Slashdot Mirror
DMCA Forces Cox To Censor Changelog?
Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
Just a thought.
sulli
RTFJ.
didnt he release 2.2.20-pre11, instead of -pre10?
"but it looks like he's being overzealous."
Alan Cox? Overzealous? Nah! I can't even imagine.
Why bother.
Hey, remember that time Felten wrote a paper and couldn't release it cuz it was a circumvention device?
Or that time I wanted to play DVDs in Linux and couldn't because I needed a circumvention device?
Or when some Russian dude got locked up away from his family because he wanted to let blind people use eBooks?
Overzealous my ass. This is a problem and we need to take a stand, whether it's "reasonable" or not. People need to understand what is at stake - and what better way to help that process than by showing them?
open source UNfriendly?
Kinda looks like that is Cox's interpretation.
there are 3 kinds of people:
* those who can count
* those who can't
Last time I checked, Alan Cox didn't live in the US. And he has been vocal about not holding conferences in that country - because of what happened to the eBook fair use guy - so I imagine he's not intending to travel there either. Is he trying to establish a precedent that restrictive laws passed in one country apply worldwide?
-- Ed Avis ed@membled.com
I stopped reading at this point.
"Unix-style permissions could be used as an anti-circumvention device"
Yeah..and if you list all the files, and use the file attribute flags on each file, 4 bits per file, you can clearly see it says "DEATH TO THE INFIDELS!"
It'd be great if people could read the threads here and try to figure out what is going on.
Unfortunately, it looks like the site might already be hosed. How about if we just speculate wildly, make irrational calls-to-action that will never commence, throw in a few anti-government rants, and top it all off with a good old fashion linux/bsd flamewar?
You know, the usual.
People. He's just using this humorous approach to show us how ridiculous the DMCA can be.
Loban Amaan Rahman ==> Anagram of ==> Aha! An Abnormal Man!
Alan needs to realize that, although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself. The people who have been targeted by the DMCA have been crackers: people who defeat lame encryption schemes and distribute point-and-click software that allows the masses to pirate. Although I fully support 2600 and Dmitri in their efforts (I have been a security engineer and I appreciate the truly talented invididuals in the field), DeCSS and the PDF utility are simply not in the same class as the Linux kernel and the other software Cox has worked on. He is simply a non-target and he needs to stop pretending that the DMCA affects him.
-sting3r
2.2.20pre10 is the 10th test release on the way to being the stable 2.2.20 release
For those of us who were wondering what the hell 2.2.20pre10 is, it's the Linux Kernel update. Of course, this being Slashdot, we automatically were supposed to know that, right guys ;)
Not that I didn't know that of course *nudge nudge* wink Wink*
We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.
I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.
I can't spell or type, but that doesn't mean I'm unusually stupid.
OK, I'll bite.
Seeing as the link was to the Linux-Kernel mailing list, and Alan Cox is one of the keepers of the kernel, we're talking 2.2.20pre10 of the Linux kernel (possibly the ac fork?)
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
release of what? What software?
- In Capitalist America, law violates YOU!
That's Linux (kernel) 2.2.20pre10
Alan is the maintainer of the 'backlevel' (2.2) Linux kernel. The last version of the 2.2 kernel was 2.2.19, and AC has been inching it towards 2.2.20 for several months now.
"values of beta will give rise to dom!"
It is in reference to the linux kernel.
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Pla
In related news today Senator Fritz Hollings, author of the SSSCA proposal, recanted stating:
"I just downloaded the latest 2.2.20pre10 and found censored changelogs! This will seriously impact my l33t hax0r activities. I finally see how my SSSSCA proposal will impact freedom. I am official withdrawing my proposal effective immeditely."
Apparently Alan Cox's plan to publicly demonstrate the absurdity of the DCMA and SSSCA in a place that would hit congress where it hurts has paid off.
- For the complete works of Shakespeare: cat
Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.
Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.
The site? http://thefreeworld.net/
linux kernel.
--- d'oh
he's venting. I've done this at work when writing applications for stupid people who can't read the error message. I'll make dummy variables with their names on them. Like stupidAmy=110 or whatever.
And in his venting, i think he is also hoping to make a point. Most legislation regarding things like this is stupid, pointless, and a waste of energy.
The only thing I can say about policy makers like that is that they provide carbon dioxide for the plant life.
It's easy to stand out when the general level of competence is so low.
As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.
If Alan is trying to make a point, that's something I understand.
If he's actually concerned that what he's doing would put him in jeopardy because of the DMCA, is he releasing a version of the patch that doesn't contain the fixes?
After all, the code is what would break the law, not a description of what the code does.
doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
Yes, and file protections can do that.
I have a file called README.TXT I don't want anyone to copy - so I do chmod 0600 README.TXT
This effectively prevents anyone but me from reading or copying the file.
Looks like the info in the changelog might give someone an idea of how to circumvent this, so that means that the changelog would be in violation of the DMCA.
can you imagine m$ publishing release notes of what was actually changed for the release? now, imagine some geek being able to cross check those changes in the code? what a horid job that would be.
:)
at any rate, i applaude Alan for the stance. The DMCA is a P.O.S put together to benefit the lobying dollars of the RIAA and MPAA, nothing more. i am MOST surprised it's taken sooo long for this law to be challenged appropriately in the courts. i guess since our judges are all worked out from trying to decide weather a dimple is a chad, or a vote is a vote, or even weather votes can or can't be re-counted.
aaahhh the american way
Hey, I am now working in US and 12 years ago when I was 14, I have circumvented copy protection on Atari games for profit, some of which are still avaiable in the local Atari Club. It was perfectly legal back then and there. But does it mean I am a felon now that I moved in US? Does it mean that I can expect up to 5 years in prison and $5 mil of fine? I'd rather not think about it, but even more I would like this DMCA law to by GONE!
If programs would be read like poetry, most programmers would be Vogons.
How does this site (or idea of this site) jibe with the Hague Convention (and other international treaties)?
