New RedHat Kernel Patch Illegal to Explain to U.S. Users

Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."

Land of the free...

[loply]

But sound doesnt travel in the land. Nor does... electricity, radio waves, or, come to think of it anything. Jeez, what a rip.

I'd comment, but

[jcknox]

I would comment on the stuff posted on theFreeWorld.net, but after reading their disclaimer, I was afraid to continue in the site.

Repeat after me:

I will NOT vote for anyone that voted for DMCA.

Re:I'd comment, but

[rmadmin]

I'd agree. I'd really like to know what the problem is. And where the DMCA has any damn right to tell me I can't read it. I cannot fathom what could be in that stupid text that would violate the DMCA. Anyway. Since this is an explination of the changes made to the software that I run, that I risk my data on, I think I have the right to that text. And if the goverment disagrees, then I'll take my ass and my money, and my vote over seas.

Re:I'd comment, but

[Flakeloaf]

I will NOT vote for anyone that voted for DMCA

Awww! But I really had my heart set on voting for Hillary Rosen again this...um... wait a minute...

Re:I'd comment, but

[wagemonkey]

You may be allowed to read it, but the point is the posters don't want to be prosecuted for publishing it.
The Reg had a neat explanation of this, a lot of people outside the US don't want to get arrested if they set foot on US soil because they published something on a web site hosted in another country that violates the DMCA.

Re:I'd comment, but

[DustMagnet]

It's a subtle point, but it's not the DMCA that says you can't read it. It's the author who says you can't read it. The DMCA says he can't tell you. You don't violate the DMCA by reading it; you violate the author's copyright. This kind of difference is important in matters of law.

Re:I'd comment, but

[Alsee]

And if the goverment disagrees, then I'll take my ass and my money, and my vote over seas.

If the government dissagrees you're free to do exactly that. Except your ass wont arrive overseas for at least five years and your money will be a half million less.

-

Re:I'd comment, but

[Fulcrum+of+Evil]

You don't violate the DMCA by reading it; you violate the author's copyright.

No, the author has no right to stop me from reading something that he's published; all he can do is dictate who may distribute copies. Before anybody asks, the copying required to view the page doesn't count, as it is required to use the page normally

Re:I'd comment, but

[HiThere]

Do you seriously believe that Adobe really asked the Feds to drop the charges??? After setting them on him in the first place??

Adobe was just playing C.Y.A. They never came out and publicly requested that the prosecution be halted. They didn't file a friend of the court brief asking that the prosecution not be pursued.

Adobe is a clear villian. Anyone who does business with them has no business considering themselves to be moral.

Re:I'd comment, but

[MSG]

Despite the +5 Insightful rating, this post is completely wrong. The problem, as it was acturately described originally in the story, is that the patch fixes a problem that could be used to bypass "digital security - i.e. computer security".

The DMCA made it illegal to discuss techniques that allowed users to bypass digital security, and because of the broad wording of the bill, it may be illegal to discuss such vulnerabilities at all. In this case, it is not because the author in question says you can't read the description of the problem; the DMCA says that he can't tell you what the problem is because you might then use that information to bypass security restrictions.

Re:I'd comment, but

[Fat+Casper]

Adobe is a clear villian. Anyone who does business with them has no business considering themselves to be moral.

I would think that the Skylarov case would be the ultimate example of what is wrong with the DMCA and the DOJ in general. Adobe did everyone (except Skylarov himself) a huge favor by starting this mess. Forget about hypotheticals, drop the "this could become illegal"s. We've got a case that shows just how wrong this law is.

Refusing to grant a visa is the best way the feds have to avoid committing an atrocity here. He'll be convicted in absentia, but they'll never ask for extradition- you can't request extradition for someone that you denied entry to.

Washington gets their conviction without actually having to jail him- just some bureaucratic snafu over at State, you know. The DMCA is validated (?) by the conviction. Washington is spared the embarassment of jailing him, and we still have this travesty to point to.

Everyone wins except Skylarov, and he gets to stop losing. The State Dept. turned him down for a visa, and he doesn't have to apply for another. He can't come to the US again, but I'd imagine he isn't so hot on that idea anyway.

Re:I'd comment, but

[tpv]

I believe the parent to your post is slightly incorrect.

For those of you who are under US jurisdiction:

• The authors aren't allowed to tell you the about the security holes, because of the DMCA. If they did tell you, they could be arrested if they ever enter the US.
• You aren't allowed to read the information, because it is protected by a licence agreement, that you cannot accept. If you click the "accept" button, then you assert that you are not under US jurisdiction. If that is a lie, then you are making a false statement, and could be charged with some fraud related act.
• I can't give you a copy of the text because it is protected by copyright. (And if I did I would also be violating the DMCA)

Re:I'd comment, but

[Eivind]

The problem is this:

The DMCA forbids publishing information on how to bypass an "effective access-control mechanism"

The Linux-kernel and other software includes many features which restrict or regulate access

Bugs in the kernel can frequently be exploited to bypass the access-controls

Thus Publishing information on the bugs can easily be seen as equivalent to publishing information on how to bypass the access-restrictions

For this, you could face prison up to 5 years, and/or fines of up to $50.000.

Yes it's absurd. Yes it's stupid. Yes the law should be repealed tomorrow. Go do something about it!

Re:I'd comment, but

[HiThere]

Yeah, it says different. But from what I read of other published sources at the time (well, and since, but it was rarely mentioned), what happened was that Adobe withdrew from supporting the feds. This is quite different from even attempting to make up for their original misdeed.

"Protestors claim victory" is quite likely true. This is far different from "Protestors achieve victory".

But I have never seen it asserted that Adobe requested, even pro forma, that the charges be dropped.

I tried to investigate this further, but many of the links on the story that you posted have expired.

Re:I'd comment, but

[ninewands]

Quoth the poster:

Refusing to grant a visa is the best way the feds have to avoid committing an atrocity here. He'll be convicted in absentia, but they'll never ask for extradition- you can't request extradition for someone that you denied entry to.

You cannot be convicted in absentia in the United States. Proceedings in absentia violate the Fifth Amendment's guaranty of "due process of law" and the Sixth Amendment's guaranty of the right to confront the witnesses against you.

Denying an entry visa to Dmitri is a tactic by the DOJ to prevent the case from going to trial so that the constitutionality of the DMCA and their attempt to apply it outside the boundaries of the U.S. never gets challenged in the one place that counts, a court of law.

It happened on CLINTON's watch!

At least blame Bush for HIS mistakes.

Re:It happened on CLINTON's watch!

[sqlrob]

One Nation Under God - Congress is voting to make that part of the pledge a law, also under Bush's watch.

And every single congress critter (95/100 of the Senate IIRC) that voted for it should be tossed out of office on their ass for violating their oath. How is this upholding the Constitution?

Re:One day...

[Belisarivs]

Um, whose name is at the bottom of the DMCA? I'm pretty sure it's not Bush's. Want a high comment score on Slashdot? Bash Bush.

Sound familiar?

[shftleft]

To quote the article:

...just as ridiculous as the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...

Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...

Re:Sound familiar?

[larien]

I think that was the idea; show the extremes that the US is going to at the moment.

Re:Sound familiar?

[GMontag]

Interesting? More like Offtopic.

1. The quote is well over the top.

2. "not far off"? If our intent were to shoot POWs in Cuba, we sure are being slow about it. They are not even being mistreated!

3. You are slamming one of the FEW nations that follows the Laws of War and Peace, to include prosicuting our own military people that violate said laws.

I take back the Offtopic comment, you are just a troll.

Re:Sound familiar?

[boogy+nightmare]

'Furthermore, they are members of an enemy force'

Considering that they are being held with no reason, trial or lawyer present, the fact that nothing has been proven then unfortunantly this statement is terribly inaccurate (like my spelling) Simply becuase they are not given POW status means that they are being held for no reason other than paranoia. It woiuld be like putting you in a lock up for 2 years in case you had something to do with drinking and looking at a car.

Remember you are supposidly a free country with 'apparent' freedom of speech, religion or beleif, becuase it is suddenly a bad thing to be against 'mainstream America' those rights are consistanly forgotten.

Akira

Re:Sound familiar?

[aengblom]

with the rules governing prisoners of war

No. No we are not.

Whether you agree with the "enemy combatent" theory or not, the prisoners do not have POW status or rights.

There is a list of some of the requirements here


Furthermore, they are members of an enemy force. Comparing that to people talking about computer patches is absurd.

Yes, quite.

Re:Sound familiar?

[larien]

Hrm, quite a number of people would disagree with your views that they are not being mistreated. There conditions are hardly comfortable. You're also "being slow about" giving them any kind of trial or legal representation. Also, as others have pointed out, the US is very keen not to call them POWs as that would give them rights which they are determined not to allow. What I would ask is what kind of noises would be coming out of the US if American citizens were being held in similar conditions, with no trial in a middle east country? They should, very rightly, be outraged.

As for "one of the FEW nations that follows the Laws of War and Peace", I'd like to point out that the US has demanded (and unfortunately, gotten) concessions that no US military personnel can be tried for war crimes on UN missions. This effectively gives US soldiers carte blanche to rape, pillage and burn in a manner that would make the atrocities in the Balkans seems like a Sunday School picnic with no chance of war crimes charges ever being laid. They may get some kind of court martial or charges laid in the US court or they may not. There would be no recourse for an aggrieved party in the Internation Courts.

The more I hear about the US in recent times, the more I despair about a nation that claims to be the home of Democracy. I have my own rant about another such incident, which you're free to read.

Re:Sound familiar?

[the_2nd_coming]

they get around that however.....they are on Cuban soil, not US soil.

just like how we turn over the top al-quaeda dudes to Egyptian intelegence...those guys use tourture to get information...all we do is hand there head of intelegence a list of questions, and they come back a week latter to tell us what he said.

Re:Sound familiar?

[rseuhs]

Furthermore, they are members of an enemy force. Comparing that to people talking about computer patches is absurd.

Indeed it is.

What is your point again?

Your point was that no absurd things ever happened in the USA and never, never will, right?

Re:Sound familiar?

[larien]

OK, then, these "combat detainees" will presumably be released once hostilities have ended? Is any fighting actually still going on in Afghanistan? The US hasn't given any clear idea of what it plans to do with its prisoners/hostages/detainees in the long term. Until it does, I'm not going to give any benefit of the doubt to them. Also, I never stated what they were doing was illegal, but that doesn't mean to say I have to like their actions.

"Incorrect Again". Hrm, the BBC disagrees. "The United Nations Security Council has voted unanimously to exempt US peacekeepers from prosecution by the new war crimes court".

As for the UCMJ, yes, OK, soldiers could be tried under that. However, if an order comes from on high (e.g. a general, or even the president), is a trial really going to happen? I guess the examples of rape & pillage were bad, but what about orders to assassinate someone? Or napalm a village (not that the US has ever done that before...)?

Republic/Democracy? Whatever. The fact is that the US tends to like to believe it's the home of democracy.

Re:Sound familiar?

[mvdwege]

Again, try learning something of this before declairing things "illegal" that are well within the bounds of the Laws of War.

Somehow I seem to have missed a Declaration of War by the U.S. Congress. Therefore the U.S. can not hold someone as an enemy combatant under the laws of war, because the U.S. is officially not at war.

Since according to international treaties and the U.S. Constitution the U.S. government has no other way to hold someone prisoner without a specific accusation of a crime, the U.S. is violating fundamental human rights at the moment.

Therefore the people imprisoned at Guantanamo Bay are imprisoned illegally, all according to international human rights treaties, the Geneva Conventions and the U.S. Constitution.

Mart

Re:Sound familiar?

We are not shooting them or anything else.

Pardon me, but how the fuck would you know? Even lawyers representing these people can't get the government to tell them why they're being held. And many of them aren't even being acknowledged for "national security" reasons. If the military shot a few dozen, who would ever know?

Keep your nationalist ferver to yourself; this is a thinking man's board.

Re:Sound familiar?

[mickwd]

Have you really thought about what your saying for more than 5 seconds ?

Suppose the USA goes to war with Iraq. Suppose americans are taken prisoner on their way to Iraq, and imprisoned somewhere in the middle east, without any legal representation, or hope of release.

1) Will it be OK if the internation red crescent (yes there is such a thing - it's a muslim organisation) says they're being treated OK ?

2) Is it OK if those americans have no rights under the Iraqi system, as they are housed on foreign soil, and have never touched its shores ?

3) Is it OK if Iraqi troops are exempt from war crimes during the US/Iraqi war, because they're trying to defend their country against a foreign aggressor ? After all, Saddam Hussein takes it very seriously when his soldiers don't follow his rules.

Re:Sound familiar?

[mvdwege]

War was brought to the US. Perhaps you have missed the events of the past 10 years.

Yet still the U.S. did not react with a reciprocal Declaration of War. Therefore under international law the U.S. is not at war.

Any unilateral actions by the U.S. President are just that, unilateral actions not sanctioned by international laws and treaties. That is why the U.S. is resented by the world at large.

My conclusions are only false if you want to use the viewpoints of the current U.S. administration as canon. The same administration that has declared unilateralism as its policy from the election campaign on forward.

Lets recap:

1. In order to hold someone as an enemy combatant a state of war must exist according to international treaties (which the U.S. signed and ratified B.T.W.)
2. The only way the U.S. can be in a state of war is by a Declaration of War.
3. According to the U.S. Constitution, the only one with the power to issue such a Declaration is the U.S. Congress.

So, notwithstanding the power of the President to deploy troops, the U.S. is not at war, and therefore the defense that normal criminal proceedings are not necessary against anyone the Administration designates an enemy combatant is bogus. Anyone trying to defend that policy knows nothing of international law and is defending an unacceptable breach of human rights.

As an aside, I have nothing to do with Berkeley (sic), as I am not an American. Your ad hominem attacks serve no purpose except to show you as a jingoistic troll.

Wake up and smell the coffee: your own administration has declared that unilateralism is to be the foreign policy. In common English: "Screw the world and what it thinks, screw international law and the treaties we signed, we do whatever we damn well please."

Mart

Re:Sound familiar?

[the_2nd_coming]

your right, in camp delta, the prisoners have BETTER living quarters that the soldures.....

I have heard a few soldures who are back from Camp delta complain about just such issues.

BTW, Camp delta conformes to 21 and 22, 25 has NEVER been broken except perhaps while they were being procesed in the begining.

right now, 70 is being borkern, however, that would be why they are illegal combatants and not POWs.

the fact is that they are phisicly and mentaly treated no worse than a POW. writing home is the only thng they cannot do and it is sufficient enought as to have queld critics in the UN and the International Red Cross

Re:Sound familiar?

[Ian+Wolf]

Gitmo is a U.S. Naval Installation and is in fact U.S. soil.

Think about it. Do you think Fidel would let us set up a Navy base on what was still considered Cuban soil?

Re:Sound familiar?

[RealAlaskan]

This effectively gives US soldiers carte blanche to rape, pillage and burn ...

Actually, US soldiers have a fairly good reputation in this area. Most of the GIs behave more or less as they would at home.

Some years ago I met an old Chinese soldier who took me into his house, fed me dinner, and gave me gifts, all because I was American. He told me that American soldiers were the best disciplined and most reliable in the world. They followed orders even when no-one was looking! That, apparently, was as un-Chinese as you could get. Thirty years after observing this, he was still astonished.

Of course, this old fellow was comparing regular army soldiers to Chinese bandits (the KMT and the competition had common origins in organized crime). We shouldn't forget about the times that US soldiers have done wrong; My Lai is probably the most famous, and our soldiers have embarrased us on Guam several times recently. This kind of thing makes the news because it isn't normal, and the US military has been very determined about dealing harshly with the evildoers it finds in its ranks. If the Army sends you overseas and you rape a local girl, you're going to wish you had brought her home and done it where the US civilian courts could punish you.

... US has demanded ... concessions that no US military personnel can be tried for war crimes on UN missions.''

So, you want us to send our soldiers as mercenaries to wipe your behind for you, and then you expect us to turn our soldiers over to whatever butcher is running the world court this year? We are not amused. Don't forget, the UN is filled with nations that want to destroy us (and you, too, if you're in Europe).

... I despair about a nation that claims to be the home of Democracy.

You aren't despairing about us, then. Greece was the birthplace of democracy, but democracy is unstable, and never lasts long anywhere. The US has always been a republic. Insofar as we can avoid democracy, we have a chance to keep our freedoms.

... what kind of noises would be coming out of the US if American citizens were being held in similar conditions ...

Our State Department would do nothing of consequence. If it became a common practice to treat Americans thus in some country, the government would advise us not to travel there. If a US citizen abroad gets involved in a revolutionary group, or some sort of criminal activity, the US government generally turns its back on him. They didn't even take any effective action to deal with Iran during the hostage mess when Carter was president, and those guys were government employees!

Re:Sound familiar?

[Craig+Davison]

Actually, US soldiers have a fairly good reputation in this area. Most of the GIs behave more or less as they would at home
So then we have nothing to fear from an international court.

If the Army sends you overseas and you rape a local girl, you're going to wish you had brought her home and done it where the US civilian courts could punish you.
There's something about a court run by the army trying the army itself that doesn't sit quite right. Think about it from an outsider perspective. Wars play out internationally, so an international body is required when someone commits a war crime.

Re:Sound familiar?

[VivianC]

Try getting their status straight and then realize that we are treating them properly. They are not under arrest, they are combatant detainees. We can hold them as long as hostilities persist.

While I agree with your message, I must point out that they are ILLEGAL Combatant detainees which would technically put them at risk for execution. So far, they have ben granted a higher standard of living than they had received in Afghanistan.

But, maybe we should be above this kind of detention. The prisoners are Arabs, correct? Let's send them to some nice Arab country where they can have all their rights respected and protected during their torture and execution. Egypt or Qatar should do the trick. Maybe even Saudi.

Re:Sound familiar?

[RealAlaskan]

>> Actually, US soldiers have a fairly good reputation in this area. Most of the GIs behave more or less as they would at home

>So then we have nothing to fear from an international court.

We have nothing to fear from any court which follows our standards for acceptable behavior, and our standards for justice. How about a sharia court, run by an appointee from Armpitistan? How about a UN court run by that same appointee? The UN is an organization of enemies of the US. Even the countries which are not dedicated to our destruction, and pass as civilized, generally have radically different legal systems. Bad as our legal system is, most of these others are worse. Ours (and to a lesser extent, the British system from which it sprang) begins with the intent to protect the individual from the mob, and from the government. That second clause is where the British system is a bit weaker.

Wars play out internationally, so an international body is required when someone commits a war crime.

I suspect that most folks who say this are thinking of the Neuremberg trials, where we let the British and Soviets in on the action. They had helped defeat the Nazis, and so it would have been hard to justify not letting them participate. It seems obvious to me that for most of the times where US troops have been dispatched to act as mercenaries for the UN, this is a false analogy.

Think about it from the US perspective:
1) We won. The Nazis had lost.
2) Point (1) means we are the good guys. The Nazis were the bad guys.
3) The ``allies'' in our recent police actions haven't contributed much, as far as we are concerned. I'm sure it's more than they wanted to contribute, but their reluctance dosn't make it look better.
4) A trial in a UN court would be at the urging of the defeated party, and he wouldn't be satisfied unless he packed the court with his allies.
5) The UN considers Rwanda, Zimbabwe, Syria and Uganda (and I think North Korea) to be our moral equivalent.

Points (1) and (2) are humor. Points (3) and (4) are serious matters, and I think they explain why a UN court is a non-starter for us. Point (5) explains part of why I view the UN as an enemy organization.

Re:Sound familiar?

[JoeBuck]

Among the prisoners being held in Guantanamo are a dozen Kuwaitis. While some are likely to be bad guys, at least five appear to be there by mistake, apparently humanitarian workers trying to help with the Afgan refugee problem who got swept up in the dragnet.

Now it's possible that they aren't telling the truth, but they are just sitting there rotting with no chance to make a case, not even to a military tribunal. The scariest quote in the article I link to above is

So, are they guilty or innocent? And of what? The Defense Department says answering such questions is not what Guantanamo is about.

There are supposed to be two categories of people that can be captured in war: a POW, or an illegal combatant. The former is entitled to the protections of the Geneva Convention, and the latter, as an accused criminal, is entitled to the rights of an accused criminal. Instead, a third category has been invented, or rather, copied from the South American generals of the 1970s: suspected "enemies of the state" who simply disappear.

Re:Sound familiar?

[Alsee]

There's something about a court run by the army trying the army itself that doesn't sit quite right.

