Slashdot Mirror
DMCA Forces Cox To Censor Changelog?
Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
Or maybe considering his past comments on not wanting to come to America anymore due to DMCA fears, he's just doing it to spark more debate. You know, get all the /. folks up in arms about the DMCA again and how it's keeping free information from being free. That'd be my guess, but YMMV.
People. He's just using this humorous approach to show us how ridiculous the DMCA can be.
Loban Amaan Rahman ==> Anagram of ==> Aha! An Abnormal Man!
We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.
I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.
I can't spell or type, but that doesn't mean I'm unusually stupid.
Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.
Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.
The site? http://thefreeworld.net/
What you seem to be forgetting is that the way the DMCA is written, they can *legally* go after him. The fact that they don't choose to is from my opinion just a matter of time.
Is Dmitri not a legitimate programmer? I think he is. Dmtitri writes programs which are legal in his country. He has never written a program in the US which violates US law. What other test of legitimate is there?
Alan needs to realize that, although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself. The people who have been targeted by the DMCA have been crackers: people who defeat lame encryption schemes and distribute point-and-click software that allows the masses to pirate. Although I fully support 2600 and Dmitri in their efforts (I have been a security engineer and I appreciate the truly talented invididuals in the field), DeCSS and the PDF utility are simply not in the same class as the Linux kernel and the other software Cox has worked on. He is simply a non-target and he needs to stop pretending that the DMCA affects him.
First they came for the Communists,
and I didn't speak up,
because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up,
because I wasn't a Jew.
Then they came for the Catholics,
and I didn't speak up,
because I was a Protestant.
Then they came for me,
and by that time there was no one
left to speak up for me.
by Rev. Martin Niemoller, 1945
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
it would not be used against a legitimate programmer such as himself
While it is unlikely that Alan would be arrested for fixing security bugs in the Linux kernel, he is quite right in saying that under the letter of the law, he might be. Even if you merely can be arrested for such an activity, then the DMCA is a bad law and must be repealed, or at least modified very substantially. So Alan should be applauded for taking a stand, even if (or exactly because!) that inconveniences some people temporarily.
As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.
Won't happen. From my experience, most of the folks on Slashdot tend to have a Libratarian slant to their polictics: no unions, business is good, goverment bad. That sort of thing.
The problem is that most of the real world allies for a DMCA fight tend to be progressive in politics, with the ACLU being the most obvious example.
The welfare of the people has always been the alibi of tyrants. - Albert Camus
Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...
I would half agree....
/. had statments from a bunch of the presidential candidates during the last election?
I see alot of both libertarian and socialist slants actually. (which are very similar on some fronts - moreso than they want to admit - and vastly different on others)
Who else here remembers when
I dunno about anyone else, but I found myself agreeing about as often and as strongly with the peice by the socialist party candidate as the libertarian one. (and very seldom with others).
In fact on unions, buisness, and government, It seems there are alot of polar views here and few middle of the road ones.
-Steve
"I opened my eyes, and everything went dark again"
The DMCA is only one of the many laws which make the USA into a police state. AC's intentions are good but he's got a lot more battles in front of him before the U.S. can be considered safe from authority abuse.
-CT
alan needs to take a man's stand and publish the logs....Matin Luther King jr did this sort of thing.....Alan needs to do this sort of thing....if he gets arrested how can the DA deamonise him to the jury?
DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"
defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"
I am the Alpha and the Omega-3
On a list that reaches US citizens - no. File permissions and userids may constitute and be used for rights management.
By that theory, telling somebody how to set the root password on their Linux machine constitutes trafficking in circumvention technology.
There are two conclusions from this. One, Alan is being stupid and overzealous, even if he did find a lawyer who told him that posting information about the security fixes could violate the DMCA. Two, the DMCA is a stupid and ridiculous law, and the full level of its stupidity (and the stupidity of our lawmakers and law enforcers) is being demostrated by the DeCSS, Felton, and Sklyarov cases. I am embarassed to be a citizen of a country that has such a law (although it will take the SSSCA to force me to flee the country as a political defector, the DMCA isn't enough to push me that far).
The DMCA has got to go, but I fear I see no way in the world that we'll ever be able to get rid of it short of it being declared unconstitutional, or short of extreme campaign finance reform that remakes Congress into representatives of their constituents.
-Rob
Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.
Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.
He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.
Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?
Would that make diff and vi circumvention devices?
I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.
Now THAT would raise a stink.
I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and angry...so much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.