Others are bemoaning the fact that USian law is screwing with the rest of the world (IOW, residents of... Portugal, for example, can't get a non-edited changelog because of this), but given the implications of the law (Dmitry can be hassled, whether or not he broke a just/unjust law, as can AC and others) why wouldn't Alan et. al. do something like this?
Unfortunately, while it may in fact piss off many people, we don't have the fundage to change the law. Now, perhaps Alan could replace the offending changelog with some ideas on how to convince grandparents, soccer-moms, etc. that open information on circumvention is a good thing.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Anyone that can read C, or at least guess a little could surely use the source code/patches to figure out what has been done.
Is this demented reverse-engineering of Changelogs going to mean Alan Cox will not release the source code to the US now too?
IMHO, it's all a little out of hand for a UK citizen (although Tony Blair does tend to jump at US ideas - who knows when he'll decide to implement the DCMA over here in the UK :-)
He's not only being over-zealous. He's being downright dumb. The chance of this actually being used against the developers is so small that it's almost unimaginable. He's just trying to piss off the US citizens who want to know what the vulnerabilities are so they'll get the law changed. We've been trying to change the law but Congress doesn't give a damn. If he's too much of a damn coward to take a chance and post known security flaws so that we can look for other ones which might be related then he needs to pass the torch to someone who won't be such a coward. Hell, he can email me with all those vulnerabilities and I'll post them publicly. I'll be your damn martyr if that's what you want because I'm not afraid. This is getting ridiculous. It's no longer open-source anymore. Now it's open-within-the-confines-of-the-law-source.
Chapter 12, sec. 1201. In other words, anything that happens to be protecting copyrighted work falls under the DMCA's jurisdiction. So, if you happen to be protecting copyrighed work by chmod'ing it 600 and someone cirvumvents your Unix file access, they're violating the DMCA and can be sent to prison or fined a lot of money.
Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...
But I admire his making a stand. After all.. he can document his changes however he sees fit.
As for the DMCA... Doesn't it only protect technical control mechanisms that enforce the rights of the authors?
In other words.. a company can't pick 'rot13' as an encryption method, because you can't claim that a rot13 decodes is 'primarily intended to circumvent copy control protection' on a work.. because they have existed for ages and have other, well defined uses.
DECSS, on the other hand, does not. Sure, it can be used in a DVD player.. but other than that, it has no practical applications.
So what's this DMCA about? IANAL, but I can see really clearly tell what it's doing to Alan Cox here. abridging freedom of speech. If I were an american I'd be ashamed of it...but I'm not one. I live in a free country.
0x or or snor perron?!
More info linked from here...
Includes links to more DMCA info, and some of Alan's thoughts on the matter
Alan Cox being a major figure in the Linux world. He maintains the 2.2 stable series, as well as a 2.4.x-ac stable series. When Linus Torvalds moves on to the 2.5 Linux development series (soon), Alan will be fully in charge of the current stable 2.4 series.
Or are your diaries also subject to the DMCA? I doubt that...
Yup, he is preaching to the choir.
Thats not so bad though.
Just because we agree, doesn't mean we are doing anything about it. He is demonstrating how this can hit home, making it hit home.
The point of action and speach isn't always to change minds that disagree, sometimes it is to change minds that agree.... to align them more tightly, to galvanize them into action.
-Steve
"I opened my eyes, and everything went dark again"
In the US Constitution, Article 1, Section 9, Ex Post Facto laws are expressly forbidden.
In English, that means that no law may be passed condemming actions that have already occurred. Of course, I'm not a lawyer, so take my advice with the appropriate quantities of salt.
In Virginia there is an election for Governor. One of the candidates (Mark Earley) was the primary supporter for UCITA. For this reason, I will be voting against him and for his opponent Mark Warner.
Hopefully, if enough people vote against Earley we can send a message to other politicians that we won't vote for candidates who are willing to sacrifice the rights of computer users.
hawk
Sounds Republican to me.
I disagree. Republicans tend to not like business that deal in porn, etc, things they find morally offensive (however you feel like defining that).
And they certainly like the gov't when its enforcing the things they like.
Not that no unions, business is good, goverment bad is a good overview of libertarian policy either. Gov't isn't bad. Big, over intrusive gov't is bad (if you're a libertarian).
Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.
Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.
He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.
Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?
Would that make diff and vi circumvention devices?
I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.
Now THAT would raise a stink.
Ok, I'm a Canadian.
Inevitably, my traffic to/from thefreeworld.net is going to pass through US sites (well, it does, I just did a traceroute).
The same data are moving along wires in continental US. How is that different from the data being digested by eyeballs in the US? Will you have to draw this distinction?
Is this going to affect my ability as a Canadian to have access to your site?
Gotta love the inter[national]net...
-ben
myselfmusic
I can't agree with you more.. Sometimes I wonder if he says stuff just to piss people off so they write more.. You know, like on MSNBC and foxnews, they have arrogent, self-centered reporters just saying crap that pisses you off just so you watch it more. Then you have the extreme people who completely agree with the comment as well.. meaning that they have the attention of everyone... Like other big media, slashdot needs to get users and attention.. these 2 players equal large revenue, so next time one of the editors writes something you don't agree with, just blow them off, otherwise when you click the submit button realize you're just putting money in their pockets.
(And yes, I know I posted, but trying to get my point across to not to support them entirely)..
It doesn't need to be a fork. Cox maintains the 2.2.x series, which is now superceded by 2.4.x for most new installations and upgrades. But there are those systems out there that are on 2.2 that need security updates and bug fixes.
I do not have a signature
chmod 600 metallica.mp3
chown riaa metallica.mp3
Then only programs with suid riaa could access metallica.mp3. Of course, that wouldn't do much good when you know the root password. I assume that what's going on isn't so simpleminded.
I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and angry...so much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.
--"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
I would like to tell you my view on it, but I am forced to censored it in accordance with the US DMCA.
Oh, wait, I don't live in the US...