I guess that's a reasonable feeling if you think it's the army that's on trial. On the other hand if you think it's the soldier that's on trial then your statement is simply broken.

-

Re:Sound familiar?

[susano_otter]

...the U.S. is violating fundamental human rights at the moment.

You've assumed that human rights are fundamental, but what makes them fundamental? Are these rights fundamental because the law says they are? This can't be the case, since the laws of some nations recognize these rights, while the laws of other nations do not. So clearly law alone does not have the power to transform these rights from a theory into a reality. It seems much more likely that laws merely recognize a preexisting condition of fundamental human rights, that exists independently of the laws that recognize it.

Now if the rights themselves are real, and exist independently of the laws that recognize them, then it follows that no law is necessary to address issues relating to these rights. Furthermore, it follows that breaking a law is different from violating these rights. So the U.S. could very well be in contravention of every treaty on the planet, and still not be violating the rights of these prisoners.

In fact, the U.S. could be in compliance with these treaties, and still be violating the rights of the prisoners.

And we still haven't really looked at what makes these things "fundamental" human rights, and what--exactly--makes it a violation to detain one person, but makes it perfectly acceptable to detain another.

Re:Sound familiar?

[GMontag]

I like your style!

If you are really Anne Coulter, will you marry me? How's that for covering "the ask" ;-)

Actually, unprivileged combatant, illegal combatant and irregular combatant are interchangable.

Re:Sound familiar?

[susano_otter]

Ack! I didn't mean to make such a big deal of of your use of "fundamental" (which I agree with, by the way), except to address your argument that "contravention of treaty" = "violation of rights". If the rights are indeed fundamental, as you and I seem to agree they are, then they can be upheld or violated independently of the law.

To determine whether or not the rights of these prisoners are truly being violated, we'd have to look outside the law and discover what makes these rights a reality, and what universal principles govern these rights.

Re:Sound familiar?

[hdw]

1) Will it be OK if the internation red crescent (yes there is such a thing - it's a muslim organisation) says they're being treated OK ?

The International Red Crescent isn't a muslim organisation, just as the International Red Cross isn't a christian one.

To quote the American Red Cross FAQ:
Why are symbols other than a red cross used by other National Societies within the Movement?
Although the red cross is not a religious symbol, some societies view it as such. The symbol of the red crescent is used instead of the red cross by societies in most Islamic countries; and the Magen David Adom, or Red Shield of David, is used in Israel.

Re:Sound familiar?

[njdj]

the US military has been very determined about dealing harshly with the evildoers it finds in its ranks. If the Army sends you overseas and you rape a local girl, you're going to wish you had brought her home and done it where the US civilian courts could punish you.

Crap. Just one soldier, Calley, was convicted over the murder of over 300 unarmed civilians, including many children, at My Lai. He spent less than 5 years in prison.

As for the US soldiers who rape Japanese children, the penalty for a similar crime in some US states is death, so I don't know what you were smoking when you typed that bit of your comment.

Re:Sound familiar?

[Hanno]

We have nothing to fear from any court which follows our standards for acceptable behavior, and our standards for justice.

For a start, the US are not following its own standards for acceptable behavior and its own standards for justice in that nice little prison camp in Cuba.

I fear a super power that does not want to be accountable for its actions.

Re:Sound familiar?

[ces]

Saddam has reconfirmed his authority in Iraq by public vote if I am not mistaken...

I'm sorry but I'd hardly call that an "election". It has about as much legitimacy as the so-called elections the USSR used to have. The only votes possible were "yes" or "no" for Saddam and all of the balots were numbered to identify those who voted "no" or failed to do their patriotic duty and vote.

Jeb Bush is considering adopting this system in Florida.

Re:Sound familiar?

[GMontag]

Somehow I seem to have missed a Declaration of War by the U.S. Congress. Therefore the U.S. can not hold someone as an enemy combatant under the laws of war, because the U.S. is officially not at war.

Not required under the US Constitution, nor the Laws of War. Please cite your proof, others have posted the UCMJ and the Geneva Conventions in other posts under this general thread. They are correct and you are wrong. Please cite your proof.

As posted by others, under the Constitution, Geneva Convention and the UCMJ US troops can be deployed in this effort as well as take unprotected combatants and hold them until cessation of hostilities and repatriation. Please post your refrences in law to the contrary.

Since according to international treaties and the U.S. Constitution the U.S. government has no other way to hold someone prisoner without a specific accusation of a crime, the U.S. is violating fundamental human rights at the moment.

Please post proof of this too. ANY country can hold unprotected OR regular/protected combatants until the cessation of hostilities and repatriation. This has been demonstrated by other posts and properly refrenced. Please post your proof to the contrary.

The Geneva Conventions do not require a declairation of war for a state of hostilities to exist. Please post your proof of this to the contrary. Others have posted proof that you are wrong on this point too.

Re:Sound familiar?

[gilroy]

Blockquoth the poster:

Looking out for our best efforts and the rights of indivduals should never outway the security of the masses.

Wow. That point of view is just terrifying.

Re:Sound familiar?

[GMontag]

Not now maybe after the international outcry at keeping foreign national in cages with no due process. As another poster said habeus corpus seems to have gone from the US legal system.

If this "outcry" is from people with your knowledge, it is fine by me.

"Due process" applies to those accused of crimes, NOT those captured as a result of war actions. Military prisoners got their "due process" when they failed to evade or kill those chasing them down. They have no "sentance" coming, they will be released when time for repatriation comes around, unless they are accused of war crimes.

No need to produce bodies for an trial not required.

Name one German or Italian WW I or II POW that was granted anything you are saying the detainees need to be granted.

Shame about the international criminal court 'though.

All I have to say to that is... HUH? The body grantig the exemption said oaky as long as the accused were tried in the US.

And didn't the US administration say that the Geneva Conventions don't apply to the detainees as they aren't members of a recognised army or some such?

No, they said that the detainees are unprotected combatantants under the terms of the Geneva Conventions. The topic was covered there, the detainees are thusly covered and manybe you need to read up on this before your foot makes it to your colin the long way.

Re:Sound familiar?

[GMontag]

Please, for CRYING OUT LOUD, PLEASE name the "things like this are covered by _international_ law, like the Geneva Convention and such..."!!!

Name the Article of the Conventions and cite the "_international_law" you folks keep referring to.

Others have posted links to the Gineva Conventions that contradict you and they still do not trump the US Constitution as far as US law is concerned.

Re:Sound familiar?

[GMontag]

For a start, the US are not following its own standards for acceptable behavior and its own standards for justice in that nice little prison camp in Cuba.

Would you please expand on this? The detainees are being treated just as of they were real POWs. Please show proof to the contrary.

Re:Sound familiar?

[mvdwege]

My, my, my. You really are a pitiful little man.

Now that others have posted good arguments as to why my position might not be entirely correct, you suddenly found the courage to stop slinging anonymous insults, and hiding behind their hard work you expect me to discuss things with you?

Tell you what, if others brought forth arguments I'll discuss with them. You, sir, are simply not worth talking to.

Mart

Re:Sound familiar?

[Dragoness+Eclectic]

If you ever read the UCMJ, you'd know that the penalty for rape can be death. Ditto for desertion... it's just that the government does not usually choose to exercise the death penalty option.

Also, military prisons are considered "hard time", not country clubs. The expression I always heard was "spend a few years making little rocks out of big ones up at Leavenworth".

Re:Sound familiar?

[Lars+T.]

If the Army sends you overseas and you rape a local girl, you're going to wish you had brought her home and done it where the US civilian courts could punish you.

However if the US Marine Corps sends you to Italy, and you fly into the cable of a cable car, "taking risks", flying too low, and killing 20 people - you get off free.

Oh no...

-- LEGALESE --

PLEASE READ FIRST.

Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.

Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.

This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.

There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.

NO WARRANTY

BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

-- END LEGALESE --

Security Holes Fixed In Linux 2.4.19

None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.

- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory

- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present

- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present

- The /proc/slabinfo file could exceed a buffer size and cause
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption

- By setting the TF flag a carefully constructed binary could hang
the kernel dead

- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit

- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur

- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)

- The rt_cache_proc file could be tricked into returning chunks of
kernel data.

- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.

- Multiple /proc files could be persuaded to dump kernel data
due to a sanity checking bug in the proc file handlers

- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions

We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.

Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in /proc. These files are now root private. The base tree is not
affected as it lacks PnPBIOS support

Credits

The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.

-- Additional Required Patch --

diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.20pre1/arch/i386/kernel/traps.c linux.20pre1-ac1/arch/i386/kernel/traps.c
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;

@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;

__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));

+ /* If the user set TF, it's simplest to clear it right away. */
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+ /* Mask out spurious debug traps due to lazy DR7 setting */
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])

Re:Oh no...

[amichalo]

- The joystick driver had erroneous copies in obscure ioctl cases

Thanks, I now understand why we in the US should never have access to this sort of information.

I was expecting the secret hideout of Dick Cheney

Re:Oh no...

[boogy+nightmare]

Hmmm someones going to get spanked for that post, breaking the copy right nd putting the US citizens at rick (phew thank flip in an Englishman)
Do you ever get the impression the Presidents just sign stuff without knowing what they are talking about.................DMCA

Re:Oh no...

[ActiveSX]

It's not that Clinton didn't understand the law, he was just *slurp* distracted at the *slurp* time.

Re:Oh no...

[McFly69]

Geeee nice going. Now with this posted in the comments and anyone who reads/post the comments is liable for the above comment. Good thing I did not post anything...^C^C^Z^CsdSD#$RJ^C^C^Z

FUCK ...STOP SUBMIT BUTTON!!!

^C^C^Z^Z@#@#SD....

Re:Oh no...

[racerx509]

what would be funny is if RedHat actually envoked the powers of the DMCA and decided to bust you guys. For posting this. Then we would have something to take to our congressman

Re:Oh no...

[smoondog]

I'm a moderator, and I was going to moderate this post, but then I realized there wasn't a "-1 Illegal" option...

-Sean

Re:Oh no...

[rosie_bhjp]

No, but Cheney's secret hideout is here and its perfectly legal to discuss this and enter into your favorite rendering program all the building information that you can glean from the satellite photos, make a quake mod, practice assaulting the place. However, you will go straight to hell for [reading, discussing, thinking about] faulty joystick drivers. God Bless the USA!

Re:Oh no...

[bnenning]

For most DMCA violations it should be "+1 Illegal".

Re:Oh no...

[Alsee]

I would still rather have a president that gets blow jobs than one that gives blow jobs.

I have no objection to having a president that gives blowjobs. Err, as long as it's not Monica Lewinski. I don't think she would be a very good president.

Hmmm, I was going to say that I wouldn't be too thrilled with Hillary Clinton either, but I doubt she gives blowjobs.

-

Re:Oh no...

[Elwood+P+Dowd]

Supposedly, it's not up to Redhat. The DMCA is about a criminal felony. If Redhat were able to decide who to prosecute for a criminal felony, then we would not all have equal protection under the law, and the DMCA would be unconstitutional.

That's why Adobe said, "Oh, nevermind. Skyalarov is fine with us." but the feds had to keep pressing. Perhaps they kept pressing just as a formality, but whatever.

What we need is a recursive DMCA

[Junior+J.+Junior+III]

So that it will be illegal to explain to someone why it's illegal to explain to someone why it's illegal to...

Re:What we need is a recursive DMCA

[kuberkoos]

DMCA = acronym for DMCA May Constrain Americans?

I have a bad feeling

that somebody is gonna post the whole text of it here on slashdot and that I'm gonna see a blank DMCA WAS HERE page when I load up my homepage.

for those without the minerals to read on

[evacuate_the_bull]

you can bypass that scary disclaimer and read all that hidden information here (reg. req'd, blah blah) :)

China Here we come

[attobyte]

Soon the US will be like China. Anyone want to make 50 cents a day to program Microsoft software? :)

Atto

Re:China Here we come

[giminy]

Anyone want to make 50 cents a day to program Microsoft software? :)

...So you're saying that China pays its workers pretty fairly, then? :)

Hysterical rubbish

[91degrees]

Posting this in the US would not be a violatiuon of theDMCA except if you used some ludicrously tortured logic. It would be like me claiming that you disagreeing with this post is a violation of the DMCA. the complainers also knwo this. This is why they make vague claimns about "the DMCA" rather than specifying the explicit clause in the DMCA.

I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".

The security fix information is not primarily intedned to do alow people to break into servers, and it would require some rather convoluted argument to suggest that it should.

Re:Hysterical rubbish

except if you used some ludicrously tortured logic.
Earth to 91degrees. Come in 91degrees. The only logic your US polititions use is ludicrously tortured. Earth out.

Re:Hysterical rubbish

[elmegil]

Posting this in the US would not be a violatiuon of theDMCA except if you used some ludicrously tortured logic.

They are posting information about ways to break the security of Linux. That sounds an awful lot like a DMCA violation under the same parts that were used to threaten Professor Felten, and indict Skylarov. The only difference is that Linux is not an asset of the entertainment industries....

Re:Hysterical rubbish

[91degrees]

On the contrary - it's overly simplistic.

It assumes that any measures to prevent piracy are good, and nobody will want to use a movie in any way except that in which the MPAA expect you to.

Re:Hysterical rubbish

[nagora]

I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".

So, is your point that there is only one stupid/bent judge in the system or that there is no one who would have a vested interest in having RedHat slapped for breaking a stupid law? In either case, you're wrong.

TWW

Re:Hysterical rubbish

[jjo]

The fact that the trial judge in the deCSS case was stupid is not of great concern. The fact that two appeals-court judges
agreed with him is.

Because of the appeals-court decision, DMCA censorship is now the law of the land in New York, Connecticut, and Vermont. Unless a foreign site could somehow prevent access from those states (a difficult proposition), the only way to be really safe is to exclude the entire US, as these people have done.

Re:Hysterical rubbish

[Scarblac]

Posting this in the US would not be a violation of the DMCA except if you used some ludicrously tortured logic.

Tell that to Skylarov, who wrote a program that was mandatory in Russia under Russian law, and who found himself in jail in the US under the DMCA. It doesn't matter if he wins in the end, or isn't even allowed back in or whatever. He's totally innocent, has nothing to do with the US and shouldn't have been treated like that.

You can make up any BS laws you want for yourselves over there, but totally innocent people who have nothing to do with the US end up in jail because of them. I think the thefreeworld.net site is a brilliant idea.

If there's even the tiniest chance that some information posted could be illegal under some strange law of a country you have nothing to do with (and this security info certainly could be), and they're known to get (innocent, foreign, never been to the US) people jailed over this stupid law, then the prudent thing to do is post that info only on sites like this.

Unfortunately, given how few people in the US even know their own laws, it's practically impossible for people in Russia, Norway etc to be aware of all the weird quirks in US law, and they don't even know they should be aware of them. And people from those countries were still jailed for doing something perfectly legal. The US is a threat.

I'm sorry for ranting, mod me a troll or something, I can get real angry over stuff like this.

Re:Hysterical rubbish

[Rader]

.....was abandoned by the RIAA who ...

Yea, abandoned after his door was kicked in by local authorities. Guilty until proven innocent.

Re:Hysterical rubbish

I think you're missing the point. Posting the fix is not a violation of the DMCA. Posting information about what security holes it fixes might very well be a violation since this information can be used to circumvent security in non-patched systems.

Re:Hysterical rubbish

[Scarblac]

You don't understand [...] DMCA is a bad law [...] But it doesn't apply in this case.

Says you. Even if you're right, a law suit would bankrupt me immediately. Why take the risk? Distributing to everyone but the US still reaches 95% of the world...

Re:Hysterical rubbish

[Geekboy(Wizard)]

I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".

And now it's a prior decision. Any asshole can claim you are voilating the DMCA, and if your case (to the untrained eye) looks like it is similar (they both have source code), then it is already decided, and you go to jail. Puppet trial.

Land of the Free, home of the brave; my ass.

Re:Hysterical rubbish

[platypus]

Posting this in the US would not be a violation of the DMCA except if you used some ludicrously tortured logic.

I'm not going to argue with you about Felton, Skylarov and stuff. But let's look at it from another angle:

1. RHAT is a public company, i.e. they have shareholders
   
2. Because of 1, they have a responsibility to do the best for the present/future of their company, i.e. not playing silly political games.
   
3. Doing what they did do can have a bad effect on their reputation (unamerican, non-patriotic, pro-terrorists - you get the drift), which in turn will negativly affect their ability to make profit
   
4. Not doing what they did do might have also bad consequences, i.e. core developers get arrested.
   
5. They have lawyers.
   

Combine 1 and 2 with 5, and you come to the conclusion that you have to ask lawyers in order to cover your ass.

Now I have to ask: Are you are lawyer?

Re:Hysterical rubbish

[Rader]

yea right, and rope is primarily used to hang people.

Re:Hysterical rubbish

[morie]

So, we correctly defined overly simplistic logic to be ludicrously tortured logic.

Re:Hysterical rubbish

[MrResistor]

I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".

First of all, DeCSS is illegal under the DMCA, it has nothing to do with the judge being stupid or the MPAA being smart. The whole purpose of DeCSS is to circumvent CSS, which is a protection mechanism. That's not it's primary purpose, or even it's secondary purpose; that is it's only purpose. Since that is specifically what the DMCA was crafted to make illegal, I don't see how anyone who isn't completely ignorant can say that DeCSS doesn't violate the DMCA.

Furthermore, the judge was not stupid at all, he was corrupt, which is a different thing entirely. He was one of the authors of the DMCA, and as such the ethical thing for him to do would have been to pass the case on to another judge due to his obvious conflict of interest. However, he knows that law as well as anyone does, and he is certainly capable of spotting a blatant violation of it, which DeCSS is, on his own.

The only question in the case was whether the source code to DeCSS was criminal under the DMCA or protected speech under the First Amendment. This is where Kaplan's corruption took hold, and he declared that the functional use of the code took precedence over it's educational or informative value.

Re:Hysterical rubbish

[theLOUDroom]

Except that posting the fix itself (with source) makes it possible for you to examine the new vs old code and figure out what the security flaws are. This means that even the patch itsel;f gives you information about how to break into an unpatched system. Thus, even posting the fix could be a violation of the DMCA.
What a stupid law.

Re:Hysterical rubbish

[theLOUDroom]

You don't understand. I agree that the DMCA is a bad law. Skyralov did nothing wrong (unless you assume that breaking a technicality of a foreign law is in itself evil). But it doesn't apply in this case.
Read your own post.
Skyralov did nothing wrong (in Russia), yet he was still prosecuted under the DMCA. How these other people safe? The DMCA applies, because security flaws in a system are being discussed. They are trying to protect themselves from what happened to Skyralov.

Re:Hysterical rubbish

[Rader]

I'm not a member of the NRA or anything. And even though I agree that the main purpose of a machine guns or hand-guns might involve killing people, this is why I still think we have the right to bear arms:

If we were denied the ownership of all guns, and we didn't have any... we'd never be able to overthrow a tyranical government.

I know it's a silly idea. Images of a rifle behind a glass box with the words, "In case of dictator, break glass".

But think about it. We're always talking about how the government is systematically taking away our rights. DRM, DMCA, fair use, etc. The less rights we have to stand on, the harder it is to stand up for the last few they want to take away.

The USA started out as rebels against England. They clearly listed the things that they thought were most important, and things that England tried to take away from them to fight back: Freedom of Speech, Freedom of Religion, Right to bear arms. Take away that combination, and you could easily pass a law where it's against the law to huddle together and talk to 3 or more people at once---wouldn't want anyone planning a revolution!

Martial arts was created because Asian governments forbid the use of real weapons. They didn't want the peasants to revolt against the unfair treatment.

Our government allows for only 2 terms of office as president. What if Bush decided that for our best interest it would be better if he stayed 4 more terms? Or decided to set up a monarchy so that his son could be the next president... :)

Someone posted some links yesterday about people being unlawfully arrested for peacable protests. This really bothered me. Take away this combination of human rights: The right to privacy, and Free Speech (the right to protest) and you basically would NEVER be allowed to have an unfavorable opinion against the government.

I don't even own a gun. (My hunting rifle has been at my parents house for the last two decades) But I would be very concerned if I wasn't ALLOWED to have a gun.

Re:Hysterical rubbish

[nagora]

Who has an interest in defeating RedHat? Yes, I am sure some of you will say Microsoft, but they have no way of claiming damages for this.

Actually, I can think of a few scenarios where Microsoft, or anyone else, could get RH into court over this by using a "tame" customer and a faked security breach.

The point is not that this is a likely scenario (which it certainly isn't) but that it should not be a possible scenario.

