not follow that all ZKS servers are or could be carnivore monitored. Additionally, reply blocks in the ZKS network *do* allow for latency time, so traffic analysis is not as straight forward as you might think. It still needs cover traffic and remixing, but its not as simple to defeat the model as you make it out to be.
Regardless, presenting an array of options to the end user is much better than just shoving the highest security solution at them. High security remailing is complicate and requires the users to understand how to use the remailer network in a secure manner. Which includes dummy (cover traffic) messages, remixing, long chains, rotating reply blocks and so on. ZKS is easy to use, setting up nyms to do re-mix is not a simple matter for most users.
Presenting the various options, in a limited slashdot posting, gives the user the option of finding out more and educating themselves. The post was not intended as a complex lesson on the pros and cons of the various technologies available for protecting your anonymity.
Python
Python
"By clicking "OK" you agree not to hold the distributor of this software program liable for anything" type of thing. Even throw in a clause whereby the user agrees not to use the product for any number of "infringing" uses.
This protects - using another totally insane act of law - the UCITA -- the DeCSS distribution at a number of levels.
1. Representatives of the MPAA obviously opened the distribution and looked inside - thus agreeing not to sue based on the contents of the archive. If they didn't click ok and still have examined the contents it can only be becasue they bypassed the protection on the archive and thus have fallen foul of the DMCA itself.
2. The end users of the software too have enterd into (and been bound by) the contract not to use the software for infringing uses.
Done properly and worded right this would put the DMCA in conflict with UCITA. Hopefully one of them would give, and half our current problems would be over.
WARNING: Caffine levels low. Output may be incoherent.
--
I'd install FreeBSD before I'd install Linux.
Forgive me quoting myself, but I just wrote a message about this, attached to the "Lawsuits Suck" article. To me, the important point is this:
"...having laws in place which everyone routinely breaks, provides yet another way in which the government can harass citizens if it so chooses. [...] Laws are instruments of control, and unnecessary laws are dangerous. They can sit on the books for years until the wrong person gets into a position to abuse them."
Gotta go hide, I hear some black helicopters outside...
Since the GUID is generated from your MAC address and the current time, you can change some of the low order numbers and some of the high order numbers, and suddenly, it looks like the component was created on someone elses machine sometime during the 60's. Pure Magic(TM).
Because you can't, you won't, and you don't stop...
I can just see the /. headlines in 2007: "Conflict due to manually-altered GUID causes global Internet crash! 'Told you so!', says Bob Metcalfe."
This may look like a good idea, but I have abandonned completly many email accounts because of excessive spam I received on them. If most congressmen are like me and they start having the same spam automatically relayed to them hundred of times, they would stop reading their mail box, which means they'll never read important mail we send them about important issues, and maybe switch to a secret email account known only to people they trust.
That way, the classic "write to your congressman about it" solution would be completeley useless because they wouldn't even know your message is in their mailbox since they don't check it anymore
I think the Mr. Murdoch (from Dark City?) asks a legitimate question. He clearly smells which way the wind is blowing. It isn't over a field of daisies.
However, I also have to agree that openness is the only way to win. As long as software writers can be the David vs. the corporate Goliath, we have a chance to sway public opinion. There are two problems to overcome. The first is that the people with political power owe their position to the people with money, i.e. korporate Amerika. The good news is that politcians have to pay attention to public opinion.
The other piece of bad news is that the general public doesn't have a lot of sympathy for techies. We could easily become the modern equivalent of Salem witches if someone with enough juice decided to push the right buttons.
That brings us back to openness. People distrust what they can't see. People also believe what they see in the media. I'm sure the average person believes that a hacker is someone who breaks into computers and writes viruses. Writing underground software is only going to further those misconceptions.
That said, we could really be headed for a dystopia a la Shadowrun. I know that I won't be working for a megacorp. I could be asking these same questions in a few years.
A dyslexic man walks into a bra.