So sometimes the British were just retreiving their missing sailors yet sometimes they were illegaly preying on nuetral shipping (hell, it was not unknown for Royal Navy ships to press crew from their own merchant ships). Eventually there was a tussle over it (and other issues obviously) that ended in stalemate but the Napoleonic conflicts were also winding down which led to a smaller RN and the issue became moot.
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
I guess he's saying one bit constitues a device.
Got friends?
Oh sure, just the sort of thing we'd expect from a stinkin' EMACS USER!
Since many are accusing this of being the United States of Corporate America, one must realize the target of AC's jab, here.
/.ers gripe about, but because it's ill specified and poorly written, and thereby has unforseen consequences. Those unforseen consequences can mean bad things to other businesses.
Businesses are getting to be dependent on Linux, more and more. They see the benefits.
Isn't that the point, after all?
But now this little DMCA thing is being surfaced as a possible negative to the business community. So far it's been below their radar screen. The only significant business awareness of the DMCA has been from the proponents on the media side. Here comes a warning shot saying that the DMCA is bad legislation, not only out of a 'principle thing' that
We need allies on this, because as long as it's only a Geek Issue, we're going to get rolled over. IMHO this is a recruiting effort.
The living have better things to do than to continue hating the dead.
Could somebody please explain to me why...
Alan Cox (is) ??
I'm pretty concerned about what legislation is going to be passed in the next few weeks.
With this anthrax scare basically shutting down the Congressional delegation's staffs, no research is being done on upcoming legislation. Letters aren't being read and concerns aren't being heard.
Just because their staffs aren't working though, doesn't mean Congress has. Vows have been made for them to continue working while the offices are shut down, so votes are still being made.
That doesn't mean we should stop sending letters and making calls. But jeez, scary!
obviously no deficiencies vs. no obvious deficiencies
This won't work unless you plan to never visit the USA - the courts in california have already ruled that they have jurisdiction over the whole internet.
Comment removed based on user account deletion
*sigh*
Only in America.
+++ATH0
Actually, this is an example of Work to Rule. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.
While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.
Please don't block by IP Address or domain name
Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?
'Fraid not. The U.S is not a democracy. It's a Republic. And it's very rapidly turning into a Corporate Republic.
Voting and all this democracy talk is just masturbation. If people's votes actually mattered then you'd have much higher voter turnouts. If you could actually vote for your party instead of an "electoral college" then maybe you'd be closer to democracy as well.
And the most important distinction between a republic and a democracy is that you can't vote on laws and bills. Only the government can. In a true democracy 51% of the public can piss on the other 49%. But in the U.S the government pisses on everyone.
--
Garett
It just seems to me that the best way to deal with the DMCA is keep publishing the material. This causes a stir, but isn't quite so good as actually putting the details in a changelog--also, since the code is open, can't people still figure out the changes?
Sigh. I just want to know what's in my kernels...preferably without learning C first and reading them.
Thanks for the info. I wasn't sure if the ac kernels were a fork or not (hence the question mark).
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Shameless plug: There are also German summaries for the ptrace() and symlinks. Well, with the recent advisory on the security problem in Windows Media Player (regarding DRM), I shouldn't travel to the US while the DMCA is in place.
It'd be great if people could read the threads here and try to figure out what is going on.
Isn't that your job, mister slashdot editor???
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
She's Canadian. We take no responsibility for her jagged little tantrums.
We don't have money we have NOTES. Federal Reserve Notes. You can't buy anything only exchange debt with them. "Legally speeking" You can get money but I dought you have ever touched it in your life. The bumber about trading debt is technocally you can never get out of debt even if you THINK you owe nothing, the fact that you have a hand full of Federal Reserve NOTES in your hand means you have debt. You are obligated to pay interst on your debt. These NOTES are part of the national debt...... Think about that.
Save Bob OK! put down the club,You DO have the right to tax me!
I know this can be considered flamebait, but, let's go.
Hey, can't Torvalds do this from his home country? I know he lives now in US, but can't he do this, in a server outside US?
If he can't I can, I'm not a American Citizen, and I don't live in US. I'll publish this here in Brazil, and to hell this dam DMCA, we need to comunicate with each other.
Will the whole earth be prejudiced by a stupid American law?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
This is insightful?
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
Isn't he under obligations to make this information known? I think the kernel is liscenced under the GPL. If I remember correctly, it would fall under item 7:
"7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."
Maybe I am wrong and the Kernel isn't under the GPL, but if it is, Alan is obligagated to make the information available too all--without regards to what nation they are in. In essence, if the kernel is covered by the GPL, in it entirety or just this part, this is a voilation of the GPL liscence. He can't simply change the liscence becuase the version he made changes to would have been released under the GPL.
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
Claming to be a democracy when the current president got less than half of the votes cast by less than 50% of eligible voters. This just proves that it is not even a proportional representative republic.
We have Cox's specific assurance that there is a weakness in the permissions system of 2.20pre19 that isn't there in 2.20pre20. So running diff on the sources and then examining those parts which involve permissions should reveal exploitable weakness(es) -- presumably weaknesses also extant in 2.20 and in at least some of the 2.4 series. We're talking about a significant chunk of America's network infrastructure.
So, AC has provided clues which point fairly directly to an exploit. Not only that, he's done it in a way almost guaranteed to bring more attention to it than if he'd just routinely included it in the change log. And he's done this in wartime. Can we not prevail upon Britain to honor current extradition treaties for crimes of this stature?
Let's show our good friend what _American_ irony tastes like!
"with their freedom lost all virtue lose" - Milton
>Its based directly on legal opinion.
I didn't finish reading the thread, but he should have answered the following:
1) Whose legal opinion (in other words, somebody with legal background, or AC?) If you seek a legal opinion from a lawyer, you own that opinion, and you should be able to use their name or the name of their firm if somebody asks where it came from.
2) What is the argument backing up the opinion?
3) Citations to back up the argument: statute or CFR.
It's like a office equipment technician saying "due to a 'legal opinion' I'm no longer going to service photocopiers that could be used to counterfeit money, as there could be legal implications for me." If you're going to screw a bunch of people who have contributed to your project, the very least you can do is allow rebuttal against this "legal opinion."
