Slashdot Mirror
DMCA Forces Cox To Censor Changelog?
Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
Just a thought.
sulli
RTFJ.
didnt he release 2.2.20-pre11, instead of -pre10?
"but it looks like he's being overzealous."
Alan Cox? Overzealous? Nah! I can't even imagine.
Why bother.
Hey, remember that time Felten wrote a paper and couldn't release it cuz it was a circumvention device?
Or that time I wanted to play DVDs in Linux and couldn't because I needed a circumvention device?
Or when some Russian dude got locked up away from his family because he wanted to let blind people use eBooks?
Overzealous my ass. This is a problem and we need to take a stand, whether it's "reasonable" or not. People need to understand what is at stake - and what better way to help that process than by showing them?
open source UNfriendly?
Kinda looks like that is Cox's interpretation.
there are 3 kinds of people:
* those who can count
* those who can't
Last time I checked, Alan Cox didn't live in the US. And he has been vocal about not holding conferences in that country - because of what happened to the eBook fair use guy - so I imagine he's not intending to travel there either. Is he trying to establish a precedent that restrictive laws passed in one country apply worldwide?
-- Ed Avis ed@membled.com
I stopped reading at this point.
"Unix-style permissions could be used as an anti-circumvention device"
Yeah..and if you list all the files, and use the file attribute flags on each file, 4 bits per file, you can clearly see it says "DEATH TO THE INFIDELS!"
It'd be great if people could read the threads here and try to figure out what is going on.
Unfortunately, it looks like the site might already be hosed. How about if we just speculate wildly, make irrational calls-to-action that will never commence, throw in a few anti-government rants, and top it all off with a good old fashion linux/bsd flamewar?
You know, the usual.
The link is slashdotted already, so I can't tell. It would really be useful if Slashdot editors didn't assume that "2.2.20pre10" meant something to every single one of their readers.
- In Capitalist America, law violates YOU!
Or, JUST MAYBE, he's making a point?
People. He's just using this humorous approach to show us how ridiculous the DMCA can be.
Loban Amaan Rahman ==> Anagram of ==> Aha! An Abnormal Man!
Alan needs to realize that, although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself. The people who have been targeted by the DMCA have been crackers: people who defeat lame encryption schemes and distribute point-and-click software that allows the masses to pirate. Although I fully support 2600 and Dmitri in their efforts (I have been a security engineer and I appreciate the truly talented invididuals in the field), DeCSS and the PDF utility are simply not in the same class as the Linux kernel and the other software Cox has worked on. He is simply a non-target and he needs to stop pretending that the DMCA affects him.
-sting3r
For those of us who were wondering what the hell 2.2.20pre10 is, it's the Linux Kernel update. Of course, this being Slashdot, we automatically were supposed to know that, right guys ;)
Not that I didn't know that of course *nudge nudge* wink Wink*
Can you imagine microsoft getting this sort of attitude with updates to windows? ... i think not...
Cruise TT
We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.
I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.
I can't spell or type, but that doesn't mean I'm unusually stupid.
Why not just have a developer look at the code and then email the kernel-list with what sort of security fixes Alan Cox did.
Does the name Pavlov ring a bell?
In related news today Senator Fritz Hollings, author of the SSSCA proposal, recanted stating:
"I just downloaded the latest 2.2.20pre10 and found censored changelogs! This will seriously impact my l33t hax0r activities. I finally see how my SSSSCA proposal will impact freedom. I am official withdrawing my proposal effective immeditely."
Apparently Alan Cox's plan to publicly demonstrate the absurdity of the DCMA and SSSCA in a place that would hit congress where it hurts has paid off.
- For the complete works of Shakespeare: cat
Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.
Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.
The site? http://thefreeworld.net/
It's called "making a point."
he's venting. I've done this at work when writing applications for stupid people who can't read the error message. I'll make dummy variables with their names on them. Like stupidAmy=110 or whatever.
And in his venting, i think he is also hoping to make a point. Most legislation regarding things like this is stupid, pointless, and a waste of energy.
The only thing I can say about policy makers like that is that they provide carbon dioxide for the plant life.
It's easy to stand out when the general level of competence is so low.
As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.
If Alan is trying to make a point, that's something I understand.
If he's actually concerned that what he's doing would put him in jeopardy because of the DMCA, is he releasing a version of the patch that doesn't contain the fixes?
After all, the code is what would break the law, not a description of what the code does.
doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
Yes, and file protections can do that.
I have a file called README.TXT I don't want anyone to copy - so I do chmod 0600 README.TXT
This effectively prevents anyone but me from reading or copying the file.
Looks like the info in the changelog might give someone an idea of how to circumvent this, so that means that the changelog would be in violation of the DMCA.
Wow DCMA is working...thanks to all those
people who never partispated, never
voted, never did the research....Thanks
for putting in place a bad law....
Hey, I am now working in US and 12 years ago when I was 14, I have circumvented copy protection on Atari games for profit, some of which are still avaiable in the local Atari Club. It was perfectly legal back then and there. But does it mean I am a felon now that I moved in US? Does it mean that I can expect up to 5 years in prison and $5 mil of fine? I'd rather not think about it, but even more I would like this DMCA law to by GONE!
If programs would be read like poetry, most programmers would be Vogons.
How does this site (or idea of this site) jibe with the Hague Convention (and other international treaties)?
Others are bemoaning the fact that USian law is screwing with the rest of the world (IOW, residents of... Portugal, for example, can't get a non-edited changelog because of this), but given the implications of the law (Dmitry can be hassled, whether or not he broke a just/unjust law, as can AC and others) why wouldn't Alan et. al. do something like this?
Unfortunately, while it may in fact piss off many people, we don't have the fundage to change the law. Now, perhaps Alan could replace the offending changelog with some ideas on how to convince grandparents, soccer-moms, etc. that open information on circumvention is a good thing.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Anyone that can read C, or at least guess a little could surely use the source code/patches to figure out what has been done.
Is this demented reverse-engineering of Changelogs going to mean Alan Cox will not release the source code to the US now too?
IMHO, it's all a little out of hand for a UK citizen (although Tony Blair does tend to jump at US ideas - who knows when he'll decide to implement the DCMA over here in the UK :-)
most people here can read the language, go in and compare the code changes and figure it out yourself, chances are by doing that youre gonna learn more about whats going on for real than reading some stinkin change log.
quite whining. its open source.
He's not only being over-zealous. He's being downright dumb. The chance of this actually being used against the developers is so small that it's almost unimaginable. He's just trying to piss off the US citizens who want to know what the vulnerabilities are so they'll get the law changed. We've been trying to change the law but Congress doesn't give a damn. If he's too much of a damn coward to take a chance and post known security flaws so that we can look for other ones which might be related then he needs to pass the torch to someone who won't be such a coward. Hell, he can email me with all those vulnerabilities and I'll post them publicly. I'll be your damn martyr if that's what you want because I'm not afraid. This is getting ridiculous. It's no longer open-source anymore. Now it's open-within-the-confines-of-the-law-source.
Chapter 12, sec. 1201. In other words, anything that happens to be protecting copyrighted work falls under the DMCA's jurisdiction. So, if you happen to be protecting copyrighed work by chmod'ing it 600 and someone cirvumvents your Unix file access, they're violating the DMCA and can be sent to prison or fined a lot of money.
Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...
But I admire his making a stand. After all.. he can document his changes however he sees fit.
As for the DMCA... Doesn't it only protect technical control mechanisms that enforce the rights of the authors?