Why not create a distributed system consisting of multiple servers with the files split into parts making each part worthless without the others (Pad). Have the locations of the parts of the next release within the previous release, so that only members of the project know the location of all of the files.
Ok, what I'm seeing here is a couple main ideas. The first is basicly a place where only certain people have access too. This is almost feasible for developers, but for distrobution it's insane. How do you destribute something only certain people have access to? You might as well mail the thing to them. This option (I beleive) doesn't yet needed to be implemented. Perhaps once everyone has migrated to the US and the (Put a 3 letter acronym here) has taken over (which apparently looks like has already happened) and large coperations rule (almost happened) then there will be need for such a secure network where information can be found. The second option is much more realistic. This is where you use public services such as internet cafes and such to upload your code to a geoshitties account and use a yahoo e-mail account (all with fake info of course) to notify key suppliers (ie those who have auto msgs on IRC and post on USENET) that there is an update. The factors of beeing detected have already been disgussed, but if you need a was to get it out there, this is as good as any. The third is a compromise to the first two. This is where you use a system like random pads (http://www.eleves.ens.fr:8080/home/madore/misc/fr eespeech.html I think someone else linked to this before) to get the info out there, and have people be able to recover it. Another (darker) way might be to store it in a image (don't have a link to anything for that) and challange a eleet hax0r to 'hack' a site and upload the image. Or mayby put it in porn or something.
The forth way is to fight fire with fire, and get you some loyers (?). This is costly, but perhaps if we all band together (2600 et all) then mayby we have a chance of defeating the suits on their own terf.
There's a lot of information on all of these options if you can find it, so I'd ask that if anyone took option one seriously, that they check out what's already been done.
It's preferable if these are open source, but they don't have to be to suit your purpose; for example Metrowerks PowerPlant is the most popular application framework for the MacOS, and although it is a commercial product it is inexpensively available and when you do buy the Codewarrior development system you get the PowerPlant source code on the installation disk.
You can even develop an open source framework yourself and publish it openly, and invite in contributors publicly, and distribute non-subversive demo and test programs. Alternatively, you can add functionality to frameworks that almost suit the purpose and submit your patches back to the original maintainers.
This will save you work, although you may have to write "adapters" to be able to use someone else's library for your own purposes, it will increase reliability of your product, because the framework will have already been debugged by someone else and also tested under a wider variety of circumstances than it will encounter in your code, and you can concentrate your work on the particularly subversive parts.
Then you post only the "interesting" parts of your source code, and provide hyperlinks to the needed application frameworks in your build instructions. Be sure to include the version numbers needed for this build of your program, and if the sources to any of the frameworks are signed with a public key, include the key which those sources were signed with when you got them. That way you can be sure future programmers can rebuild the same program as you did.
It may well be that you have a large application but only a few source files and some build instructions to upload, which could be done off a floppy disk at a public access terminal. If you upload these to a few free webhosting service pages, then email the URL to a bunch of warez site maintainers, your code will be looked after.
Note: to find lots of warez sites (and even more serialz sites) go to Altavista, click on "Advanced Search" and enter:
Probably only 10% of the sites you find will actually have live warez (they get taken down quickly) but some patient hunting will find you any software title you want - but of course your objective here is to contact the warez site maintainers so they can introduce your program into their archive system.Note that if you want to build a Windows application you can build it with Cygwin (a GNU shell environment for Windows including gcc) so you can be sure Microsoft doesn't embed Globally Unique Identifiers in your code. I'd also suggest that when you make a windows build, you buy a brand-new copy of windows 98 (pay cash), install it on a freshy formatted hard drive, build your binary, upload it, low-level format the hard disk you built it on and throw away the Windows 98 installation disk and all the materials that came with it. It's probably hard to get away with installing a development system on a public access terminal.
If you don't want to use a public access terminal (after all, you might be recorded on a surveillance camera, or the coffee shop waiters might remember you skulking around), then use Zero Knowledge Systems' Freedom to anonymize your web access.