AC is either in political statement mode, or CYA mode, neither are benefitial to the linux user and developer community. This sort of BS can easily be spun towards "linux not ready for enterprise deployment" land.
Furthermore, AC can not "censor" anything. That's a function left to governments. If he got a court order saying "do not release security-related portions of the changelog" that would be censorship, without the court order it's AC interpreting the law, or incorrectly interpreting legal advice, or being political, or ass-covering.
As a final PS, if I do diffs between the sources to figure out what changes were made that he suppressed from the changelog...he's making ME violate the DCMA by his definition! Thank you AC, on behalf of everybody in the US who uses linux. You sure showed us.
AC's cheerfully ignored
Huh? When I lived in the US, I practiced "civil obedience" when it came to speed limits: I never broke the speed limit (not strictly true - I broke it exactly once in 4 years, because I was late for a class).
I can assure you that nobody, and I mean nobody else obeyed the speed limits. In fact, it would be quite dangerous if they did. It made everybody nervous that I drove so slow, and in fact most of my friends considered me a hazard due to the fact that I followed the law.
Next time you're in a car with somebody who claims "I don't speed" look at their speedometer and be sure to point out to them every time they exceed the speed limit (15 miles per hour in a school zone, 25 miles per hour in town, etc). What they really mean is "I drive a reasonable speed", which is quite a different thing altogether.
I never saw a speed limit changed because of my driving, either.
Shoot me. "<" 2.20 - didn't catch on preview that the less-than carrot gets eaten even in POT.
"with their freedom lost all virtue lose" - Milton
Post a lame off topic comment, then post a reply to your own comment a mere 2 minutes later? Too bad slashdot doesn't have points specific for "nice troll, but it's been done before, so you lose". Too bad your Spelling Check XP didn't catch your mistakes in the comment.
now we need to go OSS in diesel cars
If I had to make an educated guess, I'd say that these mysterious "security fixes" are probably to fix the recent root exploit. I'd imagine that AC would do this, that way there is a secure 2.2 kernel that users can move to. The 2.2 series is very actively used, (not everybody uses 2.4) and this makes sense.
As for the DMCA, what a pile of crap! I'm an american, I have the right of free speech. The right of free speech supercedes the DMCA. Period.
Skiers and Riders -- http://www.snowjournal.com
the problem with starting such a site, is that if the author visits US, they still might face charges, ie; the case of the eBook Russian programmer.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
I'm a little lost, but it looks like he's being overzealous.
I don't think so. Alan is trying to prove a point. That point being: The US is being rediculous with that DMCA.
There WAS a bug, there is no longer. Publishing the bug means you're providing people with a "circumvention device" (on the older kernels). The DMCA forbids that.
Alan is being rediculous with a purpose. The more people realize that this DMCA is rediculous the more they will be inclined to complain to their senators or whatever means those Americans have to influence their politicians.
Roger.
France too. Remember the Yahoo suit?
He is not doing this to make a point he is doing this to AVOID being sued. Do you think BSD will be exempt from the same LAW ??? Stop smoking crack and wake up....This legislation affects all software...even BSD
errr....umm...*whooosh* *whoosh* Is this thing on ?
Why should you want information about scurity issues or security patches? From now on the law protects your servers against terrorists. :-P
Couldn't resist. In fact it looks like the whole shit (PDF w.o. translation) is coming to Europe (Swiss). That doc is a very corporate friendly proposal for new laws about copyright and reverse engeneering.
--
Why is it that I almost always check "No Score +1 Bonus"?
--
perl -e'$_=shift;die eval' '"$^X $0\047\$_=shift;die eval\047 \047$_\047"' at -e line 1.
Methinks it's time someone replaced the aluminum foil liner in his hat, it's wearing thin.
Ben "You have your mind on computers, it seems."
Probably this is what the situation is.
Anyone who discloses a hack of any kind is committing a crime by helping other people to crack systems.
If Alan Cox had disclosed how the hack that he just fixed worked, then the disclosure of the just-fixed hack could be used to crack systems that are not yet patched.
Ergo, disclosure of the bug that he fixed would be illegal in the USA, and that means that by disclosing this to people in the USA would land him in prison next time he arrives in the land of the free!!
If the "Details censored in accordance with the US DMCA" does that mean that 2.2.20 will not and can not be released in the US???
Think about it, if Alan can not tell us in plain english (as in this code causes this, etc., etc., etc.) what the problem is, can he tell us via code??? Simply put by downloading 2.2.20pre10 and 2.2.20pre11 and doing a diff we could find the answer ourselves rather easily. Heck we could even do this by doing a diff on 2.2.19 and 2.2.20 (when released) with a little more work.
So where can the line be drawn? More importaintly, can the US see 2.2.20? And if we can, do I (US citizen) have the legal right to compare 2.2.20 w/older versions in the 2.2.x tree???
Curt Rebelein, Junior
"Anything worth doing is worth doing to excess"
The point of the changelog censorship is not the ability to "chown riaa" in this (or any kernel), but that it is fixing a vulnerability in the old one where someone may be able to bypass "chown riaa". I think the idea is that publishing more details on the vulnerability could assist others in bypassing file permissions, theoretically making A.C. responsible for assisting circumvention where file permissions are used to protect copyrighted material.
Caveat Emptor is not a business model.
Microsoft, especially after some of the recent comments concerning publishing exploit code, would be about the LAST person to go against the DMCA. Give them a chance to go after folks publishing exploit code to demonstrate vulnerabilities and I'll bet they go after them. (sigh)
Microsoft doesn't appear to want good (secure) code, they appear to want to go after folks writing the demonstraiton code to cover up their mistakes....
Build it, Drive it, Improve it! Hybridz.org
There are laws all over the place that would restrict you in other countries! :-) Unfortunatly in the case of the DMCA it's occuring in a ocuntry that's supposed to be "free" which makes it mighty ironic doesn't it? Travel to some of the armpits of the world and you'll see just how unjust some laws can be. Some countries will limit your education based upon gender for instance - not cool...