In other words.. a company can't pick 'rot13' as an encryption method, because you can't claim that a rot13 decodes is 'primarily intended to circumvent copy control protection' on a work.. because they have existed for ages and have other, well defined uses.
DECSS, on the other hand, does not. Sure, it can be used in a DVD player.. but other than that, it has no practical applications.
it's hard to get modded at all from 0 (i.e., AC base post) because half the moderators browse at 1 anyway.
So what's this DMCA about? IANAL, but I can see really clearly tell what it's doing to Alan Cox here. abridging freedom of speech. If I were an american I'd be ashamed of it...but I'm not one. I live in a free country.
0x or or snor perron?!
More info linked from here...
Includes links to more DMCA info, and some of Alan's thoughts on the matter
Alan Cox being a major figure in the Linux world. He maintains the 2.2 stable series, as well as a 2.4.x-ac stable series. When Linus Torvalds moves on to the 2.5 Linux development series (soon), Alan will be fully in charge of the current stable 2.4 series.
Or are your diaries also subject to the DMCA? I doubt that...
Yup, he is preaching to the choir.
Thats not so bad though.
Just because we agree, doesn't mean we are doing anything about it. He is demonstrating how this can hit home, making it hit home.
The point of action and speach isn't always to change minds that disagree, sometimes it is to change minds that agree.... to align them more tightly, to galvanize them into action.
-Steve
"I opened my eyes, and everything went dark again"
In the US Constitution, Article 1, Section 9, Ex Post Facto laws are expressly forbidden.
In English, that means that no law may be passed condemming actions that have already occurred. Of course, I'm not a lawyer, so take my advice with the appropriate quantities of salt.
In Virginia there is an election for Governor. One of the candidates (Mark Earley) was the primary supporter for UCITA. For this reason, I will be voting against him and for his opponent Mark Warner.
Hopefully, if enough people vote against Earley we can send a message to other politicians that we won't vote for candidates who are willing to sacrifice the rights of computer users.
hawk
" One guy wrote that we should take all these Legos and build giant robots with which to attack Afghanastan. " -- Rob Malda, Founder of Slashdot, a "News for Nerds" website, in a NPR report on post WTC gen-X, 10/22/2001
W WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWww
I, for one, would like to take a moment to thank Rob for setting us "Nerds" back where we belong. Way to make us look like a bunch of childish tech-heads with no conception of the real world! Isn't it nice for Rob to characterize all slashdotters as moronic geeks on national radio? (That was sarcasm, you nincompoop!)
Oh, hell, eat this, while I'm at it:
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
Sounds Republican to me.
I disagree. Republicans tend to not like business that deal in porn, etc, things they find morally offensive (however you feel like defining that).
And they certainly like the gov't when its enforcing the things they like.
Not that no unions, business is good, goverment bad is a good overview of libertarian policy either. Gov't isn't bad. Big, over intrusive gov't is bad (if you're a libertarian).
Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.
Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.
He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.
Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?
Would that make diff and vi circumvention devices?
I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.
Now THAT would raise a stink.
It amazes me that the US goverment has all this time and money to spend protecting the rights of the big name copyright holders.
Perhaps if they spent all that time and money keep thier citizens safe instead of a few political donators there would be 5000 more people in the US...specifically in NY city
So lets see...If I own a bunch of copyrights and make a few donations to the right politicians my material is safe but,if I live in the US...I'm not safe from anything else?
Ok, I'm a Canadian.
Inevitably, my traffic to/from thefreeworld.net is going to pass through US sites (well, it does, I just did a traceroute).
The same data are moving along wires in continental US. How is that different from the data being digested by eyeballs in the US? Will you have to draw this distinction?
Is this going to affect my ability as a Canadian to have access to your site?
Gotta love the inter[national]net...
-ben
myselfmusic
Now *that* was a funny comment.
I can't agree with you more.. Sometimes I wonder if he says stuff just to piss people off so they write more.. You know, like on MSNBC and foxnews, they have arrogent, self-centered reporters just saying crap that pisses you off just so you watch it more. Then you have the extreme people who completely agree with the comment as well.. meaning that they have the attention of everyone... Like other big media, slashdot needs to get users and attention.. these 2 players equal large revenue, so next time one of the editors writes something you don't agree with, just blow them off, otherwise when you click the submit button realize you're just putting money in their pockets.
(And yes, I know I posted, but trying to get my point across to not to support them entirely)..
No -- The U.S. IS NOT a democracy -- sorry to tell you this, the U.S. is a Constitutional Republic -- fine line? Nope -- when was the last time you (if you are in america) voted on a specific federal issue?
You havn't -- you elected a representative. Hence, the US is a republic.
That said, a lot of this stuff could end quickly --- vote libertarian.
chmod 600 metallica.mp3
chown riaa metallica.mp3
Then only programs with suid riaa could access metallica.mp3. Of course, that wouldn't do much good when you know the root password. I assume that what's going on isn't so simpleminded.
I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and angry...so much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.
--"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
I would like to tell you my view on it, but I am forced to censored it in accordance with the US DMCA.
Oh, wait, I don't live in the US...
So sometimes the British were just retreiving their missing sailors yet sometimes they were illegaly preying on nuetral shipping (hell, it was not unknown for Royal Navy ships to press crew from their own merchant ships). Eventually there was a tussle over it (and other issues obviously) that ended in stalemate but the Napoleonic conflicts were also winding down which led to a smaller RN and the issue became moot.
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
I guess he's saying one bit constitues a device.
Got friends?
Oh sure, just the sort of thing we'd expect from a stinkin' EMACS USER!
Since many are accusing this of being the United States of Corporate America, one must realize the target of AC's jab, here.
/.ers gripe about, but because it's ill specified and poorly written, and thereby has unforseen consequences. Those unforseen consequences can mean bad things to other businesses.
Businesses are getting to be dependent on Linux, more and more. They see the benefits.
Isn't that the point, after all?
But now this little DMCA thing is being surfaced as a possible negative to the business community. So far it's been below their radar screen. The only significant business awareness of the DMCA has been from the proponents on the media side. Here comes a warning shot saying that the DMCA is bad legislation, not only out of a 'principle thing' that
We need allies on this, because as long as it's only a Geek Issue, we're going to get rolled over. IMHO this is a recruiting effort.
The living have better things to do than to continue hating the dead.
Could somebody please explain to me why...
Alan Cox (is) ??
(Score:3, Flamebait) == Moderation Totals: Flamebait=1, Funny=2, Total=3. ????
?????
Damn slashcode is broken. Flamebait should be -1, ya know?!!!
Kudos, Lethyos, you've created a troll so powerful that it created a rip it the space-time-moderation continum!!! Unfortunately, this will allow Emperor Norton and the great old ones to invade our reality, drive mankind insane, then enslave and/or eat us all. Next time, don't raise up anything you can't put back down.
I'm pretty concerned about what legislation is going to be passed in the next few weeks.
With this anthrax scare basically shutting down the Congressional delegation's staffs, no research is being done on upcoming legislation. Letters aren't being read and concerns aren't being heard.
Just because their staffs aren't working though, doesn't mean Congress has. Vows have been made for them to continue working while the offices are shut down, so votes are still being made.
That doesn't mean we should stop sending letters and making calls. But jeez, scary!
obviously no deficiencies vs. no obvious deficiencies
Your company is migrating because they want to be more productive and realize how good XP truly is.
.NET and C# and wants to push Web services out to your company. He seems to have his head grounded in reality. This is the kind of shop my company loves to meet, Windows centric with servers and desktops. No UNIX or Java to bog down the infrastrucutre.