Note that the way Freedom works is your HTTP packets are multiply encrypted with the public keys of the Freedom Network's servers, then "unwrapped" one by one as they pass through up to three servers until they are passed unencrypted to the public net at a faraway place.
Freedom provides both anonymous web browsing and anonymous email send and receive.
Some sources for open source libraries:
- Available C++ Libraries FAQ
- The Apache XML Project
- The Free Software Foundation software page
- Walnut Creek CDROM Free Software Archive
- SourceForge
- Freshmeat
- Gnome
While all free software provides it source code, not all programs provide source code that is suitable for use as libraries. Unless you want to go to a lot of extra trouble, it's probably best to look for ready-to-use libraries that are packaged as such, rather than trying to extract code from a complete program. Unless the original application developer went to extra trouble to make components of his program able to stand on their own, it is usually difficult to extract parts of a program out and use them as a library, except perhaps for little snippets.On the other hand, when you write new code, it is definitely worth while to snip out little bits and make sure that they will compile and run on their own, or depend only on other readily available libraries. That way you can create a library yourself.
The book More C++ Gems has some articles on Large-Scale Software Architecture that discusses reducing cyclic dependencies in software projects, in part so that the projects can be rebuilt faster but also so that they can be unit tested in smaller parts and the parts can be extracted out and reused in other programs - although the claim is often made that object-oriented software is more reusable, this claim is baseless unless good engineering practices are observed.
-- Could you use my software consulting serv
Well, you don't have to worry about unique node addresses, aka MAC addresses.
A) With a little bit of work you can fake them anyway, or even better, you don't have to have a NIC installed in your development box.
B) How would anyone know what MAC address my NIC has in the first place? It's not like individuals register those things.
C) And, no, it isn't something that your going to be able to strip out from network traffic, unless of course, the person doing the stripping is on your subnet, which is highly unlikely.
The most harm I could see a MAC address or a UUID doing a person is acting as further evidence after you're already a suspect.
Stupider like a fox! - H.S.
I say let John Q. Public distribute the code and make the insertion point problem moot.
Here's what I would propose (were I to advocate this sort of behavior):
1.Make some manner of self distributable code and burn it to a disc.
2.Put shiny stickers on them advertising a screen saver or game or something, the brighter the better.
3.Leave them around colleges and record stores or anyplace kids will pick things up.
4. When they boot it up (and some inevitably will) it can send itself to predetermined ftp sites. The origin can be traced but the distributers were just mules in the deal.
Anyway, that's what I would do.
come for the naked robots, stay for the zombies
Why doesn't someone print the source code on t-shirts or something and sell them as a novelty item, better yet, commentless ASM code.
I see it now, people being arrested on the street for wearing DeCSS source code T-shirts.
Could make it a work of art by coloring the letters too.
You've seen it in the /. news, you've seen the articles... We lose because we have no political power.
It's time for banding together. Starting a political party or adopting one and making it our own. Only then can we have people with our interests in mind in Congress, the White House, and most importantly... the courts.
We need a movement, where we can move as one powerful force against those who hold us back.
A strong nation wide I.T. union would be a good move as well. Corporations could be stung by such a union when they try a legal stunt we didn't like. America would be hurting if every I.T. professional were to strike together over an issue.
With both of these in place we could begin to undo the DMCA, save file sharing technologies, fix patent laws and processes, re-structure copyright law.
We are well overdue for this. Currently we have no trump card, the Fed knows it... The Press knows it... and the corporations know it.
I for one am ready for such a plan of action. I will vote to support my rights to code, to speak, and reverse engineer. Will you?
Let's ask /. if they would help us co-ordinate the incipient stages of such a movement. How about it people? How about it /.? Will anyone agree to starting a forum for co-ordinating our communal beliefs into a firm political position? Will anyone agree to run for office based on these findings and support them?
I will say right now I am *not* the best candidate for any public office, but I throw my name into the hat. I'll run for an office or gladly support another who has a less colorful past than myself.
