Slashdot Mirror
HP Backs Off DMCA Threat
Bruce Perens wrote with this interesting reversal: "News.com reports HP has backed off of its DMCA threat." Which makes SNOsoft's official response thankfully beside the point now. Update: 08/02 05:37 GMT by T : Declan McCullagh points out this CNET story, which includes words from HP, Snosoft, and Bruce Perens. Writes Declan: "HP blames the snafu on... their lawyers!"
Actually, it looks like this whole thing was a misunderstanding, and involved screw-ups by people on both sides. And believe me, I'm the first one who'll go on about how awful the DMCA is, but I think this was just overreaction on one side and misbehavior on the other. But... well, we'll never know the real story.
Bruce,
Anything else you can tell us about this fortunate reversal? Were you involved in knocking some reason into those responsible? How did the people in power originally decide that it would be strategic to weild the DMCA as a weapon against disclosure?
... the good guys win. I'm pretty sure it was my strongly-worded email to the CEO that turned the tide. :) Seriously, I think the outcry in the tech community made them beat this retreat. Whenever you're feeling overwhelmed by the latest corporate attrocity, remember: numbers can still make a different. Write, call, or scream, but don't let your outrage dribble away.
The Mongrel Dogs Who Teach
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
Well, it's quite simple. Someone says something trollish about it, and then some of the insightful people argue with him. Then we have some insightful posts, and others argue with them. Mark my words, we'll soon have another set of insightful anti-DMCA diatribes, some disappointment that we didn't get to try the DMCA against such a stupid case, and a bunch of people claiming that HP, as a corporation, has done this in their own self-interest. :)
let's see here:
Vivendi sues bnet.d, originally was under DMCA, but filed under traditional copyright;
HP threatens under DMCA, but backs down.
i think companies *know* that if the DMCA gets taken to court, it will die and we will all live free, so they don't want to risk it. which, incidentally, means that we should try to as much as possible (within reason)
My life in the land of the rising sun.
While I have no desire to see SnoSoft get... uh, "Snowed", this would have been a landmark DMCA case. It would have been nice to see SnoSoft win, and set a precident to other companies who'd like to wield this myopic peice of litterbox-lining legislation as a flaw shield.
Perhaps they think they can cover the blemishes of their software with the blood of the people who point them out.
"People will pay big bucks for the luxury of ignorance."
I think I would have rather it had been tested in court.
...great. I get to rely on their self-restaint in not abusing the law, rather than striking down an eminently abusable law.
"We can say emphatically that HP will not use the DMCA to stifle research or impede the flow of information that would benefit our customers and improve their system security."
As long as the only test cases are against individuals and groups the public perceives as "black hats" (e.g. 2600), this damnable law will never be changed.
-- Terry
(i'm going to go a little bit further from the HP/Snosoft case, so don't be surprised if some of the statements below do not fit 100% in that case)
All these problems will vanish if people will choose to disclose vulnerabilities in a responsible way. Sure, HP's response has been harsh. But every security problem (especially when it's accompanied by an exploit) should be reported first to the vendor! There should be no exception from this rule. The person doing the reporting should give the vendor a reasonable period of time to fix it; say, a few weeks or so.
Only if the vendor does nothing in these weeks, only then the report/exploit/whatever should be made public.
If hacker H writes a comment on Slashdot, making public an exploit against some software made by vendor V, and does not notify V in advance (say, 2...4 weeks in advance), and then V sues H, then who's right?
H is right, because (s)he disclosed a vulnerability, and disclosing is good. V is right, because not being warned in advance, their customers are left to the mercy of script kiddies. H is wrong, because (s)he's obviously looking for cheap publicity (i published a zero-day exploit; mine is bigger), not for improving security. V is wrong, because they are filing a lawsuit against open disclosure, which is not a good thing.
See?
And the solution is so simple: DO NOT publish "zero-day exploits". Give the damn vendors an early warning. Only if they are lazy and do nothing within a reasonable time (2...4 weeks), only then you are entitled to go slashdot-happy.