Obviously, your IT director is an enlightened fellow who knows that image editing, IM, Windows Media, and IE 6 are all productivity enhancers. He is well versed in
This won't work unless you plan to never visit the USA - the courts in california have already ruled that they have jurisdiction over the whole internet.
Comment removed based on user account deletion
*sigh*
Only in America.
+++ATH0
Actually, this is an example of Work to Rule. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.
While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.
Please don't block by IP Address or domain name
At a time like this, Americans must present a united front to the world. Love it or leave it, darn it!
. . . And why not love it? We've got the best government money can buy!
Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?
'Fraid not. The U.S is not a democracy. It's a Republic. And it's very rapidly turning into a Corporate Republic.
Voting and all this democracy talk is just masturbation. If people's votes actually mattered then you'd have much higher voter turnouts. If you could actually vote for your party instead of an "electoral college" then maybe you'd be closer to democracy as well.
And the most important distinction between a republic and a democracy is that you can't vote on laws and bills. Only the government can. In a true democracy 51% of the public can piss on the other 49%. But in the U.S the government pisses on everyone.
--
Garett
It just seems to me that the best way to deal with the DMCA is keep publishing the material. This causes a stir, but isn't quite so good as actually putting the details in a changelog--also, since the code is open, can't people still figure out the changes?
Sigh. I just want to know what's in my kernels...preferably without learning C first and reading them.
Shameless plug: There are also German summaries for the ptrace() and symlinks. Well, with the recent advisory on the security problem in Windows Media Player (regarding DRM), I shouldn't travel to the US while the DMCA is in place.
It'd be great if people could read the threads here and try to figure out what is going on.
Isn't that your job, mister slashdot editor???
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
She's Canadian. We take no responsibility for her jagged little tantrums.
Jesus, if I had a dime for every smartass who mewls "the US isn't a democracy"...
Fine, we're a constitutional republic. See any courts who rule on the DMCA paying any attention to that constitution?
And as to your easy libertarian cure-all: you might as well say "this could all be resolved quickly if everyone would just clap for Tinkerbell." Given the first-past-the-post winning-party-takes-all election system used in almost every state in the union, there is virtually no chance for a third party to accumulate any real influence in national government. The current system's incentives are for you to vote against the candidate you fear most, not for the one you like most, and that means choosing your enemy's most powerful-looking enemy.
We don't have money we have NOTES. Federal Reserve Notes. You can't buy anything only exchange debt with them. "Legally speeking" You can get money but I dought you have ever touched it in your life. The bumber about trading debt is technocally you can never get out of debt even if you THINK you owe nothing, the fact that you have a hand full of Federal Reserve NOTES in your hand means you have debt. You are obligated to pay interst on your debt. These NOTES are part of the national debt...... Think about that.
Save Bob OK! put down the club,You DO have the right to tax me!
I know this can be considered flamebait, but, let's go.
Hey, can't Torvalds do this from his home country? I know he lives now in US, but can't he do this, in a server outside US?
If he can't I can, I'm not a American Citizen, and I don't live in US. I'll publish this here in Brazil, and to hell this dam DMCA, we need to comunicate with each other.
Will the whole earth be prejudiced by a stupid American law?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
This is just an excellent idea - I like it a lot!
The amount of times I have been annoyed at not being able to download strong crypto libs/programs because the download server is in the US...
This is wonderful - i wish you every luck.
This is insightful?
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
Isn't he under obligations to make this information known? I think the kernel is liscenced under the GPL. If I remember correctly, it would fall under item 7:
"7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."
Maybe I am wrong and the Kernel isn't under the GPL, but if it is, Alan is obligagated to make the information available too all--without regards to what nation they are in. In essence, if the kernel is covered by the GPL, in it entirety or just this part, this is a voilation of the GPL liscence. He can't simply change the liscence becuase the version he made changes to would have been released under the GPL.
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
Claming to be a democracy when the current president got less than half of the votes cast by less than 50% of eligible voters. This just proves that it is not even a proportional representative republic.
We have Cox's specific assurance that there is a weakness in the permissions system of 2.20pre19 that isn't there in 2.20pre20. So running diff on the sources and then examining those parts which involve permissions should reveal exploitable weakness(es) -- presumably weaknesses also extant in 2.20 and in at least some of the 2.4 series. We're talking about a significant chunk of America's network infrastructure.
So, AC has provided clues which point fairly directly to an exploit. Not only that, he's done it in a way almost guaranteed to bring more attention to it than if he'd just routinely included it in the change log. And he's done this in wartime. Can we not prevail upon Britain to honor current extradition treaties for crimes of this stature?
Let's show our good friend what _American_ irony tastes like!
"with their freedom lost all virtue lose" - Milton
Ok, let's make a deal: You provide me one link where I can see that the Libertarian Party is opposed to DMCA and I vote for them.
>Its based directly on legal opinion.
I didn't finish reading the thread, but he should have answered the following:
1) Whose legal opinion (in other words, somebody with legal background, or AC?) If you seek a legal opinion from a lawyer, you own that opinion, and you should be able to use their name or the name of their firm if somebody asks where it came from.
2) What is the argument backing up the opinion?
3) Citations to back up the argument: statute or CFR.
It's like a office equipment technician saying "due to a 'legal opinion' I'm no longer going to service photocopiers that could be used to counterfeit money, as there could be legal implications for me." If you're going to screw a bunch of people who have contributed to your project, the very least you can do is allow rebuttal against this "legal opinion."
AC is either in political statement mode, or CYA mode, neither are benefitial to the linux user and developer community. This sort of BS can easily be spun towards "linux not ready for enterprise deployment" land.
Furthermore, AC can not "censor" anything. That's a function left to governments. If he got a court order saying "do not release security-related portions of the changelog" that would be censorship, without the court order it's AC interpreting the law, or incorrectly interpreting legal advice, or being political, or ass-covering.
As a final PS, if I do diffs between the sources to figure out what changes were made that he suppressed from the changelog...he's making ME violate the DCMA by his definition! Thank you AC, on behalf of everybody in the US who uses linux. You sure showed us.
AC's cheerfully ignored
I know this is OT, but it needs to be said. I was bailing this complete stranger out of jail (that is a whole different story) and while I was down there I found out this guy was relesed on $5,000.00 bail after he TIED DOWN and BEAT his kid. Now ... correct me if I am wrong ... but wasn't Skylov(SP?) held WITHOUT bail for some number of DAYS and then when finally released it was on $250,000.00 bail?
This country is FUCKED! And IMNSHO the only way to fix it will be revolution. But it is going to take ENOUGH people saying that they have had ENOUGH in order for that to happen. Believe me guys there is a LOT more fundamentally wrong in America than people not being able to watch their DVD's in Linux.
PS - I think what we are doing in the Middle East is WRONG!
Huh? When I lived in the US, I practiced "civil obedience" when it came to speed limits: I never broke the speed limit (not strictly true - I broke it exactly once in 4 years, because I was late for a class).
I can assure you that nobody, and I mean nobody else obeyed the speed limits. In fact, it would be quite dangerous if they did. It made everybody nervous that I drove so slow, and in fact most of my friends considered me a hazard due to the fact that I followed the law.
Next time you're in a car with somebody who claims "I don't speed" look at their speedometer and be sure to point out to them every time they exceed the speed limit (15 miles per hour in a school zone, 25 miles per hour in town, etc). What they really mean is "I drive a reasonable speed", which is quite a different thing altogether.