I need to start reading up on existing parties... are the Libertarians close to what we'd be looking for? I know that the Democrats and Republicans aren't... and I was a hard core Republican before.
Come on folks, lets start the work, lets find some good men and women and put them into office!
This sig intentionally left blank.
You might want to take a look at The Hacker Crackdown http://www.lysator.liu.se/etexts/hacker/ before you go trying to be sneaky. You can also get it at www.peanutpress.com for you palm people out there. Take a look at what law enforcement can do. Read the book and take a look at what they will be allowed to do. Just remember what you should be able to do is not the same as what will be allowed.
Whaddaya think Carnivore is for? Just email? Suuuuure!! ;)
Actually, you're right, although it depends just how paranoid you want or need to be. If you were writing subversive code, you'd definitely want to avoid mac addresses in your code & binaries. In fact, didn't they use that against the Word macro virus writer in NJ (was that Melissa? I've lost track.)
Here.
Enjoy the music!
--
I feel fantastic, and I'm still alive.
Market Yourself - Tips for High-Tech Consultants
Important Note to Recruiters and Contract Agencies
I get quite a few positive responses from other consultants from these pages - and rare responses from headhunters asking why I'm taking food from their children's mouths.
I don't have anything against recruiters who practice their business in an ethical way, but "ethical" no longer describes the standard practice of the headhunting business.
For example, one person who read my page wrote in to say that a recruiter had sent her to an employer's office for an interview, without the interview actually having been scheduled. She found out she was neither expected nor welcome after waiting in the reception area for 45 minutes. The recruiter had failed to secure an interview and hoped the employer would just feel sorry for the candidate and interview her anyway.
Of course, I have to say that I felt pretty secure in my career before posting these pages.
-- Could you use my software consulting serv
-- Could you use my software consulting serv
what if you would happen to include various syntax errors in the source code? so that if you ever did go to court you could be like, "it doesn't work, try and compile it, nothing is going to happen it's just a bunch of text"
Or provided secure communications channels for reporting human rights violations from within repressive regimes?
Or suppose the software in some way helped promote meaningful political change in a repressive regime - and was developed within the territory of that regime?
No, really this is an important question and needs to be addressed in a serious way.
-- Could you use my software consulting serv
Sorry Thal, but it seems that what you know about situation in Russia is based on what you heard on CNN. If you live in US or any Western country then Russia is something entirely different from anything you know and simple analogies still don't work. Russian media is quite different from US media, especially when we look at its origins.
Keep in mind that ten years from now there were no private enterprise in Russia and a massive change happened since. However, because of how this change took place and who was in charge then most of those who ended up as rich "enterpreneurs" were previously within higher ranks of the communist pary ('nomenklatura') and much of their activites afterwards was in fact fraud on an immense scale.
Putin knows that this probably cannot be reversed, however he also correctly sees them as a threat to a free-market Russia he wants to build. That was the reason behind his actions, not the question of freedom of speech.
Russia is indeed a country which has problem with crime, corruption, fraud and inability of state's law enforcement to do anything with that. However, Gusinski's arrest is not the best example of that.
> Right. History has shown that invading Russia is always a bad idea.
Yep, it worked only twice in the past.
Well, I didn't mean to start a philosophical discussion, I just meant our collective morality as a society. Values that are widely held, or viewed as widely held. (such as drug use, lots of people have no problem with it, but the anti-drug people have convinced most people of the "right" way to think). Those are the things that make up our collective morality. There is no need to search for a deeper "right or wrongness" in our morality. To do so is pretty impossible.
-----------------------------
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Look at JNapster (http://www.mp3s4u.f2s.com). They just put the following into their license:
Why should i not use jnapster? Because jnapster is distributed for educational purposes only. You are only allowed to read the source code to learn how to write network applications with java. However, you are *not* allowed to use it for connecting to any napster and/or napigator server and/or for downloading any copyrighted material. Any use of jnapster is possibly illegal
Could this work?