I'm a big fan of open disclosure, freedom of speech, etc. But people who look for cheap publicity are not my favourites. If H is going to publish the exploit without early warning, i'll say V has all the rights in the world to sue the crap out of H, and put him(her) in jail for one thousand years, and i'll applaud that. However, if there was an early warning, within a reasonable time, like one month or so (unlike some popular security companies did recently), and the vendor did nothing and didn't provide a good reason for the delay (because such reasons could exist, if you think of it), then H is 100% entitled to publish whatever exploit he likes.
It's all about timing. It's all about being reasonable.
BRUCE: I'm going to violate the DMCA on stage
:)
HP: Please don't. It would sortof reflect badly on us, and could cause trouble.
BRUCE: Well... OK.
HP: We're going to sue the pants off of anyone who reveals Tru64 vulnerabilities using the DMCA!
BRUCE: Please don't. This reflects badly on us, and could cause all sorts of trouble.
HP: Well... OK.
Good to know everyone's getting along.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
If this particular security hole is ever exploited by the "bad guys", we'll probably have both HP and Phased to thank. It really does take two to tango. The Phased exploit code would never have been published if HP programmers didn't mess up in the first place.
So this quote from Kent Ferson of HP in the News.com article was probably a big mistake:
Pretty clearly if there were ever to be any lawsuits over this particular bug, HP has much deeper pockets which are much easier to get to.
They're presumably backing down because it would be a terrible PR move. "We're neglecting our customers and suing people to try to cover this fact up" just doesn't go over well.
The question is what they were thinking in the first place; it's not like you can actually a company and have nobody know. Possibly they just wanted a bit more time in preparing patches before SNOsoft released details. I think it's most likely that think that people won't remember who this incident involved, and will just think "Some big computer company tried suing someone who found a vulnerability in their product. I'd better avoid that big company. Now, was it MicroSoft or Sun?" Of course, as nothing is coming of it, there won't be much in the way of records on the subject. Or maybe HP's lawyers have been spending too much time in Germany and think they should threaten/sue people in HP's name without HP's permission.
... but as the DMCA is a statute, isn't it up to the FBI or some such to actually `use' it?
Adobe brought a `DMCA violation' to the attention of the FBI to prompt the Skylarov / Elcomsoft affair. When they backed down, the FBI did not follow suit. Is it not the case that all a person or company can do is bring a `violation' to the attention of the FBI, and let them take it from there?
If this is the case, would not HP's original statement in regards to the researchers violating the DMCA be enough to set the ball in motion? If the FBI were to agree that the event in question is a DMCA violation, would their backing down be enough to prevent further action from being taken?
IANAL and I'm not even from the US, so maybe I've completely misunderstood how this works. But isn't there more to it than HP just deciding to stop waving the DMCA stick?
- SMJ - (It's not just a name: it's a bad aftertaste.)
I fired off an e-mail to my HP support rep yesterday morning, and am awaiting his response. (He's out of office until next week.) Basically I told him that as a customer, I resent this behavior toward those who would offer us information about the security of the products we're using.
My support rep does an awesome job for us, and is our "foot in the door" to HP. That's why I felt it necessary to get the message to him quickly. Now I'll have a good opportunity to follow-up with him regarding HP's response. They've typically done a good job for us, but we've been curious as to how the post-merger HP would behave. I hope this isn't an indication.
The only backed down becuase continuing on this path would have convinced all the conspiracy theorists that they have something to hide. Doing something stupid made them look bad, therefore they quit. Nothing to see here.
This is bad. So far the DMCA hasn't been challenged. Adobe asked the government to drop charges now HP has backed off. The problem with this is that this law has not had it's day in court.
... or denounce it.
I'm sure any judge will realise how broad the DMCA is and as a result how damaging it can be to a persons rights as well as to a community of developers, not to mention privacy advocates.
Unfortuantely we have lost another great opportunity. HP like all the others want this law to remain. Only when the stakes are really high will they seek to enforce it
Except that they at least thought about it... and the DMCA is a LAW, not a company policy. Once HP cries wolf, what's to stop a creative procecutor from bringing charges?