I never saw a speed limit changed because of my driving, either.
Shoot me. "<" 2.20 - didn't catch on preview that the less-than carrot gets eaten even in POT.
"with their freedom lost all virtue lose" - Milton
When Hitler attacked the Jews I was not a Jew, therefore, I was not concerned. And when Hitler attacked the Catholics, I was not a Catholic, and therefore, I was not concerned. And when Hitler attacked the unions and the industrialists, I was not a member of the unions and I was not concerned. Then, Hitler attacked me and the Protestant church -- and there was nobody left to be concerned.
--- Martin Niemoller (1892-1984) in Congressional Record 14 October 1968, p. 31636
Of course everyone modifies it to suit their personal prejudices... I imagine Niemoller was not about to portray Communists as victims in the US Congress during the 1960s.
In recent days I have seen some of my leftist friends leaving off not only the references to Catholics and Protestants, but even the Jews! You've got to admit, rewriting the quote like that to remove reference to the Holocaust is going a bit too far...
Post a lame off topic comment, then post a reply to your own comment a mere 2 minutes later? Too bad slashdot doesn't have points specific for "nice troll, but it's been done before, so you lose". Too bad your Spelling Check XP didn't catch your mistakes in the comment.
now we need to go OSS in diesel cars
I can prevent you from copying my unix binary by doing a chmod -r. If I choose to use that as a copy protection, does that mean that chmod is now illegal in the US? After all you could be an evil pirate and type chmod +r.
More interstingly, if I do the same thing in Windows NT/2000/XP, does that make Windows illegal in the us? I can create a file that is executable, but not readable, and you can change the permissions to give yourself read permission.
If I had to make an educated guess, I'd say that these mysterious "security fixes" are probably to fix the recent root exploit. I'd imagine that AC would do this, that way there is a secure 2.2 kernel that users can move to. The 2.2 series is very actively used, (not everybody uses 2.4) and this makes sense.
As for the DMCA, what a pile of crap! I'm an american, I have the right of free speech. The right of free speech supercedes the DMCA. Period.
Skiers and Riders -- http://www.snowjournal.com
the problem with starting such a site, is that if the author visits US, they still might face charges, ie; the case of the eBook Russian programmer.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
I'm a little lost, but it looks like he's being overzealous.
I don't think so. Alan is trying to prove a point. That point being: The US is being rediculous with that DMCA.
There WAS a bug, there is no longer. Publishing the bug means you're providing people with a "circumvention device" (on the older kernels). The DMCA forbids that.
Alan is being rediculous with a purpose. The more people realize that this DMCA is rediculous the more they will be inclined to complain to their senators or whatever means those Americans have to influence their politicians.
Roger.
France too. Remember the Yahoo suit?
He is not doing this to make a point he is doing this to AVOID being sued. Do you think BSD will be exempt from the same LAW ??? Stop smoking crack and wake up....This legislation affects all software...even BSD
errr....umm...*whooosh* *whoosh* Is this thing on ?
It will be back up this week.
Why should you want information about scurity issues or security patches? From now on the law protects your servers against terrorists. :-P
Couldn't resist. In fact it looks like the whole shit (PDF w.o. translation) is coming to Europe (Swiss). That doc is a very corporate friendly proposal for new laws about copyright and reverse engeneering.
As I read the GPL even though Alan can't tell you what he did, he still has to provide information as to which kernel source files were modified and when they were modified, then you could just diff the two to see what he did.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
--
Why is it that I almost always check "No Score +1 Bonus"?
--
perl -e'$_=shift;die eval' '"$^X $0\047\$_=shift;die eval\047 \047$_\047"' at -e line 1.
Methinks it's time someone replaced the aluminum foil liner in his hat, it's wearing thin.
Ben "You have your mind on computers, it seems."
Probably this is what the situation is.
Anyone who discloses a hack of any kind is committing a crime by helping other people to crack systems.
If Alan Cox had disclosed how the hack that he just fixed worked, then the disclosure of the just-fixed hack could be used to crack systems that are not yet patched.
Ergo, disclosure of the bug that he fixed would be illegal in the USA, and that means that by disclosing this to people in the USA would land him in prison next time he arrives in the land of the free!!
If the "Details censored in accordance with the US DMCA" does that mean that 2.2.20 will not and can not be released in the US???
Think about it, if Alan can not tell us in plain english (as in this code causes this, etc., etc., etc.) what the problem is, can he tell us via code??? Simply put by downloading 2.2.20pre10 and 2.2.20pre11 and doing a diff we could find the answer ourselves rather easily. Heck we could even do this by doing a diff on 2.2.19 and 2.2.20 (when released) with a little more work.
So where can the line be drawn? More importaintly, can the US see 2.2.20? And if we can, do I (US citizen) have the legal right to compare 2.2.20 w/older versions in the 2.2.x tree???
Curt Rebelein, Junior
"Anything worth doing is worth doing to excess"
"What we have here is a modern retelling of the Emperor's New Clothes. Unlike the Hans Christian Andersen fable, when the little Russian boy tells the world that the Emperor has no clothes, the Imperial Guard beheads the kid before anyone else can hear," said Robert Hansen, a Libertarian and cryptanalyst. He points out that public exposure is the best way to build secure computer systems; however, the DMCA discourages researchers from publishing their analyses, despite a research exemption in the law. "In order to protect these anemic security mechanisms, businesses and governments will rely on the brute power of the courts to keep those who understand from sharing their knowledge."
The point of the changelog censorship is not the ability to "chown riaa" in this (or any kernel), but that it is fixing a vulnerability in the old one where someone may be able to bypass "chown riaa". I think the idea is that publishing more details on the vulnerability could assist others in bypassing file permissions, theoretically making A.C. responsible for assisting circumvention where file permissions are used to protect copyrighted material.
Caveat Emptor is not a business model.
Join Libertarian candidate Michael Badnarik (www.badnarik.org), the Ministry of Truth, and the Austin Cypherpunks on MONDAY, July 23, at the Capitol steps to show your support for Dmitry Sklyarov's plight and your opposition to the grossly unconstitutional DMCA. We expect there to be TV news representatives on the scene, so please be prepared to explain the effects of the DMCA concisely and succinctly.
Microsoft, especially after some of the recent comments concerning publishing exploit code, would be about the LAST person to go against the DMCA. Give them a chance to go after folks publishing exploit code to demonstrate vulnerabilities and I'll bet they go after them. (sigh)
Microsoft doesn't appear to want good (secure) code, they appear to want to go after folks writing the demonstraiton code to cover up their mistakes....
Build it, Drive it, Improve it! Hybridz.org
There are laws all over the place that would restrict you in other countries! :-) Unfortunatly in the case of the DMCA it's occuring in a ocuntry that's supposed to be "free" which makes it mighty ironic doesn't it? Travel to some of the armpits of the world and you'll see just how unjust some laws can be. Some countries will limit your education based upon gender for instance - not cool...
Build it, Drive it, Improve it! Hybridz.org
The site? http://thefreeworld.net/
This is a great idea, it's just too bad that this is the way it has to be. It seems stupid that the US can screw up research just because they have a congress which likes to impose backwards laws on the rest of the world. When will it end? just hope the "War on Info-Terrorists" isn't the same as the "War on drugs" : pointless and futile, like commanding the sea to recede. So far it looks that this is the way it'll be...
JUST SAY NO TO ENCRYPTION!
yeah that'll work...
If the DMCA makes circumventing copy control devices illegal and the SSSCA makes it illegal to manufacture devices without copy control what do you end up with?