Build it, Drive it, Improve it! Hybridz.org
The site? http://thefreeworld.net/
This is a great idea, it's just too bad that this is the way it has to be. It seems stupid that the US can screw up research just because they have a congress which likes to impose backwards laws on the rest of the world. When will it end? just hope the "War on Info-Terrorists" isn't the same as the "War on drugs" : pointless and futile, like commanding the sea to recede. So far it looks that this is the way it'll be...
JUST SAY NO TO ENCRYPTION!
yeah that'll work...
If the DMCA makes circumventing copy control devices illegal and the SSSCA makes it illegal to manufacture devices without copy control what do you end up with?
(At least then the Disney won't be trying (or need ) to indefinitely increase the copyright duration anymore.)
penguinicide... when jumping out a window just won't do.
We need to add IP options that list allowed or disallowed countries for a packet to go through or to. We could also have a bit which says by default if a packet is allowed into other countries or not. We could then have a standard for international routers to drop packets that have a disallow option set for the destination country, or have the disallow by default bit set and do not have a specific allow record for that country.
Just an IP option that says allow/disallow and the Internet country code, and a bit in the header for the default allow/disallow setting is all that is required. Routers could be made to deal with it without too much work. Only routers with interfaces in more than one country would have to do anything special, the rest could ignore those bits and options (they would still need to be preserved and propagated).
Stuff that would be required to stay in a given country, or stay out of a given country could then be kept within or outside of the national boundries.
You say that is fascist? You are right, but it will save a lot of people's behinds. And when people can't get around it, there will be much political protest. When people can circumvent it, and get data to/from other countries anyway, nobody really tries to change anything.
It has been said the best way to get rid of a bad law is to have it enforced strictly.
Perhaps the same principle will work, when people can plainly see the Internet getting sliced up before their eyes.
Put a frog in water and boil it and the frog dies. It is too gradual to be noticed. Throw a frog in boiling water and it jumps out.
Having people suddenly lose connectivity to much of the world and the sites therein will wake people up (hopefully).
Just because it CAN be done, doesn't mean it should!
which really are a debt instrument of the Federal Reserve System
which really isn't part of the Federal Government
for silver. We had previously lost the right to redemption in gold in 1933.
Thinking this through, the DMCA says that you may not publish information that leads to the circumvention of any content security device. Cox has decided that file permissions constitute a content security device (which they do, but normally in a difference sense than the DMCA is applied).
To be honest, going by the letter of the law, this makes some sense. By publishing the flaw's details, earlier kernals are open to exploitation via the flaws, thus unsecuring the content currently protected by the file permissions.
Stupid, yes - but a realistic reading of the letter of the law, if not the intent. But then when did intent matter in law?
Sig under construction since 1998.
not the unix permissions system itself. Publishing what bugs existed would allow people to write programs that would exploit unpatched systems.
The SSSCA, which could become DMCA's darker sibling, has even more for Alan Cox to ponder. In fact, I just finished a weekend writing a fairly long letter to my representatives, and sent it only a few moments ago, so that it may get there in time for a Senate Commerce Committee hearing on the 25th.
The full letter is at http://www.halley.cc/ed/politics/2001-10-22.conten t.control.html. I welcome comments, and the letter may be reprinted with attribution.
[
If you are writing a driver for a DVD card, it could be used with DeCSS and you could be found in violation of the DMCA for creating and distributing part of a circumvention device. $250 statuatory damages minimum ($2000 max) or "actual" damages/profits for every circumvention. And a felony (with all the lifelong civil disabilities that entails, plus a possible 5 year sentence first offense, 10 years anytime thereafter) if you did it for "commercial gain".
If you live in or visit (or plan to visit) the US, this can affect you.
Be careful.
Just because it CAN be done, doesn't mean it should!
I can tell you whats legal in the U.S. these days. It is whatever the corporations says is legal, nothing more. five to ten years and we will be wondering what that "Freedom" thing was......oh well back to being a mindless drone in the vast corporate machine, otherwise known as U.S. Inc.
if you want "No More Hiroshimas" then I say "You First. No More Pearl Harbors."
The only way to be safe is make sure that you are obeying the law of every country in which your information can be viewed or transmitted through.
Unless you never plan on visiting there and it isn't an extraditable offense, and we don't have an agreement (like the Hague accord) to prosecute you for breaking a foreign law.
Even that is not enough - that assumes fair legal systems everywhere.
So many countries could reach out and smack you down, possibly with our help (the Hague accord would be used perhaps)
Oh well.
Just because it CAN be done, doesn't mean it should!
The only safe speed limit for a street where kids can play unattended is ZERO.
It isn't safe for kids to play unattended around moving vehicles.
How about some better parenting in this country?
Although idiots taking themselves out of the gene pool might mean the next generation will be smarter than this one.
Just because it CAN be done, doesn't mean it should!
Either we say that code is speech (thus gaining a few corollaries about freedom, etc.; cf. Felten, Touretsky, Sklyarov).
Or we don't.
By making a difference between his kernel's code (which he is releasing, or so I hope), and the comments on that code (which he is withholding), isn't Alan Cox inadvertently fueling an argument that, after all, code != speech?
Timeo idiotikOS et dona ferentes
If this is true then Bugtraq is in *big* trouble. They'll have to at the very least unsubscribe all their US members.
sorry to tell you this, the U.S. is a Constitutional Republic
How much of the US constitution needs to have been voided before that bit goes?
Most of us care, but not enough to make an effort.
The average voter has no idea who their enemy is. The average voter does not know that the giant media corporations are trying to fence in everyone who wants to read a book, listen to a piece of music or (God forbid!) enjoy a movie on their viewing device of choice. Not unless they can ensure that every time "their property" is perused, you have to pay.
The giant media corporations are the enemy. The problem is that most of you will scream bloody murder for every piece of stupid IP controlling legislation that is passed -- yet tomorrow you will take your kids to Disney World, or buy them a Mickey Mouse T-shirt...