Slyarov ticked off Adobe (rightly so), and 2600.com ticked off the MPAA. Both plaintifs had valid claims to damages, and continuing damages without the current situation being rectified.

The MPAA never had a case against 2600, the DeCSS code is pretty well useless for copying DVD's (in comparison to the way they are really copied) and they only got the win by getting a judge that was prepared to ignore the evidence and the law to do his old bosses (that's right - the judge used to work for the MPAA's legal department) a favour. In the UK we call this "corruption" or being "a bent judge".

TWW

Re:Hysterical rubbish

[YrWrstNtmr]

OK, smart guy...how would you do it?

How would you get rid of guns?

Go door to door, asking for every citizen to turn in his firearms? What about those that use them only for target shooting? (And how do you tell?)
What about people that actually feed their familes with a rifle? Go out and kill a few animals, and have meat for a few weeks/months? There aren't many of these, but there are some.

Collectors? "No, you may not keep your collection that was passed down to you by your father." Suuure.

What if someone refuses? (and MANY will). Jail? Already overcrowded. Do you shoot him? THAT'S a fine solution.

And even if you convince ALL of the above to fess up, what about criminals? By definition, They won't conform. So you're left with the only people in posession of firearms are the police, military, and criminals. And these are just about the only people who use them now outside of firing ranges.

So you have actually achieved nothing, except for removal of mostly harmless firearms from lawabiding citizens.

I am no guntoting NRA member. Currently, I do not own a firearm. I have in the past, and probably will in the future.
But there is really no way to do this.

Re:Use the source?

[loply]

Yes, ofcourse, but you may not be able to fathom out what the patch does from the source. A security fix which prevents a buffer overflow could be as simple as adding or removing a typecast, which, if the kernel coders themselves didnt realise could be a security issue - Most Joe User's wont notice either... :(

Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.

You have the right to remain silent.

Anything you say can and will be held against you in a court of law.
Land of the free ride to jail.
What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.

Re:You have the right to remain silent.

[Rader]

True.

Corporations don't have the god-given right to continue making profits! (and in a recession no less)

Nor do I think the music monopoly ranks up there with farming, steel industry, etc to gain protection from the government.

Re:You have the right to remain silent.

[Grishnakh]

Copyright holders do not have the right to have their business models enforced by the police.

No, copyright holders DO have this right. They've legally purchased this right from Congress. If you want some rights, you need to pay Congress for them too. What did you think, that this was a country by the people, of the people, and for the people?

An Idea

[Derg]

To quote the article:

Does this mean that all of the companies issuing security advisories are breaching the DMCA?

Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)

Just my $.02

Re:An Idea

[Dog+and+Pony]

Of course someone could. But not, under US law, without having more money than Microsoft has - if they want to win.

Re:An Idea

[Palarran]

So, Microsoft's program of quickly released, well documented patches is being cancelled?

Re:An Idea

[jc42]

Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA?

Probably not, but if YOU were to do this, you would be in violation of the DMCA. The main point of the DMCA is to protect companies from you and me revealing that security-related products are shoddy.

I recently got involved in a specific discussion where this might apply. Some people discovered that they could get the text out of most MS Word docs using the unix "strings" command. The format isn't pretty, but the text is there. The problem is that you also get "deleted" text that Word has just marked deleted but hasn't erased. This text can be from other docs that the sender's copy of Word has processed. This could be a very serious security leak in some cases.

This could be fixed in a unix mail reader, if the programmers could get enough info about the Word format to identify the deleted text and skip over it. This would presumably be legal. But if you were to describe the security issue when releasing the patch, you would be guilty of publicising a security flaw in MS software, and would thus be in violation of the DMCA.

So far, the decision seems to be to keep quiet about this, and just treat it as Someone Else's Problem.

There is the outstanding question of whether we unix/linux geeks are committing a serious crime if we warn Word users about this security issue. In particular, what sort of danger am I in by mentioning it here?

Maybe I should submit this as an Anonymous Coward? Nah ...

Re:An Idea

[Grishnakh]

*knock knock*

*jc42 opens door*

Goon: "Do you post on slashdot as 'jc42'?"

jc42: "Um, yeah"

Goon: "You'll have to come with us."

jc42: "Who are you guys? Do you have a warrant?"

Goon: "Just shut up and we won't have to hurt you."

*jc42 never seen again*

Re:An Idea

[zurab]

Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA?

I would definitely think so. Imagine this hypothetical scenario:

I own and operate a local network using MS Win2k and their DRM. This network is not connected to the Internet at large, in fact, has nothing to do with the Internet. It's just a closed down local network. I use this network to serve my customers my copyrighted digital content; customers download the content, if they have paid for the right to view the content they do so, if not they are asked to pay for such right. Customer may or may not choose to proceed. This content can be documents, music, movies, etc.

After couple of months of using this system, MS gets its head out of the dumpster and declares that there is a security vulnerability in their Win2k/DRM software that allows anyone to get access to DRM-ed content by triple-clicking on the file icon (instead of double-clicking) from Windows explorer. That means all my customers who have downloaded but not paid for their content can potentially get access to that content without me being able to do anything about it.

In this case MS would have been engaged in trafficking the information that would aid in circumventing the protection mechanism (DRM), and that would allow my customers to view copyrighted, protected digital content. This would be in direct violation of the DMCA.

Now, I don't know how far this can reach; the example I gave states triple-clicking which is easy to understand by anyone. What if it's a buffer overflow? Then most of the users won't understand how the circumvention may work; but it would allow crackers to use the buffer overflow to free the content. In other words, how selective, or vague does one have to be in describing this type of vulnerability without breaking the DMCA? The law is just too broad; but I do know the answer - it will not be enforced against MS, RIAA, MPAA, it will be only enforced against people who these "special interests" don't like.

Re:An Idea

[jc42]

Interesting? Informative? Man was that bad moderation. It should have been moderated Funny.

(At least, I hope it's funny. ;-)

what if

[tanveer1979]

The US gov says that all sites which can be accesed from US have to comply by its laws irrespective of its location, otherwise the country will be declared terrorist and bombed to kingdom come?

Dosent seem too unlikely considering the chaps at the top

DMCA is a success

[javatips]

It really looks that the DMCA induce so much fear that people start to censure themself.

The media corporation must be really happy yo see this.

I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.

I believe that these guys try the wrong way to persuade others that the DMCA is bad.

Re:DMCA is a success

[handorf]

No, it makes sense. Teaching people about security holes is illegal. Patching them isn't.

Describing what you patched, though, would entail describing the security holes on an unpatched system. Ding! Go to Jail...

Re:DMCA is a success

[Jorrit]

To me providing a patch in source form is exactly the same as providing a description. Source code is readable. People who can program in the language that the patch was made in, can understand (with a little bit of effort) what is going on there. So to me this patch is a description. It is only given in another language then plain english.

I leave aside what this implies for the DMCA though :-)

Greetings,

Re:DMCA is a success

[Zenithal]

The Patch is a fix for security flaws, something the DMCA has no problem with. (unless you happen to think breaking == fixed)

On the other hand, describing what those flaws are, and how they may be exploited IS in violation. So what you've said, "I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself" is wrong in a couple of ways.

The presence of the patch actually weakens the legitimacy of the DMCA violation, not the other way around. The description, a laundry list of exploits, would be a much more valuable target. With that said, it's pretty clear no-one would even attempt to prosecute. The only reason this is being done as it is, is to call attention to a bad law.

As far as this being the wrong way, I think inconvinencing people and creating a dialog in the media is exactly the _right_ way to get the issue resolved.

Re:DMCA is a success

[shren]

I believe that these guys try the wrong way to persuade others that the DMCA is bad.

What? This is one of the most effective anti-DMCA bits, uh, ever. "You, over there. In the US. You can't read this. Shoo." Telling people 'no' is a sure way to invoke thier interest.

Re:DMCA is a success

[dissy]

To me providing a patch in source form is exactly the same as providing a description.

You are right.. and reading the patches source would be just as much of a violation of the DMCA. You are only allowed to install the patch blindly without knowing what it will do under the DMCA.

Fun times, arnt they?

Re:DMCA is a success

[Omnifarious]

Please define the distinction between information and software for me. After that, please define the difference between erotica and pornography.

Re:DMCA is a success

[Rader]

Isn't it ironic that hackers exploting, talking, & sharing information on how to Exploit a bug is considered worse than the software company that allowed the error in their software to begin with.

Add to that the fact that large software companies will often ignore these warnings, or sometimes even sue to shut these people up...

Re:DMCA is a success

[Malcontent]

I thought the courts already rules that code was not speech.

Re:DMCA is a success

[qwertyphobia]

Quite right.

The description is not a decription of the patch itself, but of the original flaw.

Taking this further: once the security flaw has been discovered, does it then become illegal to distribute the unpatched version of the software as it now contains a 'circumvention device'?

Re:DMCA is a success

[RealAlaskan]

To me providing a patch in source form is exactly the same as providing a description.

In other words, YANAL. You Are Not A Lawyer.

As Foghorn Leghorn would say: ``That's a joke, I say, that's a joke, son.''

Re:DMCA is a success

[Rogerborg]

• If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.

Because it describes flaws that are present in unpatched versions, which means most versions for the next couple of years.

Re:DMCA is a success

[ryanwright]

please define the difference between erotica and pornography.

Erotic: Using a feather.
Pornographic: Using the whole chicken.

All clear now?

Re:DMCA is a success

[Pig+Hogger]

please define the difference between erotica and pornography.

Erotica: what gives me a hard-on.

Pornography: what gives me a hard-on, and makes me whip-out my dick and jerk-off.

How absurd!

[jmcwork]

Next we are going to find out that all US Citizens have been placed on Double Secret Probation!

Re:Use the source?

[obii]

You can use the source, but most probably the source won't give too much information. So you will have to _understand_ the source for the proper explanation.

Nonetheless, I think
> New kernel update available, fixes
> i810 video oops, several security issues

is too ridiculous. Video "oops"... ;)

In my opinion this strange DMCA that the USA have been using, has to be revised very fast.

Regards,
obii

More correctly, a human readable explaination...

I am not a lawyer, but as far as I know, there is no reason why people in the U.S.A. cannot download the C source code for the patch and look at it.

As far as I know, an explaination in the form of C source code is legal - it is an explaination in a human language that is not.

Contrast this to the fact that a description of DVD decryption in English is, as far as I know, legal, but in C is, as far as I know, illegal.

What about kernel source?

[cr@ckwhore]

Ok, so Red Hat can't tell us what the patch is about... but from what I've read so far, I understand that its regarding security, and therefore, informing me about the security problem is illegal under the DMCA, because "it could be used to circumvent a digital copyright mechanism". (the computer)

But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?

I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.

Re:What about kernel source?

[Martigan80]

But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?

Well according to some courts, the code is not speech, so the source itself is not dangerous, but the binaries compiled are.

Re:What about kernel source?

[cr@ckwhore]

Alright then, so RedHat should do this... /*

kernel advisory here

*/

There. Its code.

Re:What about kernel source?

[Rader]

Actually, I thought the guy selling t-shirts with the DeCSS code on it was even getting in trouble.

Clever tactic

[akookieone]

Sounds to me like this is a stunt. Clearly they will get media attention (thanks Register) and hopefully get picked up by major media in the states. This is especially possible if there is a nice long stream of indignation from folks on Slashdot (including mine). That said, what a great stunt, and for what a great cause. Some one at RedHat is smart enough to be motivated not by legal paranoia (however recently justified) but by political savvy.

Re:Clever tactic

[PhipleTroenix]

This is unlikely to be piacked up my major media. They are the ones who are in favor of DMCA status quo.

Re:Clever tactic

[Rader]

It's scary, when you think of who owns NBC. Or ClearChannel owning almost all the radio stations. Laws being passed to squash Internet Radio. Laws prohibiting private use of air waves. Hell, there's even postage regulations to squash the little guys but give the big guys advantages.

At least the internet is still free...oh wait.

But whois thefreeworld.net?

[ianweeks]

Registrant:
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
Created on: 07-AUG-01
Expires on: 07-AUG-06
Last Updated on: 07-AUG-01

Administrative Contact:
van Riel, Rik
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
+55 41 360 2600

Re:But whois thefreeworld.net?

[lovebyte]

Yes, but read this sentence on thefreeworld.net site:
* acknowledge that by downloading the data outside of the European Union you are performing an act of importation.

I think it clearly means that the site is in the E.U. Moreover, netcraft says that it is hosted by planet online which is based in the UK, AFAIK. So the owner is in the US, the site in the EU.

Re:But whois thefreeworld.net?

[morie]

Isn't everywhere outside Europe the U.S.? Sometimes sure seems so, since many americans seem to think there are only two countries: U.S. and "other", often "Europe"

Oops

[KlomDark]

This wasn't supposed to go here, instead into the guys journal about needing help with sendmail. Sorry!

Need a Website

[attobyte]

We need a website that shows all the people that voted yes for the DMCA. So it will be easy to vote this November.

atto

Re:Need a Website

[NumberSyx]

As I understand it, there is far too many bills every year for either the House or the Senate to actually debate every single one of them. So what they do is once it is out of committee, it goes on the calender, if nobody raises any objections to it, they have a voice vote on it, which is very quick, but there is no official record on who voted and how, only that it passed or not. I could be wrong, so please correct me if I am. This is more or less how the DMCA was passed. Anyone who was sitting at the time should be held accountable, if for no other reason than they didn't raise any objections, force a public debate and a formal vote.

Re:Need a Website

[Happy+Monkey]

It's easy. vote against incumbents.

Re:Need a Website

[Chaswell]

If I remember correctly the DMCA was passed with a voice vote and so you can only find out who commented and not necessarily who voted for or against.

I really wish we had an "open source" government where every dollar they spend and every comment they make was indexed and easy to correlate.

Re:Need a Website

[alan_d_post]

I believe it passed unopposed. Leaving you three options:

1) spoil your vote
2) vote for someone other than the incumbent
3) don't even show up to vote

Re:Need a Website

[fireweaver]

Jusr remember that politicians are like diapers
and need to be changed often for the same reason.

Re:Need a Website

[Scratch-O-Matic]

every comment they make was indexed and easy to correlate.

Slightly OT comment: if you catch C-Span, or some other video record of the House or Senate floor, listen for the end of someone's short remarks where they ask for permission to "revise and extend" their remarks. This means they will insert additional written remarks into the official record. As far as I know, there is no way to tell from the written record what was actually said on the floor and what was added in written form later. They could make a bland 60 second remark, then insert an aggressive 20 minute speech for the benefit of the folks back home.

Re:Need a Website

[Blkdeath]

It's easy. vote against incumbents.

There's a saying in Canada, heard frequently come election time; "We don't vote people into office, we vote people out of office."

Go figure. :)

Re:Need a Website

[sqlrob]

Considering DMCA was unanimous voice vote, you have a better chance voting against the incumbent.

Re:Need a Website

[mark_lybarger]

i find it very disturbing that most officials are very quiet about this issue. they'll talk taxes, and homeland security left and right, but never really raise this issue. you don't bite the hand that feeds you.

Re:Need a Website

[Bobzibub]

Wow. That is terribly untransparent; it is no wonder that these representatives are viewed as unrepresentative. Is there any reason not to ban voice voting?

Cheers,
-b

Re:Need a Website

[Cramer]

Bull. Voting is electronic and recorded! Consult the Congressional Register to see who voted (or didn't) for what.

Re:Need a Website

[Rader]

They never talked about my pothole in front of my driveway either...

The majority of America doesn't give a rats ass about DCMA...DAMC...what's it called?

yet...

Re:Need a Website

[Rev+Snow]

Better make that two options.
The new electronic voting machines
in my area do not allow spoiled
ballots.

Re:Need a Website

[MrResistor]

That's pretty much my policy. Unless they've done at least 2 things that have impressed me I vote against them.

It's not hard to impress me, either. All they have to do is actually represent the wishes of their constituents! (That last sentence was aimed directly at Diane Feinstein)

Re:Need a Website

[ratamacue]

there is far too many bills every year for either the House or the Senate to actually debate every single one of them

Aha, yet another benefit of Big Government: incompetency, along with its twin brother, inefficiency.

Next time we have a problem we think is solvable only by government, let's remember to think twice. Our current bloat of a government is built on the special interests of people just like me and you: people who don't consider that somebody, somewhere, doesn't want to be forced into adopting the special interests of other people. The solution? Government needs to go on a diet. See this website if you like the sound of this.

Re:Need a Website

[Lugae]

http://www.vote-smart.org

Click on "Voting Records" ->State -> Your Senator -> Telecommunications 1998 -> "DMCA Passage"

The vote was unanimous, though

Re:Need a Website

[Alizarin+Erythrosin]

One would hope that legislation as important as this was passed with alot more consideration then a voice vote. The DMCA can cover a very large area depending on your interpretation (note: I have not read the DMCA, I hate legalese). Just goes to show the kind of work the people who supposedly vote for us do.

Re:Need a Website

[susano_otter]

In high school, I was taught that the U.S. Government was designed from the very beginning to be bloated and inefficient. That a government ponderous and slow to act was a government whose tyranny would founder in bureaucracy. That the source of our current woes is the failure of the founders to predict and account for the political influence of corporations.

Considering what Valenti can do under the current system, do you really want to give him an optimized, streamlined, super-efficient government to play with?

Re:Need a Website

[susano_otter]

No it just means that the vote-spoiling is implemented in software, instead of hardware.

Re:Need a Website

[Brendan+Byrd]

I don't think it includes the DMCA (since it was passed in 1998), but ACLU's Scorecard has some nice info on who voted for who (at least on their issues). The EFF really needs something like this. Voting may not be the best way to get an issue across, but at least it's one way that we have an option of using.

Re:Need a Website

[TGK]

Unless those votes are in a certain county in Florida.....

Never underestimate the power of a single vote... Andrew Johnson didn't.

Re:Need a Website

[NumberSyx]

Bull. Voting is electronic and recorded! Consult the Congressional Register to see who voted (or didn't) for what.

Alright big boy, show me.

Re:Need a Website

[Jobe_br]

What you learned in high school is absolutely correct. Our founding fathers purposefully created a system of bureaucracy to prevent the gov't. from being able to act swiftly.

The problem with corporations is their status as "individuals" which allows them to lobby. I have yet to hear anything *good* result from this, maybe somebody could provide an example where allowing corporations to behave as individuals under the law benefits society?

Cheers.

Re:Need a Website

[susano_otter]

I'm sure that the corporations themselves can provide many examples of the kind you're looking for ;P

HTH. HAND!

Re:Need a Website

[schmink182]

CowboyNeal!!!

Re:One day...

[Quixote]

You're right. The signature at the bottom of the DMCA is:



(signed) All American Citizens


In a democracy, you are responsible for the actions of those you elect.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.

paradoxes

[kipple]

1. I wonder if any lawyer can make a lawsuit out of this. If they do, they must have read "The Thing", and thus can be jailed. Why a lawsuit? I don't know, but lawsuits in the US seem to be the only way to say something or prove it.
2. I'm sure RedHat folks will be called terrorists. After all, the "Red" in the Hat (and the fact that they are Kernel HACKERS) says it all...

smile, it's fun :)

Re:paradoxes

[kipple]

I thought that only cops and/or FBI agents hacking russian computers were exempted from violating laws.. maybe the categories will become more. Cool.

Bill: Dear son, after having told me Where do You Want to Go Today, now What do You Want to Be Tomorrow?
Bill's son: A RIAA agent!
Bill: D'oh..

I know what it is about...

[RedWolves2]

I could tell you but then I would have to kill you!

Hi! I'm Joe ...

[thriver]

... and I live in a free country ... NOT!

New Kernel patch?

[Nighttime]

That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?

Re:New Kernel patch?

[Chris+Pimlott]

That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?

Um... of course. Do you think a joystick driver bugfixes should normally be front page news?

Re:New Kernel patch?

[Chris+Pimlott]

No I don't. I was, however, commenting on the fact that Redhat's updated kernel has been available for download for nearly two months and only now people have noticed the DCMA restrictions bit.

But the contraversy is over the description, not the patch. Or was the description previous available sans DMCA doom and gloom?

Re:It happened with full support of the REPUBLICAN

I must be in a different US than you, from my vantage point, there's no practical difference between Republicans and Democrats, only a difference in their rhetoric.

It's like this:

I walk up to you on the street and make you an offer. I'll give you a choice, do you want me to stab you in the right eye with a pencil, or the left eye. Make your choice, it's a free country! You too can make a difference!

Patch explanation!