(At least then the Disney won't be trying (or need ) to indefinitely increase the copyright duration anymore.)
penguinicide... when jumping out a window just won't do.
We need to add IP options that list allowed or disallowed countries for a packet to go through or to. We could also have a bit which says by default if a packet is allowed into other countries or not. We could then have a standard for international routers to drop packets that have a disallow option set for the destination country, or have the disallow by default bit set and do not have a specific allow record for that country.
Just an IP option that says allow/disallow and the Internet country code, and a bit in the header for the default allow/disallow setting is all that is required. Routers could be made to deal with it without too much work. Only routers with interfaces in more than one country would have to do anything special, the rest could ignore those bits and options (they would still need to be preserved and propagated).
Stuff that would be required to stay in a given country, or stay out of a given country could then be kept within or outside of the national boundries.
You say that is fascist? You are right, but it will save a lot of people's behinds. And when people can't get around it, there will be much political protest. When people can circumvent it, and get data to/from other countries anyway, nobody really tries to change anything.
It has been said the best way to get rid of a bad law is to have it enforced strictly.
Perhaps the same principle will work, when people can plainly see the Internet getting sliced up before their eyes.
Put a frog in water and boil it and the frog dies. It is too gradual to be noticed. Throw a frog in boiling water and it jumps out.
Having people suddenly lose connectivity to much of the world and the sites therein will wake people up (hopefully).
Just because it CAN be done, doesn't mean it should!
which really are a debt instrument of the Federal Reserve System
which really isn't part of the Federal Government
for silver. We had previously lost the right to redemption in gold in 1933.
Thinking this through, the DMCA says that you may not publish information that leads to the circumvention of any content security device. Cox has decided that file permissions constitute a content security device (which they do, but normally in a difference sense than the DMCA is applied).
To be honest, going by the letter of the law, this makes some sense. By publishing the flaw's details, earlier kernals are open to exploitation via the flaws, thus unsecuring the content currently protected by the file permissions.
Stupid, yes - but a realistic reading of the letter of the law, if not the intent. But then when did intent matter in law?
Sig under construction since 1998.
not the unix permissions system itself. Publishing what bugs existed would allow people to write programs that would exploit unpatched systems.
The SSSCA, which could become DMCA's darker sibling, has even more for Alan Cox to ponder. In fact, I just finished a weekend writing a fairly long letter to my representatives, and sent it only a few moments ago, so that it may get there in time for a Senate Commerce Committee hearing on the 25th.
The full letter is at http://www.halley.cc/ed/politics/2001-10-22.conten t.control.html. I welcome comments, and the letter may be reprinted with attribution.
[
If you are writing a driver for a DVD card, it could be used with DeCSS and you could be found in violation of the DMCA for creating and distributing part of a circumvention device. $250 statuatory damages minimum ($2000 max) or "actual" damages/profits for every circumvention. And a felony (with all the lifelong civil disabilities that entails, plus a possible 5 year sentence first offense, 10 years anytime thereafter) if you did it for "commercial gain".
If you live in or visit (or plan to visit) the US, this can affect you.
Be careful.
Just because it CAN be done, doesn't mean it should!
Free beer, of course, what were you thinking about?
I can tell you whats legal in the U.S. these days. It is whatever the corporations says is legal, nothing more. five to ten years and we will be wondering what that "Freedom" thing was......oh well back to being a mindless drone in the vast corporate machine, otherwise known as U.S. Inc.
if you want "No More Hiroshimas" then I say "You First. No More Pearl Harbors."
As Karl Marx said, money is a collective delusion anyway (a useful one), so it really matters not. Same goes for any percieved value of gold or silver above and beyond their industrial value.
The only way to be safe is make sure that you are obeying the law of every country in which your information can be viewed or transmitted through.
Unless you never plan on visiting there and it isn't an extraditable offense, and we don't have an agreement (like the Hague accord) to prosecute you for breaking a foreign law.
Even that is not enough - that assumes fair legal systems everywhere.
So many countries could reach out and smack you down, possibly with our help (the Hague accord would be used perhaps)
Oh well.
Just because it CAN be done, doesn't mean it should!
The only safe speed limit for a street where kids can play unattended is ZERO.
It isn't safe for kids to play unattended around moving vehicles.
How about some better parenting in this country?
Although idiots taking themselves out of the gene pool might mean the next generation will be smarter than this one.
Just because it CAN be done, doesn't mean it should!
Either we say that code is speech (thus gaining a few corollaries about freedom, etc.; cf. Felten, Touretsky, Sklyarov).
Or we don't.
By making a difference between his kernel's code (which he is releasing, or so I hope), and the comments on that code (which he is withholding), isn't Alan Cox inadvertently fueling an argument that, after all, code != speech?
Timeo idiotikOS et dona ferentes
If this is true then Bugtraq is in *big* trouble. They'll have to at the very least unsubscribe all their US members.
sorry to tell you this, the U.S. is a Constitutional Republic
How much of the US constitution needs to have been voided before that bit goes?
You forgot the part about stealing underpants.
Most of us care, but not enough to make an effort.
The average voter has no idea who their enemy is. The average voter does not know that the giant media corporations are trying to fence in everyone who wants to read a book, listen to a piece of music or (God forbid!) enjoy a movie on their viewing device of choice. Not unless they can ensure that every time "their property" is perused, you have to pay.
The giant media corporations are the enemy. The problem is that most of you will scream bloody murder for every piece of stupid IP controlling legislation that is passed -- yet tomorrow you will take your kids to Disney World, or buy them a Mickey Mouse T-shirt...
We've lost. Apathy was the big winner. I'm sorry.
Red Hat has perhaps more to lose from too-stringent definitions of the DMCA, or from the enactment of the SSSCA, than any other corporate entity in the United States.
Alan notes that he is acting on legal advice, and does not elaborate.
Perhaps it stands to reason that this is not merely Alan's radical position, but a tool that will aid an incipient Red Hat fight against the DMCA/SSSCA.
If Red Hat wants to fight the DMCA, they must first be able to reasonably claim that the DMCA makes it prohibitively difficult for them to do business.
Think about it. It'll come to you.
--ever wonder why anonymous cowards post anonymously?
For example, if I enter into a contract to, oh, sell you illicit drugs, and I provide the drugs, and you don't pay, I can not seek redress from the courts. In this case, if someone produced code designed to harm or otherwise compromise a computer system, I seriously doubt they could cry "copyright infringement" if someone explained how to render such an exploit ineffective.
Though, given the bizarre and insane state of current U.S. legislation, I would still be wary of such a silly charge sticking.
Of course I am not a lawyer, so don't take this as legal advice.
You could've hired me.
IP address should still be safe. Certainly my ip address is registered to Rogers@Home with a snail mail address of Toronto for the IP block.
anyone know what about italian law Luigi Genoni is talking about when he says:
ufff! I tend to belive that politicians make law without a real knoledge
of what they are doing (see Italian law on copyrights)
Only dead fish swim with the stream...
you have it backwards; if the Fed owes us money (silver/gold) for a note (even if we can't redeem it) then it means we are creditors, not debtors; the Fed is in debt, and we are owed money.
-- "Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
It seems that one candidate was persuaded by one of his volunteers to throw a gig. There's certainly nothing more to be found about DMCA on his site.
Like many things, Work to Rule only works when organized. That means getting many people to obey the rule just the right way and at the right time in order to maximize its effect. It's also important that the target, be it a politician or a boss, be made aware of what is going on and that the rule in question is the source of the problem.