So... someone fill me in here. Is it normal for organizations to ask companies for money before they'll share info about exploits? After reading the note from SNOsoft, it seems clear that they must have asked for money. How else do you explain them trying "to build a working relationship with HP" and HP (mis?)perceiving their actions as extortion.
Don't get me wrong, as far as I'm concerned, it sounds like HP needs to spend more money on developers and less on lawyers. I'm not trying to defend their actions at all. But, it seems to me that if SNOsoft was merely acting altruistically, they shouldn't need to "build a relationship" in order to "transfer the information privately."
-- dR.fuZZo
So snosoft are a security research company? Then how come they haven't bothered updating their web server to fix the security flaw mentioned over a month ago?
According to Netcraft, they're still running Apache 2.0.35...
Code, Hardware, stuff like that.
I can't think of any large entity that takes security more seriously than the military (including the banks I've worked for). They may have flaws but they are without question the toughest target.
One can only hope that vigorous outcry from vigilant people can convince corporations that they don't always have to do what their lawyer says. Lawyers don't have consciences. At least, they don't have independent ones. A lawyer believes whatever he is paid to believe. And so they are incapable of looking at any situation from a non-opportunistic/exploitative point of view. Only when their paymasters say, wait a minute, this policy doesn't work, I'm not going to just send that cease-and-desist or SLAPP or call the FBI or whatever, do these corporations do something in the public interest.
"Why should we leave America to go to America Junior?" - H. Simpson, on visiting Canada
i think companies *know* that if the DMCA gets taken to court, it will die and we will all live free, so they don't want to risk it. which, incidentally, means that we should try to as much as possible (within reason)
On the contrary, I think that if corporations were under the impression that this "tool" would soon disappear from their arsenal, they would have incentive to make use of it ASAP and "get while the getting is good". It's like when retailers make sure to stress that an offer is for a limited time only to try to get people to half-panic and hurry in to the store. More likely, corporations that try to make use of the DMCA are encountering some seriously bad backlash from the community that makes them think twice about using the DMCA. I would suspect that they would only resort to the DMCA when no other weapons are available. That's sort of a good thing, I guess, but it suggests that the DMCA will be the corporate legal equivalent of the H-bomb -- the "no more Mr. Nice Guy" gun that's used more as a scare tactic than an actual weapon.
Tastes like burning! - Ralph Wiggum
They knew they would have their posterior kicked black and blue which would eliminate the DMCA threat power.
Fight Spammers!
Exactly.
We have zero evidence that HP will stop trying to hide the failures in its products.
If Carly Fiorina knew about this, then she also thought it was okay to try to use aggressive tactics to hide severe failures in an HP product. In that case, Carly should be replaced by the HP board of directors.
If Carly Fiorina didn't know about this, a major act by a vice president, then she is clearly not in control of HP. In that case, Carly should be replaced by the HP board of directors.
So, my question is why dont they bring charges aginst HP for knowingly forcing people to use software that does not do what they claim (Unless being broken into is on the features list) as well as claim damages for the couple days their DMCA invocation caused by making us all run their vulnerable software?
Also, i cant remember the name, but if you threaten someone with a lawsuit and have no intentions of following through with it, that is a crime as well.
Ah well, thats the joy of the USA.. everything is a crime now
Appreciate your note and concern. Let me just start by saying, "don't :-)". I can assure you that my :-). We also encourage our customers and 3rd parties
...
believe everything you read in the press
primary interest and concern is for the Tru64 customers and that the
Tru64 engineering team is committed to finding and fixing any security
problem in the product and getting these fixes/notifications out to
customers ASAP. Trying to do everything possible for Tru64
customers is what motivates and brings me to work every day
(and night
that find security issues in the product to coordinate through the
CERT process, which has been set up to support both product
vendors and customers. Again, I appreciate your concern and
feedback.