We've lost. Apathy was the big winner. I'm sorry.
Red Hat has perhaps more to lose from too-stringent definitions of the DMCA, or from the enactment of the SSSCA, than any other corporate entity in the United States.
Alan notes that he is acting on legal advice, and does not elaborate.
Perhaps it stands to reason that this is not merely Alan's radical position, but a tool that will aid an incipient Red Hat fight against the DMCA/SSSCA.
If Red Hat wants to fight the DMCA, they must first be able to reasonably claim that the DMCA makes it prohibitively difficult for them to do business.
Think about it. It'll come to you.
--ever wonder why anonymous cowards post anonymously?
For example, if I enter into a contract to, oh, sell you illicit drugs, and I provide the drugs, and you don't pay, I can not seek redress from the courts. In this case, if someone produced code designed to harm or otherwise compromise a computer system, I seriously doubt they could cry "copyright infringement" if someone explained how to render such an exploit ineffective.
Though, given the bizarre and insane state of current U.S. legislation, I would still be wary of such a silly charge sticking.
Of course I am not a lawyer, so don't take this as legal advice.
You could've hired me.
anyone know what about italian law Luigi Genoni is talking about when he says:
ufff! I tend to belive that politicians make law without a real knoledge
of what they are doing (see Italian law on copyrights)
Only dead fish swim with the stream...
you have it backwards; if the Fed owes us money (silver/gold) for a note (even if we can't redeem it) then it means we are creditors, not debtors; the Fed is in debt, and we are owed money.
-- "Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
Like many things, Work to Rule only works when organized. That means getting many people to obey the rule just the right way and at the right time in order to maximize its effect. It's also important that the target, be it a politician or a boss, be made aware of what is going on and that the rule in question is the source of the problem.
As far as I can tell, "Libertarians" seem to be against government interference in any area. Of course, all of these groups tend to favor any government decision that furthers their more immediate goals, or hinders the immediate goals of the other parties. For the Libertarians, this results in an oddly self-referencing approach where one acceptable role of government is to prevent government interference.
I am a minarchist libertarian, and here is my attempt to briefly describe libertarianism.
First of all, the difference between "libertarian" and "Libertarian" is that the second one specifically means a member of the Libertarian Party, while the first one just means anyone who believes in libertarian ideas. Thus Thomas Jefferson could be called a libertarian, but he was not a Libertarian.
The defining principle that all libertarians must believe in (or else they are not really libertarians) is that people own themselves, and the product of their own labor. All else follows from that.
Because people own themselves, it is wrong for government to outlaw behavior that doesn't hurt anyone but the person doing it. Thus it is wrong for government to outlaw smoking, or outlaw eating fatty foods, or outlaw prostitution. (Government may have a legitimate role regulating prostitution, for example to require medical screening of prostitutes for public health reasons, but there is no moral basis for government to outlaw it.)
Because people own themselves, government should not prevent them from freely entering into contracts. Government can legitimately have a role in enforcing contracts. (The major areas where government is useful: national defense, enforcing the laws against violence and theft, and enforcing contracts.) Because of this, if Microsoft wants to require product activation, government shouldn't tell them they can't do that. It's up to people to vote with their dollars. (Note that it was not government that finally dethroned IBM from its monopoly position, it was the free market.)
So, no libertarian can be in favor of a law like the DMCA. The record companies could have annoying license agreements, and libertarians would not be in favor of using government to force the companies to not have them, but the kind of free speech infringement that the DMCA is all about would be right out. And of course no libertarian would be in favor of outlawing encryption.
P.S. In case you are wondering, a "minarchist" libertarian is in favor of a minimal government; an anarchist is in favor of no government. There are many libertarians who believe that we don't need a government at all; the free market can solve all problems. Minarchists like me think we do need a small government to handle things like national defense.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
Oh, you must be thinking of the Canadian form of irony (she wrote the song, not an American). Well, I suppose that's British irony for you. Of course in America, we just call it a poorly formed analogy.
Irony is what happens when results don't meet expectations. When someone punches you in the nose, and you go to jail instead of the person who hit you, that's irony. If I say "I just LOVE what you've done with your hair" to a woman when she and I both know her hair is a mess, that's sarcasm.
Nathan
Cox of Theo...
Cox of Theo...
Cox of Theo...
I'll take Theo. At least his decisions are pragmatic at worst, logical at best, and always in the better interest of OpenBSD.
Alan Cox needs to take a chill pill, as posting security fixes for Linux is a far cry from reverse-engineering a secure document format, with the intention of redistribution of said 'secure-document-buster'...
anyways... Uh huh, you know it is...
Note that for 2.4.x kernels there *is* an ac fork, which is for experimental features. But for 2.2 there are no forks, only fixes. See www.kernel.org for more information.
I do not have a signature
Isn't the purpose of the Hague Treaty, to subvert even that possibility of freedom?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Hmm, this is a major bummer. Until now, this whole DMCA hassle didn't affect me as an european at all. But now I have no idea whether there is need to upgrade all our servers :-(
Has anyone got a clue whether there are other security problems than the recent problems with ptrace() ? Can you tell from the patch ?
It's a democratic country, isn't it ?
Oooooh, that's a good one! My country is a democracy! Har har har! Who would've guessed? And for years I'd been thinking that we'd become a plutocracy or a corporate republic....
Them funny furriners. They think we can repeal laws we don't like. What comedians!
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
The DMCA, and Skylarov are to the USA what Islamic law on Blasphemy and Apostacy, and Rushdie are to Iran.
Not that Red Hat is releasing any more versions of their desktop operating system but I suspected months ago that the operating system would get much harder to use and details about operating system security would get much harder to find in order to prevent terrorist attacks on computer networks.
Wayne Brown points out that It's highly unlikely that Alan withholding information from a handful of US
Linux users and developers will have any effect on US laws. I would go a step further and say that actions like this do us anti-DMCA'rs more harm than good - stupid shit like this doesn't motivate us any better, rather it brings us one step closer to just accepting the fact that we can't do anything about it. Shame on Alan for being such an idealist!
main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,
You know I am so sick of hearing this excuse...