As far as I can tell, "Libertarians" seem to be against government interference in any area. Of course, all of these groups tend to favor any government decision that furthers their more immediate goals, or hinders the immediate goals of the other parties. For the Libertarians, this results in an oddly self-referencing approach where one acceptable role of government is to prevent government interference.
I am a minarchist libertarian, and here is my attempt to briefly describe libertarianism.
First of all, the difference between "libertarian" and "Libertarian" is that the second one specifically means a member of the Libertarian Party, while the first one just means anyone who believes in libertarian ideas. Thus Thomas Jefferson could be called a libertarian, but he was not a Libertarian.
The defining principle that all libertarians must believe in (or else they are not really libertarians) is that people own themselves, and the product of their own labor. All else follows from that.
Because people own themselves, it is wrong for government to outlaw behavior that doesn't hurt anyone but the person doing it. Thus it is wrong for government to outlaw smoking, or outlaw eating fatty foods, or outlaw prostitution. (Government may have a legitimate role regulating prostitution, for example to require medical screening of prostitutes for public health reasons, but there is no moral basis for government to outlaw it.)
Because people own themselves, government should not prevent them from freely entering into contracts. Government can legitimately have a role in enforcing contracts. (The major areas where government is useful: national defense, enforcing the laws against violence and theft, and enforcing contracts.) Because of this, if Microsoft wants to require product activation, government shouldn't tell them they can't do that. It's up to people to vote with their dollars. (Note that it was not government that finally dethroned IBM from its monopoly position, it was the free market.)
So, no libertarian can be in favor of a law like the DMCA. The record companies could have annoying license agreements, and libertarians would not be in favor of using government to force the companies to not have them, but the kind of free speech infringement that the DMCA is all about would be right out. And of course no libertarian would be in favor of outlawing encryption.
P.S. In case you are wondering, a "minarchist" libertarian is in favor of a minimal government; an anarchist is in favor of no government. There are many libertarians who believe that we don't need a government at all; the free market can solve all problems. Minarchists like me think we do need a small government to handle things like national defense.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
Think about it. The US Government is threatening Alan Cox not to give information about security issues in Linux because it could represent a hole in many Linux systems in the United States which might possibly be targets for terrorist takeover.
Just a thought.
Oh, you must be thinking of the Canadian form of irony (she wrote the song, not an American). Well, I suppose that's British irony for you. Of course in America, we just call it a poorly formed analogy.
Note, that it's just a local affiliate of the party in SF that has spoken against the DMCA. Their direct mother organization Libertarian Party of California has nothing to say about DMCA. In fact, the only instance of DMCA you can find on the whole LP site is a mention of a 17-year old intern investigating the case of Sklyarov. It's not like they haven't had time to react, the DMCA became law in 1998, after all.
You've still got your life, and you're still free to persue happiness, as long as you don't run afoul of any corporate-sponsored legal restrictions in the process. What more do you want? Remember, the government only wants to be able to monitor all of your email and telephone conversations to protect you from terrorists! Stop whining and go put an American flag on your SUV that gets less than 20MPG, and don't even start to think that their might be a connection between U.S. policies designed to ensure the flow of fuel for your SUV and our current unpopularness in the regions that most of that fuel comes from!
Irony is what happens when results don't meet expectations. When someone punches you in the nose, and you go to jail instead of the person who hit you, that's irony. If I say "I just LOVE what you've done with your hair" to a woman when she and I both know her hair is a mess, that's sarcasm.
Nathan
Cox of Theo...
Cox of Theo...
Cox of Theo...
I'll take Theo. At least his decisions are pragmatic at worst, logical at best, and always in the better interest of OpenBSD.
Alan Cox needs to take a chill pill, as posting security fixes for Linux is a far cry from reverse-engineering a secure document format, with the intention of redistribution of said 'secure-document-buster'...
anyways... Uh huh, you know it is...
Isn't the purpose of the Hague Treaty, to subvert even that possibility of freedom?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Hmm, this is a major bummer. Until now, this whole DMCA hassle didn't affect me as an european at all. But now I have no idea whether there is need to upgrade all our servers :-(
Has anyone got a clue whether there are other security problems than the recent problems with ptrace() ? Can you tell from the patch ?
It's a democratic country, isn't it ?
Oooooh, that's a good one! My country is a democracy! Har har har! Who would've guessed? And for years I'd been thinking that we'd become a plutocracy or a corporate republic....
Them funny furriners. They think we can repeal laws we don't like. What comedians!
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
The DMCA, and Skylarov are to the USA what Islamic law on Blasphemy and Apostacy, and Rushdie are to Iran.
First off, who the hell is going to arrest and/or prosecute you for fixing and describing holes in your _own_ software? He is being absurd.
Secondly, that remark to the effect of "Oh well, we can continue on without US kernel hackers anyhow... let them just cut themselves off because Americans are stupid blah blah..." is very uncalled for. I would guess that all of the kernel hackers and most open source programmers in the US are totally against the DMCA and other such laws, but we are a (non-financially contributing) minority, and this is a democracy buddy. If he wants to be that unreasonable and make such uncaring remarks, then I sincerly hope that when a similar issue comes up in the UK (and it will eventually, as they are a democracy just as the US is) all of us in the US turn a blind eye and cut Alan off from peices of software he enjoys using. When the tables are turned he might see how things really work in the world.
Not that Red Hat is releasing any more versions of their desktop operating system but I suspected months ago that the operating system would get much harder to use and details about operating system security would get much harder to find in order to prevent terrorist attacks on computer networks.
Wayne Brown points out that It's highly unlikely that Alan withholding information from a handful of US
Linux users and developers will have any effect on US laws. I would go a step further and say that actions like this do us anti-DMCA'rs more harm than good - stupid shit like this doesn't motivate us any better, rather it brings us one step closer to just accepting the fact that we can't do anything about it. Shame on Alan for being such an idealist!
main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,
*IF* Alan's interpretation is right - then
/home/moron/my_precious_file
/home/moron/my_precious_file my_copy
'chmod', 'chown' and 'chgrp' are copyright
protection circumvention devices.
If some moron decides to 'copy protect' a
copyrighted work on a *public* computer by
saying:
chmod a-rw my_precious_file
...then if I - as sysadmin of that machine
legitimately know the root password, I can
type:
% su
# chmod a+r
# cp
...then I used 'chmod' to circumvent the
copy protection (in a VERY literal manner).
Once you say that 'chmod', 'chown' and 'chgrp'
have to be outlawed, things fall apart pretty quickly from there on in.
If Alan is making a point - then it's a waste
of time - anyone who remotely knows or cares
about the changelog of 2.2.20 is already against
the DMCA and doing what little one can to rail
against it.
If he is truly concerned over a legal point then
his cause is already lost. He has (presumably)
made 'chmod' available and accessible to US
citizens on dozens of occasions and is already
as guilty as he would be over releasing the
changelog.
Hence, I think he is wrong to make a big deal
out of this...although I'm sure his heart is in
the right place.
I mean, They started their on effort for securing the os to make it usable for their systems, and now they can't get security info from the programmers? heh, Talk about shooting your own foot =) (again...)
About nsa's linux:
http://www.nsa.gov/selinux/index.html
In a true democracy 51% of the public can piss on the other 49%.
Er, no. That's what the doctrine of separation of powers is about; the will of the majority should prevail in most cases but if that is at the expense of a minority that minority's rights can be defended by appeals to the judiciary. It's the rule of law. What you're talking about is mob rule, not democracy.
Of course in practice, as someone once put it, "you don't buy justice, you rent it..."
Now there is a winning strategy. Not.
Bullshit. The US is a republic because it has a president as head of state, not a monarch. It has nothing to do with the voting system.
The USA (like most democracies) is a representative democracy (citizens elect representatives who make laws). That is the most common form of democracy at national level worldwide.
What you are talking about is direct democracy (citizens make laws directly).
If I understand correctly, by your reckoning Switzerland (which I understand has extensive federal level referenda) would be the world's only democracy. But it's one thing to have it working in a compact nation of 3 million, and another for one of over 200 million the size of Western Europe...
How would voting Libertarian help? Lessee, the DMCA goes to a national referendum, its backers have the $$$ to totally flood the media (which they own) with stories of protecting against evil hackers and it gets 90% of the vote.
Big problem with Libertarianism; it doesn't want to recognise that *money* is the primary tool of perverting democracy, and that buying governments is only one small part of it.
Which is exactly why here in Australia we went to public funding of federal election campaigns some years ago, so that we *didn't* go down the American path.
lol. how true. I can just imagine the thought process. "Well I could spend an hour doing research OR tap into the power of open source journalism."
He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.
If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.
Since Skylarov this law has become a very real threat to non-US-citizens.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Alan Cox knows he's going to get busted if he ever goes to the US again so maybe its best he just doens't go there.
The real problem is what happens when the US goes to him. With the way Blair seems to be tring hard to be the 51st governer it may not be long till hiding in the UK won't save Cox either.
So what happens with Oz when the UK becomes a state? Will the Queen still be the head of state or will the chain of command be much different? I wonder how King George the 3rd feels about all of the this and if there is much rolling in his grave.
(as I quickly try to find my asbestos undies)
Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.
Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
backers have the $$$ to totally flood the media (which they own)
If they own the media, they don't need to flood them with stories, they just need to not broadcast or print anything at all on the subject.
how about a simple click through EULA ?
:)
click here if you are a not a resident of the USA
hehehe
PLease will some moderator make this posting a 5 to get it higher to the top for those like me that read the 5 articles first? Slashdotters ARE obviously political and well-informed constituents of these representatives states. Why not make it a real political party?????
"Congress shall make no law... abridging the freedom of speech, or of the press"
Do you know anything about the DMCA? It has nothing to do with cracking computer systems. It prevents people from cracking cryptography used to protect copyrighted material. Now how this would be relevant to kernel changelogs, I don't know.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
I don't think he is joking, and as the consequences of the US DMCA are too serious to be a matter of jokes. I think Alan Cox just gave a glimpse of what the future could have on hold if this law doesn't change. In my opinion he shouldn't just omit the patch on the changelog, he should omit the whole patch and put different patches for US and non-US versions, just to prove the point. Remembers me of when netscape and IE used to come in the US flavour (128 bit encryption) and Export flavour ... i think the DMCA is a step backward not a step forward, and that the security issues of computer systems are in the 99% of the cases due to misinformation not to an excess of information, we don't want security issues to circulate in l33t hacker circles, but we want to be made known to the public so they can get fixed quickly.
http://kerneltrap.com/article.php?sid=343
did anyone read far enough ahead to notice that documentation of changes can't be sent to him, just the changes themselves?
Katz??????? 12371;????? 356;? Does I am want walking to give gave to soccer all 'ass of Jon Katz the give you the to kick the ate OF Jon Katz donkey the Jon Katz will step? Jon Katz ' S? Have the to going to degrades the donkey OF Jon Katz??Jon Katz?
Sun has no chance here. Legacy technology like UNIX and Java have been eclipsed by the standards based Windows operating system. The standardization between desktop and server is finally here and Microsoft is ready to take advantage of it with software and services built on a secure and open platform, Windows XP
In America, the country most recently noted for the passing of the DMCA, the debate on the SSSCA, and Mr. Skylarov's most unpleasant circumstances has a quite different history. The United States began with an idea that all men were created with certain rights - life and liberty first amongst those. Those who fought to institute those ideals even gave us the oft repeated, "Those who would trade freedom for security deserve neither and will likely lose both" and "the tree of democracy must often be quenched by the blood of revolution." A great American author Henry David Thoreau who went to prison for his political beliefs wrote in 1849 Civil Disobedience. This paper brings to the forefront the basis of American freedom - to directly and knowingly break, disobey, and refuse the law heaved onto you. The Boston Tea Party is one of the most visual representations of this. American founding fathers were patriots and idealists, but on the other side of the pond they were rebellious, treasonous, criminals. Free Software (a title I can give the Linux Kernel due to its GPLed status) flies directly in the face of American Capitalism, whose basis lies in power through wealth, and wealth through possession. It will be persecuted for some time to come by American corporate interests that fear they have something to lose from its success. The same is true in all other capitalistic systems including the UK. I respect Alan as a coder. I think he makes a more stable and structured kernel than even Linus, and he is undoubtedly the number two person in Linux development. However, he chose to first to adopt and develop and controversial paradigm. He chose to take employment from an American company. Those are his choices to make; however when a law directly attacks liberty and freedom we MUST rebel against it. Yes, I state that it is our duty and our responsibility to break that law, as a moral decision. This is not to say that each of us can simply choose the laws they wish to follow, but when the overwhelming majority of experts in a field agree that a law has been created under false pretexts and serves to limit liberty - We are bound morally not only to oppose that law but to disregard its legal authority. As such Alan must either accept the responsibility of being in a leadership role in a freedom based technology, be willing to lead by example in the face of persecution and possible legal outcomes and stop pandering to the DMCA knowing it is wrong, or he must continue to be an excellent world respected kernel hacker not in a leadership role for fear of the consequences. I respect the coder, think his political decisions are daft, and hope he either steps to the plate and bats against the DMCA or steps to the bench.
I just want to say that, while I haven't read the thread, it sounds like, from what has been posted in this forum, Alan Cox has met with lawyers on this issue. The interpretation of what's happened that I have is that while he wouldn't necessarily be sued for his ChangeLog entries, he COULD be sued because they could indicate exploits that would circumvent the DMCA. "Could" is the keyword. And, as far as I'm concerned, Americans love to sue because it is, by far, the fastest and easiest way to make money (I'm an American. I have no love of Americans over anybody else).
Alan Cox may be overreacting. The DMCA is definitely overreaction.
I support Alan Cox. I only wish I had the position and, more importantly, the courage to take such a stand. Whether his stand is excessive or not, I believe he's right. And I believe the DMCA is unbelievably wrong. I have far more to say, but it all starts sounding extremist. And I don't want that.
In Summary: I support Alan Cox.
---Balon
really, get out of the us.
:)
scared about learning another language? good. so you'll see what it feels to be in a foreign country where people tease you for you accent. and you have to stay here to live.
but it's not that difficult. in most EU countries the state provides medical coverage, the lawyers aren't so powerful, nobody complains and blames and sues everybody because it's simply useless.
Yes, you cannot carry or own weapons. but don't tell me that ANYBODY of you who wants to own a weapon had to use it more than once since he/she owned it IN your house. beside shooting at the blue screen of death, of course.
finally, US passports/citizens are still accepted and wanted here in the EU, also because their technical knowledge.
isn't it time to get out and give your childrens new genes, so they'll be smarter?
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
The laws associated with copyright and information are so vague and general that it's not surprising that it could be determined that they prevent people from talking about security problems...
Think about it for a minute. Skylerov is in a US jail for a program that his employer sold -- this despite the fact that he put in safeguards to prevent his program's rampant misuse.