You could upload it to some box on a not-accessable location that only you know, then go to a internet-cafe or whatever, download the code from that hidden location, and then upload it with your nicely anonymous internet-cafe account to some major distribution ftp site.
Here in the Netherlands they have some huge internet cafe's where you can get near-unlimited anonymous access for less that $1....
After downloading it from your hidden location you can remove it there to cover your tracks some more.
Posting it to USENET groups is also a very nice way to get it distributed fast... especially if you use some anon reposters to cover your tracks.
1) People interested can start an online information security class. As part of this class, they have a server for you to break into for 'demo' purposes. This server has really poor security. things like blank root passwords and no logging. 2) 'hackers' break into the system and put possibly illegal programs on the server, then they go brag about their feat in IRC, on /., wherever.
3) Eventually someone gets around to telling the owner his system was hacked, he goes 'oh no, how evil' and deletes the offending file.
4) Goto step 2
You can't sue a company because their comupter was broken into and questionably legal things were put on it then. 2600 got nailed for a link, but this way they could actually serve the program itself. If the MPAA wants to make a lawsuit on how 2600 is responsable for hackers actions, someone breaks into the MPAA site and changes it to say '2600 are a bunch of retards' then 2600 turns around and sues for libel under the same logic they're getting sued over.
What about splitting your code into modules that could be recombined later using some kind of installer ?
For example: Gasoline is legal. Vita-Grow is legal. Combining both is legal. Blowing off a part of Oklahoma with the mix is not. But no one could have sued the guy who sold the gasoline to McVail.
Therefore, if I was to publish a set of "modules" and the instructions to combine them together (remember. The anarchist cookbook is still legal to read/sell last time I checked.) you could be untouchable. Your specific modules by themselves are harmless... It's those evil h4ck3rZ that found a way to do bad things with it.
Marriage is considered capital punishment for the theft of a goat in some third world countries...
What it involved was this: you get a shitty laptop, and put a cellmodem in it. Make sure you have no way of tracing the laptop to you (no hostname, no password, no nothing). Create an account with one of those free ISPs with the standard fake UID/name/address, and set up your laptop to use it. On the laptop you have automated cracking software which finds vulnerable hosts, cracks them and distributes itself to them, as well as some software to upload to ftp servers, USENET and whatever else you can think of via anonymising servers and stuff. Do this such that the cracking bots run on their new hosts as well, so you have plenty of little bots on the net distributing your code. Now dump it in the street or some other public area (shopping centre, city dump, international airport, etc..) in a city nowhere near you, then get the hell away from it.
By the time it has distributed itself to at least the ftp sites and to USENET, and possibly cracked a couple of boxes, you will be nowhere near that crappy little laptop. Even better, someone will probably steal it and (be forced to) take the blame for your software.
But you'd have to be pretty bored to figure out how to do at least the cracking bot (maybe queso + all the r3wtkits you can find?). And I take no responsibility if someone actually does this...
So I hope that this post sparks some interesting conversation...
~~~
Sigmenation fault.
The key is marketing, and subtlety is the method. Market the legal uses of your software, word of mouth will spread the true uses. If DeCSS had been called "Linex DVD driver", the MPAA would never have figured it out, and 2600 would have been able to argue the legal uses of the software with impunity. If Napster had been set up as a music lovers community, rather than a free download site, their arguments of non culpability would have been much more credible. Picture this, what if when you logged onto Napster, you posted the type of music you like IE: the bands you listen to, rather than the songs available for download, then you have a anonymous mail client that allows the users to communicate with each other about their music preferences IE: the songs available for download, and then have the file transfer software available for the downloads. Now you have a Napster that is only providing a forum for communication, (a clear case of free speech) rather than promoting the sharing of copyrighted materials.
As to maintaining subversive software, Open Source, Open Source, Open Source, it will maintain itself.