US policies in te Middle East are specifically to keep the world from going to shit...we intervene in matters because the moment you let some nut case like Oslam, or Saddam start over running things they start branching out. Its even worse when it comes to these countries that govenment and religion go hand in hand...Incidently I don't have a problem that that people should be govened as they please, the American govenment works(Generally) for us, but it might not work other places. Its the fact that people like Oslam what to Impose themselves and their way of doing things on others. He feels that the Muslim nation, should be only nation and everyone else is evil...if his nation or any nation whats to be a sovern Muslim nation Great, but don't impose that on me...many of this fanatics rail against the US as being an Evil Christian nation. We are not Religion and govenment are different things here.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
I mean, They started their on effort for securing the os to make it usable for their systems, and now they can't get security info from the programmers? heh, Talk about shooting your own foot =) (again...)
About nsa's linux:
http://www.nsa.gov/selinux/index.html
In a true democracy 51% of the public can piss on the other 49%.
Er, no. That's what the doctrine of separation of powers is about; the will of the majority should prevail in most cases but if that is at the expense of a minority that minority's rights can be defended by appeals to the judiciary. It's the rule of law. What you're talking about is mob rule, not democracy.
Of course in practice, as someone once put it, "you don't buy justice, you rent it..."
He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.
If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.
Since Skylarov this law has become a very real threat to non-US-citizens.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.
Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
backers have the $$$ to totally flood the media (which they own)
If they own the media, they don't need to flood them with stories, they just need to not broadcast or print anything at all on the subject.
PLease will some moderator make this posting a 5 to get it higher to the top for those like me that read the 5 articles first? Slashdotters ARE obviously political and well-informed constituents of these representatives states. Why not make it a real political party?????
"Congress shall make no law... abridging the freedom of speech, or of the press"
Do you know anything about the DMCA? It has nothing to do with cracking computer systems. It prevents people from cracking cryptography used to protect copyrighted material. Now how this would be relevant to kernel changelogs, I don't know.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
I don't think he is joking, and as the consequences of the US DMCA are too serious to be a matter of jokes. I think Alan Cox just gave a glimpse of what the future could have on hold if this law doesn't change. In my opinion he shouldn't just omit the patch on the changelog, he should omit the whole patch and put different patches for US and non-US versions, just to prove the point. Remembers me of when netscape and IE used to come in the US flavour (128 bit encryption) and Export flavour ... i think the DMCA is a step backward not a step forward, and that the security issues of computer systems are in the 99% of the cases due to misinformation not to an excess of information, we don't want security issues to circulate in l33t hacker circles, but we want to be made known to the public so they can get fixed quickly.
http://kerneltrap.com/article.php?sid=343
did anyone read far enough ahead to notice that documentation of changes can't be sent to him, just the changes themselves?
really, get out of the us.
:)
scared about learning another language? good. so you'll see what it feels to be in a foreign country where people tease you for you accent. and you have to stay here to live.
but it's not that difficult. in most EU countries the state provides medical coverage, the lawyers aren't so powerful, nobody complains and blames and sues everybody because it's simply useless.
Yes, you cannot carry or own weapons. but don't tell me that ANYBODY of you who wants to own a weapon had to use it more than once since he/she owned it IN your house. beside shooting at the blue screen of death, of course.
finally, US passports/citizens are still accepted and wanted here in the EU, also because their technical knowledge.
isn't it time to get out and give your childrens new genes, so they'll be smarter?
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
The laws associated with copyright and information are so vague and general that it's not surprising that it could be determined that they prevent people from talking about security problems...
Think about it for a minute. Skylerov is in a US jail for a program that his employer sold -- this despite the fact that he put in safeguards to prevent his program's rampant misuse.
If current 'anti-terrorism' laws get passed, things are simply going to get worse... The government is going to be able to spy on us on spec, and arrest us because they 'suspect that he may do something nasty' -- like (in some cases) simply go on strike.
If our course doesn't change radically and quickly, I think that we are in for an information-age Mcarthy era. Cox was made aware of this specific writing on the wall, and he decided to take it seriously. He is, in his own way, inviting us to do the same.
There are times when it is appropriate to willfully break the law, but it should be done carefully and sparingly. Breaking the law just because it is 'inconvenient' is a bad idea. It opens you up to getting your ass really nailed to the wall later on when you do something to get people pissed off.
Cox is a high-profile person. The fact that he doesn't want to risk going to jail for a Skylerov style test case is not something that we should be denouncing him for -- we should be denouncing a law that is so broad that he has to reasonably worry about making security information available to people who have a reasonable need to know.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
>many of this fanatics rail against the US as being an Evil Christian nation. We are not Religion and govenment are different things here.
They are? All recent presidents (I don't know about the older ones..) ended just about every speech with "god bless America". . .
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
I really have to agree with this.
It's about time to US stop creating laws that cripple our rights.
<rant>
They want us to stop putting information that they don't like? No problem. Just move the information to a server outside US, far way from their stupidy laws. If they somehow manage to get to that change, change country again and so on.
</rant>
why the hell would you put mutilated Barbies on your website other than as an artistic statement? Crappy art is still art, whether nor not you're an artist. And, just for the record, you can put mutilated Barbies on your website, at least according to one court decision.
quote from Alan :
As it stands I cannot legally advise the US security services about Linux security issues. Normally I'd find this excruciatingly funny but in the current circumstances its rather less humourous.
Alan
i lived in san fran for a year, returned september 5th to belgium and cancelled all my vacation plans back to the states untill this settles down.
The confiscation of all equipment and storage media would clobber the production cycle of any software house. Or just tying up key programmers in a legal maze for months or years.
If things get worse, a lot of development is going to move off shore by necessity while the legal situation in the US gets straightened out. Germany was actively recruiting (I can't find the link) Germans to return and other folks willing to work in Germany. They'd even throw in free language classes.
