Slashdot Mirror
DMCA Forces Cox To Censor Changelog?
Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
Hey, remember that time Felten wrote a paper and couldn't release it cuz it was a circumvention device?
Or that time I wanted to play DVDs in Linux and couldn't because I needed a circumvention device?
Or when some Russian dude got locked up away from his family because he wanted to let blind people use eBooks?
Overzealous my ass. This is a problem and we need to take a stand, whether it's "reasonable" or not. People need to understand what is at stake - and what better way to help that process than by showing them?
open source UNfriendly?
Kinda looks like that is Cox's interpretation.
Or maybe considering his past comments on not wanting to come to America anymore due to DMCA fears, he's just doing it to spark more debate. You know, get all the /. folks up in arms about the DMCA again and how it's keeping free information from being free. That'd be my guess, but YMMV.
there are 3 kinds of people:
* those who can count
* those who can't
Last time I checked, Alan Cox didn't live in the US. And he has been vocal about not holding conferences in that country - because of what happened to the eBook fair use guy - so I imagine he's not intending to travel there either. Is he trying to establish a precedent that restrictive laws passed in one country apply worldwide?
-- Ed Avis ed@membled.com
I stopped reading at this point.
It'd be great if people could read the threads here and try to figure out what is going on.
Unfortunately, it looks like the site might already be hosed. How about if we just speculate wildly, make irrational calls-to-action that will never commence, throw in a few anti-government rants, and top it all off with a good old fashion linux/bsd flamewar?
You know, the usual.
People. He's just using this humorous approach to show us how ridiculous the DMCA can be.
Loban Amaan Rahman ==> Anagram of ==> Aha! An Abnormal Man!
2.2.20pre10 is the 10th test release on the way to being the stable 2.2.20 release
We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.
I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.
I can't spell or type, but that doesn't mean I'm unusually stupid.
OK, I'll bite.
Seeing as the link was to the Linux-Kernel mailing list, and Alan Cox is one of the keepers of the kernel, we're talking 2.2.20pre10 of the Linux kernel (possibly the ac fork?)
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
In related news today Senator Fritz Hollings, author of the SSSCA proposal, recanted stating:
"I just downloaded the latest 2.2.20pre10 and found censored changelogs! This will seriously impact my l33t hax0r activities. I finally see how my SSSSCA proposal will impact freedom. I am official withdrawing my proposal effective immeditely."
Apparently Alan Cox's plan to publicly demonstrate the absurdity of the DCMA and SSSCA in a place that would hit congress where it hurts has paid off.
- For the complete works of Shakespeare: cat
Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.
Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.
The site? http://thefreeworld.net/
It is foolish to think that a law does not affect you simply because it has not yet been used against you. If it could be used against you, the threat is an effect in and of itself.
What you seem to be forgetting is that the way the DMCA is written, they can *legally* go after him. The fact that they don't choose to is from my opinion just a matter of time.
Is Dmitri not a legitimate programmer? I think he is. Dmtitri writes programs which are legal in his country. He has never written a program in the US which violates US law. What other test of legitimate is there?
Funny, I thought he was obeying the law.
Political ends are may be a side effect of that, and indeed this has all the writings of a political snub, but it's nevertheless undeniable that he would be commiting criminal acts by not making this pointed omission.
Alan needs to realize that, although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself. The people who have been targeted by the DMCA have been crackers: people who defeat lame encryption schemes and distribute point-and-click software that allows the masses to pirate. Although I fully support 2600 and Dmitri in their efforts (I have been a security engineer and I appreciate the truly talented invididuals in the field), DeCSS and the PDF utility are simply not in the same class as the Linux kernel and the other software Cox has worked on. He is simply a non-target and he needs to stop pretending that the DMCA affects him.
First they came for the Communists,
and I didn't speak up,
because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up,
because I wasn't a Jew.
Then they came for the Catholics,
and I didn't speak up,
because I was a Protestant.
Then they came for me,
and by that time there was no one
left to speak up for me.
by Rev. Martin Niemoller, 1945
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
it would not be used against a legitimate programmer such as himself
While it is unlikely that Alan would be arrested for fixing security bugs in the Linux kernel, he is quite right in saying that under the letter of the law, he might be. Even if you merely can be arrested for such an activity, then the DMCA is a bad law and must be repealed, or at least modified very substantially. So Alan should be applauded for taking a stand, even if (or exactly because!) that inconveniences some people temporarily.
As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.
Hey, I am now working in US and 12 years ago when I was 14, I have circumvented copy protection on Atari games for profit, some of which are still avaiable in the local Atari Club. It was perfectly legal back then and there. But does it mean I am a felon now that I moved in US? Does it mean that I can expect up to 5 years in prison and $5 mil of fine? I'd rather not think about it, but even more I would like this DMCA law to by GONE!
If programs would be read like poetry, most programmers would be Vogons.
How does this site (or idea of this site) jibe with the Hague Convention (and other international treaties)?
Others are bemoaning the fact that USian law is screwing with the rest of the world (IOW, residents of... Portugal, for example, can't get a non-edited changelog because of this), but given the implications of the law (Dmitry can be hassled, whether or not he broke a just/unjust law, as can AC and others) why wouldn't Alan et. al. do something like this?
Unfortunately, while it may in fact piss off many people, we don't have the fundage to change the law. Now, perhaps Alan could replace the offending changelog with some ideas on how to convince grandparents, soccer-moms, etc. that open information on circumvention is a good thing.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
He's not only being over-zealous. He's being downright dumb. The chance of this actually being used against the developers is so small that it's almost unimaginable. He's just trying to piss off the US citizens who want to know what the vulnerabilities are so they'll get the law changed. We've been trying to change the law but Congress doesn't give a damn. If he's too much of a damn coward to take a chance and post known security flaws so that we can look for other ones which might be related then he needs to pass the torch to someone who won't be such a coward. Hell, he can email me with all those vulnerabilities and I'll post them publicly. I'll be your damn martyr if that's what you want because I'm not afraid. This is getting ridiculous. It's no longer open-source anymore. Now it's open-within-the-confines-of-the-law-source.
Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...
But I admire his making a stand. After all.. he can document his changes however he sees fit.
As for the DMCA... Doesn't it only protect technical control mechanisms that enforce the rights of the authors?
In other words.. a company can't pick 'rot13' as an encryption method, because you can't claim that a rot13 decodes is 'primarily intended to circumvent copy control protection' on a work.. because they have existed for ages and have other, well defined uses.
DECSS, on the other hand, does not. Sure, it can be used in a DVD player.. but other than that, it has no practical applications.
Feel free to correct me on the actual facts of all of that, but I don't find Cox to be too overboard with regard to this. How did Dmitri get thrown in jail? He simply came over here to tell us how it was possible to be civilly disobedient, but his company was offering the software to the Russian public primarily, because over there their laws say they're explicitly allowed to copy, for personal use, things like books, even if they are digital copies. But America gets a little greedy (Adobe) and imprisons a guy just trying to make a buck to force other nations to bow to our will (well, the US corporation's/government's will, not the people's will per se).
Just because Mr. Cox can be a little over the top in his explanation of the DMCA and its far reaching consequences, doesn't mean he's necessarily off base in his argument.
> He is simply a non-target and he needs to stop pretending that the DMCA affects him.
So when did you guys[1] pass the law that not all are equal before the law?
You didn't? Then I can understand why Alan does not follow you line of reasoning...
[1] Yes, I am making a crass assumption that you (the poster) is an American.
Female Prison Rape in NY
More info linked from here...
Includes links to more DMCA info, and some of Alan's thoughts on the matter
Alan Cox being a major figure in the Linux world. He maintains the 2.2 stable series, as well as a 2.4.x-ac stable series. When Linus Torvalds moves on to the 2.5 Linux development series (soon), Alan will be fully in charge of the current stable 2.4 series.
Yup, he is preaching to the choir.
Thats not so bad though.
Just because we agree, doesn't mean we are doing anything about it. He is demonstrating how this can hit home, making it hit home.
The point of action and speach isn't always to change minds that disagree, sometimes it is to change minds that agree.... to align them more tightly, to galvanize them into action.
-Steve
"I opened my eyes, and everything went dark again"
the DMCA ... would not be used against a legitimate programmer such as himself.
EXCUSE ME?
He releases software under the GPL, right? And the most respected people in the field have said that the GPL is Evil and will destroy the whole field and will pollute our Precious Bodily Fluids, right?
He'll be a "legitimate programmer" just as soon as the FSF hands out as many bribes^Wcampaign contributions as Microsoft.
While we're at it, why don't we just make breathing a felony, punishible by up to life in prison? After all, it would only be used against Bad Guys, and save a lot of money on paperwork.
Welcome to the Turing Tarpit, where everything is possible but nothing interesting is easy.
In Virginia there is an election for Governor. One of the candidates (Mark Earley) was the primary supporter for UCITA. For this reason, I will be voting against him and for his opponent Mark Warner.
Hopefully, if enough people vote against Earley we can send a message to other politicians that we won't vote for candidates who are willing to sacrifice the rights of computer users.
hawk
The DMCA is only one of the many laws which make the USA into a police state. AC's intentions are good but he's got a lot more battles in front of him before the U.S. can be considered safe from authority abuse.
-CT
So where do you live?
JOhn
Campaign for Liberty
Sounds Republican to me.
I disagree. Republicans tend to not like business that deal in porn, etc, things they find morally offensive (however you feel like defining that).
And they certainly like the gov't when its enforcing the things they like.
Not that no unions, business is good, goverment bad is a good overview of libertarian policy either. Gov't isn't bad. Big, over intrusive gov't is bad (if you're a libertarian).
alan needs to take a man's stand and publish the logs....Matin Luther King jr did this sort of thing.....Alan needs to do this sort of thing....if he gets arrested how can the DA deamonise him to the jury?
DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"
defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"
I am the Alpha and the Omega-3
Are you a lawyer? I ask because you seem very ready with legal
advice. Cox clearly states that he has taken legal advice, and
is acting upon it by refusing to release these details to US kernel
developers. Are you actually competent to advise him differently,
or are you just mouthing off?
Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.
Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.
He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.
Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?
Would that make diff and vi circumvention devices?
I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.
Now THAT would raise a stink.
Its a stupid law that the US Government is giving no way for US Citizens to legitimately discuss, Protest, or a basis for repeal(Every court case either gets tied up or Dismissed so the law can't be challenged)
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Absolutely. In fact, any doubt in my mind about the nature of DeCSS's programmers and users was erased when I saw the rapid appearance of point-and-click Windows programs that allowed, nay, encouraged the pirating of DVD movies.
That's funny:
Any doubt in my mind about the nature of DeCSS's programmers and users was erased when I saw the rapid appearance of point-and-click Linux programs that allowed the playback of DVD movies.
Of course, all of this is beside the point - you appear to believe that software developers are somehow responsible for how their tools are used by others. Ridiculous. Should we hunt down Stallman for "cp"?
Ok, I'm a Canadian.
Inevitably, my traffic to/from thefreeworld.net is going to pass through US sites (well, it does, I just did a traceroute).
The same data are moving along wires in continental US. How is that different from the data being digested by eyeballs in the US? Will you have to draw this distinction?
Is this going to affect my ability as a Canadian to have access to your site?
Gotta love the inter[national]net...
-ben
myselfmusic
chmod 600 metallica.mp3
chown riaa metallica.mp3
Then only programs with suid riaa could access metallica.mp3. Of course, that wouldn't do much good when you know the root password. I assume that what's going on isn't so simpleminded.
I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and angry...so much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.
--"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
I guess he's saying one bit constitues a device.
Got friends?
Oh sure, just the sort of thing we'd expect from a stinkin' EMACS USER!
Since many are accusing this of being the United States of Corporate America, one must realize the target of AC's jab, here.
/.ers gripe about, but because it's ill specified and poorly written, and thereby has unforseen consequences. Those unforseen consequences can mean bad things to other businesses.
Businesses are getting to be dependent on Linux, more and more. They see the benefits.
Isn't that the point, after all?
But now this little DMCA thing is being surfaced as a possible negative to the business community. So far it's been below their radar screen. The only significant business awareness of the DMCA has been from the proponents on the media side. Here comes a warning shot saying that the DMCA is bad legislation, not only out of a 'principle thing' that
We need allies on this, because as long as it's only a Geek Issue, we're going to get rolled over. IMHO this is a recruiting effort.
The living have better things to do than to continue hating the dead.
You aren't comparing the Skylarov case to the Betamax case are you, because if you are that's stupid.
digital copying != analog copying
copying != timeshifting
Betamax did not break any encrytion and there was no DMCA at the time.
In the Betamx case the decision reflected the fact that "timeshifting" is not a violation, and VCR's have substantial non-infringing uses. The decision did not give VCR owners permission to start copying copyrighted works.
Dimitry wrote and sold software that was designed to violate copyrights. Even without the DMCA the ebooks license specifies you may not make copies and contrary to Slashlore there is no indescriminant "Fair Use Right" that allows this behavior. Had Sony marketed the Betamax as a method of illegal copying protected material they likely would have lost their case as well.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
The Niemoller quote is appropriate, but it misses one thing: I have not seen any acknowledgement that the government has proposed a policy of latitude regarding who they target and why. Further, if that proposal to acknowledge legitimate development is not hard-coded into the act, it is meaningless
For now, yes. However, it may eventually make it into case law. That is one possibility of the Sklyarov case. (3 outcomes: Law is struck down, law is interpreted not to apply to security professionals as such, or law is upheld. 2 of those are substantial victories...)
LedgerSMB: Open source Accounting/ERP
I don't really think he's preaching at all. I don't interpret this as making a point. I interpret it as he really is scared of the U.S and the DMCA and doesn't want to be held accountable in the future for any of his past actions.
--
Garett
Comment removed based on user account deletion
*sigh*
Only in America.
+++ATH0
Actually, this is an example of Work to Rule. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.
While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.
Please don't block by IP Address or domain name
He's not engaging in any sort of disobedience if he doesn't include the changes in the log-- in fact, even if he *is* acting on lawyerly advice, I'd say he's over-complying with the law to make a point. My guess is that these censored changes correct the two holes reported on Slashdot on Friday. If he's trying to watch his own back, I think he's a tad too paranoid (of course, if a Norwegian teen can be arrested for writing software to convert DVDs to hard drive files, who knows what level of paranoia is appropriate). If he's trying to make a point, I think he's wasting his energy. The people reading that changelog, for the most part, agree with him and have probably already done what they could to get the law changed. So, hopefully, it is the paranoia at work, because otherwise he's cutting off his nose to spite his face.
I do not have a signature
Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?
'Fraid not. The U.S is not a democracy. It's a Republic. And it's very rapidly turning into a Corporate Republic.
Voting and all this democracy talk is just masturbation. If people's votes actually mattered then you'd have much higher voter turnouts. If you could actually vote for your party instead of an "electoral college" then maybe you'd be closer to democracy as well.
And the most important distinction between a republic and a democracy is that you can't vote on laws and bills. Only the government can. In a true democracy 51% of the public can piss on the other 49%. But in the U.S the government pisses on everyone.
--
Garett
Thanks for the info. I wasn't sure if the ac kernels were a fork or not (hence the question mark).
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
It'd be great if people could read the threads here and try to figure out what is going on.
Isn't that your job, mister slashdot editor???
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
She's Canadian. We take no responsibility for her jagged little tantrums.
I know this can be considered flamebait, but, let's go.
Hey, can't Torvalds do this from his home country? I know he lives now in US, but can't he do this, in a server outside US?
If he can't I can, I'm not a American Citizen, and I don't live in US. I'll publish this here in Brazil, and to hell this dam DMCA, we need to comunicate with each other.
Will the whole earth be prejudiced by a stupid American law?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself
Tell that to Dmitry, or to Professor Felten.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
The DMCA does not prevent Linux from being able to play DVDs like other OSs. Patents and license fees prevent Linux from playing DVDs - any company can start selling a Linux DVD player tomorrow, they need only pay the appropriate licensing fees to the DVD cartel. (Of course, they probably can't afford to give it away for free, and by way of their license agreement, won't be allowed to distribute source, but those are other matters unrelated to DMCA.)
I agree the situation sucks, but let's put the blame where it belongs - the DMCA is not the reason there aren't any Linux DVD players. There aren't any Linux DVD players because nobody thinks they can make money selling one.
We have Cox's specific assurance that there is a weakness in the permissions system of 2.20pre19 that isn't there in 2.20pre20. So running diff on the sources and then examining those parts which involve permissions should reveal exploitable weakness(es) -- presumably weaknesses also extant in 2.20 and in at least some of the 2.4 series. We're talking about a significant chunk of America's network infrastructure.
So, AC has provided clues which point fairly directly to an exploit. Not only that, he's done it in a way almost guaranteed to bring more attention to it than if he'd just routinely included it in the change log. And he's done this in wartime. Can we not prevail upon Britain to honor current extradition treaties for crimes of this stature?
Let's show our good friend what _American_ irony tastes like!
"with their freedom lost all virtue lose" - Milton
Post a lame off topic comment, then post a reply to your own comment a mere 2 minutes later? Too bad slashdot doesn't have points specific for "nice troll, but it's been done before, so you lose". Too bad your Spelling Check XP didn't catch your mistakes in the comment.
now we need to go OSS in diesel cars
If I had to make an educated guess, I'd say that these mysterious "security fixes" are probably to fix the recent root exploit. I'd imagine that AC would do this, that way there is a secure 2.2 kernel that users can move to. The 2.2 series is very actively used, (not everybody uses 2.4) and this makes sense.
As for the DMCA, what a pile of crap! I'm an american, I have the right of free speech. The right of free speech supercedes the DMCA. Period.
Skiers and Riders -- http://www.snowjournal.com
I'm a little lost, but it looks like he's being overzealous.
I don't think so. Alan is trying to prove a point. That point being: The US is being rediculous with that DMCA.
There WAS a bug, there is no longer. Publishing the bug means you're providing people with a "circumvention device" (on the older kernels). The DMCA forbids that.
Alan is being rediculous with a purpose. The more people realize that this DMCA is rediculous the more they will be inclined to complain to their senators or whatever means those Americans have to influence their politicians.
Roger.
Wow...do you live in the US? You obviously do not have a requisite fear of the stupidity of law and the political system.
It's 10 PM. Do you know if you're un-American?
He is not doing this to make a point he is doing this to AVOID being sued. Do you think BSD will be exempt from the same LAW ??? Stop smoking crack and wake up....This legislation affects all software...even BSD
errr....umm...*whooosh* *whoosh* Is this thing on ?
No!
Dmitri did not _sell_ the software.
He _wrote_ the software in another country, where such software is legal, for a company based in that country where that software is legal.
_Separately_ to that, the Sales & Marketing department (or whatever division is responsible) _also_ decided to release the software in the US, and did so.
Dmitri then went to the US and was arrested for an action taken by the company he works for. Note he's a programmer. I'm a programmer. I have no input whatsoever as to where the software I write is sold once I write it. And I don't care either. It's not my job, or my responsibility. That's someone else. Someone who knows international law. Someone who knows who to talk to to get packaging made, and to ship millions of units half way around the world. Someone who can spot a target audience. I can't do that, and the person who does that probably can't do my job either.
I very much doubt he is responsible in _any_ way for trafficking in circumvention devices. He almost certainly didn't decide to sell the software in the US, and he almost certainly didn't sell the software to anyone in the US.
He came to give a _talk_ on the software he helped _write_, _in_another_country_, _where_it's_legal_.
Fuck off did he sell that software. Or make it available to anyone except the people employing him. Wake up and look around you. Think about it, for God's sake. Use your brain.
Sorry, this _really_ pisses me off.
K.
Why doesn't the gene pool have a life guard?
What was said:
DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"
defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"
What the jury understands:
DA: This foreign computer programer told other programers how to break into computer systems.
Slashdot Defense: Blah blah non-American blah blah hacker blah blah bad government blah blah fix computer blah blah.
Jury: The defense made no sense. He must be guilty!
Viv
Gmail invites for ip
--
Why is it that I almost always check "No Score +1 Bonus"?
--
perl -e'$_=shift;die eval' '"$^X $0\047\$_=shift;die eval\047 \047$_\047"' at -e line 1.
I assume you meant the eBooks tool, not PDF though there are some interesting things to be said about PDF "copyright" too. I'll get to that later.
You're right, there is a big difference between the Linux kernel and the DeCSS and eBooks tools -- the really illegal ones were trivial programs. DeCSS wasn't even a real usable product, it was a nerd tool for decrypted DVD into VCD format (I think I've got that right)... Something that all DVD players must do. There are entirely legit reasons for having DeCSS. The eBooks tool was a real product, which could be used by end users (never seen it.. this is assumption). But still, it's a rather trivial task. Convert an eBook to a PDF.
On the topic of PDF, you know you can have "copyrighted" PDF files? Adobe's viewer won't let you cut/paste/print them out. xpdf also follows these rules but it's trivial to patch the code to take those checks out. I'd imagine early versions of xpdf didn't even look for those bits -- now that's a scary thought as a programmer. If you're unaware that the tool you're building could be used for circumvention of copyrights you're still liable.
Sure, AC is being a bit "overzealous" here, as I doubt that somebody would bring a lawsuit against him but I can't say I blame him in the least bit for being cautious.
Probably this is what the situation is.
Anyone who discloses a hack of any kind is committing a crime by helping other people to crack systems.
If Alan Cox had disclosed how the hack that he just fixed worked, then the disclosure of the just-fixed hack could be used to crack systems that are not yet patched.
Ergo, disclosure of the bug that he fixed would be illegal in the USA, and that means that by disclosing this to people in the USA would land him in prison next time he arrives in the land of the free!!
How is he taking the argument to those whose opinions need to be changed, notably Congress?
How is it his "job" to take it to Congress? I don't think he's American; isn't he British? (If I'm wrong here then feel free to ignore this post.) US Congress people apparently don't even listen to anyone outside of their individual constituency, let alone someone from another country.
You Americans will have to carry the can on this one. We "damn furriners" can complain but you are the only ones that can actually get something changed. It is your country, not ours, and your government is your responsibility (in my opinion.)
If you're a zombie and you know it, bite your friend!
Why is DeCss any different? 99% of money 'lost' to pirates is used by doing bit by bit copying, not by converting from one form or another.
IF you really are a 'security engineer' and you can not grasp this basic concept, you are just a tool.
The Kruger Dunning explains most post on
We need to add IP options that list allowed or disallowed countries for a packet to go through or to. We could also have a bit which says by default if a packet is allowed into other countries or not. We could then have a standard for international routers to drop packets that have a disallow option set for the destination country, or have the disallow by default bit set and do not have a specific allow record for that country.
Just an IP option that says allow/disallow and the Internet country code, and a bit in the header for the default allow/disallow setting is all that is required. Routers could be made to deal with it without too much work. Only routers with interfaces in more than one country would have to do anything special, the rest could ignore those bits and options (they would still need to be preserved and propagated).
Stuff that would be required to stay in a given country, or stay out of a given country could then be kept within or outside of the national boundries.
You say that is fascist? You are right, but it will save a lot of people's behinds. And when people can't get around it, there will be much political protest. When people can circumvent it, and get data to/from other countries anyway, nobody really tries to change anything.
It has been said the best way to get rid of a bad law is to have it enforced strictly.
Perhaps the same principle will work, when people can plainly see the Internet getting sliced up before their eyes.
Put a frog in water and boil it and the frog dies. It is too gradual to be noticed. Throw a frog in boiling water and it jumps out.
Having people suddenly lose connectivity to much of the world and the sites therein will wake people up (hopefully).
Just because it CAN be done, doesn't mean it should!
Thinking this through, the DMCA says that you may not publish information that leads to the circumvention of any content security device. Cox has decided that file permissions constitute a content security device (which they do, but normally in a difference sense than the DMCA is applied).
To be honest, going by the letter of the law, this makes some sense. By publishing the flaw's details, earlier kernals are open to exploitation via the flaws, thus unsecuring the content currently protected by the file permissions.
Stupid, yes - but a realistic reading of the letter of the law, if not the intent. But then when did intent matter in law?
Sig under construction since 1998.
The SSSCA, which could become DMCA's darker sibling, has even more for Alan Cox to ponder. In fact, I just finished a weekend writing a fairly long letter to my representatives, and sent it only a few moments ago, so that it may get there in time for a Senate Commerce Committee hearing on the 25th.
The full letter is at http://www.halley.cc/ed/politics/2001-10-22.conten t.control.html. I welcome comments, and the letter may be reprinted with attribution.
[
If you are writing a driver for a DVD card, it could be used with DeCSS and you could be found in violation of the DMCA for creating and distributing part of a circumvention device. $250 statuatory damages minimum ($2000 max) or "actual" damages/profits for every circumvention. And a felony (with all the lifelong civil disabilities that entails, plus a possible 5 year sentence first offense, 10 years anytime thereafter) if you did it for "commercial gain".
If you live in or visit (or plan to visit) the US, this can affect you.
Be careful.
Just because it CAN be done, doesn't mean it should!
I live in the US...I have no access to the Change logs...if you would read the thread
I am the Alpha and the Omega-3
The only way to be safe is make sure that you are obeying the law of every country in which your information can be viewed or transmitted through.
Unless you never plan on visiting there and it isn't an extraditable offense, and we don't have an agreement (like the Hague accord) to prosecute you for breaking a foreign law.
Even that is not enough - that assumes fair legal systems everywhere.
So many countries could reach out and smack you down, possibly with our help (the Hague accord would be used perhaps)
Oh well.
Just because it CAN be done, doesn't mean it should!
Either we say that code is speech (thus gaining a few corollaries about freedom, etc.; cf. Felten, Touretsky, Sklyarov).
Or we don't.
By making a difference between his kernel's code (which he is releasing, or so I hope), and the comments on that code (which he is withholding), isn't Alan Cox inadvertently fueling an argument that, after all, code != speech?
Timeo idiotikOS et dona ferentes
sorry to tell you this, the U.S. is a Constitutional Republic
How much of the US constitution needs to have been voided before that bit goes?
Most of us care, but not enough to make an effort.
The average voter has no idea who their enemy is. The average voter does not know that the giant media corporations are trying to fence in everyone who wants to read a book, listen to a piece of music or (God forbid!) enjoy a movie on their viewing device of choice. Not unless they can ensure that every time "their property" is perused, you have to pay.
The giant media corporations are the enemy. The problem is that most of you will scream bloody murder for every piece of stupid IP controlling legislation that is passed -- yet tomorrow you will take your kids to Disney World, or buy them a Mickey Mouse T-shirt...
We've lost. Apathy was the big winner. I'm sorry.
For example, if I enter into a contract to, oh, sell you illicit drugs, and I provide the drugs, and you don't pay, I can not seek redress from the courts. In this case, if someone produced code designed to harm or otherwise compromise a computer system, I seriously doubt they could cry "copyright infringement" if someone explained how to render such an exploit ineffective.
Though, given the bizarre and insane state of current U.S. legislation, I would still be wary of such a silly charge sticking.
Of course I am not a lawyer, so don't take this as legal advice.
You could've hired me.
Well, that makes a certain amount of sense, although it has nothing to do with DMCA.
Still, once the fix is available, isn't it usual to let people know what kind of exposure they have if they don't apply the patch?
you have it backwards; if the Fed owes us money (silver/gold) for a note (even if we can't redeem it) then it means we are creditors, not debtors; the Fed is in debt, and we are owed money.
-- "Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
digital copying != analog copying
This is an example of the "big lie" technique. Repeat a lie often enough and people start to believe it (especially if it's a big one...)
Dimitry wrote and sold software that was designed to violate copyrights.
Actually he wrote software to enforce copyright.
Even without the DMCA the ebooks license specifies you may not make copies and contrary to Slashlore there is no indescriminant "Fair Use Right" that allows this behavior
Software licences are not above the law, Russian law gives people the right to make such copies. At best the clause is void at worst it is fraud. There's an obvious irony in Russia having more freedom than the US though.
I used to live in the Washington, DC area. About 15 years ago there was a retired guy who used to drive 55 mph (then the national speed limit, widely ignored) in the left lane of the Beltway, just to piss people off as far as anyone could tell. After a while he got a ticket for blocking traffic.
sulli
RTFJ.
As far as I can tell, "Libertarians" seem to be against government interference in any area. Of course, all of these groups tend to favor any government decision that furthers their more immediate goals, or hinders the immediate goals of the other parties. For the Libertarians, this results in an oddly self-referencing approach where one acceptable role of government is to prevent government interference.
I am a minarchist libertarian, and here is my attempt to briefly describe libertarianism.
First of all, the difference between "libertarian" and "Libertarian" is that the second one specifically means a member of the Libertarian Party, while the first one just means anyone who believes in libertarian ideas. Thus Thomas Jefferson could be called a libertarian, but he was not a Libertarian.
The defining principle that all libertarians must believe in (or else they are not really libertarians) is that people own themselves, and the product of their own labor. All else follows from that.
Because people own themselves, it is wrong for government to outlaw behavior that doesn't hurt anyone but the person doing it. Thus it is wrong for government to outlaw smoking, or outlaw eating fatty foods, or outlaw prostitution. (Government may have a legitimate role regulating prostitution, for example to require medical screening of prostitutes for public health reasons, but there is no moral basis for government to outlaw it.)
Because people own themselves, government should not prevent them from freely entering into contracts. Government can legitimately have a role in enforcing contracts. (The major areas where government is useful: national defense, enforcing the laws against violence and theft, and enforcing contracts.) Because of this, if Microsoft wants to require product activation, government shouldn't tell them they can't do that. It's up to people to vote with their dollars. (Note that it was not government that finally dethroned IBM from its monopoly position, it was the free market.)
So, no libertarian can be in favor of a law like the DMCA. The record companies could have annoying license agreements, and libertarians would not be in favor of using government to force the companies to not have them, but the kind of free speech infringement that the DMCA is all about would be right out. And of course no libertarian would be in favor of outlawing encryption.
P.S. In case you are wondering, a "minarchist" libertarian is in favor of a minimal government; an anarchist is in favor of no government. There are many libertarians who believe that we don't need a government at all; the free market can solve all problems. Minarchists like me think we do need a small government to handle things like national defense.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
While on occassion I will speed 5 mph or so over the speed limit, I generally drive right at or slightly under the speed limit. I have taken to this activity because I got tired of getting tickets. I've gotten tickets for speeding. Ok, so does everybody. It happens. I live with it. But once I got pulled over because part of my truck was still in the intersection when the light turned red. Pulled once because I was missing a front license plate. Once because a headlight was out. I'm always uncomfortable when I get pulled over and I don't even know why. So I just obey the traffic laws to the letter now.
I now notice some interesting problems. When a light turns yellow, I have to make a quick decision. I either have to be able to make it completely through the light before it turns red, without exceeding the speed limit or I need to come to a complete, and more importantly SAFE stop without causing a wreak or destroying my brakes/tires in the process. If I drive exactly the speed limit, unless its in a school zone or some other pathetically slow street, there is a certain window by which it is very awkward to either clear the light legally or to stop without creating problems. If I was driving 5-10mph over the speed limit, there would be no problem at all.
-Restil
Play with my webcams and lights here
Irony is what happens when results don't meet expectations. When someone punches you in the nose, and you go to jail instead of the person who hit you, that's irony. If I say "I just LOVE what you've done with your hair" to a woman when she and I both know her hair is a mess, that's sarcasm.
Have you tried looking it up in a dictionary?
Like many words, irony has more than one meaning. One definition of irony is "The use of words to express something different from and often opposite to their literal meaning", which is what Brits often mean when they refer to irony. Americans often use it in another sense "Incongruity between what might be expected and what actually occurs". However, both meanings are correct. Look it up.
I meant that Americans usually use the term 'irony' in the sense that Alanis Morissette uses the word. I did not mean to imply that Alanis Morissette is American.
Isn't the purpose of the Hague Treaty, to subvert even that possibility of freedom?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Not that Red Hat is releasing any more versions of their desktop operating system but I suspected months ago that the operating system would get much harder to use and details about operating system security would get much harder to find in order to prevent terrorist attacks on computer networks.
You know I am so sick of hearing this excuse...
US policies in te Middle East are specifically to keep the world from going to shit...we intervene in matters because the moment you let some nut case like Oslam, or Saddam start over running things they start branching out. Its even worse when it comes to these countries that govenment and religion go hand in hand...Incidently I don't have a problem that that people should be govened as they please, the American govenment works(Generally) for us, but it might not work other places. Its the fact that people like Oslam what to Impose themselves and their way of doing things on others. He feels that the Muslim nation, should be only nation and everyone else is evil...if his nation or any nation whats to be a sovern Muslim nation Great, but don't impose that on me...many of this fanatics rail against the US as being an Evil Christian nation. We are not Religion and govenment are different things here.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
In a true democracy 51% of the public can piss on the other 49%.
Er, no. That's what the doctrine of separation of powers is about; the will of the majority should prevail in most cases but if that is at the expense of a minority that minority's rights can be defended by appeals to the judiciary. It's the rule of law. What you're talking about is mob rule, not democracy.
Of course in practice, as someone once put it, "you don't buy justice, you rent it..."
He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.
If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.
Since Skylarov this law has become a very real threat to non-US-citizens.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.
Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Do you know anything about the DMCA? It has nothing to do with cracking computer systems. It prevents people from cracking cryptography used to protect copyrighted material. Now how this would be relevant to kernel changelogs, I don't know.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
good point, you should have posted with your name
I am the Alpha and the Omega-3
Why not make it a real political party?????
Hm, maybe because after the initial euphoria is over, the party will quickly balkanize. The geezers will vote for the Mainframe party, there will be violent riots between Windows and Linux parties, the Mac party will think different, and run the coolest campaign, but end up with few votes. The republicans will migrate to the Luddite party, and hope to ban all competition by outlawing computers. The democrats will pay lip service to the Linux and Mac parties, but will be bribed by the Windows party.
Eventually we gather a congress, and will use the 3 first terms to pick a format for congress documents. Election procedures will be reengineered, untill they're near perfect. The president invites all geek friends to a LAN pary in the oval room. There is an international incident after the Russian ambassador is caught cheating in doom.
The luddites launches a massive counteroffensive before the next campaign, turning to the 'net(If you can't beat them, join them). Their new streaming multimedia media applications revolutionize everything. 50 years after people have forgotten the old meaning of the word, most people use the word luddite to describe a 'super-geek'
-- Another senseless waste of fine bytes.
What we need is an American with a non-US ssh shell account to suck down the goods from wherever Alan has them cached and host them on American soil. We need to be about giving FedGov the big fat finger on this one... it's our damn Linux, no matter where we're from, and NO ONE should be able to tell us what we can and cannot do with it. Especially not the Imperial Federal Government which tries feebly to run the US of A.
Humankind was endowed by its Creatrix with certain unalienable rights.... and when Government ceases to defend those rights, it is our solemn duty as human beings to fix the problem. The Constitution doesn't mean a damn thing if we Americans don't defend it.
I don't have a site that I own on the net, or I'd volunteer up front. We need a site.... hell, we need a bunch of sites, and someone to round-robin them.... that are well connected; each person volunteering should own his own box and line, no hosting it on Angelfire or something, that'll just get "innocent" companies involved.... but this is our software, our Linux, and we need to make it clear to all and sundry that information - and Linux - and the Internet - has a freedom of its own that knows no boundaries. It's rather like The Apple. Once the knowledge is there, God Himself couldn't stop it. Let alone the US Congress.
Frankly, I hold the opinion that Dmitry should somehow find his way back to Russia Real Soon Now... I don't believe in imposing the screwups of the American Congress on an innocent Russian. I don't intend to act on that belief myself... but I hold it, as is my Goddess-given right.... but I digress...
If you think I'm being stupid, reply, don't moderate; the crucible of ideas is all-important here.... but we've got to do something.... talk to me, people, let's strike while the iron is hot....
There's an Irish comedian who used to do a very funny piece on the song Ironic. He pointed out that most of the things in that song are not ironic - merely unfortunate.
... ironic. Don't ya think?
e.g. "10,000 spoons when all you need is a knife"
would have been ironic if you found out the next day that a spoon would have done just as well.
"A traffic jam when you're already late' would be ironic if you were on your way to a meeting to discuss traffic problems
Of course a song which is all about irony but doesn't understand what irony is - is kind of
The laws associated with copyright and information are so vague and general that it's not surprising that it could be determined that they prevent people from talking about security problems...
Think about it for a minute. Skylerov is in a US jail for a program that his employer sold -- this despite the fact that he put in safeguards to prevent his program's rampant misuse.
If current 'anti-terrorism' laws get passed, things are simply going to get worse... The government is going to be able to spy on us on spec, and arrest us because they 'suspect that he may do something nasty' -- like (in some cases) simply go on strike.
If our course doesn't change radically and quickly, I think that we are in for an information-age Mcarthy era. Cox was made aware of this specific writing on the wall, and he decided to take it seriously. He is, in his own way, inviting us to do the same.
There are times when it is appropriate to willfully break the law, but it should be done carefully and sparingly. Breaking the law just because it is 'inconvenient' is a bad idea. It opens you up to getting your ass really nailed to the wall later on when you do something to get people pissed off.
Cox is a high-profile person. The fact that he doesn't want to risk going to jail for a Skylerov style test case is not something that we should be denouncing him for -- we should be denouncing a law that is so broad that he has to reasonably worry about making security information available to people who have a reasonable need to know.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
>many of this fanatics rail against the US as being an Evil Christian nation. We are not Religion and govenment are different things here.
They are? All recent presidents (I don't know about the older ones..) ended just about every speech with "god bless America". . .
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
It's easy to see how it is relevant. The DCMA does not mention cryptography:
Say you have copyrighted material on your PC. I can't get them because my account has not permission to access those files. Nothing fancy here: standard Unix permissions. So, what stops me from getting at those copyrighted materials is the standard linux permissions system. The DMCA, then, could be interpreted to consider the standard linux perms system to be a device to prevent me stealing copyrighted material, and providing information that allows me to circumvent that protection is a violation.
So, if Alan tells us "you cannot use method X to circumvent the protection in the new kernel" then the DCMA could interpret this as "method X circumvents the protection in older kernels". Bingo, Alan goes to jail, does not pass Go, and does not collect £200.
Mr C. appears to have taken legal advice in this matter that has told him the safest thing is not to tell anybody what method X was. Until there has been some more prosecutions and there is more precedent, this is the best advice he could recieve.
~~~~~ BigLig2? You mean there's another one of me?
also considering I do not have the skills to reverse engineer the diffs I would again say I can't. also, another poster to this thread, an AC, made a good statment about how it makes more of an impact by not acting since the threat is so small. I agree with that statment and hence retract my previouse statment.
I am the Alpha and the Omega-3
Futhermore, it would be quite difficult to successfully convince U.S. legislators to change DMCA based on an absurd legal opinion. So, I don't know what exactly Alan hopes to accomplish. I've always had a lot of respect for him, but this all seems a bit childish.
Yes, it is absurd, and no, he is in no real danger, just trying to make a point, preaching to the choir at the choir's expense. The point he is making is that in stating the security bug he fixed, that theoretically a malicious user could use that information on an unpatched system to defeat unix permissions protection, allowing reading/copying of things they should not access. After the owner of the protected information finds out, he, by the strict letter of the law of DMCA, could sue Alan Cox for documenting this bug exists and how it works, as it could be used as a 'circumvention' device. This is a highly unlikely and ridiculous set of circumstances, but frightening.
The act I'm more interested in is the UCITA, does anyone know how that is going? IIRC, it had some clauses basically saying that linux kernel developers could be liable for damages caused by this bug ever existing, which is a bit more frightening if you ask me, especially since it gives bigger companies with shrinkwrap licenses a way to opt out, but does not for things like the kernel...
XML is like violence. If it doesn't solve the problem, use more.
Just to pick a nit, it was the Secret Service, and not the FBI, who were wiping their collective asses with the Bill of Rights in this particular case.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
This has occasionally backfired. In South America, particularly, we were often castigated for not supporting dmeocratic regimes. Of course we didn't--they're awful, with no concept of a rule of law. Unfortunately, we typically did not support republican regimes either, but simply various dictatorships. We threw the baby of republicanism out with the bathwater of democracy. Amusing 'twould be, save for all the various lifes cut short thereby.