Anyone ever heard of a packet BBS? A computer with a TNC (terminal node controler, radio modem) and an HF radio which accepts logins from other similarly equiped computers. (sure, limited to about 300kilobauds, but change this up with a more expensive microwave setup, with less lower I might add, and directional antenna and you have a less traceable signal and over 19.2 kbps) If you arange via usenet group with codes for transition times and frequencies, you can run for a long time. Piggeback a carrier with the subversive informaiton under a legit and legal packet transmission (hi, how are you, how are the kids...) and you have a pretty effecient transmission system. Saves on the phone bills too. But why? Honestly folks, as tyranical as our society in the states seems at times, breaking the laws gives CREDINCE to those laws. (If you're found out.) Electronic meduim regulation is about to do some changing. The cat is out of the bag (and I don't mean the RS gimick-mouse) E-{stuff} has changed the way we live. The system will change. If it doesn't, it will be destroyed in time. But not by subversive software.
-=fshalor
are there still any reliable anonymour remailers? I know that anon.penet.fi lost credibiliy then they gave in to the scientologists, but they were not the only folks running such a service. Are there any anonymous remailers still functioning? If so anonymous email submission of source code to a few sights might be the way to go.
I think....therefore I am
I reject your reality
1. Create an account on the free ISP's, do this on an internet pillar in a bar, amusement hall or whatever
2. You buy a pre-paid cell phone, with cash, in a city or area you usually don't get near.
3. You do not dial up in a public area, as someone might see your face, you drive to somewhere in the middle of nowhere to do your thing. Note that you check for camera's on highways, the point of return on the highway needs to be 30 minutes later than you logged off
4. Throw the cell phone away, or send it to your local police station by mail
Bizar technology?
See news article http://new s.cnet.com/news/0-1004-200-2458275.html?tag=st.ne. 1002.bgif.ni
Publius itself is at http://cs1.cs.nyu.edu/waldman/publius/
use sha-1 hash, but start with a random number, save it, then generate 100 itterations. Distribute version 1 with that. Distribute V2 with itteration 99 (and so on). anyone can produce itteration 100 from 99, validating its origin. Only the originator can recalculate the previous shaw-1. I dont know if this is patented or not - should be though :) It's a 'novel' use of sha-1.
Write the code, post the code anonymously on Usenet, and either give a bogus description of the code or don't describe the code at all where you post it. And then anonymously post that you were looking through the "waffle drivers" drivers code, that you found at 'Alt.bin.xx' on Usenet and you found CueCat code. Or include the CueCat code along with something else like keyboard drivers. Or maybe as "garbage code" in a text editor or something. Hide it in plain site and be wary of who you tell.
But the point of no one seeing your face is one that I overlooked, and the laptop would probably be reported as a bomb or something now that I think of it.
~~~
Sigmenation fault.
Read my plan to save the Bengals
How to host it? Easy. www.mojonation.net Totally anyonymous, and you can even be 'paid' whenever somebody downloads it.
Version 1.0 could include a cryptographic hash of a text message included in version 1.1, version 1.1 could inclue a hash of a message appearing in 1.2, and so on. This would let users know that that a newly posted version was indeed from the original authors, without identifying those authors.
Have a look at the Guy Fawkes Protocol
rant
Take a look at
http://www.baen.com/chapters/axes.htm
-- Free Luna!
Most have the capability to upload via floppy or cdrom that you may have burned at home.
Get a yahoo email account, and post via deja news. Upload to as many international archive sites as you can think of.
If the library has goofy software installed, you may be able to boot off a linux CD or floppy.
Same goes for any university. Many have computer labs that you can just sit down and browse - no student ID needed.
Surprisingly, this has happened, to some effect. Back around Vis Studio (4? I have no idea when), the GUIDs were created the same way as they are now. The only difference was that if the computer didn't have a network card, they had a default value for you. So, if two computers happened to create a GUID at the same time that didn't have network cards, the GUIDs would come out the same. This did happen and it drove people nuts trying to figure it out. Luckily for all, this has been since fixed (random number, or something).
Because you can't, you won't, and you don't stop...