If current 'anti-terrorism' laws get passed, things are simply going to get worse... The government is going to be able to spy on us on spec, and arrest us because they 'suspect that he may do something nasty' -- like (in some cases) simply go on strike.
If our course doesn't change radically and quickly, I think that we are in for an information-age Mcarthy era. Cox was made aware of this specific writing on the wall, and he decided to take it seriously. He is, in his own way, inviting us to do the same.
There are times when it is appropriate to willfully break the law, but it should be done carefully and sparingly. Breaking the law just because it is 'inconvenient' is a bad idea. It opens you up to getting your ass really nailed to the wall later on when you do something to get people pissed off.
Cox is a high-profile person. The fact that he doesn't want to risk going to jail for a Skylerov style test case is not something that we should be denouncing him for -- we should be denouncing a law that is so broad that he has to reasonably worry about making security information available to people who have a reasonable need to know.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
I really have to agree with this.
It's about time to US stop creating laws that cripple our rights.
<rant>
They want us to stop putting information that they don't like? No problem. Just move the information to a server outside US, far way from their stupidy laws. If they somehow manage to get to that change, change country again and so on.
</rant>
why the hell would you put mutilated Barbies on your website other than as an artistic statement? Crappy art is still art, whether nor not you're an artist. And, just for the record, you can put mutilated Barbies on your website, at least according to one court decision.
Another question is wheter Adobe's programmes are legitimate. Reportedly, in Russia, technical measures like the one Dimitri's programme circumvents are illegal. So Adobe is just as legal or illegal as Dimitri's company.
quote from Alan :
As it stands I cannot legally advise the US security services about Linux security issues. Normally I'd find this excruciatingly funny but in the current circumstances its rather less humourous.
Alan
i lived in san fran for a year, returned september 5th to belgium and cancelled all my vacation plans back to the states untill this settles down.
The confiscation of all equipment and storage media would clobber the production cycle of any software house. Or just tying up key programmers in a legal maze for months or years.
If things get worse, a lot of development is going to move off shore by necessity while the legal situation in the US gets straightened out. Germany was actively recruiting (I can't find the link) Germans to return and other folks willing to work in Germany. They'd even throw in free language classes.
The long term solution is to keep working and not let the weirdness cause delays. At the same time make sure that the US catches up to Europe again. Otherwise it risks dragging down all of us. No one wins a fight except lawyers.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
"Don't forget that there already two Debian distributions.
One for the US and one for the rest of the world."
You have that backwards.
It's not one FOR the rest of the world.
It's one that can be exported FROM the US, and another that can be
distributed FROM the rest of the world (including TO the US.)
Let's face the facts: from European point of view US legislation is strongly influenced by industry interests, and with the current administration that's unlikely to change.
As well as the US government used to restrict encryption technology export out of US, it may become necessary for Europeans to take care of what they export into the US.
Alan Cox does not make a point (which implies he'd run a test or something). He simply draws consequences, which he can do without getting emotional, and does the initial step towards US/NonUS discrimination of information and maybe even development policy, with reference to the DCMA. Primarily to protect himself, what seems to be reasonable at least in my eyes.
It's easy to see how it is relevant. The DCMA does not mention cryptography:
Say you have copyrighted material on your PC. I can't get them because my account has not permission to access those files. Nothing fancy here: standard Unix permissions. So, what stops me from getting at those copyrighted materials is the standard linux permissions system. The DMCA, then, could be interpreted to consider the standard linux perms system to be a device to prevent me stealing copyrighted material, and providing information that allows me to circumvent that protection is a violation.
So, if Alan tells us "you cannot use method X to circumvent the protection in the new kernel" then the DCMA could interpret this as "method X circumvents the protection in older kernels". Bingo, Alan goes to jail, does not pass Go, and does not collect £200.
Mr C. appears to have taken legal advice in this matter that has told him the safest thing is not to tell anybody what method X was. Until there has been some more prosecutions and there is more precedent, this is the best advice he could recieve.
~~~~~ BigLig2? You mean there's another one of me?
Here's why:
1) They work for a government agency, so the law doesn't apply for them
2) Noone knows what the NSA does, so they aren't breaking the law as far as anyone knows.
3) If you decide to press charges against the NSA for trafficking a circumvention device, you will conviniently dissapear from the face of the earth.
4) If a company decides to press charges against the NSA for trafficking a circumvention device, all of their money mysteriously dissapears from all their bank accounts, they offices will be raided, because they might be spying for other countries and by some freak accident, one of the B2 bomers gets the wrong coordinates for a bombing run.
We do not live in the 21st century. We live in the 20 second century.
Well, as was reported on /. a few days ago, there's a known security bug in all 2.2 kernels;
/*
/*
... which just happens to be in the diff for 2.2.20pre11... Now, please don't arrest me. (you could arrest michael instead)
This is the fix:
@@ -552,12 +568,11 @@
}
- * We mustn't allow tracing of suid binaries, unless
- * the tracer has the capability to trace anything..
+ * We mustn't allow tracing of suid binaries, no matter what.
*/
static inline int must_not_trace_exec(struct task_struct * p)
{
- return (p->flags & PF_PTRACED) && !cap_raised(p->p_pptr->cap_effective,
CAP_SYS_PTRACE);
+ return (p->ptrace & PT_PTRACED);
}
Futhermore, it would be quite difficult to successfully convince U.S. legislators to change DMCA based on an absurd legal opinion. So, I don't know what exactly Alan hopes to accomplish. I've always had a lot of respect for him, but this all seems a bit childish.
The changelog does not constitute security testing, though. Writing and/or using a program which tests for a hole and merely says "You're vulnerable, install the patch" (or, if it's part of the patch routine, just installs the patch) qualifies as security testing. Describing the vulnerability, though, such that anyone could potentially write a program to circumvent the access control is not security testing.
Besides, If I'm understanding correctly, this clause says specifically that you can still run afoul of the clause I quoted.
--JoeProgram Intellivision!
This has occasionally backfired. In South America, particularly, we were often castigated for not supporting dmeocratic regimes. Of course we didn't--they're awful, with no concept of a rule of law. Unfortunately, we typically did not support republican regimes either, but simply various dictatorships. We threw the baby of republicanism out with the bathwater of democracy. Amusing 'twould be, save for all the various lifes cut short thereby.
What do you mean, "current president"? I think you mean "last two presidents." Mr. William Jefferson Clinton NEVER received even 50% of the vote.
Stopped posting as Scott Lockwood after I pointed you out to be Vlad, eh?
Irony is what happens when results don't meet expectations. When someone punches you in the nose, and you go to jail instead of the person who hit you, that's irony. If I say "I just LOVE what you've done with your hair" to a woman when she and I both know her hair is a mess, that's sarcasm.
So what is it if some guy punches you in the nose, and you say in response, "I just LOVE what you've done with your hair"?
pointless and futile, like commanding the sea to recede
I'll have you know that the sea is receding...wait..wait..it's coming back in...no wait....it's going back out...no wait...
Not like anyone is reading this thread a week later or anything:
2.2.20pre11
o Security fixes
- Quota buffer overrun , possibly locally exploitable (Solar Designer)
- Ptrace race - local root exploit
- Symlink local denial of service attack fix (Rafal Wojtczuk, Solar Designer, Linus Torvalds)
- Sparc exec fixups(Solar Designer)
here is some lame junk filter buster text. blah blah blah. this lameness filter can cause more harm than good when i have to waste time typing crap.
-- Spankmeister General