The thefreeworld.net lawyer has informed us that we need a warning! So... if you are under the U.S. jurisdiction or find this explanation offensive, please don't read it. Thank you!

Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits.

The 2.4.18-5 kernel introduced some safety checks in the VM subsystem that were triggered when exiting an X session while using 3D acceleration with the Intel i810/i815 chipset. Additionally, there was a difficult to trigger race in the dcache of the file system subsystem.

This kernel update addresses both of these issues.

In addition, there are fixes for potential security holes in the following drivers:

stradis
rio500
se401
usbvideo
apm

Finally, this kernel fixes a few files in the /proc file system which had the capability to expose kernel memory when abused.

All of the security issues found during an audit and none of them, at the time of this writing, have any known exploits.

We would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen, Solar Designer, and others for their auditing work.

Is this really prudent?

[sunking2]

Considering all of the linux distros are already in an uphill battle, is it really wise for redhat to be taking this on? Short term this can only hurt sales. Afterall, why should I pay for support when there is a chance that Redhat will refuse to give me what I'm paying for simply because they want to prove some point.

Choose your battles, this one just seems silly at this point in time.

RH Reasoning

[HappyPhunBall]

Apparently RH is respecting the copyright of the people who discovered the flaws and chose to license the text under the "TheFreeWorld" blanket to prevent the authors from being accused of distributing potentially infringing documentation in the US. Read the article at The Register, it is almost as poorly written as this post but according to this excerpt:

The document has been copyrighted, and the authors have chosen to restrict its distribution, and to use Thefreeworld.net licence as the mechanism for doing so. Note that it is the copyright, rather than fear of the DMCA, that has forced Red Hat to join in.

RH is only doing this to protect the authors who for whatever reason chose to copyright the document. Possibly the wish to make a point as well concerning the idiocy of the DMCA.

Re:RH Reasoning

[James+The+Gent]

Anything written by you is automatically copyright you. You can then use that copyright to alter the way that your work can be legally distributed.

The reason that Red Hat is publishing the documentation in that way that it is is because to do otherwise would be to break the copyright on the document. Which would put them in violation of a copyright.

Ironic dontcha think.

What if...

[Markus+Ingvarsson]

What if someone forces you to read it?

You know, this could be used to "frame" someone;
Print it out (don't look at it!), then, when your victim least expects it - pull it up and say "read"!
Go to the nearest police station and say that you captured a "terrorist". :-)

Lucky me, I live in sweeeeeden..

Re:What if...

[Bastian]

Hey, ya need a spouse? 'cos I just read the document and think I should maybe move to the EU quickly, before the cops catch me.

The gist...

[KillerBob]

Thankfully, I'm in Canada and not bound by retarded US laws. /. is, though, so I'm not gonna post verbatin what the patch is.

The gist of this security patch is to fix driver vulnerabilities. It fixes several of them, not one of them is exploitable by a remote user. They all require the hardware in question to be connected to exploit the driver vulnerability, and they all involve allowing people to write to kernel memory space. In other words... they could be used to nuke a linux box by a local user (why not just 3-finger salute, I know not), but the moment you reboot the problem is fixed anyway.

Re:The gist...

[Craig+Davison]

I think the problem is exploitable if you're logged in as a local user, which could be through some kind of remote access such as ssh, telnet, or your favourite httpd bug that yields local user access (but not root).
This is not equivalent to the "three-finger salute". If you were physically at the box, you could just kick it or unplug it if you wanted.

Missing the point?

[Zocalo]

It seems to me that a lot of people seem to think that Red Hat is doing this because they are running scared of the DMCA. Couple of points here:

Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.

Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.

It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.

The words "hoist", "own" and "petard" spring to mind. ;)

Re:Missing the point?

[patter]

Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.

Which exactly contradicts the type of reasoning that restricted export of 128 bit encryption to the potential enemies of the US (like the UK, we know those evil bastards were up to no good with that tecnology - joke).

You can't improve security without the ability to disclose fully potential vulnerabilities, openly and without fear of reprisal from a government too technically ignorant to understand what they just passed as law.

Good one US congress...

Re:Again?

[kfg]

Didn't? Rumor has it that Alan Cox is explicitly involved in *this* patch.

KFG

Status Quo...

[twoslice]

Who actually reads the fine print when they download something or access a web site???

prOn sites: The button that says I am under 18 get me outta here! Who would ever click this button???

Micro$oft Eula: ...turn over my first born... missing appendages...soul....I am willing to bet a couple of people have clicked yes to this! poor dudes.

and now we have...

Redhat: Don't click on the button if you are not a U.S Citi.... Click!

Re:Status Quo...

[sirgoran]

You forgot one.

In the condom isle at the local market.
They sell a condom for "The Larger Gent."

With that on the shelf are you going to buy anything but that?

-Goran

Re:DMCA == Bible?

[L0neW0lf]

The Bible is not about oppressing anyone into obedience, and it's obvious that you just decided this was a perfect forum for your anti-Christian sentiments. The Bible is a historical record, and an individual can freely accept or reject its teachings, just as they could hundreds of years ago (though in some societies, the Church did indeed use its power as a form of oppression; not having lived in medieval times, or the Spanish Inquisition, I refuse to take the blame for this).

Your comparison is lousy, and not even close to how the DMCA works. Stick to good anaologies, rather than opinions. You'll go far.

Broadcast-2000

[thor]

why are the bcast sources on this list?

Comming to Europe too

[pointwood]

In case you don't know it, we will be getting something similar to the DMCA in Europe soon :(

You can read more here.

Re:Use the source?

[WEFUNK]

Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.

I agree. The DMCA should be updated to disallow any patching of security holes what-so-ever.

It doesn't matter if the law will totally discourage effective security measures by outlawing any discussion or implementation of flaws or improvements. As long as we have the DMCA to protect us, any attempted security measure is good enough even if it's just some text on a screen that say "don't look here under penalty of the DMCA". Of course we'll need to gouge out your eyes as potential copyright circumvention devices, but that's a small price to pay to guarantee our security, our safety, and our liberty.

No can do.

[AftanGustur]

We need a website that shows all the people that voted yes for the DMCA.

It was a closed/secret vote..

so why have linux companies in the US ?

[eurostar]

here is the time to have a true "world company"

let's base debian in antarctica...

Ok then, can someone explain

[beleg777]

Ok, this looks to me to be the same as any other patch documentation. My impression is that the reasons it's illegal are the same sections and logic used to indight Skylarov. If I'm not mistaken in those two things, isn't all patch documentation illegal under the DMCA?

Quick word of commentary, it wouldn't surprise me at all if this were true by the letter of the law. This is exactly why we have been complaining for so long, because the law is overly broad, and restricts things that it obviously shouldn't. On the other hand, I didn't think it was so broad as to cover all security documentation.

Re:Ok then, can someone explain

[hol]

If I'm not mistaken in those two things, isn't all patch documentation illegal under the DMCA?


The Patch documentation is not so much, the patch actually documents the hole. One of the key issues here is that the fix in the patch exposes the original problem, and thus makes "circumvention of digital security" (haven't read it in a while, so going by memory here) possible. It's a question of whether all you need is to communicate the problem, or to document it. In the case of a source patch and docs, both are done, and it's lose-lose for the author, distributor, or whatever.

On another note - UCITA makes click-through license agreements legally binding in the US. So if law-enforcement cracked down on these people, they would have committed a felony as well. Court case should be interesting ...

Re:Ok then, can someone explain

[Unordained]

Isn't it only illegal under the DMCA if it relates, to, oh, the C in DMCA -- copyrights? The document may be copyrighted, and putting a license on it means that getting the document without agreeing to the license is circumvention in order to get to copyrighted material ... but the patch itself, documented kernel problems ... is, methinks, unlrelated to the DMCA. and if you read the register article, they pretty much think RedHat did this as a "joke" of sorts about the DMCA ... not out of actual fear.

Re:Ok then, can someone explain

[Alsee]

Isn't it only illegal under the DMCA if it relates, to... copyrights?

It's illegal if it explains to someone how to circumvent an access control device. The Linux kernal is an access control device. In the DeCSS court case DeCSS was never shown to have ever been used to circumvent access to any copyrighted work. The fact that there exists CSS controlling access somewhere, and that DeCSS *could* be used to circumvent it is enough it make it illegal.

The fact that a there exists a kernal somewhere that is contolling access to something is enough. Explaining the kernal bug to someone puts at risk that copyrighted something.

The DMCA doesn't outlaw "criminal activity", it outlaws anything that might make criminal activity possible.

-

Re:Ok then, can someone explain

[Frank+T.+Lofaro+Jr.]

UCITA is a civil law, not criminal, and it certainly doesn't define any new felonies as far as I know.

Senate by Unanimous Consent , House by Voice

[GMontag]

http://www.dfc.org/dfc1/Active_Issues/graphic/grap hic.html

passed Senate by Unanimous Consent
(similar to voice vote in House)

passed House by Voice Vote

Re:Senate by Unanimous Consent , House by Voice

[cpeterso]

If they vote "by voice", are the individual votes documented anywhere? Is this just a ploy to pass something controversial, but then not be hold accountable for your votes?

Representative democracy in action..

Re:Senate by Unanimous Consent , House by Voice

[GMontag]

If they vote "by voice", are the individual votes documented anywhere? Is this just a ploy to pass something controversial, but then not be hold accountable for your votes?

Umm, your comment seems to be weighed a bit on the negative.

EVERY bill in the House gets a "voice vote". The Speaker or his acting Speaker calls for a vote, all in favor say "aye" all opposed say "nay".

The opinion of the chair calls the vote. If ANY member on the floor calls for "the yeas and nays" they have a recorded vote by electronic device. The electronic system replaced the "role call vote."

It was never constructed to be a slick/fast vote, with every vowel recorded, type system.

Representative democracy in action..

Yes, consult "Robert's Rules of Order" and the Rules of the House and Senate for further information.

Re:This is just FUD.

[Scarblac]

There is no way a kernel patch can violate the DMCA for the simple fact that the Linux kernel doesn't enforce any type of copy protection.

Doing it like this is just prudent. Why should someone from Europe have to know all the details of US law, weigh the chances of it being a violation, when non-US people have already gone to jail over it and there's the option of not distributing it to Americans in the first place?

It is the *license* of the patch . . .

[kfg]

that makes it illegal to release the information to US citizens. The patch code was written entirely by non US citizens outside of the US borders. In order to prevent the possible prosecution by the US government, ala Skylarov, they released under license terms that forbid divulging information about it.

*Redhat* is not the refuser here, they are simply bound by the terms of the author's *license.*

Now, let's do a little deductive work here while we're about it, shall we?

This isn't a "Linux" patch, it's "Redhat" patch. And what *Redhat* kernel developer has already shown a propensity for making socio-political statements with the license terms of his kernel patches regarding the DMCA?

Anyone care to go waaaaaaaaaay out on a limb and "guess" just who might have had a hand in this?

I'll give you three guesses, but if you don't get it in one you haven't been paying attention.

KFG

Re:This is just FUD.

[m94mni]

The problem is not copy protection in the Linux kernel itself. The problem is instead that the document provides detailed descriptions of vulnerabilities in deployed systems.

Thus, it gives you information you can use to break into these systems, bypassing their "rights management". More info in the thread from last year here.

The point, why is it illegal

[Gerry+Gleason]

Yes, you can figure it out from the source, and I think the court would have a hard time if the description was part of the patch (i.e. a comment) to claim that the comment violated the DMCA.

The point isn't even that anyone would be charged under the DMCA, but that under the language of the law, they could be. The underlying point is that disclosing security vulnerabilities and keeping current with their announcements are extremely common activities for any security professional doing his/her job.

That said, the whole exercise seems a bit lame and the article more or less says that straight out after leading in with a bit of sarcasm. It's not even the dumbest part of this law, but that's another story already beaten to death on /.

Re:Ridiculous ...

[Rader]

reresentitives don't read their own email due to the risk of contacting the anthrax virus 2.0

Re:One day...

[bwalling]

There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.

You can honestly say that? My elected officials will pay attention to me only during election season, and I'm not supposed to complain? Screw that. Democracy only works if you don't pay attention to what happens. We have the DMCA, the Patriot Act, corporate tax breaks out the wazoo, and politicians who are essentially puppets for the companies who paid to have them elected. You're right, I shouldn't complain.

Re:This is just FUD.

[ajs]

Ding! This is the correct answer. Yes, telling people about security holes is a DMCA violation under every interpretation of the law that I've seen (other than the cursory, "it only covers copying mp3s d00d!")

Please mod up the parent.

Let's see...

[jmv]

2002: New RedHat Kernel Patch Illegal to Explain to U.S. Users

2012: New RedHat Kernel Illegal to Explain to U.S. Users

2022: Engineering Illegal to Explain to U.S. Users

Re:Let's see...

[ReverendRyan]

2050: US Schools nolonger teach reading, writing, and 'rithmetic

2055: All US citizens must have their ears and eyes removed at birth

Re:Use the source?

[gpinzone]

If that's the case, then it would be legal to distribute the DeCSS code as long as you don't tell anyone what it does.

Re:This is the solution for KaZaA, and the like

[Scarblac]

And lose the majority of their ad targets?

I think they'd keep getting Americans downloading it just as much. Most people using Kazaa wouldn't have trouble lying on a web form. But it removes their legal liability in the US, as far as I can see.

Re:Again?

[jeffy124]

yes, it did happen once. IIRC, he found (or was told of) a bug in filesystem permissions that allowed someone outside a uid/gid to gain access to a file.

Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.

These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!

Grey area?

[TamMan2000]

What would the DMCA have to say about commented code, which explains itself in plain english as well as code?

Re:This is absolutely silly

[tweek]

The problem is that redhat doesn't OWN the kernel. The patch in question is specific to the linux kernel which redhat does NOT own.

It would then follow that they are publishing a vulnerability about Linus Torvalds' product.

Re:One day...

[cr@ckwhore]

One of the falsehoods taught about US Government in our own schools is that its a "democracy", when in fact, it isn't. The US Government is a "representative republic". We elect people to do our dirty work for us... there's no law that says our elected officials have to listen to us, but the pressure of re-election keeps 'em tuned in to the opinions and concerns of their constituents.

So, when the election comes around in the near future, DON'T VOTE FOR ANYBODY CURRENTLY IN THE CONGRESS!! This is how we as a people communicate our discontent with the actions of our current Congress. Honestly, if we keep voting these same losers into the congress, but dislike the laws they make, then we're weak as a people and deserve to have our freedoms impounded for being complacent. Freedom is a privelage that requires maintenance.

(First order of business, challenge the DMCA)

I downloaded EVERYTHING

[flikx]

I LIVE IN THE US: Salt Lake City, Utah. Come get me. Muwahahaha!

Re:I downloaded EVERYTHING

I LIVE IN THE US: Salt Lake City, Utah

Isn't that punishment enough?

Re:This is just FUD. No, necessary evil.

[Havokmon]

There are enough problems with the DMCA that we don't need to make things up. If stories like this become commonplace, then lawmakers will soon ignore anyone who opposes the DMCA because they'll automatically assume they're acting on FUD and not the facts.

Don't you know how the U.S. legal system works? Let me explain:

If I spank my kid in public, the DA (District Attorney) will go back to my H.S. classmates and former employers and show that I generally disrespect authority, maybe was a bully, have a short temper, and that the incident was the latest in a string of inhumane behavior and child abuse that dates back at least 10 years.

My defense attorney, will argue that I was never disciplined for any such actions, never in a fight that is on record, and never visited by the local Social Worker (Except for our first child, which came before we were married - and is std procedure). I currently am active in my childrens lives, have defied 'conventional wisdom' by marrying my 'HS swetheart', having a kid before we were married, and staying married 8 years and having 2 more kids. S/He would also pull in a shrink to counter any past 'anger' issues due to the fact that my mom wasn't "all there".

All for what really was a spanking. (No, this didn't happen to me, but WI has tried to jail teen fathers - who try to do the right thing and be a father - for rape. So it's not impossible.)

The DMCA exists because lawmakers were convinced that the economy was going to fall because of piracy and free-flowing information. The only way to combat this in the U.S. is NOT by being rational - it's by meeting and exceeding the original irrational ideas, in an opposite way, that brought this beast into existance in the first place.

No can do

[YeeHaW_Jelte]

"Discussing this document with a US citizen
may be an offence."

I'd would've liked to post a comment here, but I would like to keep the option open of coming to the US somewhere in the future, so ...

__CENSORED__

DMCA? The begining of the end...

[paja]

I think DMCA is good example of how U. S. will loose its domination.

By restricting anything which may compromise poorly designed products U. S. will slightly stop any significant research and development, so as americans have to buy Japan electronics, they will have to buy encryption technology from Europe, communications equipment from Israel and software from Eastern Europe and Russia.

More laws will emerge to prevent techology companies moving out, restricting U. S. citizens to work abroad. Canada will have to require visas from americans, because they will seek asylum in there. British and Canadian controls will be set on american international airports to prevent asylum seekers to enter both countries. Amnesty International will be terminated and reopened in Paris.

Military power will be supplied by foreign components and foes will know their weaknesses better than U. S. The more 9/11 will arrive and U. S. will try to respond with military actions. U. N. will become angry about it.

Americans will still fly to space, but only to repair ISS or put in new communication equipment for Japan/Europe corporations. I am really looking forward to Intel HQ and R&D in Europe or Canada, while moving production plants to U. S., rather than Mexico, because of workforce price.

Japan will legally buy Hawaii. Russia with Japan will be complaining about american fishermen overcoming legally agreed quotas on fish in northern Pacific.

Networks of other countries will have the similar border with U. S. like China has with whole world - just because no one using any data tramsmission could not be sure if it will not be attacked by legal (in U. S.) attack at the network.

Why? Because few people wanted to keep high margins on movies...

--
paja

uh, GPL?

[mikeee]

Err, I don't think you can release a patch for GPL software (ie, Linux) under a non-GPL license.

You might include a disclaimer that the patch may be illegal in your nation, but I don't think the license itself can actually prohibit distribution to particular persons.

Re:uh, GPL?

[kfg]

You are incorrect. A *patch* for GPLed software may be released under any license the author desires. This is what allows propriatary binary only hardware support, as well as providing functionality for such software as might otherwise violate the DMCA, such as DVD players.

The *patch* is the work of the author and has nothing to do with the code otherwise under the GPL. You're thinking along the MS lines that the GPL is somehow a "virus" that infects your propriatary code. Stop it.

You also seem to be laboring under some sort of misconception that the GPL somehow can confer legality/illegality. It's perfectly possible to write GPLed code under one jurisdiction that may be illegal under another and thus may be freely distributable in, say, the US, but not in, say, China. Or in this case China, but not the US.

The licese has been posted here on /.

Read it and think about it.

KFG

Re:uh, GPL?

[mwa]

As far as I can tell, the license to the code is GPL. (The patch does not "explain" how to circumvent anything, it "explains" how to prevent the circumvention.) The description is licensed under the freeworld license because it explains the vulnerabilities.

Or so I guess, since I can't read it.

Re:uh, GPL?

[Scarblac]

Err, I don't think you can release a patch for GPL software (ie, Linux) under a non-GPL license.

The patch itself is perfectly legal, and GPL licensed, and downloadable by anyone, etc.

The documentation accompanying the patch, that explains what security holes were closed, is licensed so as to be undistributable to people in the US jurisdiction. This is because the act of distributing this info is illegal under the DCMA.

Re:uh, GPL?

[mikeee]

Incorrect.

A patch (likely) still qualifies as a derivative work, even if none of the original source is included, and thus could only be distributed under the GPL.

Binary device drivers are a special case; these are arguably GPL violations, but LT has stated they're ok as long as they only use 'public' interfaces. Lots of discussion about this on LKML if you're interested.

Re:One day...

[frunch]

Just becaues you don't vote doesn't mean you can't complain

Voting IS complaining... only it's a USEFUL form of complaining that elected representatives listen to. If you don't like someone, vote against them. THAT should be how you complain. If you don't vote, you're allowed to complain, sure (free speech and all). But you can't expect your complaints to do any good.

Any individual's vote makes no difference

Gore would disagree with you.

Re:One day...

[uncoveror]

We didn't vote for Bush the first time. He siezed power in a coup. Read more.

I Will Not Apply A Patch I Do Not Understand

[ausoleil]

One of the prime rules of administering a system is to never destabilize it. I have great respect for Red Hat, and use their systems every day, but whatever this patch does, I will not apply it until I understand what effect it is going to have on my systems.

I suppose I could (and really SHOULD) look at the source and figure it out from there, but given the fact that time is a scarce resource, it will be lower on my priority list than the other problems that are more readily apparent to me.

That means that the DMCA is actually contributing to the destabilization of the systems I am responsible for. Makes me wonder just who is being protected here in the land of "free speech" and home of the brave.

Re:I Will Not Apply A Patch I Do Not Understand

[ryanwright]

That means that the DMCA is actually contributing to the destabilization of the systems I am responsible for.

No, posting on /. is contributing to the destabilization of the systems you are responsible for. It's funny that you "don't have the time" to fix the system, but you DO have time to post here. ;)

The USA is a REPUBLIC not a Democracy

[cnelzie]

We do value the ideas of Democracy, but we are a Republic. A Republic is just a little bit different then a Democracy. For instance, we do vote for the men and women that represent us in our nation's capital.

However, the laws that they create do not necesarily represent the views of their constituents. If that was the case, then every American Citizen would have the right to vote on the creation of laws such as the DMCA.

Our Republic is a popularity contest regarding who ends up in office. This popularity contest is run in front of a back-drop of "parties" which are supposed to represent the basic views of the person running for that office.

In the Republic of the United States, true Democracy only exists in the local arena (School Millage Hikes/Cuts, local ordinances and such) and sometimes shows its face in state elections when public acts are put up for citizen review.

If we lived in a true Democracy, I personally believe that the citizenry would have destroyed the Constitution many years ago by creating laws that limit the freedoms and liberties that our Republic currently partially protects. The trouble is that our representatives have forgotten that and so have the citizens that voted them in. If they were to remember what our form of government really is and change some of their ways, we can once again move forward with our great experiment.

Re:Quit your fearmongering

[ocelotbob]

You're being silly here. None of this is going to happen, because other countries are considering, or have already enacted, laws just as bad, if not worse than, the DMCA. Check out the information on the EU directive known as the European Union Copyright Directive, or the Digital Agenda Act, which is Australia's answer to the DMCA. The DMCA is on shaky constitutional grounds in the US, is the act your country going to pass be?

what, it doesn't?

[Ender+Ryan]

So your telling me that chmod -r My_Copyrighted_Work.mpeg won't make my file unreadable by other users on a system?

Uh oh, I better switch to windows then!

Of course the kernel implements copy protection, but it's a general purpose protection, not specific to copyright, but CAN be used to protect a copyrighted work just the same.

By the letter of the law, this changelog IS illegal.

Re:Use the source?

[xanadu-xtroot.com]

I mean, can't you just read the source of the patch

I had this thought after the first time, and am seriously thinking that this thoug of mine may not be such a joke or bad idea after all:

One word: SELAND!

Move the master kernel repository over there. It may not account for everyone's DL's, but at least the master tree will always exist in an untained form.

the best part is

[Ender+Ryan]

The best part about this "stunt" is that it is entirely correct. Sure, the U.S. government wouldn't prosecute someone for these changelogs, but they COULD, and that is the key to why the DMCA is such a bad law.

Re:One day...

[cliveholloway]

In a democracy, you are responsible for the actions of those you elect.

True. But you're misinformed. The US is not a democracy. The two puppet system in place at the moment is hardly democractic.

cLive ;-)

Don't blame me - I vote Green

how can a changelog be a circumvention device?

[Billly+Gates]

Under the dmca only circumvention devices are outlawed. Since Linux is not a "copyright protection device or aka drm", its therefor not covered by the dmca.

Also I do not think published papers are circumvention devices like adobe and the mpaa claim. A paper is not a physical device so security research can legally continue. I believe the lawyers at Hollywood are just shouting boo at security researchers.

Last but not least who is going to file charges agaisn't redhat? Linus??

Its perfectly legal to talk about flaws in a product. What is not legal is to create circumvention devices or programs to take advantage of drm security holes for a limited set of copy protection products.

Redhat is going to lose respect in the business community if they start getting all paranoid by this.

Re:how can a changelog be a circumvention device?

[debest]

You'll note that RedHat still provided an easy (although essentially labelled "Use at your own risk") link to the changelog. In other words, they encourage you to break their strict interpretation of the law in order to get your work done.

They are simply trying to make a point: that the DMCA is stupid, and you have to do stupid things to be in compliance with it. By the way, the application of the DMCA in this scenario is not that the changelog is a circumvention device to the Linux kernel. The issue is that Linux can be(and I imagine is) used effectively *AS* a copy protection product, and the information in the changelog could be interpreted as a way of circumventing the protections.

And as far as Red Hat losing respect in the business community: I doubt it. Any business which is enlightened enough to adopt free software at all will already understand the nuances of copyright issues (they will have had to have investigated the GPL and BSD licences), and will not be scared away by this.

Re:how can a changelog be a circumvention device?

[Sloppy]

Since Linux is not a "copyright protection device or aka drm", its therefor not covered by the dmca.

It is, if you use it to store your copyrighted works.

Re:how can a changelog be a circumvention device?

[alizard]

The only respect I see anyone losing over your assertion about Red Hat is whatever respect anyone has for your knowledge about computer security and Federal law.

They, Alan Cox, et.al. are right. You are wrong. Suck it up and deal.

In Massachusetss the new law is null and void. So.

[MrJerryNormandinSir]

Massachusetts rejected this crap. So, maybe all of us should follow suit. Redhat should ignore it, or
use a Massachusetts based location ot get it out.

Not only very little debate...

[Smallest]

...it was actually written by lawyers for the the media industry, not by congressmen. it is a clear example of a bill bought and paid for by special interests.

Digital Copyright

-c

That's not the problem....

[3seas]

Ultimately the problem is in the industry not making a clear identification of different product lines. Do so intentionally is an act of consumer fraud and last I understood, such things are supposed to be illegal.... Like Antitrust..

The correct divide between product lines is constrained products on one side and open products on the other. There are different product lines.

To promote otherwise is not only consumer fraud but also anti-trust as it wrongfully attempts to suppress competition and consumer choice.

That's the way it really is. Know it and become informants to the public.

I have no problems in deciding to buy or not buy constrained products and I have no problem with not being able to use those constrained product on an open product line. I'd perhaps even be willing to pay a little more if I felt I needed to use some constrained product on on an open product.

But the problem here is the clear intent to blur and blunder that choice, by the industries, politicians and other involved in teh intent to force me to products against my choice.

Even now I have found since october 9th that I personally cannot access slashdot from my Amiga system without going thru an anonymizer. I resent the hell outof that as it forces me to use a fucking god damn product of a legally found guilty of breaking federal anti-trust law company called Microsoft.

And this is what I am paying taxes for?

There is this document called the "Declaration of Independance" that more people really should read at this this time of government abuses. Seriously!!! Do a google search and read it!

Re:This is just FUD.

[Dalcius]

Be careful how you word it. Correct me if I have anything wrong here...

"If the kernel doesn't enforce any DRM", in my mind, doesn't break the DMCA simply because it's a passive act, it involves no "breaking". However, I don't trust our government to agree with me.

you didn't even RTFA

[Ender+Ryan]

You didn't even RTFA, so WTF should anyone listen to you?

The problem isn't with the patch, it's with the Changelog, and RedHat didn't really have anything to do with it.

Re:you didn't even RTFA

[Reality+Master+101]

The problem isn't with the patch, it's with the Changelog, and RedHat didn't really have anything to do with it.

Red Hat should stand up for intelligence and rewrite the changelog in their own words if they have to. Just because Alan Cox is an idiot about everything except programming doesn't mean that Red Hat and everyone else should roll over. I don't particularly like the DMCA, and would like to see it overturned. But idiocy like this DAMAGES THE CAUSE.

I think everyone should publish the changelog and give a big F-you to Cox' stupidity.

Re:This is just FUD.

[Dalcius]

Oh, Bruce Perens, where are you?!

Re:Use the source?

[Scarblac]

If that's the case, then it would be legal to distribute the DeCSS code as long as you don't tell anyone what it does.

No, since DeCSS is a circumvention device (another part of the DMCA).

Re:One day...

[arkane1234]

The last couple of times I've tried complaining about anything to my elected representative, they sent me letters back saying that was not something they were currently involved in.

Like I keep a roster of what they are currently involved in! I do, however, know what current events are hot in Washington. If they aren't involved in those, then there's a problem. That means that /I/ am not represented.

This sounds like a job for:

[Bobzibub]

http://cryptome.org/
: )

couldn't we...

[Niles_Stonne]

Couldn't we just take a look at the differences in the source and figure out what was changed?

Oh, wait, Reverse Engineering is violating the DMCA too...

Re:This is absolutely silly

[Scarblac]

This is publishing information about THEIR OWN PRODUCT.

No it isn't. The patch was written by independent developers. Red Hat employees in the US aren't allowed to read the explanation either. And they're not allowed to put it on their site because the license on the explanation doesn't allow this.

Re:One day...

[cr@ckwhore]

You are what is wrong with America!

obligitory karma whoring

[dextr0us]

Begin obligitory karma whoring. that is the website for the people who vote on what bills, and this is specifically for the DMCA

We already are!

[lorcha]

We already are on Double Secret Probation! Have been since 26-OCT-2001. Argh.

Then almost all security notices violate the DMCA

[Get+Behind+the+Mule]

The issues discussed in the patch notice are pretty mundane, and it took me quite some time to figure out what the hell the problem with the DMCA might be. I'm still not sure.

The reasoning, apparently, is that by documenting the security weaknesses that were fixed, they reveal ways to hack unpatched versions of the kernel. And that would be circumvention, and hence violations of the DMCA. All of the holes were found in code audits, and there are no known exploits, so this announcement documents these problems for the first time. (Maybe it's less of an issue if you announce fixes to holes that someone else already found.)

But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.

I dunno, it certainly would be crazy if the DMCA really has that implication, but are Cox and Co. certain that the law really means that? I'll bet there is no case law suggesting such a thing -- and after all, it's the courts' interpretations that really matter in the end. Has any legal scholar ever suggested that the DMCA can be interpreted this way?

I certainly don't like the DMCA, and I think it's unconstitutional (First Amendment, you know), but I wonder if this stunt will backfire. If it turns out that they're making a big deal out of something that the DMCA doesn't actually forbid, then opponents of the law will end up looking a bit hysterical.

DMCA does not forbid reading/posting by definition

[papasasha]

Chapter 12, section 1201 of the DMCA. "(c) Other Rights, Etc., Not Affected. - (4) Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products. " You can talk about it. You can read it. You can even post it. Bob & Tom can read the Redhat patch description over the radio. This looks to be in direct conflict with b1, also in section 1201: "No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - " U.S. congress is prohibited from passing the latter into law, it being in direct conflict with the first amendment. Remove the word 'technology' and it's probably okay. If 'technology' means descriptions as well as boxes with pretty lights and buttons. First amendment of the American constitution includes: "Congress shall make no law ... abridging the freedom of speech, or of the press ... " A Google search for "DMCA first amendment" and "bill of rights" will get you where you need to go if you think I've taken something out of context. Apologies for the length; brevity is not the soul of law. Legal experts, I'll be interested to hear why I've incorrectly interpreted this rare clear use of English in legislation.

Re:HP believes the DMCA covers security notices

HP threatened Snosoft over a post to bugtraq, so apparently HP, a large company with lots of lawyers, belives the DMCA covers security notices.

Re:One day...

[Salamander]

In a democracy, you are responsible for the actions of those you elect.

Yes, but am I responsible for the actions of a president I most emphatically did not elect, whom many would say was not legitimately elected at all but sits in the Oval Office nonetheless? Am I responsible for the actions of some senator from North Carolina or Texas (I'm in Massachusetts) who is the chair of some committee that exercises extra-Constitutional power to affect what bills even get seen by the full legislature? Am I responsible for the actions of some unelected official even though their rules and regulations only have the force of law because Congress improperly abdicated their legislative authority when they created some bureau fifty years ago?

No, no, and no. I can and do vote for a mere handful of representatives, whose roles have become so diluted by the above factors that voting is purely an act of principle untinged by practical effect. To say that people in general are responsible for outcomes that people in general can affect so little is ridiculous.

Re:This is just FUD.

[Thomas+Charron]

Next time, actually read the law. The DMCA is VERY broad. Sounds to me like your extent of reading on it was the name, and not the contents of the act itself.

The DMCA makes it illegal to publish any sort of information that provides data relating to any sort of bug that could be potentially exploited. This was, IMHO, added to prevent people from writing applications that would allow individuals to circumvent applications that where protecting copywrited materials, but it's all in the wording.

Re:Third World is an option

[Winterblink]

The third world is a good option. Cheap wages, highly educated middle-upper classes, good connections to the I'net. Argentina, Brazil, Chile, India, Uruguay are obvious (and alphabetically sorted!) candidates for hosting OS endeavors.

Yes, but the third world is in no way connected to the lovable mascot of Linux -- the noble penguin. Antarctica is the most logical place for a Linux company. :)

Re:I'm not a corporation

[Quila]

WTC1: Killed innocents in the four-digit range
WTC2: ditto
Pentagon: Killed hundreds, mostly just average-joes working in civil service jobs
Capitol: Would have killed some innocents, plus the source of many of the problems in the country today

I'd say that if one had to miss, it should have been one of the WTC planes. Would slashdotters be weeping over the demise of Hollings or Berman? These are the people selling your rights out to the RIAA and MPAA.

Re:One day...

[rweir]

Seriously, how do people defend Bush? Clinton was a crappy president in a lot of ways (DMCA, weapons treaties, etc) and so is Bush.

You do realise that your country is holding people prisoner in Cuba in violation of the Geneva Convention on the treatment of Prisoners of War (and don't be nice to them!), right? And that your country has decided that doing something about the Greenhouse Effect is too expensive? Or that letting other countries try your soldiers on war crimes is too hard? And that getting rid of weapons of mass destruction is good, unless they're yours

Not that my country is innocent; Little Johnny locks up kids in the desert and uses the navy to storm refugee ships and then pays other countries to take the refugees of our hands.

Re:Again?

[Ian+Wolf]

Alan Cox didn't write the code that he learned the exploit to. Furthermore, Red Hat did not write the kernel, thus it is not their own code. The parent post merely chose the wrong words to make his point.

Re:I've got it!

[Ian+Wolf]

Oh Shit! Does this mean those "Break the Code" puzzles in the newspaper are going to land me in jail?

D.M.C.A song

[aaron_pet]

Young man, there's a need to feel down
I said, young man, throw yourself on the ground
I said, young man, 'cause your in a new town
There's a need to be unhappy

Young man, there's a place you can go
I said, young man, when you're short on your rights
You can stay there, and I'm sure you will find
Many ways to have a good time.

It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the D.M.C.A.
They have everything For old men to enjoy.
They can hang out with all you boys.

It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the D.M.C.A.
You can't get yourself clean
You can't have a good meal (because it likely contains DNA that created a plant that fuels you so you can talk... and say anything... and thats information that they don't want you to share)
They can do whatever they feel.

Cong' man, Are you listening to me
I said, cong' man, what do you want to be
I said, cong' man, you can make go away your rights,
all you've got to do is this one thing.

No man, does it all by himself
I said, every man, put your life on the shelf
And just break that, its the D.M.C.A.
I'm sure you can break that today

It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the Y.M.C.A.
You have everything for old men to enjoy.
They can hang out with all you boys.

Cong' Man, I once filled your shoes,
I said, I'm not down with the you's
I felt, no man cared if I were alive
I felt the whole world was so jive

That's when someone came up to me
and said young man take a walk up 1600 pen 'reet
There's a thing there called the D.M.C.A.
They can start you'r ass on it's way.

D.M.C.A.
just go to the J.A.I.L.
Cong' Man, Cong' Man, I once filled your shoes,
Cong' Man, Cong' Man, Now it's out with all yous

D.M.C.A.
D.M.C.A.
D.M.C.A.
D.M.C.A.

Re:Again?

[frleong]

These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!

Now I got it. Microsoft consistently refuses to disclose vulnerability details about its own products because many people are IIS and other secure and high-quality MS products as a "copy protection device"!

Then can we submit

[tacokill]

If that is true, then can we PLEASE submit this as an actual case where the DMCA has unintended consequences? I know the copyright office will be soliticing comments in early Nov.

Re:Then can we submit

[Alsee]

If that is true, then can we PLEASE submit this as an actual case where the DMCA has unintended consequences? I know the copyright office will be soliticing comments in early Nov.

Don't waste your time. That committee works *within* the DMCA. All they can do is carve out tiny exemptions in the DMCA. They take an extremely narrow view in doing so.

I believe the only things they have done are exemptions in the case of malfunctions and for viewing the list of blocked sites for internet filtering programs.

The only reason to deal with that committee is if you agree DMCA and want to repair some insignifigant detail they overlooked when writing it.

-

Re:Use the source?

[rppp01]

One word: SELAND!

Um, you mean SEALAND, right?

The link goes to Sealandgov.org.

Just thought I'd help you out here...

Re:Again?

[sg_oneill]

Bing! Lose a point kiddo.
Does allan cox actually own the rights to the linux code? At most Linus may. Remember Skylarov got his arse ripped DESPITE adobe actually objecting.
Allan Cox does, and hes probly had advice on this, face DMCA busting if he explains the 'sploit.
THATS why everyones up in arms about the DMCA , because it's fuckin' ludicrous.
And he can get deported for it too.
And if you cross your eyes the right way, yeah a slim-jim might just be a circumvention device too. (Break into car, steal document , break DCMA). It's verry silly. Oh and dude, if someone is using your method on there data, I fully recon' that DMCA + implied contract with customer to rely on your protection on their data means that your haxor technique breaks THEIR data. You still go to jail. (I wonder if CHMOD & CHOWN are circumvention devices).
This has gotten outa hand.

This is GPL software

[Andy+Dodd]

So the patch itself is illegal by their (silly) definition, because it is itself documentation of the vulnerability (and how to fix it).

And if this were properly-written GPL software, the patch would be commented... (Don't know if it is or not - It should be.)

Not really that hard, actually.

[theLOUDroom]

You're just wrong.
As long as someone somewhere could possibly decide to use Linux file permissions as a copy protection scheme, then describing any way in which these permissions could be circumvented is illegal.
This law is not limited to things that are only used as a copy protection scheme, and has already been used against programs with legitimate uses (Ex: DeCSS).
I don't think you understand just how over-reaching this law is.

Re:Third World is an option

[sbeitzel]

Wait a minute. I thought there were penguins on the Falkland Islands -- a mere hop from Argentina. And aren't there penguins in the southern bits of Chile?

Re:More correctly, a human readable explaination..

[Rader]

ah... another way for Microsoft to crush the open source movement.

STFU!

[theLOUDroom]

Don't complain my ass!
And exactly how am I going to get anything changed without complaining?
And there's a big difference between my elected representatives actually listening to me and just pretending to.
As a citizen of the US it's my constitutional right to complain. Especially given the election rigging that's been going on lately.
"Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
It's really idiotic to think that the only time we should talk about the gripes we have with our gov't is right before election day.
They should know that we're keeping an eye on what they're doing every day.

copyright does not protect ideas.

[anwyn]

People are making a big deal about the fact that the explaination document is copyrighted. copyright does not protect ideas only the particular expression of an idea. In otherwords if someone were to release a paraphrase of the explaination document, it might violate DCMA, but it would not violate copyright.

Why would the DMCA not allow us to see this..

[Suppafly]

Read it over.. there isn't any obvious DMCA violations noted.

-- LEGALESE --

PLEASE READ FIRST.

Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.

Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.

This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.

There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.

NO WARRANTY

BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

-- END LEGALESE --

Security Holes Fixed In Linux 2.4.19

None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.

- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory

- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present

- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present

- The /proc/slabinfo file could exceed a buffer size and cause
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption

- By setting the TF flag a carefully constructed binary could hang
the kernel dead

- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit

- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur

- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)

- The rt_cache_proc file could be tricked into returning chunks of
kernel data.

- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.

- Multiple /proc files could be persuaded to dump kernel data
due to a sanity checking bug in the proc file handlers

- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions

We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.

Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in /proc. These files are now root private. The base tree is not
affected as it lacks PnPBIOS support

Credits

The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.

-- Additional Required Patch --

diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.20pre1/arch/i386/kernel/traps.c linux.20pre1-ac1/arch/i386/kernel/traps.c
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;

@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;

__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));

+ /* If the user set TF, it's simplest to clear it right away. */
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+ /* Mask out spurious debug traps due to lazy DR7 setting */
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])

Re:Why would the DMCA not allow us to see this..

[buswolley]

Damn you ...!!!

I was trying to avoid seeing that! Now what am i going to do?

Re:Why would the DMCA not allow us to see this..