The long term solution is to keep working and not let the weirdness cause delays. At the same time make sure that the US catches up to Europe again. Otherwise it risks dragging down all of us. No one wins a fight except lawyers.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
"Don't forget that there already two Debian distributions.
One for the US and one for the rest of the world."
You have that backwards.
It's not one FOR the rest of the world.
It's one that can be exported FROM the US, and another that can be
distributed FROM the rest of the world (including TO the US.)
Let's face the facts: from European point of view US legislation is strongly influenced by industry interests, and with the current administration that's unlikely to change.
As well as the US government used to restrict encryption technology export out of US, it may become necessary for Europeans to take care of what they export into the US.
Alan Cox does not make a point (which implies he'd run a test or something). He simply draws consequences, which he can do without getting emotional, and does the initial step towards US/NonUS discrimination of information and maybe even development policy, with reference to the DCMA. Primarily to protect himself, what seems to be reasonable at least in my eyes.
It's easy to see how it is relevant. The DCMA does not mention cryptography:
Say you have copyrighted material on your PC. I can't get them because my account has not permission to access those files. Nothing fancy here: standard Unix permissions. So, what stops me from getting at those copyrighted materials is the standard linux permissions system. The DMCA, then, could be interpreted to consider the standard linux perms system to be a device to prevent me stealing copyrighted material, and providing information that allows me to circumvent that protection is a violation.
So, if Alan tells us "you cannot use method X to circumvent the protection in the new kernel" then the DCMA could interpret this as "method X circumvents the protection in older kernels". Bingo, Alan goes to jail, does not pass Go, and does not collect £200.
Mr C. appears to have taken legal advice in this matter that has told him the safest thing is not to tell anybody what method X was. Until there has been some more prosecutions and there is more precedent, this is the best advice he could recieve.
~~~~~ BigLig2? You mean there's another one of me?
Here's why:
1) They work for a government agency, so the law doesn't apply for them
2) Noone knows what the NSA does, so they aren't breaking the law as far as anyone knows.
3) If you decide to press charges against the NSA for trafficking a circumvention device, you will conviniently dissapear from the face of the earth.
4) If a company decides to press charges against the NSA for trafficking a circumvention device, all of their money mysteriously dissapears from all their bank accounts, they offices will be raided, because they might be spying for other countries and by some freak accident, one of the B2 bomers gets the wrong coordinates for a bombing run.
We do not live in the 21st century. We live in the 20 second century.
Well, as was reported on /. a few days ago, there's a known security bug in all 2.2 kernels;
/*
/*
... which just happens to be in the diff for 2.2.20pre11... Now, please don't arrest me. (you could arrest michael instead)
This is the fix:
@@ -552,12 +568,11 @@
}
- * We mustn't allow tracing of suid binaries, unless
- * the tracer has the capability to trace anything..
+ * We mustn't allow tracing of suid binaries, no matter what.
*/
static inline int must_not_trace_exec(struct task_struct * p)
{
- return (p->flags & PF_PTRACED) && !cap_raised(p->p_pptr->cap_effective,
CAP_SYS_PTRACE);
+ return (p->ptrace & PT_PTRACED);
}
Futhermore, it would be quite difficult to successfully convince U.S. legislators to change DMCA based on an absurd legal opinion. So, I don't know what exactly Alan hopes to accomplish. I've always had a lot of respect for him, but this all seems a bit childish.
Yes, it is absurd, and no, he is in no real danger, just trying to make a point, preaching to the choir at the choir's expense. The point he is making is that in stating the security bug he fixed, that theoretically a malicious user could use that information on an unpatched system to defeat unix permissions protection, allowing reading/copying of things they should not access. After the owner of the protected information finds out, he, by the strict letter of the law of DMCA, could sue Alan Cox for documenting this bug exists and how it works, as it could be used as a 'circumvention' device. This is a highly unlikely and ridiculous set of circumstances, but frightening.
The act I'm more interested in is the UCITA, does anyone know how that is going? IIRC, it had some clauses basically saying that linux kernel developers could be liable for damages caused by this bug ever existing, which is a bit more frightening if you ask me, especially since it gives bigger companies with shrinkwrap licenses a way to opt out, but does not for things like the kernel...
XML is like violence. If it doesn't solve the problem, use more.
The changelog does not constitute security testing, though. Writing and/or using a program which tests for a hole and merely says "You're vulnerable, install the patch" (or, if it's part of the patch routine, just installs the patch) qualifies as security testing. Describing the vulnerability, though, such that anyone could potentially write a program to circumvent the access control is not security testing.
Besides, If I'm understanding correctly, this clause says specifically that you can still run afoul of the clause I quoted.
--JoeProgram Intellivision!
This has occasionally backfired. In South America, particularly, we were often castigated for not supporting dmeocratic regimes. Of course we didn't--they're awful, with no concept of a rule of law. Unfortunately, we typically did not support republican regimes either, but simply various dictatorships. We threw the baby of republicanism out with the bathwater of democracy. Amusing 'twould be, save for all the various lifes cut short thereby.
What do you mean, "current president"? I think you mean "last two presidents." Mr. William Jefferson Clinton NEVER received even 50% of the vote.
Irony is what happens when results don't meet expectations. When someone punches you in the nose, and you go to jail instead of the person who hit you, that's irony. If I say "I just LOVE what you've done with your hair" to a woman when she and I both know her hair is a mess, that's sarcasm.
So what is it if some guy punches you in the nose, and you say in response, "I just LOVE what you've done with your hair"?
Not like anyone is reading this thread a week later or anything:
2.2.20pre11
o Security fixes
- Quota buffer overrun , possibly locally exploitable (Solar Designer)
- Ptrace race - local root exploit
- Symlink local denial of service attack fix (Rafal Wojtczuk, Solar Designer, Linus Torvalds)
- Sparc exec fixups(Solar Designer)
here is some lame junk filter buster text. blah blah blah. this lameness filter can cause more harm than good when i have to waste time typing crap.
-- Spankmeister General