Kent
-----Original Message-----
From: XXXXXXX
[mailto:teaser@XXXX.com]
Sent: Tuesday, July 30, 2002 10:56 PM
To: Ferson, Kent
Subject: Rethink this approach.
Concerning this Zdnet article: http://news.com.com/2100-1023-947325.html
HP is going about this all wrong. You have managed to alert many more
people of the mentioned exploit (by making legal threats) than would
otherwise have ever noticed the Bugtraq post. That genie is way to far oput
of the bottle to to be put back now and the poster will just comply to any
cease and desist requests. Besides, there are plenty of buffer overflows in
True64 according to the Bugtraq poster Phased.
My suggestion to you and your colleagues would be that you quietly fix the
code, in a timely fashion, and avoid both the bad publicity and potential
liability.
Thank you.
We really need your help
http://www.gofundme.com/help-sherry
I think this is too early to tell. Since they already did say they could use DMCA, some damage is done. This obviously came through lawyers, so someone somewhere DID make that decision, regardless of who they blame. Now, even though they said they wouldn't, there is doubt in a researchers mind if anything might happen. You can not just release a program without "following standard procedures" any more (that's what I got from CNet's article). Following such procedures is a good thing, but it should NOT be a requirement to free speech.
Lets wait for actions from HP, who knows what they'll do a year from now on some other bug. This also opens the door for MS or Oracle or whoever to do this, without being first, and citing HP, regardless of what HP said today. Can you really open your toaster now and see what's inside? This threat, even though withdrawn, has done what it was supposed to do.
It is what they call the slippery slope.
We're all glad HP backed down, but what scares me is that the "Responsible Disclosure" FUD continues. On Bugtraq people write that CERT and SecurtyFocus are "established parties" and everyone who does not give them their so-called "0days" is irresponsible (at least CERT is known to sell 0days). I personally won't give them my 0days early.
The "Responsible Disclosure" draft continues to get advertised, though it was not approved by the IETF .
Why do people think about giving away the right of free speech just because of some FUD?
Even in the unlikely case if this bad RFC passes, does it mean that that people are safer when they disclose problems - I definitely don't think so personally.
So the facts are: some companies can't write secure code, and it is more expensive to write code securely.
Just check "Help -> About" on Windows before using the word "responsibility".
The easiest solution is to shoot the messenger and to outlaw saying the emperor has no clothes. But this won't fix the problem in the real world. Such regulations will only alienate a lot of people and will make things worse.
Come now, you know it's like a car crash. Frightening, gruesome, but we want to look. That's why we keep coming back to the same tired old arguments and issues (and back to /.). We're old folks sitting on their rocking chairs, telling the same old stories and jokes, and laughing every time, except we're not all old yet.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Good going HP - my next printer will be from you.
I bet you hit yourself in the head with a hammer, because it feels good when you stop.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Last night, when I read about HP swinging the DMCA club I sent their CEO "intelligent feedback". It was polite and used words like "extremely disappointed" and accused HP of shooting the messenger instead of fixing the problem. Additionally, I told her that I wish I had discovered the flaw and had to defend this action and faced a jury.
I imagined the cross examination as follows with HP on the hotseat:
1. Isn't it true that HP learned of this exploit nearly a year ago and has done nothing except try to "silence" someone sounding a critical warning?
2. Can you explain to us what type control a person could have gained over an HP server using this security flaw?
3. Isn't it true that HP servers are used in key government installations, biomedical research labs, and fortune 500 companies and this flaw could have been used to compromise national security and commit corporate espionage?
4. Why would HP delay acting on this information for so long when so much was at risk?
Oh, this would have been soooo much fun to watch on Court TV!
Anyway, I was just curious how many slashdotters fired off a "polite" feedback.
ok, follow me...
go to thomas.loc.gov
under the Legislation heading, click on Bill Text
select the 105th congress (1997-1998)
search for word/phrase 'digital millennium' (2 L's and 2 N's) or enter bill number "s. 2037"
Click on one of the relevant results.
The Bill Summary and Status link is informative. Check the "All Bill Summary and Status Info" link for some history (or some of the other links), then look for "Recorded Vote"
Bingo.
(phew, stepping through this was a little harder than I thought it would be... But, now that I understand it enough, I can tell everyone else how to do it. Bang on.)
fair.org counterpunch.com truthout.com indymedia.org salon.com
eff.org guerrilla.net debian.org gentoo.org
What a lame answer. Whats preventing him from coming on /. and posting his side of the story? Did he, or did he not, threaten to sic the DMCA on SnoSoft?
Oh, this would have been soooo much fun to watch on Court TV!
Too bad it would be torn to shreds in a real court. There would be all sorts of inadmissible evidence.
I am sorry, I do not see the point of this.
The DMCA still stands, it stifles research. Alan Cox is still afraid to step on US soil for fear of being arrested for doing a moral and ethical work.
How is this any sort of victory. HP wussied out. Snosoft wussied out. And maybe Bruce Perens wussied out too.
Where were the necessary changes to the law. Hackers need some sort of protection from this crap.
Imagine if GM said you could open the hood of a car? Would the american public stand for that?
If you found a fault in a Ford, would the american public want Ford to have 30 days to figure out if they want to deal with the problem?
Corps are getting to manhandle us because the public doesnt understand the issues and we're a powerless minority.
Does the auto insurance institute which does crash testing need to inform the car companies thirty days in adnvance prior to disclosing bugs?
We need a secure receipt mechanism when reporting bugs.
We need full disclosure.
We need full authorization to learn from each other, this means sharing how buffer exploit vulnerabilities are found and how they can be exploited.
Simply reporting vulnerabilities to companies is irreponsible in the public scheme of things. If coders dont know how these exploits occur it prevents them from writing secure code.
We need the ability to learn from each other.
DMCA needs SERIOUS changes.
Bruce has done a lot more for hacker freedoms than many of us here, but I'm sorry but it hasnt been enough (not necessarily his fault).
Comment removed based on user account deletion
If you had anything to do with the reconsideration, we appreciate it.
You see? You see? Your stupid minds! Stupid! Stupid!
"1. Child support - Child support should only be applicable in the case where the child was concieved within a legal marriage. Any other situation leaves enough doubt that the man was not a willing participant unless he's willing to admit to it or assume responsibility on his own. Repealing child support law as it is would result in a great decrease in single-parent children."
So, men are free to screw who ever they want and not bear any responsibility?
There where a great many of single born children way before there where laws to hold the malr responsible for his action.
Genetic verification should really be enough.
OTOH no man should be forced into pay child support if it is proven the child is not his by birth or adoption.
after reading this, I can only reply with a quote from monty python: "you ARE a looney."
The Kruger Dunning explains most post on
Should now email them to express thanks that they have reversed the decision. I had emailed them to state my displeasure and to vow never to buy another HP product again(which would be tough, as my Pavillion continues to surprise me in quality).
Now that they have reversed it, I sent a follow up thanking them and stating that I again looked forward to purchasing from them in the future. The rest of you should do the same- Express displeasure when they fuck up like this, but also express appreciation when they fix it as they have.
After reading SNOSofts response, I've gotta say it looks like they were trying to drum up business and it back fired big time.
Im not supporting HP in any way and personally I think the DMCA is the greatest piece of loo paper I've ever seen but if you go to someone and say "I know how to break into your house and steal all your hidden money and Im not going to tell you unless you pay me" you gotta expect to get burnt.
Right. And I won't buy anything from Adobe, either. And I won't recommend any Adobe products. And I will truthfully disparage Adobe products when reasonably appropriate.
I don't like companies that invoke vile laws. And the DMCA is one of the viler ones.
I think we've pushed this "anyone can grow up to be president" thing too far.
Wouldn't matter. For HP to even have a case, they'd have to say enough that they'd hang themselves in the process. Only scientologists are good enough to keep ALL the relevant facts out of the case.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
According to the C|Net article, the manager who made the threat (Kent Ferson) came from the Compaq side of the HP/Compaq merger. So I guess you can blame that loser Fiorina for bringing clueless bozos to dilute the HP way...
IANAL either, but I am in the US and this is how I understand the situation:
It is correct that a company can not bring criminal charges against a person or another company. When an individual sues another individual, it must be for a violation of civil law. The DMCA is a federal criminal law, so it is up to the US Justice Dept to per^H^Hrosecute victims. The FBI is like a police department; they do not engage in prosecutions, but they have the power to make arrests, conduct investigations with court orders, etc.
One of the many problems with the DMCA is that the line between civil and criminal prosecution is blurring. With Dmitry Skylarov, he was effectively arrested and prosecuted by Adobe; the FBI and the Justice Dept were willing participants, but I don't think there's much doubt that Adobe was calling the shots.
HP backing down from the DMCA threat is not enough to directly prevent a lawsuit. However, if HP will not cooperate in the prosecution (providing witnesses etc) due to public outcry, it is no longer worthwhile for the Justice Dept to prosecute, because they basically have no case. So again, it is not a question of actual policy but the effects of policy.
Hope this clears things up...
The FBI didn't follow suit ... at least based on what Adobe publicly said. But how much would you wager that Adobe told the FBI in private to stick it to Sklyarov? That's where my money is...
Remember: we have the best government money can buy. And Adobe has a lot of money...
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
The power of the DMCA is not necessarily in court. The threat of a long drawn out legal battle is usually enough to get what the large corps want, sort of a reverse "O.J." strategy, if you will. The DMCA can be milked by RIAA and others for many years without actually having to be tested. That won't lessen either it's application or damage to the IT sector.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
....has HP fired those lawyers or their firm?
I doubt it.
If only more lawyers would get fired. There are far too many upright-walking cockroaches in that profession. There are good lawyers too of course, just look at the ACLU, but there are also plenty of the worst type of scum known to man.
I guess if you're an amoral sociopath, career choices that match your temperament are few and far between. Your choices are basically car salesman, CEO, or legalistic henchman/mercenary.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Quote: "At the high point there was an e-mail to (HP CEO Carly Fiorina) every 90 seconds."
It looks like there are quite a lot of HP workers that knows what a bad thing the DMCA is. Thanks for reacting!
A lot of people are worried that Symantec will influence how Bugtraq is moderated and operated, and here we have a case where the deal isn't even closed yet, and already "things are different" down at ole Bugtraq...
Coincidence? Methinks not.
Sigh, moderate parent down, although the influence concern is still valid, the claim may not be.
"SecurityFocus.com, which is in the process of being acquired by Symantec, said it had already deleted a copy of the C source code from its Web site at the request of SnoSoft."
I knew I wasn't smoking crack yesterday. However, they allegedly pulled it at the request of snosoft, not HP.
"Of course, you've already joined the EFF [eff.org] and sent them at least $100 ........ haven't you?"
I would have.
Only they wouldn't promise to use the money ONLY on worthy causes, like fighting the DMCA, instead of defending Kevin Mitnick, should he go phreaking again.
The problem with giving money to radical organizations is that they will sometimes spend it on radical causes which you don't agree with.
Unfortunately, there's not an ACLU SIG on Intellectual Property yet, so once you give the nut-jobs your money, you lose control of it, and if one of their causes is to fight deer tick eradications, Murphy's Law says that's where your donation will be spent instead of on the cause you orignally donated to support.
-- Terry
From the Apache.org advisory:
"While testing for Oracle vulnerabilities, Mark Litchfield discovered a denial of service attack for Apache on Windows. Investigation by the Apache Software Foundation showed that this issue has a wider scope, which on some platforms results in a denial of service vulnerability, while on some other platforms presents a potential remote exploit vulnerability."
So, while the problem was initially detected on the Windows platform, it has been found to affect other platforms. In fact at the very top of the advisory we see this:
"Versions: Apache 1.3 all versions including 1.3.24; Apache 2.0 all versions
up to 2.0.36; Apache 1.2 all versions."
Now I'm not sure what "all versions" means to you, but to me it doesn't mean "Windows only"...
Code, Hardware, stuff like that.
I know you were trying to say something else, but take a look at this line and consider:
>2) The thing that scares me about the DMCA is that, in this narrow sense, it is ILLEGAL to bitch about faulty hardware. The problem is that under the
>law, HP DOES have a case against SNOsoft. Just because they're not pressing it doesn't mean that the law is fundamentally broken. Note that the
>UCITA's shrink-wrap enforcement codicils could be used similarly.
The "Free Market" that so many seem to worship is based on an informed consumer able to make choices, to vote with his/her money. We really stink in the tech sector. First we have Microsoft dedicated to becoming the only choice. Now we have the DMCA removing the "informed" from what choices we have left.
Perhaps it's time to bill the UCITA and portions of the DMCA as being anti-free-market.
The living have better things to do than to continue hating the dead.
In another BBS I go to, when I posted about Palladium and the DMCA, all I got in reply were firey defenses of corporate intellectual property. You can't disclose specifics of design flaws in proprietary works since it violates the copyrights and trade secrets of the IP owner. Microsoft can impose Palladium, since you don't have an inherent right to choose which software you run on your computer, since windows is the property of M$ and the processor is the property of Intel. You don't have an inherent right to transfer your data out of a proprietary format, since the format is IP and if the vendor doesn't want you to have the ability to convert to other formats, then they have the right to say you can't because it's intellectual property. So on and so forth. Note that IP law doesn't give corporations the right to do any of those things. And in cases where IP does apply, those rights are overridden by anti-trust laws, monopoly laws, and restraint of trade laws. (I would argue that M$ using closed file formats in order to lock you in could be legitamately considered to be a restraint of trade.) But it seems that outside communities such as /. corporate IP takes precedence over anything, and to restrict companies like Micorsoft is a violation of corporate constitutional rights by a tyrannical government!
But it goes even further than "cyberwar". If we don't have talented computer professionals in this country, the CIA, NSA, FBI, Armed Forces are all going to suffer disasterously. What are we gonna do, hire foreigners to protect our national security? ;-)
And then there's long term economic problems we'll run into as well. Corporations won't be able to hire security experts with enough talent and experience to protect them from corporate espionage, script kiddies, disgruntled employees, etc.
Our "leaders" are going to bring about our own demise. Stupid bastards...
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Geek A creates a company that creates a program that "encrypts" (rot13, he) documents.
Geek B, friend of Geek A, breaks the encryption scheme, violating all the articles of the DMCA.
Geek A sues Geek B and they fight the case all the way to the Supreme Court.
Once the monstruosity is declared un-constitutional everybody is happy.
If it is not, Geek B is pardoned by Geek A and we go and hide in the mountains.
IANAL but write like a drunk one.
HP blames the snafu on... their lawyers!
This is wrong, legally and morally. HP is a corporation; their lawyeres are a part of them. The non-corporate analogy would be a little like punching someone in the nose and then saying "I didn't do it! It was my hands!" Someone who honestly presented this as a defense would be encouraged to undergo a psychiatric evaluation. I see NO difference in HP's behavior. Their attorneys, BY LAW, represent HP. Attorneys are not allowed to do things their clients don't want. Any action an attorney takes is legally the action of the client; that's what the word "attorney" means. When your attorney threatens legal action, YOU are threatening legal action; the attorney was hired by YOU to take actions YOU want by using the tool of the American legal system. The attorney may suggest courses of action; YOU decide what your legal representative will do.
The ONLY time I'd be willing to make an exception to this is if the corporation fires their lawyers or files suit against their law firm for legal malpractice.
Anyone who tries to tell you that it's not their fault because their attorney did it needs to be punched in the face.
"some disappointment that we didn't get to try the DMCA against such a stupid case"
:)
:)
lol...
Is this one out of 3?
I think I would have rather it had been tested (Score:5, Insightful)
by tlambert on Thursday August 01, @10:45PM (#3996512)
(User #566799 Info)
I think I would have rather it had been tested in court.
Ok, it was taken out of context, but I smiled when I saw the topic come up after reading your comment.
Beware: In C++, your friends can see your privates!
IMHO, this is too little, too late. Yeah, they're backpedaling after a justifiably furious outcry. However, the fact that one of their VPs sent this letter in the first place goes to show you how the HP/Compaq top brass think about security: keep it quiet.
Maybe so, but it's like a nuclear weapon. You don't have to use it, and don't really want to because the fallout would contaminate you, but the very existence of it is a formidable and chilling threat.
Milo
Until Wednesday, SnoSoft's home page stressed that it had a policy of "full disclosure" of security threats--unless that company retains SnoSoft as consultants. "If someone hires us to do research we can not disclose that information since the information becomes theirs--they purchase it," said Snosoft's Desautels.
Ok, so SnoSoft says, "Hey, we found a security hole in your Tru64 product, but we are only going to tell you if you fork over some dough!" How ethical is that? Its hardly full disclosure. HP was threatening legal action on this basis, not that they found a hole. If I were HP I would sue the extorting bastards, too. Either disclose all holes publicly upon discovery or give the opportunity for vendors to fix them, but disclosing security holes within 24 hours to bugtraq only in the cases where the vendor does not pay you for cracking their system is unethical, IMO.
I'm sure the outrage helped to speed things alone, however reading between the lines, putting my ear to the rumours mill has it that Felton serious overstepped the mark, went against policy and is lucky to still have a job.
How many days anal-retentive VP Kent Ferson has left at HP?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Yes I do think men are that f*cking stupid.
Especally if some sexy woman is putting out for them.
The whole problem is men get to a point of no return when 'she wants to fuck me' is more important than 'where the hell is that bloody condom'
Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
This is just another example of how the people who sit in charge of large companies tend to float in their ivory towers and not have any clue what's happening inside their own walls.
Just like the recent wave of accounting "irregularities", this is either a case of those in charge trying to get away with things they KNOW are wrong -- and backpedelling when they get caught, OR honest lack of clue as to what their laywer breeding ponds were producing.
Why do people seem to lose their ability to use common sense as they climb the corporate ladder? At what point does rational thought and normal human morality get left behind? Just as proposals are being pushed to hold CEO's responsible for the state of their underlings, I'd like to see congressmen held responsible for the damages caused by the laws they pass without thinking about the consequences.
I don't think laws are meant to cover every possible Bad Thing (TM) that can happen... they are meant to correct known wrongs as society determines they are problems. As such, we shouldn't make up laws that cover crimes which don't yet exist (most of the newer technology laws try to be vague so they can do this). We also shouldn't make redundant laws, but acknowledge and correct their lack of enforcement (DMCA mostly tries to re-invent copyright law -- copyright law already does the job quite nicely, it just needs to be enforced).
At the risk of wandering even further off-topic: Could you please explain to me how a man could not be a willing participant in the process of creating a child?
Easy.
Man & woman have sex. Man used condom.
Man throws condom in the trash bin.
Man goes to bar to get some drinks.
Meanwhile, unbeknownst to man, woman goes to trash bin and...
It HAS happened.
Money does not have metadata.
Maybe in version 3.
Some NPOs allow the attachment of provisions or maintain special funds; most do not, since permitting that would have the side effect of leaving "orphan funds" once a funded goal has been achieved, or leaving important new causes without funding (e.g. robbing the of the ability to exercise their discretion in prioritizing).
Would that you could specify where your money goes when it leaves your hands; for one thing, all of my taxes would be earmarked for long term projects, which is to say, "no pork".
-- Terry
Why? I'm not happy with Adobe becuase they withdrew support for Dmitri's prosecution. Why should I be thanking them for _graciously_ deciding, after doing something rude, stupid, and malicious, not to do something really rude, stupid and malicious? I say fuck'em. You trot out the DMCA, you are my nemesis, plain and simple.
Dyolf Knip