[Suppafly]

Just have to go to prison now I guess.. sorry.

Re:Use the source?

[Hater's+Leaving,+The]

I couldn't read the source in teh patch, there must be some problem with it, is it encrypted or something? Here's all I got:

qvss -h --arj-svyr --erphefvir --rkpyhqr-sebz /hfe/fep/rkpyhqr yvahk.20cer1/nepu/v386/xreary/gencf.p yvahk.20cer1-np1/nepu/v386/xreary/gencf.p
--- yvahk.20cer1/nepu/v386/xreary/gencf.p2002-08-06 15:40:50.000000000 +0100
+++ yvahk.20cer1-np1/nepu/v386/xreary/gencf.p2002-08-0 6 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
fgngvp ibvq vayvar qb_genc(vag gencae, vag fvtae, pune *fge, vag iz86,
fgehpg cg_ertf * ertf, ybat reebe_pbqr, fvtvasb_g *vasb)
{
-vs (iz86 && ertf->rsyntf & IZ_ZNFX)
-tbgb iz86_genc;
+vs (ertf->rsyntf & IZ_ZNFX) {
+vs (iz86)
+tbgb iz86_genc;
+ryfr
+tbgb genc_fvtany;
+}
+
vs (!(ertf->kpf & 3))
tbgb xreary_genc;

@@ -514,10 +533,15 @@
{
hafvtarq vag pbaqvgvba;
fgehpg gnfx_fgehpg *gfx = pheerag;
+hafvtarq ybat rvc = ertf->rvc;
fvtvasb_g vasb;

__nfz__ __ibyngvyr__("zbiy %%qo6,%0" : "=e" (pbaqvgvba));

+/* Vs gur hfre frg GS, vg'f fvzcyrfg gb pyrne vg evtug njnl. */
+vs ((rvc >=CNTR_BSSFRG) && (ertf->rsyntf & GS_ZNFX))
+tbgb pyrne_GS;
+ /* Znfx bhg fchevbhf qroht gencf qhr gb ynml QE7 frggvat */
vs (pbaqvgvba & (QE_GENC0|QE_GENC1|QE_GENC2|QE_GENC3)) {
vs (!gfx->guernq.qrohtert[7])

Oh lordy, I'm probably in contravention of the QZPN?

(Christ, I can't believe how lame I am! Whatever, it made me laugh!)

THL.

no, you're allowed to read it

[Trepidity]

It's publishing the description that's illegal. Thus if the source code is indeed a description, Red Hat cannot legally publish it, regardless of whether you read it or not.

they all go to Paris, eh?

[Trepidity]

If the only Europeans US tourists come into contact with are Parisians, no wonder they think all Europeans are pompous pricks.

Re:Retroactive Voting Behaviour

[Blkdeath]

The end results are that incumbent political parties (the government) tend to have an uphill battle to win support in electoral campaigns and that it is unusal for a party (or coalition of parties) to stay in office for more that two terms.

In some cases though, the system works to their favour. There was a lot of uproar and scandal surrounding Jean Chretien (our Prime Minister), but he was elected with a landslide victory for his third consecutive terms (we can do that in Canada. {smile} ). From the sounds of it, though, he's stepping aside and letting someone else come to bat. The Liberal party, however, will probably paint atleast 75% of the nation red once again.

More locally here in Ontario, the memorable Mike Harris won himself a re-election, even amidst million dollar teacher-run anti-Harris ad campaigns. They tried to convince the electorate into a 'strategic voting' (or some such) which basically meant "Anybody But Harris" - which failed extremely miserably. In Durham, one of the big epicentres of the teacher strikes (elementary and secondary) the entire region was won by the Progressive Conservative (Mike's) party.

Sometimes it works for, sometimes against them.

Of course, Harris is responsible for putting a leash on the school boards (now they have to run under a budget; something that have absolutely no idea how to do ($18 million to IBM for new computers, but they have no money to buy textbooks. Strange, dat!), which is why they're so cheesed ... ), much welfare reform (he had the audacity to tell people they weren't supposed to live off of welfare indefinately. Prick!), among other things.

It is infinitely much easier...

[hackwrench]

to trick someone who isn't free to believe he is, than it is to trick someone who is free into believing he isn't.

Think about it.

Re:It is infinitely much easier...

[jazman_777]

to trick someone who isn't free to believe he is, than it is to trick someone who is free into believing he isn't.

Think about it.

It reminds me of another saying: if you make someone think you are making them think, they'll love you. But if you really make them think, they'll hate you.

Think about it.

Re:It is infinitely much easier...

[Unknown+Bovine+Group]

It reminds me of another saying: if you make someone think you are making them think, they'll love you. But if you really make them think, they'll hate you.

Think about it.

I hate you.

More than a stunt

[Sloppy]

It used to be that when Alan Cox took this standpoint in regards to security updates, most people (me included) thought that he was just making a point about a theoretical technicality.

But then it actually happened in Real Life. Lawyers at HP saw how DMCA could be abused to prevent discussion about vulnerabilities, they used it to bully. Most people wouldn't have believed it six months ago, but nowdays, thanks to HP, we know that it really is plausible that DMCA could be used by someone to attack Red Hat for discussing a security problem. It's not just theoretical. It's not just paranoia. It actually happened.

So it's more than just a stunt; it's also a ridiculous but legitimate ass-covering, made necessary by a ridiculous law.

Is a strawman the best way to protest the DMCA?

[terraformer]

If I read all of this right, it appears that the discoverers of the bug copyrighted their white paper in a way that prohibited distribution to anyone in the US. Thereby allowing them to invoke the DMCA if they so choose. As the register article points out, Red Hat was forced to go along with this because the authors of the bug whitepaper wanted to prove a point. With all of the real issues (Here & here) surrounding the DMCA, why are we even wasting our time with this?

Re:What a horrible way to make a point.

[ConceptJunkie]

But don't you know... anything that COULD be used to circumvent copy protection is now illegal.

Please check your brain at a government approved collection center.

Federal agents will arrive shortly with flamethrowers, please provide them with access to all paper, pens and other writing materials. We don't want to burn down your house, but we will if we have to.

Knowledge is Criminal?

[zentec]

The mere thought that knowledge is criminal is patently absurd. This nonsense is further proof that US corporations prefer the American public as dumb as possible.

A preferably dumb American consumer is simply fuel for the machine. Don't ask, just pay us and thank us for providing you with insert good or service here?.

Hopefully, within the Supreme Court, will see that the rights of free speech trump this ridiculous law.

1860s tech, actually

[upper]

It's not 1980's technology, it's 1860's technology. Thomas Edison's first patent was for an "Electronic Vote Recorder" system to do this. Congress rejected it, but most state legislatures have been using something like this for a century.

I suspect that Congress likes the current system. Voice votes let members hide their votes, and roll-call voting gives them more opportunities to play games.

US Citizen? You're basically fucked (as I am)...

[crazyphilman]

Consider the options:

1. Live under the DMCA. Linux developers, who live all around the globe, start snubbing US Citizens because of DMCA fears (mostly legitimate). So as a US Citizen, you don't really have an open source O/S anymore -- no one is sharing source or info with you!

Result: You have a Microsoft-like "Patch and Pray" situation developing. You don't know what the patches do, or whether you want or need them. You're a mushroom -- you're kept in the dark and fed bullshit. LOVELY. Switch to FreeBSD. Or maybe OpenBSD. Whatever.

2. You get fed up with the DMCA and move elsewhere, in hopes of finding a new country whose intellectual environment is supposedly more open and accessible. I don't personally endorse this (I love NY) but hell, it might be ok for people less attached to their environs.

Result: You're surrounded by people who despise George W. Bush and see you as their personal GWBush voodoo doll. So they harangue and harass you about every screwed up thing the U.S. does as if you personally ordered it. Everyone hates you. You can't walk twenty feet down the street without some French psycho grabbing your collar and screaming at you for being "imperialist scum" (or whatever the current anti-US epithet is, I can't keep track). As soon as word gets out that an American lives nearby, terrorists swoop in and cut off your head, if you haven't killed yourself from depression already. No one cries at your funeral, and the stonecarver deliberately misspells your name.

Not really an option. I'd say maybe Canada, but even they don't like us anymore. I have a friend living in the Far East, but then, some people got their heads cut off over there recently, so that's out. Ok...

3. Become an activist and protest the DMCA, start political rallies, support the green party, etc. Raise all kinds of hell in hopes of altering the status quo.

Result: with the FBI's newly restored powers (they've recently gotten back the powers stripped from them after Watergate, in case you haven't heard) they identify you as a rabble rouser, anti-American whatsis, etc and so forth, and you get busted for every possible thing you could get busted for right down to jaywalking. We're talking the total Abbie Hoffman treatment. Eventually you go into hiding or get so depressed you kill yourself (or some CIA spook helps you kill yourself, either way).

FACE IT, CHUMS! I've already resigned myself to it. I am doomed. I fully understand this. So, the hell with it. I'll stay right where I am, where at least my neighbors like me. Maybe I'll get stuck with Palladium, maybe I'll get stuck with the DMCA. Fuck it. There's FUCK-ALL I can do about it anyway.

And, if people won't tell me what kernel patches do, if they snub me for things that are totally out of my control, well, screw it. I'll switch to BSD. Or maybe something else. Adapt, improvise, overcome.

One thing's for certain: I'm not travelling ourside our borders ever again. NOBODY likes us. EVERYONE hates us. Time to stay home and fire up the Playstation!

Copyright Violation

[Dareth]

Shouldn't this be posted on Kaaza with all the other copyright violations?!?

Re:This is absolutely silly

[Sloppy]

I don't recall the exact wording, but I'm positive the DMCA is intended to cover publishing vulnerabilities about *other people's software* - This is publishing information about THEIR OWN PRODUCT.

No, you don't understand who is being "protected" by DMCA here. It's not the software, it's the copyrighted content that uses the software as a technological measure to limit access.

Suppose you use Red Hat Linux on a machine where your stuff (stuff you own, not Red Hat) is stored. Your machine has a login prompt and requires a password. A person who doesn't know a your login name and password, cannot access your copyrighted work. Red Hat Linux is the "technological measure" that you decided to implement to limit access. All the necessary conditions for DMCA to apply, are present.

If someone (anyone, including Red Hat, other than you) "traffics in a device" that bypasses the technological measure, then you -- not Red Hat -- are the party who, according to DMCA, has just been violated. Red Hat, by talking about their own product, risks being sued by their own customers who use that product as a technological measure to limit access.

Recall the DeCSS case. CSS was DVDCCA's product. But it was MPAA who actually used DMCA to sue people over CSS being broken. DVDCCA didn't have any DMCA claims against anyone, and the were only suing people over trade secrets. And yes, as weird as it sounds, if hypothetically DVDCCA were to start telling everyone how CSS (their own product) works, DVDCCA would be open to DMCA attack from MPAA. (Not that such a thing would really happen.)

I seem to remember...

[cnelzie]

Learning in school that we are a Republic... In fact, there was something that we did every morning to reinforce that...

"...and to the Republic, for which it stands..."

Are you saying that the Pledge of Allegiance is wrong?

Should it say, "...and to the Representative Democracy, for which it stands..."?

Check the following link, it leads to a site that will explain our form of government to you in elementary terms. You should take a few more politcal science classes before you start talking about government, my friend.

What is a Republic?

Re:This is bloody insane

[program21]

That's where the problem is. Most of the major players involved in some way with the DMCA are in favor of it, most of it's opponents don't have the resources to fight them.
Sure, there are plenty of other wealthy people/corportations who COULD help in the fight, but there's no reason for them to do so. Why help out people like us at their expense, unless they're helping themselves too?

How's that work?

[bill_mcgonigle]

How does Massachusetts get around the National Supremacy clause of the US Constitution? That'd be a good trick.

Re:One day...

[jnana]

Too many asshats that don't know jack squat.

As opposed to our many selfless, genius congress members?

Relevant portion of the DMCA

[SiliconEntity]

For reference, here is the relevant portion of the DMCA:

`(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that-- `(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title; `(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or `(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

I can understand that people may be worried about publishing kernel patches, but careful reading of the above makes it very clear that these do not violate the DMCA, even if they inadvertantly or implicitly reveal information that could be used to defeat copyright protection. The reason is simply that this is not the primary design and purpose of the information. Rather, the information is designed to extend and improve the functionality of the Linux kernel.

Contrast this with the Sklyarov case, where the primary purpose of the information and technology he presented was to defeat copyright protection. The situations are completely different.

I can't blame Europeans for being excessively cautious with regard to American law, but they could consult with a lawyer and be reassured. My opinion is that this is really a political statement, and that they are being disingenuous in claiming to be afraid of prosecution.

Re:Relevant portion of the DMCA

[Xepherys2]

Click Here for my other post on this topic.

The basis of which is that it's all a matter of interpretation, and the law tends to side with the less reasonable more often than not (in the US). Hence people can sue McDonald's for hot coffee and the like. Reason holds no light to law. And I'm not trying to be flamebait, or start an argument amongst us, but if you look at cases logically, ESPECIALLY in technology, where there are fewer experts than one would expect by counting the number of epople who proclaim themselves as technology experts, you would surely see an imbalance in the law where technology is concerned.

-Xeph

Re:Relevant portion of the DMCA

[Alsee]

(A) the "primary design or use of something" has been getting an extremely broad and biased interpretation in court. Substantial legitimate use has not been a sucessfull defense.

(B) The explanation of the patch could quite easily be ruled to have "limited commercially significant purpose". Substantial legitimate uses have been ruled to have limited commercially significance.

(C) marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing - if someone else DID "market" the information in that manner, do you really want to defend yourself against charges that that you might have known?

So, all three clauses *could* lead to trouble.

careful reading of the above makes it very clear that these do not violate the DMCA

Because you are trying to read as a good and reasonable law. The problem is that it is a bad, unreasonable, and badly flawed law. The core issue is that DRM fails completely if there is ever a leak anywhere. If one copy of something escapes it can be copied a million times on the internet. If a DRM sceme is circumvented then EVERYTHING protected by that scheme could escape. The DMCA fails to do its job of protecting DRM unless its effects are broad and cover even the most innocent cases. Courts have been interpreting it in the broadest manner possible.

-

Re:Free Jose Padilla!

[Zordak]

Somebody modded this moron "Insightful"? Check some facts. Jose Padilla, the "poor bastard," did not just "boast about being a bad-ass in a bar." He met with Al-Qaeda leaders in Pakistan and organized a plan to detonate a "dirty bomb" inside of the United States. Perhaps this Anonymous Coward (if you're going to troll the government, at least log in, so we all know who the moron is) would like to be one of Mr. Padilla's targets once he is released. Mr. Padilla's treatment is neither illegal nor unprecedented.

Comparing Pres. Bush to Hitler? Not even the left wingers in congress have gone that far. At least try to make credible accusations.

House Cleaning.

[RatBastard]

Then we vote against every one of those scum suckers. Let the next group know that we're won't put up with this crap anymore.

So, does this make...

[Codifex+Maximus]

some shows like McGuyver and some movies like The Eraser violations of the DMCA?

I mean, they could use the techniques explained in the shows to circumvent security.

Does the "No citizens of the USA" also include members of government and the armed forces?

CDrom burners, modems, network cards/networks, routers, the Internet could all be construed as contributing to the security problem. Heck, a car could be used as a tool to move sensitive material... is the auto mfg responsible because someone broke into the car?

Is posting a bunch of what-if ideas a violation of the DMCA?

OH MY GOD! I just heard a loud knock at the door...

Security holes have NOTHING to do with the DMCA !!

[Tom7]

This is really stupid and childish. I'll be the first to condemn the DMCA (after my own legal troubles with it), but this is not the way to go about it.

Someone correct me if I'm wrong (I'm not a lawyer though I have studied the DMCA and lawsuits based on it carefully), but the DMCA absolutely does not ban security information. The only related things that it addresses are circumvention (of protection technology in order to access a copyrighted work) and trafficking in circumvention devices. Security information (especially in the form of a vague changelog) is absolutely not either of those. By no stretch of the imagination can I figure out how it's supposed to be a violation of the DMCA.

What's really going on here? Someone (Alan Cox) is trying to make a point about the control that the DMCA gives to copyright holders. He's placed a piece of his copyrighted information that some people want (text of the kernel changelog) behind a click-through license that says you can't access it if you're from the USA. In my opinion this has fuck-all to do with the DMCA (because there is no "technological measure" to circumvent -- please read the definition of technological measure in the DMCA if you disagree with me), just click-through licenses, but, whatever. Then Red Hat decides, well, we can't copy that information because the copyright holder has told us we can't. Assuming that such click-through licenses are legal in the first place, of course, RH would be entirely within its rights for a non-US-citizen to license the document and then summarize it for Red Hat. Either they are too lazy for this, don't understand the issues involved, or are perpetuating this same bizarre notion that the DMCA makes every single thing you'd want to do illegal.

The DMCA only has to do with copyright, and only as far as circumventing technological measures that protect copyrighted material. The court enjoined DeCSS because it found it to be a circumvention device (they did NOT enjoin english descriptions of the algorithm, and especially not security notices about CSS being weak!). I don't agree with the decision, but at least it makes sense in terms of the law. (I also don't agree with the law!!)

The important point I'm trying to make is that to fight dumb laws like the DMCA, we need to understand what they really say and what the actual implications are. There's a tendency for hackers to use logical deduction ("If DeCSS is illegal because it can be used to break DVDs, then hammers must be illegal because they can be used to smash open store windows!") in order to decide the implications of a law. THIS IS NOT HOW COURTS WORK! Law is much more squishy than that. Making these sorts of alarmist claims, as if the DMCA outlaws everything that we'd ever want to do, hurts our cause by spreading misinformation. Instead, we should be educating people about what the DMCA actually addresses (ie, "Did you know it would be illegal for you to create MP3s from SACDs that you bought?" or "Did you know that it's illegal to buy mod chips for your Playstation so that you can play imported games that you also legally purchased?" or "Did you know that it's illegal to use your screen-reader software with the eBook that you legally bought?"). That's how we can convince people that the law is wrong.

YES YES YES

[schon]

Linux does not provide DMCA type copy protection -- PERIOD

YES, IT DOES -- PERIOD

Assuming you have a file named "copyrighted_file", which contains copyrighted text, the following command:

$ chmod 600 copyrighted_file.txt

will "effectively" prevent access to it by the system - this is all that's required under the DMCA to qualify as a "technological measure", as per section 1201-3:

(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

In layspeak: if something stops you from looking at something without someone's permission, then it 'effectively controls access'.

This is the main purpose of the +r bit in file permissions.

Re:YES YES YES

[schon]

if you get access to copyrighted_file.txt, the technological measure wasn't very "effective", now was it?

*sigh*

(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

READ, PARSE, COMPREHEND.

You need some work on the last one. The meaning of the word "Effective" is spelled out.

Re:Again?

[Alsee]

These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA.

I think you are reffering to the Library of Congress's DMCA review every three years? That committee would completely dissmiss it. They operate *within* the DMCA and have very narrow limits on what they will even look at. Dealing with them is a total waste of time.

-

You're lucky, we can't vote them out

Missouri had a very unpopular Senator. This fellow raised the ire of about everyone in Missouri, as he constantly voted his pocket instead of Missouri's or the USA's interests.

The people of Missouri had enough and decided they would rid themselves of this corrupt political hack once and for all.

Unfortunately for the people of Missouri, the fellow that was running against the incumbant Senator died a month before the election, with no time for the Democrats to nominate another.

The people of Missouri voted the corpse in, and in a landslide no less.

The same election brought a new President, and George W. Bush appointed the ex-Senator Ashcroft to the position of Attorney General.

"Will of the people" my ass. This November I vote straight Libertarian. Meanwhile, you Canadian fellows are lucky, living in a representative democracy instead of a sleazy, plutocratic autarchy.

HR 2281 (otherwise known as DMCA) details...

[Brendan+Byrd]

Here. Directly for the Library of Congress' site. You can find any bill there, if you know how to search for it. The thing that puzzles me is that I can't find a roll call for this.

Re:HR 2281 (otherwise known as DMCA) details...

[zeno_2]

Im still pretty sure that the DMCA was done by a voice vote, and the people who voted were not recorded...

I found the dates that the DMCA was introduced and what not, and near the bottom it mentions that there was a voice vote. Now if this is the actual vote by the Senate on the bill or not, its hard to say, as I don't understand it much, but I did not see any other links or anything that described a roll call, or any sort of formal vote..

Here is where I was looking at.

Sponsors of DMCA

[xiphosuran]

Although the bill was passed unanimously, the names of eleven sponsors are listed by thomas.loc.gov

The house bill, HR 2281, was sponsored by Howard Coble and had nine cosponsors:

Rep Berman, Howard L. 2/11/1998
Rep Bono, Mary 6/5/1998
Rep Bono, Sonny 9/26/1997
Rep Conyers, John, Jr. 7/29/1997
Rep Frank, Barney 7/29/1997
Rep Hyde, Henry J. 7/29/1997
Rep McCollum, Bill 1/27/1998
Rep Paxon, Bill 6/5/1998
Rep Pickering, Charles 6/22/1998

The senate bill was S. 2037 and was sponsored by Orrin Hatch.

Bill summaries can be found at:

http://thomas.loc.gov/cgi-bin/bdquery/z?d105:HR0 22 81:|TOM:/bss/d105query.html|

http://thomas.loc.gov/cgi-bin/bdquery/z?d105:S.2 03 7:

Re:US Citizen? You're basically fucked (as I am)..

[entrigant]

Slashdot needs a "Depressing yet true" moderation catagory.

Fuck It

[panck]

...someone host in on a US server and clearly display that under the DMCA the following is illegal. Then say "Fuck you assholes, here it is. Come get me" Take a stand and fight this shit biscuit.

Huh, wha, me? you want me to do it? I would but i don't want to have my server shut down :) I mean, someone with balls. They should do it.

Re:Republic vs. Democracy

[Alsee]

what inherent part of democracy makes it unstable?

Because pure democracy becomes completely unworkable when there's any sizeable number of people involved. In a pure democracy everyone would get vote on every bill. That is already a full-time job for senators and congressmen. It's hard enough having general elections for the president. Could you imagine doing that for every obscure bill that's voted on? Probably the first thing that would happen is that most everyone would vote to eliminate all taxes and the the entire government would cease to exist.

-

Re:RedHat dissappointment

[Vortran]

It's not "the US" per se, but rather certain acts of the US government. I do not voluntarily support many of the US government's actions taken in the name of its citizens with their money. Our freedom and form of government are excellent compared to others. That doesn't mean our governement can't suck. It just sucks a lot less than most others.

Do you support the DMCA? Supporting the US does not mean supporting the DMCA or the US government. To me, "supporting the US" means support the US citizens... the people like myself who get out of bed every day and go to work and look forward to coming home and playing with or networks and children (and wives!) and relaxing on the weekends. Just like the folks in other countries.

Vortran out

RTFDMCA

[bobdotorg]

I can see the future of Slashdot:

poster1: blah blah blah blah blah blah

poster2: RTFA!

poster1: F you! I would have RTFA, but hey, I'm an American. RTFDMCA.

Re:This is just FUD.

[SiliconEntity]

Next time, actually read the law. The DMCA is VERY broad. Sounds to me like your extent of reading on it was the name, and not the contents of the act itself.

The DMCA makes it illegal to publish any sort of information that provides data relating to any sort of bug that could be potentially exploited.

In that case, can you point to where in the DMCA it says this? You might want to take a look at my earlier post, where I quoted the relevant part of the DMCA and showed how it would not apply to a Linux kernel patch. Please enlighten us.

Re:(--- Please Read!

[Tom7]

> To the retard politicians, they aren't gonna get it unless people start to complain about how they can't get security fixes
> because they violate the DMCA. Only when it starts to hurt a huge number of people or a bunch of biger businesses will they
> care. It takes extreme (sarcastic) measures like this to get normal people, who don't pay attention to this stuff, to care.

Sure, but this is really senseless when the DMCA doesn't have anything to say about security releases. It's like if someone at a fast food restaurant refuses to serve you french fries until marijuana is legalized. Sure, maybe this will upset a bunch of people, but will it really convince politicians to legalize marijuana?

The case you mention was about a professor (Felten) intending to publish a report on an SDMI watermarking technology in which he essentially breaks the system. (This of course was in response to the SDMI challenge!) He received threats, some of which were about the DMCA, from the RIAA, SDMI, and some other company. They never carried through to sue him (eventually they stated that they had never intended to), and in any case probably would have not gotten very far in court because his paper could hardly be considered a "circumvention device". (Not to mention that the DMCA has some exceptional clauses for security researchers.) Nonetheless, it would be fair to say that the DMCA was used as a weapon to try to chill his free speech rights, and it was somewhat effective.

However, even assuming that this had some possibility of being illegal, it's still in a totally different league from a redhat security advisory: it was highly technical (essentially containing instructions on how to defeat the protection), and actually concerned protection measures for copyrighted content. The kernel changelog was neither technical nor did it have to do with protection measures nor was it related to copyrighted content.

Re:Then almost all security notices violate the DM

[SiliconEntity]

But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.

You're right, these conclusions follow logically from the claim that this kernel changelog violates the DMCA. It's quite clear in fact that it does not; see my earlier post.

Notice that no one here or in the referenced articles and links actually quotes the DMCA to show which provision would be violated by publishing this information! Doesn't that make you suspicious?

It's sad that so many people here are willing to suspend critical thinking when presented with a claim that fits into their preconceptions.

Think for yourself

[SiliconEntity]

No one here or in the referenced links has backed up the claim that DMCA would apply to publishing these kernel patches, using quotes from the DMCA itself. Why do you suppose this is?

And more importantly, why are so many people willing to accept these claims without any proof or even any evidence?

Readers need to think for themselves, and not just accept what people tell them. It's all too easy to swallow unsupported claims which fit into our preconceptions. But in fact those are the ones for which it is most important to check the facts, simply because they are the ones where we are most likely to make mistakes.

See my earlier post for evidence that the DMCA does not apply to publishing kernel source. I quote from the text of the DMCA itself, and link back to the rest of it.

Shouldn't a position that has evidence behind it be more believable than one which is offered without any backing at all? Pay attention to your own thought processes as you consider the new information I am presenting here. Think about whether you are being objective and open to new ideas, even when they contradict your prejudices.

Thinking for yourself is hard work, harder than letting other people think for you. But if you can get yourself to do it, eventually you'll find that it's a hard habit to break.

Wrong

[commodoresloat]

They did not legally purchase this right from Congress. They only purchased a license to use this right. Congress may revoke or revise this license at its discretion, perhaps with the upgrade to Congress v. 2004.

Re:This is just FUD.

[ameoba]

In short, the whole hoopla about the changelog violating the DMCA is just a publicity stunt / protest action. Nobody is going to go to court for saying "joystick driver is buggy", (microsoft's explainations of security patches is equally vague) but it provides an excellent vehicle for showing the potential absurdity of the law, as it stands.

It reminds me of when I took driver's ed. The instructor explained that a major intersection was designed in such a way that it was IMPOSSIBLE to legally go from northbound State St. to northbound Shoultes Rd. even though that was the most common way to go through the intersection (and was required to get to the highschool).

In this case it was pointing out a case where a normal activity being against the law was an indication of a design flaw in the intersection; with teh changelog, it's pointing out that an otherwise normal activity being against the law is showing design flaws in the law.

There is only ONE solution...

[MasteroftheVoxel]

Kernel patch submissions from Alan Cox should no
longer be accepted. It's apparent that he is not
just doing this because he hates the DMCA, but that he is trying to give Americans a hard time in general.

Any idiot will understand that the DMCA has nothing to do with circumstances like this kernel patch. Any lawyer can explain to you exactly why. I'm not going to quote from the law, because frankly, no one on
Slashdot is capable of interpreting the legal terminology.
That is what lawyers (unfortunately) are for. If you really want to understand the DMCA, consult a LAWYER (they are a necessary evil in the US).
Words such as "effective", "reasonable", "primary" all have special meanings when it comes to legal documents.

Basically, there are no copyrighted works involved here. And the kernel patch is not primarily written to circumvent some type of digital rights management. The point is, yes, occasionally crazy issues end up in the courts - you can sue pretty much anybody for *anything*. (Hey, my C compile lets me write code to circumvent CCS, my hammer allows me access to the local library to steal books, etc. Thats not the DMCA though) Fortunately for us, the crazy cases don't usually go very far in the court system. Yes, it was surprising about what happened with Adobe and the Russian guy (what was his name?), but that was a much different issue - where the notions of copyright and copy protection where VERY clear there.

Do you think Alan Cox consulted his lawyer before submitting his kernel patch under such an absurd copyright? I doubt it.

So, the end result simply becomes that Alan Cox is beign stubborn. We don't like the DMCA, but he really isn't at risk from it because of a kernel patch. Let's not support this kind of insanity anymore. Sure, continue to fight the DMCA, but let's also make our voices in the Linux community heard, and make it clear that we don't want to deal with whiny, stubborn idealists who are always trying to push a political agenda. It distracts from what we (and Linus) are trying to do with Linux and OSS (for some at least)

Re:There's another saying in Canada...

[Blkdeath]

Still better than "Huh?", eh?

..or Green Party

[Valdrax]

The Green Party is also a good choice for a party that is against corporate welfare legislation. That's pretty much the core focus of their party platform, though it's more oriented towards enviromental concerns.

those comments are illegal citizen!

[Quixadhal]

If a security document describing flaws in the kernel is a violation of the DMCA, than surely any coments in the source code of any Open Source product are also in violation (I guess that means my code is safe! *grin*)!

Further, since the DMCA doesn't specify that the language must be English, the source code itself might well be in violation. Say goodbye to utilities like crack (and thus cracklib), or port-scanners. In fact, you might choose to view the contents of a protected file with /bin/cat... HA! It's now a tool to circumvent copy protection, don't let it run with root privs! And don't forget to change chmod so it can't clear bits... the DMCA doesn't specify that *YOU* may circumvent your own protection!!!

Hmmmm, now what big organization hates open-source, and would benefit the most from having it declared illegal.... what giant mega-corp would be happy to have security notifications disallowed.... hmmmmm....

Re:This is just FUD.

[Elwood+P+Dowd]

You are exactly wrong. If I have copyrighted materials on my computer (and since copyright is automatic in the US, I do.) and then someone tells you how to break into my computer, they have violated the DMCA. The Linux kernel is an access control device. Everyone agrees. That's the law.

I guarantee you, we'd all be happy to keep politics out of software. Unfortunately, that's completely impossible with or without the DMCA. Copyright is sufficient to bring politics into the software.

Re:US Citizen? You're basically fucked (as I am)..

[peter]

> Result: You're surrounded by people who despise George W. Bush and see you as their personal GWBush voodoo doll. So they harangue and harass you about every screwed up thing the U.S. does as if you personally ordered it.

That's not even close to true. In any place you might actually want to move to, most of the people are reasonable enough to know that most Americans don't like the things their gov't is up to. There's a big difference between disagreeing with what your gov't does, and hating Americans in general.

Someone who left the US as a refugee from the DMCA would be very unlikely to be shunned because they grew up in the US. Anyone who leaves once they figure out how bad it is must not be the kind of person that keeps electing people who pull shit like Bush does.

It's fairly well known how difficult it is to get a clue from the US news media, which is why most people don't blame the US public for what their gov't does. Democracy is broken, so it's not the people's fault.

There are some places in the world where people are brainwashed into blind hatred of entire cultures or groups of people. You might encounter the kind of treatment you describe in some places like that. BTW, Canada is not one of those places. Right now, a lot of us hate your gov't. This is separate from the ongoing we're-better-than-the-US sentiment. We like to point to things like gun ownership, and crime involving guns, as reasons why Canada is better. Canada has always had a need to feel superior, probably because we guess that the rest of the world sees us as the US's little brother (or even lap dog). This sentiment does _not_ apply to individual Americans. If you came to Canada (or most E.U. countries, I would imagine), and told people you left the states because of gov't oppression, you would be welcomed with open arms. (You might want to avoid talking about it too much if you support most of the rest of what Bush is up to, since most people outside the states would hope you meant you didn't like everything he's doing, and maybe want to talk about how much Bush's unilateralism sucks. Still, there are people who defend America's war plans, etc., and people don't egg their houses or knock down their mail boxes. Nobody will care that you used to live in the states unless you make a big deal about it. (err, you might want to own a vehicle other than an SUV or pickup truck to avoid the stereotype of the resource-guzzling American.))

No! Read the DMCA!

[Tom7]

If it was presented to a judge that Mr. Joe Nobody wrote a changelog entry defining file xyzzy.c that has hole 'a' in it which causes this issue... and Mr. Jack Cracka makes a program based on that info, and Master Script Kiddie then uses that program to take down a server for some company, it could be construed that Mr. Nobody's original document allowed for circumvention of system security and therefore was in violation of the DMCA. See?

No, I don't see. You should really read the DMCA (http://www4.law.cornell.edu/uscode/17/1201.html)! It doesn't outlaw hacking, or taking down servers (computer crime laws do, though) nor does it outlaw providing information to someone about how to hack. The only thing it outlaws is circumvention of protection measures that control access to a copyrighted work, and the trafficking in devices primarily designed for such circumvention. Read the definition of technological measure, circumvention, and circumvention device in 17 USC 1201, and then tell me how taking down someone's server could possibly be such a violation. Even if by some stretch you can fit that into the law, certainly it is even more of a stretch to imagine that the changelog is a "device" that is "primarily designed" for circumvention.

Without proper understanding ... a trial can go to hell quickly, without proper cause.

Yes, indeed!

But mistrials aside, I don't see how this issue could ever be a realistic DMCA case.

Re:No! Read the DMCA!

[Xepherys2]

Perhaps you don't live within the US? Are you not familiar with how technology trials have gone in the past? I'm not speaking of mistrials, I'm talking about trials that end with bad results due to the misinterpretation of a law and/or misunderstanding of technology. A stretch? Sure! But stretches of the law occur daily in the US... *shrug*

Re:No! Read the DMCA!

[Tom7]

Yes, I live in the US. Do you have any examples?
I'm claiming that this scenario would surely require more than just a misunderstanding of technology, but also a serious misunderstanding of the DMCA.

In any case, the fact that technology is misunderstood in the courts is all the more reason to avoid being alarmist and confusing in how we (as people who DO understand technology) portray the DMCA. Do you think it helps anyone's understanding of technology for Cox to be claiming that sercurity holes have something to do technological measures for controlling access to copyrighted works?

Re:Republic vs. Democracy

[Alsee]

why do people like you walk around making some absurd definition of the word "democracy"?

The word "democracy" is commonly misused to mean "republic". It is a common and accepted use, but when you are going to distinguish a democracy from a republic you have to EXCLUDE extra republic definition listed under democracy.

look at the dictionary definitions:

Democracy:
1. Government by the people; a form of government in which the supreme power is retained and directly exercised by the people.

Republic:
2. A state in which the sovereign power resides in the whole body of the people, and is exercised by representatives elected by them.

The difference is who "exercises the power". The United States is a republic. We elect Representitives and Senators to exercise lawmaking powers. Hell, we don't even elect the president as a democracy. You think you get to vote for the president? Nope. There are only 538 people who get to vote who becomes president. They are called the called the electorial college. When you thought you voted for president you really elected someone to the electorial college who promised to vote for the person you wanted. That's why we've had a few presidents elected with less than 50% of the public's vote. The public does not directly elect the president.

Go get an education before talking about "people like you walk around making some absurd definition".

-

Re:This is just FUD.

[Elwood+P+Dowd]

Say what? In absolutely every regard, all of the changes discussed in this patch are for the single purpose of controlling access to content on my computer. If I do as little as a "chmod 600" on some of my bad poetry, that is intended to control access to a work. If someone tells you how to use a joystick driver to break into my computer, run arbitrary code, and thus read my poetry, they have violated the law under the DMCA. Tell me how I'm wrong.

That's not it..

[sparkz]

That's AC's 2.4.19 changelog, which has been there for ages - the RedHat advisory is about 2.4.18.

I don't see anything on the site about 2.4.18 at all...

Re:Again?

[vsavatar]

Yes, you are correct, this story is similar to the changelog story from awhile back. I already know I'm not going to become very popular here saying this, but since I'm not a karma whore I could care less. Alan Cox is a coward. The fact that this information is not posted publically is a pure act of cowardice. First of all, this information has nothing to do with the DMCA and would not even stand a chance of holding up in a court if charges were brought against Alan especially if he's tried by a jury of his peers. Second, if, by some weird ass twist of fate, it did stand in a jury trial it would certainly be thrown out either by the appeals court or the supreme court which could result in parts of the DMCA becoming invalidated and thus liberating us from at least part of its tyranny.

Alan needs to turn over kernel development to someone with more balls than he has. I've thrown myself in front of the cannon several times in an attempt to get the DMCA overturned, but no one has fired it yet. I'm going to throw myself in front of it again by posting the secret text on my webserver located right here. Alan has no right to call himself a leader in any sense for as long as he refuses to do something to change what he knows is wrong. Any man who knowingly allows an unjust act to occur(the imprisonment of a fellow programmer), does nothing to change it, and hides in fear of it, has no right to call himself a man, much less a leader.

I hope you're reading this Alan because I know you read these articles on a regular basis and yes, I am attacking your values and principles. Perhaps it's time to reevaluate them because you sir, are a coward who will allow injustice to continue when you are one of the few people who has enough public acknowledgement to actually have the ability to make a difference, whereas I, a lowly network engineer with no fame or notoriety, am willing to put my personal freedom on the line to make that difference.

Re:Security holes have NOTHING to do with the DMCA

[ces]

This does actually go beyond Alan Cox making a point, he really does have to worry about releasing patches giving circumvention information in the US.

Consider the following:

Assume Microsoft Palladium has shipped.
Assume a major remote exploit bug/hole allowing one to bypass the "trusted computing environment" is discovered in this new OS.
Assume the steps required to reproduce the bug allow one to bypass the DRM built into the OS.
If you posted either an exploit or a description of the bug you could be charged with violating the anti-circumvention section of the DMCA.

Now assume someone has a "trusted computing" patch for linux that uses digital signatures for security. Remember this can also be used for DRM.
Bug allowing trusted computing subsystem to be bypassed is found.
Someone posts patch for this bug, by it's very nature the patch contains enough information to exploit the hole.
This also would be violating the anti-circumvention provisions of the DMCA.

If you think perhaps this is an overly broad reading of the law and nobody would really ever be prosecuted for violating the DMCA in this way. Remember DAs who have decided a perp is evil and must be guilty of something will find something to nail you on. Usually a law with overly broad language that was aimed at an entirely different problem. Some favorites are RICO, federal wire-fraud statutes, tax evasion, anti-conspiracy statues, computer crime laws, and coming soon to a courtroom near you the DMCA.

Clarifications

[shiflett]

Though your statements are mostly correct, you seem to be missing the point.

It is not the author of the information that needs to use the tool to gain unauthorized access to a copyrighted work. Do you think they had to prove that Dmitry Sklyarov accessed copyrighted information through the use of the tool he helped create? No. Did they prove that 2600 used DeCSS at all? No.

If it is possible that someone else could use the information you publish or the tools you create to gain unauthorized access to a copyrighted work, you are in potential danger of prosecution. Yes, prosecution is not guaranteed, and in this case it seems remote, but why should anyone have to take that risk? These people chose not to take that risk and used the opportunity to point out one absurdity of US law.

The statement that security information cannot be interpreted as a means of circumvention is more than a bit naive. 2600 posted a link to software that someone else had written that someone else could have possibly used to gain unauthorized access to content on a DVD they purchased. They got sued under the DMCA, and it was a strong enough case to win. Describing a security flaw in order to justify the necessity of an associated patch is also nearly identical to the talk Dmitry gave that landed him in prison.

Comparing DeCSS to this situation is tricky. In the DeCSS case, source code was ruled to not be speech. The source code to DeCSS was deemed to be useful for circumventing CSS in order to gain access to a copyrighted work. English descriptions of the code were not useful for circumventing CSS, though they could arguably be used to achieve the same result.

With detailed security information and the associated patch, we can draw a parallel to DeCSS source and the English descriptions, respectively. Though this seems counter-intuitive, this correlation represents the risk that is being avoided in this situation. The patch itself fixes a security vulnerability and is not useful for gaining access to a copyrighted work. So, even though it is code like DeCSS, the primary purpose of each contrast sharply. However, whereas descriptions of DeCSS were much less useful for gaining access to a copyrighted work, descriptions of a security patch are much more useful than the patch itself.

So, for software intended to break security, one could argue that the tool is more useful than descriptions of it to achieve that goal. For software intended to patch security, however, it is quite the opposite. The description of the tool is what can potentially be used to break security, thus this is the piece shielded from American eyes.

Re:One day...

[uncoveror]

Yes, you clearly understand the big lie theory. You are using it now. If you were telling the truth, you would claim your comments, not post as an anonymous coward.

Re:In Massachusetss the new law is null and void.

[emptybody]

Prove it. Lets see the link on state.ma.gov that says so.

Still ok in DRM setting

[Tom7]

First, both of your situations are hypothetical. Neither is actually the case.

Second, we need to talk about "circumvention devices", not circumvention. Of course a description of a bug is not actual circumvention. In fact, it's not a circumvention device either. No court has ever banned a textual description of how to circumvent technological measures, nor (I hope) will they ever. Such descriptions are protected by the constitution, unless they are also simultaneously executable (in the sense of DeCSS source -- too bad). Don't forget, also, that the primary purpose of the "device" must be to circumvent, so a patch that fixes a security hole certainly wouldn't qualify, even if (and I stress if, since usually exploiting a bug is much harder than finding it) the patch contained enough information to develop an exploit.

In the case that we were talking about a bug in DRM technology like Palladium, there might be more to worry about (I contend that a description of what a security patch fixes would obviously be in the clear, nonetheless). However, there's no technological measure involved in this case, no device, no copyrighted material (??) and therefore, no DMCA.

Vote for none of the above

[Nathaniel]

"I believe it passed unopposed. Leaving you three options:

• spoil your vote
• vote for someone other than the incumbent
• don't even show up to vote"

A better option is to show up, vote, and actively obstain if you don't like any candidates for a particular office. There are probably other issues worth voting on any particular ballot, and the total number of votes is relevant (if underreported). As more people actively obstain, it will become easier to demonstrate the need and desire for a binding none-of-the-above option. Increasing voter turnout of people who understand technology would be a Good Thing.

has anyone asked the obvious question

[prestidigital]

Is it a hoax? Every comment I've read here is a reaction under the assumption that the story is accurate and the website actually means something. If it's truly illegal to accept the license just b/c one lives in the U.S., why is it even available to U.S. domains?

Re:bleh

[YrWrstNtmr]

as if its your god given right to have the power in your hand to end someones life in an instant

As you could with a car. So what? In the hands of a responsible adult, a firearm holds no special danger. You hold in your hands (probably far too often) the equipment to be a serial rapist. Are you one? No. Presumably, you are a responsible adult.

but people like you, that have this fundamental belief that theyre essential to existance, are the reason why events like columbine, 9/11 and the latest sniper nut killings happen.... dont you think the gains clearly outweigh the losses?

The current sniper, is by definition, a criminal. If guns and ammo were outlawed, what makes you think that he would not be able to obtain them anyway? Heroin and crack are illegal, but there seems to be no problem obtaining these, either.

The events of 9/11 had nothing to do with personal firearm ownership.
I don't think guns are an essential part of existence. But, they do hold some definite advantages. Banning personal firearm ownership ensures that only people who are ready and willing to use them for criminal uses will have them. And the rest of us would have no recourse to protect ourselves. None.

When the asshole breaks into your house, and says "Give me the money", you give it to him.
When he says "Give me your car", you toss him the keys.
When he says "Give me your wife", you smile and wave as he carries her out the door, because you cannot stop him.

Would you be willing to put this sign in your front yard ?
"This house is gun free!"

Listen. You cannot put the genie back into the bottle. These things exist. If outlawed, they would exist underground. And be used by criminals. The best thing we can do is grow better humans, who will be less likely to turn into criminals.

Again, please read the law!

[Tom7]

You have a misunderstanding of the DMCA and the cases you mention (Sklyarov, DeCSS). In particular, the idea of whether something is "useful" for gaining access to a copyrighted work is irrelevant as far as the DMCA is concerned. The only thing banned is devices primarily designed for circumvention.

The DeCSS code was enjoined because, though it was held that code is indeed speech, it was not PROTECTED speech because it was also a "device" whose primary purpose was to circumvent CSS. I don't agree with this ruling, but that was what happened. It had nothing to do with how "useful" the source code was compared to the english descriptions.

Sklyarov was not indicted for giving a lecture about how eBook "encryption" worked, he was charged with trafficking in a circumvention device for profit. (A criminal offense under the DMCA!)

There is no way that a vague english description of a security flaw in a changelog constitutes a device, much less a device whose primary purpose is to circumvent a technological measure used to protect a copyrighted work. Where's the technological measure? (Read the definition in the DMCA) Where's the copyrighted work? How is a paragraph of english a device??

If we can find a way to educate people about what the DMCA really bans and why DeCSS and Sklyarov's software were found to be illegal, that's great. If we can find a way to be an annoyance to those who bought and use the DMCA, that's ok too. But this stunt is just immature, and only an annoyance to people who already agree with Cox (ie, linux users). In my opinion, all of his posturing is just lowering the level of discussion (and understanding) and will ultimately hurt our cause.

Re:Again, please read the law!

[Tom7]

I did read the ruling. I have been following these cases closely, partly just out of general interest and partly because of my own legal troubles (here) with the DMCA.

Where do you read that providing "useful" information on how to circumvent technological measures was found to be illegal? It's possible that a judge could find this to be contributory infringement (under a different section of copyright code) but not the DMCA. It's just not in there.

> Sure, he was prosecuted for trafficking in a circumvention device.
> And, I suppose 2600 was prosecuted for illegally copying DVDs, right?

2600 was prosecuted for trafficking in a circumvention device, as well. (??)

and what about anonymous surfing?

[prestidigital]

http://www.the-cloak.com/Cloaked/+cfg=32/http://ww w.thefreeworld.net/non-US/

What the fuck!?

[autopr0n]

Could you link to any of these? The DMCA SPESIFICALY STATES that does NOT restrict freedom of speech in any way, that you are free to write, and talk about security, and that reverse engineering is legal for security and encryption purposes.

Re:What the fuck!?

[ajs]

You might want to read more carefully. The DMCA does say that reverse engineering is allowed, but only for purposes of developing interoperable software:

(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.

Now, as for restricting free speach... heh. The law makes security testing semi-legal by defining a number of tests for legitimate testing. One of these is

whether the information derived from the security testing was used or maintained in a manner that does not facilitate infringement under this title

This phrase is scary as hell for people who do security testing, since their activities are essentially judged based on how well behaved their audience is. This is why companies that do security audits are (as in the case of the Red Hat audits) requiring that the results not be released. If they are released to the public, then those security audits could be construed as a violation of the DMCA! So you are right. The DMCA does not restrict speach per se. It just makes companies that perform security evaluation scared as hell to speak....

If you wish to argue these points further, please cite the specific portions of the text that you feel contradict what I've said here. Thanks.

Re:Security holes have NOTHING to do with the DMCA

[Frank+T.+Lofaro+Jr.]

Possible solution:

Add to the linux copyright a prohibition on running any code which constitutes a "system protecting a copyrighted work" as defined by the DMCA.

I.e. if you consider your DRM system to be a "system protecting a copyrighted work" as defined by the DMCA, you may not run it on Linux. Acceptance of the license would mean you agree anything you run would not constitute such a system. If the DRM code license prohibits this, then you are simply forbidden from using it (just as the GPL forbids using another licenses restrictions to circumvent its own).

Then we could release patches, since we wouldn't have to worry about circumvention of an access control system which itself is in violation of the Linux license.

Of course, with Kaplan on the bench, we do have to worry. He could just ignore the illegality of the protection system like he ignored fair use. Just requires the RIAA/MPAA/BSA/SPA/IFPI/WIPO to write a big enough check.

Precedent: Kennedy-Kassebaum

[istartedi]

This reminds me of a precedent involving non other than Sen. Edward Kennedy, and another legislator (Sen?) Kassebaum. The Kennedy-Kassebaum bill contained a clause that forbade lawyers from explaining how people could protect their assets from Medicaid. The bill passed. It never made it to the Supreme Court. Instead, the Justice department under Janet Reno (she did some things right) decided that it was a violation of the 1st ammendment on its face. They publicly stated that their policy would be not to enforce it. The law still remains on the books as an ugly blotch. Estate planning lawyers advise their clients that it's still on the books, then they go ahead and tell them about the DOJ decision, then they violate the law.

Yes. It's sad. Fixing the law is the right thing to do. Aspects of the DMCA are on par with the K-K restriction. Of course IANAL, but if I were faced with this situation I'd just go ahead and violate the law which is what people are doing. Then either the DOJ will make a similar policy decision, or someone will go to SCOTUS. If SCOTUS can't see this for what it is, then buy a gun because we'll need another revolution to fix it.

Re:bleh

[YrWrstNtmr]

IIRC the terrorists had personal firearms when they were taking over the planes... where did they get them from??.. perhaps it was at the 'target' store down the street.. perhaps it was some other way.. but ultimately those guns came from the easily available market in the U.S... I will secede though that they could have imported the weapons from home.

errr, no. They merely had boxcutters and shortblade knives. All perfectly legal (at that time) on aircraft.
To maximise the possibilty of mission completion, bringing illegal weapons on board was not a good idea. Some may have been found out when boarding, thus compromising their mission. They also played on the prevalent thought processes of the aircrew. Pre-9/11, the way to stay alive during a hijack was to cooperate until you could land. That has changed.

I'd say that in all these situations you will most likely not even have time to reach for your safely secured and locked firearm in your bedside drawer.. if hes got a gun trained on you, he's not going to give you the time to pull yours out.

No, the idea is that he does not know whether or not a weapon is in any given house. Remove firearms from law abiding citizens, and then he can attack any house with impunity, because he will have a firearm, and knows that you do not.

Firearms in the hands of law abiding citizens pose no threat.
Criminals will have firearms, no matter what the law says.
Which do you prefer? The possibility of protecting yourself, or simply giving up?

Cox's jihad

[0x0d0a]

I'm pretty sure that the Register's hinting is dead on -- this whole "make the DMCA look idiotic by making progressively more and more crucial things be inhibited by it" is an ongoing Alan Cox project. He's got a fair bit of tech clout...he might be able to help drop the DMCA.

Give a couple years of building up nasty cases against the DMCA, the EFF decides the time is right, and goes after it.

Re:Again?

[sg_oneill]

...face DMCA busting if he explains the 'sploit."

Surprisingly, you could have used exactly the same number of characters to spell exploit correctly.

Or I could of spelt "Petty" with even less letters. SHeesh.

and what's so paranoid about this?

[Stephen+Samuel]

Skylerov took some reasonable effort to ensure that his code wouldn't be used improperly. Nontheless, he ended up in jail in a foreign country and unable to return to his home family and job for a long period of time. And now, the US is denying him a visa to return to the States to defend himself against the accusations that Adobe made (and later withdrew) against him.

I can understand that Cox wouldn't want to be skyleroved.. Yes he works for RedHat and RedHat is a US company.... All the more reason to be worried about being made a 'test case'.

It's one thing to cry 'paranoid'. It's another to be told by your lawyer that, should you take what you consider to be a completely reasonable and prudent action, you run the risk of:

• Being arrested and possibly held without bail (risk of flight as a foreign national).
• havin your trip schedule completely messed up.
• being denied access to your primary employer's home state
• having to defend yourself against criminal charges (even if you're found innocent, it could cost you hundreds of thousands of dollars).
• If found guilty, you could end up in jail for years.

Remember: We already have Skylerov as example of having this happen to a foreign national.

Given a choice between this, and making a political statement about the stupidity of this law by simply obeying it, what would you do? If you had a family to support, would this change your decision?

Re:Cox

[Gordonjcp]

Microsoft has said time and time again that Linux has no commercially significant uses. Therefore, Cox's patch does not, either.
That's a good point, actually. Since Microsoft more-or-less has the US Government in its pocket, who are they going to listen to first? Kernel hackers (who as I'm sure we all know are commie hippy dirty terrorists who want to destroy democracy and ruin the internet for its rightful purpose, advertising Time-Warner), or Microsoft, keeper of all that is good and right in software (hey, they've been around for 26 years, they must be good. Oh, and what a nice clean-cut young man that Bill Gates seems...)

Re:So...

[dylan_-]

Seriously, I hope every US citizen knows why there is the right to...bare arms in the constitution.

So that's why t-shirts are so popular in the US...

Confused

[DustMagnet]

I'm confused, you just agreed with me. You only added a longer explanation. The DMCA doesn't make it illegal for me to read about the patch. It's the author's license that does.

What part of that is completely wrong? It's straight from the article.

Re:Confused

[MSG]

It's not the author's license that makes it illegal at all. The DMCA may make it illegal for the author to tell you about the problem, because that information can be used to circumvent digital security.

All the crap about not reading the description if you're an American is not about "licensing" the information. The author is trying to protect himself from prosecution for violating the DMCA *himself*. If you read the information he's posted, it's not you who've violated the DMCA, it's the author (potentially).

Does that clear it up?

The only censorship I see here...

[Dragoness+Eclectic]

..is by the anti-American anti-DMCA morons in Europe.

Anti-DMCA

Yeah, the DMCA has some very bad provisions that need to be re-done or tossed entirely. It has a few good sections, too--like the clause that says copying a program to memory to run it or installing it on your hard disk is a de jure non-infringing use of a copyrighted work. Said clause invalidates the old traditional basis of EULAs--that normal use is infringing by definition, therefore you must have a license to use your software. Nope, not any more. The only remaining basis for EULAs is contract law, and unilaterally-imposed, no-signature, after-the-sale contract conditions are a bit shady, to say the least. So, part of the DMCA is good--it gives us a legal basis to trash bad EULAs.

We want to get rid of the idiotic "circumvention device" clauses--the ones that are being mercilessly abused to supppress competition and research, and the one-sided "safe harbor" provisions that are used to chill free speech by intimidating Hosting Services into yanking perfectly legal speech from the web until its proven innocent at the time and expense of the victim. The provisions of the DMCA that are abused show us which provisions need to be tossed or re-done. It's being looked at, and the more obnoxious provisions are getting wrung out by the courts.

Anti-American

So Free Software is now only "free" to countries whose politics you agree with? What a load of crap! I don't see anyone making sites of software and information available to everyone except, say, China or Saudi Arabia. Why not? You could be arrested if you went to China after saying anything bad about their political system, or arrested if you went to Saudi Arabia while publishing a website with scantily-clad women on it--or pirate copies of "Satanic Verses".

While you're at it, better block all French sites if you discuss WWII or mid-20th century European history--you might mention Nazis. Better block Germany if you are a religious site that says rude things about anyone else's religion--even in a historical context. Thomas Payne's papers are extremely inflammatory and insulting toward the British monarchy, so Project Gutenberg had better block Great Britain--I think lese majestie is still a crime over there. Any site that hosts the writings of Martin Luther had better block most of the majority-Catholic countries in the world--I believe it is a crime in Italy and Germany to defame the Church.

Shall I continue? The Un-Freeworld site is run by a bunch of hypocrites, and Alan Cox is just as much a hypocrite if he supports it. A bunch of Europeans have decided they are going to take their ball and go home because we Americans won't play the way they want, when they want--then they have the temerity to call themselves supporters of "free" software.

Ballocks.

Free software is NOT about "you can't see my code if I don't like your politics". The latter is called CENSORSHIP . Anyone with the attitude of this so-called TheFreeWorld site is a damn liar and hypocrite if he calls himself a support of free software, because he's just another fucking censor. ...morons

Oh yeah, the Freeword site claims to restrict access to non-U.S. computers, but it does not. I downloaded stuff from it just fine. Like every other fill-in-the-form, jump-through-the-stupid-hoops site, you lie through your teeth to get at the "free" content. And ignore the stupid license with the stupid unenforceable threats.

Hypocritical morons.

Re: Killing Ants

[Dragoness+Eclectic]

I prefer to use Orthene. One tablespoon nails a whole nest within the day.

But then, I really, really hate fire ants. Ever accidently stepped in a nest of the little buggers? Fire ants are the rabid, poison-fanged, enemies of all mobile life besides themselves; they will happily swarm over any creature of any size that disturbs their nest and try to bite it to death. ...I want to see the little bastards die in writhing agony. En masse. Squashing them is just too inefficient.

Re:bleh

[Dragoness+Eclectic]

there exists no quick solution to getting rid of guns, obviously..

Good. Then we can hang on to our guns during the phases when nutcases like you get in office and make laws.

but you have to start somewhere..

No, you don't.

making the sale of guns and ammo to the public illegal could be a nice starting point...

That would be a very bad starting point into tyranny and oppression. Fortunately it is unconstitutional in the U.S.

making the public TRULY aware of the horror of guns, instead of supporting them could be another..

Are you always that easily scared by inanimate pieces of metal?

the way you're describing guns here really amazes me... as if its your god given right to have the power in your hand to end someones life in an instant...

Well, actually it is. Self-defense is considered one of the self-evident human rights, and for people who were too foolish to figure it out, the guys who wrote the U.S. Constitution wrote it out explicitly in the 2nd Amendment.

i'd like to think that we've progressed FAR beyond the ass backward colonial american days when carrying arms was perhaps necessary to keep the redcoats at bay...

Unfortunately, we've regressed far from the enlightened early post-Revolution days when everyone understood the importance of freedom of speech, religion, association, the importance of limiting government power, and the overriding importance of keeping the means to "calibrate" governments that turn tyrannical-- arms in the hands of free men and women.

Unfortunately we haven't progressed beyond the need for self-defense, either. Perhaps you have; I'm curious to know what crime-free utopia you live in.

civilians have no excuse to carry guns..

Fortunately we don't need excuses. We have a Right to Bear Arms. I don't have to explain to you or the government why I choose to carry a gun, and that's the way it should be.

target shooting? boohoo, so you dont get to practice your m4d sniping skillz.. go play some counter-strike instead

You do that. I'll target-shoot to keep my gun skills sharp. Untrained fools with loaded guns are dangerous.

you dont need them to hunt - you go the store instead, or use a bow if you must absolutely kill your own food

You do that. I'll bag deer with a .30-06 if I feel like it--in season, of course.

you could use them against your government in case they became tyrannical - come on! you think youd stand a chance?

Yes, as long as none of my compatriots were like you. The government doesn't even consider doing a lot of crap because pissing off 200 million people with guns is a Very Bad Idea. I'd explain in detail, but your mind is already made up and I don't feel like bothering with the long side-argument that will entail.

you could use them to defend yourself from criminals - but then they could use them against you too.

Only if you hand them to the criminal first. Usually it's recommended that you shoot the bastard instead.

Sorry, I know you have to weasel out from under saying "you should just bend over and take it from criminals, because you have no right to defend yourself from predators"; even you think that sounds bad.

collecting guns - again, boohoo so some rich texan doesn't get to display his semi-automatic rifle collection on his wall.

So, whose collection are you jealous of? I can't think of anything else that inspired this comment.

if anything, guns are anything BUT mostly harmless...

I should hope not! If I use a gun, I want it to seriously harm what I'm shooting at!

but people like you, that have this fundamental belief that theyre essential to existance,

No, I just believe that guns are instruments of a basic, self-evident, inalienable human right: the right of self-defense.

are the reason why events like columbine, 9/11 and the latest sniper nut killings happen.... ...and a non sequitur follows. Because I believe people have a right to defend themselves, a bunch of fanatics fly a plane into a building? Gosh, I didn't know I had that much influence on world events!

dont you think the gains clearly outweigh the losses?

Yes, I think the gains of retaining the Right to Keep and Bear Arms clearly outway the losses.

STFU!

[dirvish]

dumb ass

Re:Republic vs. Democracy

[Alsee]

You actually pointed out exactly why the situation would be worse without realizing it.

most of them would look at the stuff pending, decide they don't care, and not vote.

it's easy for the industry to lobby a few hundred people -- heck, they can employ at least one person to lobby -each- congresscritter. but they can't do that for all americans

But they can run misleading commercials to get a few million misinformed people to pass a horrible law. All you need is one sensational newstory about some child getting kidnapped, molested, or killed after using the internet (even if turns out later that the kids babysitter was responsible) and you have a few million hysterical people passing a horrible law.

I don't know how many bills come up for a vote each year, but I'll bet it's several hundred. 200 million people can't pay attentuion to several hundred laws per year in their spare time.

Also remember that only the people who care will bother to vote. As often as not the most interested and motivated people have selfish motivations, and not the good of the public in mind.

While I wish I could vote against the DMCA, I'm glad someone is being paid to deal with the hundreds of bills I've never heard of. Also, only legislators are the only ones who can introduce new bills to be voted on. Could you imagine the hundreds of thousands of pieces of crap that would be submitted if anyone could introduce a bill?

-

Re:bleh

[Dragoness+Eclectic]

normally i have a pretty open mind towards people, but we obviously differ on a very fundamental level and theres no point in continuing this..

In that, we are agreed.