--"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
You aren't comparing the Skylarov case to the Betamax case are you, because if you are that's stupid.
digital copying != analog copying
copying != timeshifting
Betamax did not break any encrytion and there was no DMCA at the time.
In the Betamx case the decision reflected the fact that "timeshifting" is not a violation, and VCR's have substantial non-infringing uses. The decision did not give VCR owners permission to start copying copyrighted works.
Dimitry wrote and sold software that was designed to violate copyrights. Even without the DMCA the ebooks license specifies you may not make copies and contrary to Slashlore there is no indescriminant "Fair Use Right" that allows this behavior. Had Sony marketed the Betamax as a method of illegal copying protected material they likely would have lost their case as well.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
The difference between a Socialist Linux Zealot and a Libertarian Linux Zealot is this: the SLZ would nationalize Microsoft and open their source code for all to use-- and hopefully port the valuable pieces to Linux (eliminates all competition), the LLZ blames the consumers who refuse to make intelligent use of their free markets and figures that if they get screwed by MS on an ongoing basis that they deserve it. And it's hard not to agree with both of them. *grin*
I do not have a signature
Basically, the DMCA is terrorism.
Got friends?
Actually, this is an example of Work to Rule. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.
While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.
I would have to disagree that he is "letting them win." This appears to be one step of a brilliant plan to get the DMCA thrown out. This change-log can now be introduced in court as an example of the DMCA "chilling" free speech. The EFF should be collecting huge piles of examples to introduce as exhibits in DMCA cases.
Now another good step would be to find an employee of a large company (Microsoft would be nice) who writes about a bug or exploit in their company's product and have them arrested for publishing a circumvention device. Anyone wanna go through the XP Beta groups and try to find an exploit that wasn't fixed and was discovered by a Microsoft employee? If Microsoft or any major company turns their money and legal teams against this law, it will fall faster than a dot com stock.
Simply, real examples of the "chilling effect" need to be documented for the Dimitry trial and other trials that will happen. These will go much further in getting the law overturned than messages to our Congressmen.
Viv
Gmail invites for ip
I'm a little lost, but it looks like he's being overzealous.
I don't think so. Alan is trying to prove a point. That point being: The US is being rediculous with that DMCA.
There WAS a bug, there is no longer. Publishing the bug means you're providing people with a "circumvention device" (on the older kernels). The DMCA forbids that.
Alan is being rediculous with a purpose. The more people realize that this DMCA is rediculous the more they will be inclined to complain to their senators or whatever means those Americans have to influence their politicians.
Roger.
What was said:
DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"
defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"
What the jury understands:
DA: This foreign computer programer told other programers how to break into computer systems.
Slashdot Defense: Blah blah non-American blah blah hacker blah blah bad government blah blah fix computer blah blah.
Jury: The defense made no sense. He must be guilty!
Viv
Gmail invites for ip
Thinking this through, the DMCA says that you may not publish information that leads to the circumvention of any content security device. Cox has decided that file permissions constitute a content security device (which they do, but normally in a difference sense than the DMCA is applied).
To be honest, going by the letter of the law, this makes some sense. By publishing the flaw's details, earlier kernals are open to exploitation via the flaws, thus unsecuring the content currently protected by the file permissions.
Stupid, yes - but a realistic reading of the letter of the law, if not the intent. But then when did intent matter in law?
Sig under construction since 1998.
sorry to tell you this, the U.S. is a Constitutional Republic
How much of the US constitution needs to have been voided before that bit goes?
Red Hat has perhaps more to lose from too-stringent definitions of the DMCA, or from the enactment of the SSSCA, than any other corporate entity in the United States.
Alan notes that he is acting on legal advice, and does not elaborate.
Perhaps it stands to reason that this is not merely Alan's radical position, but a tool that will aid an incipient Red Hat fight against the DMCA/SSSCA.
If Red Hat wants to fight the DMCA, they must first be able to reasonably claim that the DMCA makes it prohibitively difficult for them to do business.
Think about it. It'll come to you.
--ever wonder why anonymous cowards post anonymously?
For example, if I enter into a contract to, oh, sell you illicit drugs, and I provide the drugs, and you don't pay, I can not seek redress from the courts. In this case, if someone produced code designed to harm or otherwise compromise a computer system, I seriously doubt they could cry "copyright infringement" if someone explained how to render such an exploit ineffective.
Though, given the bizarre and insane state of current U.S. legislation, I would still be wary of such a silly charge sticking.
Of course I am not a lawyer, so don't take this as legal advice.
You could've hired me.
He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.
If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.
Since Skylarov this law has become a very real threat to non-US-citizens.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.
Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks