Slashback: Blaster, Sabers, Canada

Slashback tonight brings you more on the recent cracking of GSM encryption,the odds of file sharers escaping industry scrutiny in Canada, the recently found (and stomped) OpenSSH bug, installation-time ads in Mandrake, and more. Read on below for the details.

Art of the Saber Jagaast writes "As a counterpoint to all the hype about the Star Wars kid, here's a Star Wars fan film that's actually very well done. Art of the Saber is 'a light saber fight sequence with the flavor of a Hong Kong martial arts action movie.' Well worth watching." Update by J : I've made torrents available.

Vote early, often, and reversably. An anonymous reader writes "As a follow up to a previous story here on Slashdot on electronic voting, Excite has a story on the same subject with a bit more information including this amazing quote from Deborah Seiler, Diebold's West Coast sales representative: '"These activists don't understand what they're looking at," Seiler said.'"

GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"

Mandrake ads...take 2 *no comment* writes "Apparently there has been some controversy over the ads in the upcoming Mandrake 9.2. I thought it was pretty cut & dried, but apparently Mandrake thought it was enough of a controversy to to release a written statement about it. I wonder how many flames were posted in the slashdot forum using the download version of Opera."

Blaster Worm still alive and well on MIT campus fwc writes "MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."

A big AWOOOGAH for Canadian file sharers. Rumor writes in response to a recent story suggesting that Canadian users could swap files scot-free: "Listen, Canadians, don't go using your p2p apps and thinking you are immune from lawsuit, you are liable for copyright infringement if you share files on p2p apps.

To wit: a fellow law student and I have written an analysis of s. 80 of the Copyright Act and we've concluded that one can download music safely under the Private Copying provision, but no one can share or upload files without infringing on copyright.

In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement.

The upside is that you can accept copies from other people (ie. download) all you want. Although there might be an issue of contributory infringement to worry about... I won't go into analyzing that, since so far the record companies are only suing uploaders.

The article can be found on greplaw.

I've recently confirmed this analysis with an IP law professor at my university, so I'm pretty damn sure of it. So, please, be aware of this danger. Downloading cool, uploading/sharing not. I guess the situation still better than nothing."

Why not ask for your money back? zaaj writes "There are several articles out about a newly found/fixed(openssh.org) buffer management bug in OpenSSH and some derivatives. Cisco's Advisory only mentions DoS attacks against certain of their SSH-enabled devices, but ZDNet's article hints at rumors of long-existing root exploits. Regardless, RedHat's got their typical list of updated packages with the patch back-ported. A few other distro's have info in the vendor section of Cert's advisory CA-2003-24"

Blaster, Sabers, Canada?

[WIAKywbfatw]

Canada's in Star Wars?

Re:Blaster, Sabers, Canada?

[Gherald]

Canada's in Star Wars?

Yes, only they call it "Hoth"

Re:Blaster, Sabers, Canada?

[Ian_Bailey]

No, we're just a teenage Anakin.

Re:Blaster, Sabers, Canada?

Ya know... you really don't speak for me... so if it's all the same to you, please don't assume that we share your view... Oh wait... this is /. , guess I should know better...

Re:Blaster, Sabers, Canada?

[oogoliegoogolie]

And I'm sure Skywalker is with them!

Re:Blaster, Sabers, Canada?

[exhilaration]

That video was pretty damn cool - I just wish that one dude was wearing something a little more classy that sweatpants. Sheesh.

Re:Blaster, Sabers, Canada?

[dreadnougat]

And while we're at it, I'd just like to say congrats to Calgary on their first snowfall of the season! :)

Re:Blaster, Sabers, Canada?

[Len+Weaver]

Yeah, only up here we call him Luke Ski-walker.

Re:Blaster, Sabers, Canada?

nicest sig ever you have there :-)

Re:Blaster, Sabers, Canada?

[darkith]

Thanks.
Tea all over the monitor...

D.
(New Brunswick)

Re:Blaster, Sabers, Canada?

[IIRCAFAIKIANAL]

One time I had to slice open a moose with my lightsaber and sleep in it's entrails to survive the cold, bitter night.

Speaking of which, quit making fun of us, or we'll send one of our Jedi Master after you!

Re:Blaster, Sabers, Canada?

[jafuser]

On the topic related to Star Wars, principal photography on Episode III completed yesterday (Sept 17).

Looking forward to Summer 2005 =)

Re:Blaster, Sabers, Canada?

[mitheral]

Pfft! You call that a snow fall? We got less than 5 cm. I was still playing golf.

Apache section?

[piranha(jpl)]

Any reason this is in the Apache section?

Re:Apache section?

Beyond wanting to make more people see it? No

Re:Apache section?

[Gherald]

Any reason this is in the Apache section?

Yes, timothy's mouse wheel slipped

Re:Apache section?

Oh well, they moved it over to main now.

Re:Apache section?

His Microsoft mouse wheel.

Re:Apache section?

[NanoGator]

"Any reason this is in the Apache section? "

The editor forgot to hit preview.

Re:Apache section?

[nacturation]

"Any reason this is in the Apache section? "

The editor forgot to hit preview.

At least Timmy didn't archive this one too.

GSM-crack paper online...

[WIAKywbfatw]

GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"

I dunno what's the world coming to?

You can buy crack rock on the street and get crack paper online so what's next, crack scissors from your local hardware store?

Re:GSM-crack paper online...

The researchers' paper in now online at their university website in Postscript:

http://www.cs.technion.ac.il/users/wwwb/cgi-bin/ tr -get.cgi/2003/CS/CS-2003-05.ps.gz

P2P

[jrockway]

I think I have a way of sharing music while avoiding legal action. The client should work like this:

1) Request a file
2) Ask "Is bit #0 a 1"
3) Get a response, write the appropriate bit to a disk (or buffer).
4) Repeat for the other 9238472093847 bits.

Now, here we're not copying anything. We're just asking about it in a way that lets us make an educated guess about the contents of the file. How can that be illegal!?

Re:P2P

[robi2106]

Wow! A whole TCPIP packet to carry the question, one for the ack of the question, a 3rd for the response, and a 4th for the ack of the response.

Assume about .1 seconds for each packet to get from end to end (could be more over dial up).

While a neat idea (and sarcastic at that!) the usability people may raise questions.

jason

Re:P2P

[Gherald]

Well you could ask for everything at once. All you'd have to do is generate a text file 9238472093847 lines long saying:

Is bit 0 a 1?
Is bit 1 a 1?
Is bit 2 a 1?
Is bit 3 a 1? ...

Then gzip it and send it via some standard TCPIP protocol.

The server would then just generate a similar file saying:

Yes, bit 0 is a 1
Yes, bit 1 is a 1
No, bit 2 is not a 1
Yes, bit 3 is a 1 ...

Re:P2P

[Cutriss]

I think I have a way of sharing music while avoiding legal action. The client should work like this:

1) Request a file
2) Ask "Is bit #0 a 1"
3) Get a response, write the appropriate bit to a disk (or buffer).
4) Repeat for the other 9238472093847 bits.

Client: "Is bit #2A389D1 a 1?"
Host: "Go fish!"

Re:P2P

[CedgeS]

Even easier:

First ask:
What is the length of that knifty file you've got there?

Second ask:
For each bit in the file, is it a 1?

Re:P2P

[the_real_tigga]

How about protocols like BitTorrent?
Although I might "share" a file, I never give away the whole thing. I only offer very tiny bits of a file to anyone who asks.

AFAIK, copyright law permits giving away small"excerpts" of copyrighted materials.

So provided I never permit upload of the whole file to a single downloader, would I be in the clear?

Re:P2P

"Yes officer, but what if I crossed the street against the light, but I was walking on my hands, then it wouldn't be jaywalking, now would it? No? Well, what if I was skipping?"

Give it up, the law does not look kindly upon those looking for a loophole (unless you've made a large campaign contribution).

Re:P2P

[Quasar1999]

I get the joke... but it's a great idea!

Not the asking bit by bit, as the overhead would kill throughput, but what if we broke peices of the data into mathematical equations, and sent the equations instead? If I can send something like (bare with me here, I suck at math... ;) ) "2x/log(3x)" to represent a chunk of a song, then we are not actually sending a copy of the data, we are sending a formula which has many other uses.

It's simply passing formulas, and if I happen to know what "x" is, then I might happen to create a block of data that is identical to the original song that was encoded, but it was never transmitted, thus all we got were a bunch of open ended formulas, and they cannot be taken as evidence of piracy, or infringement...

Re:P2P

Heheheh. That's the first time I've laughed at Slashdot in weeks.

Re:P2P

[conteXXt]

If I could mod this up further I would. (for funny of course)

Re:P2P

[conteXXt]

ting ting The Real Tigga just won an award for most lines read between. That's exactly why I have been downloading whatever I want (and leaving the windows open). I am not sharing the whole file.

Now how you deal with the pissed off librarians (who fought for the right to those excerpts) is whole other question/issue.

P.S IANALibrarian :-)

Re:P2P

isn't this just what compression does?

mp3 isn't a copy of the file, it's just a copy of a representation of it.

-Nick

Re:P2P

Non-geek alert! I laugh every 5 minutes :P

Re:P2P

[flewp]

If I could mod this up further I would. (for funny of course)

As opposed to insightful or interesting? :P

Re:P2P

[jrockway]

Actually I was planning at some point to do research on audio compression with Iterated Function Systems. That's what "Fractal Image Compression" is. Maybe someone has already done this?

And I wasn't _really_ joking about the above protocol. Maybe we should do it more than a bit at a time :)

Re:P2P

[Chris_Jefferson]

Computer geek types who want to be clever need to understand one thing. Much of the law is based on intent and result. It doesn't matter if you print a file out, fax it, then send it via piegon droppings. If at the end of the day you've made a copy, you've made a copy and all the consequences involved.

Similarily (in the UK at least), you can't get around paying for a TV licence by doing something stupid like sending it over ethernet and routing it via your printer or something :)

Re:P2P

[Quasar1999]

isn't this just what compression does?

mp3 isn't a copy of the file, it's just a copy of a representation of it.

Yes, but an mp3 has all the parts required to get the 'lossy' copy back on the other end... I propose not transmitting everything that is required, thus saving your ass if you get hauled to court, since they can't take what was transmitted to you and come up with incriminating evidence.

You simply got a bunch of formulas. You get the keys elsewhere... and I can hear the next argument, why not send encrypted data then? Well, simply because encrypted data can still be dechyphered and can then be used to prove you were stealing the song (or whatever), since there is no other use for the data sent, but formulas have an endless amount of use, and as long as you can prove that there was another use for the data, they can't PROVE that you used it to gain a copy of illegal data (even if it CAN be used for such, it has other legitimate uses)... Hell, someone prove to me that a crap load of formulas weren't simply a representation of stars in the sky... see my point?

Re:P2P

[Progman2000]

Could also say "What is [some-64k-chunk] ANDed with [64k-of-1s]?". To make it "safer", actually send the all-1s block (gzipped, of course) each time.

So long as the not-quite-uploading machine actually takes the time to check every bit, it should pass legal muster. Well, if the lawyers don't grasp boolean operations...

If you really wanted to muddy the protocol, send a random chunk of 1's and 0's that the not-quite-uploading system can XOR against the file. Seems to me that would help the "I'm only asking questions about the file" argument.

Re:P2P

[Quasar1999]

Actually I was planning at some point to do research on audio compression with Iterated Function Systems. That's what "Fractal Image Compression" is. Maybe someone has already done this?

The key problem isn't how you send the data, but rather when someone sniffs your data, can they beyond a reasonable doubt prove that you are stealing music/movies, etc... if you use formulas (with variables that you don't transmit) there is no way for them to prove you stole anything... even if plunking in a certain value happens to result in a block of numbers similar to a chunk of copyrighted material, you can easily argue that throwing in another number results in a block of other numbers that represent stars in the sky, or sand on a beach (or some other hugely random thing)... I don't know how US courts work, but I'm positive a defense like this would work in a Canadian court (unless you are actually caught with the music/movie intact on your harddrive... but I'm talking about the actually data transmission part of it)...

Re:P2P

[NanoGator]

"How, here we're not copying anything. We're just asking about it in a way that lets us make an educated guess about the contents of the file. How can that be illegal!? "

Wouldn't that mean that if you're downloading a 20 meg file, you'd be sending out 20 megs worth of data?

Re:P2P

[Krach42]

Actually, you can just kind of bundle them all up into one byte. You send a question "0xFFFF", and it responds back with a 0 if right, or a 1 if wrong.

You could probably gzip it, too, which of course would shout compress fairly nicely.

Optionally, just to get around some objections, just use a randomly generated pattern.

0x4AE2?
0x6718?
0x9217?

0x3512!
0xB145!
0x0173!

Re:P2P

[noname3]

"Copying in whole or in part without express permission is prohibited." Copyright law allows you to quote excerpts for review, research, or news reporting. At least Canadian law does.

Re:P2P

[aalex675]

Doesn't the current model work because what is actually happening is more along the lines of:

Client: I need this file ...
Server: Okay. Here is a copy of the first part...
Client: Okay. I am making a copy of your first part that will then disappear into cyber space.
Client: Ok. Copied it. I need the nth part.
Server: Ok. Here is a copy of the nth part.
etc, etc, etc...

So the actual copying is still being done by the client. Is this wrong?

Re:P2P

I think I can make money with a modified version:

1) Request a file
2) Ask "Is bit #0 a 1"
3) ???
4) Profit!

Re:P2P

[josecanuc]

If you do that, you might notice that you're sending the same bits as the source file. It doesn't make it any more legal if you wrap file transfer with some question-answer-protocol-which-doesn't-change-the- way-the-file-is-transfered.

Another simple alternative is to "ask" is bit n a 0? In that way, the server sends you the whole file bitwise-inverted. Doesn't sound like a way around the law either. (ignoring the fact that the intent is what is really looked at, not necessarily the methods).

Extending it further and all you're seeming to do is encrypt or otherwise encode the file in question before sending it.

Re:P2P

[Deagol]

That sounds right. But wasn't that whole PGP source code being OCR'ed from hard copy a end-run around for a set of laws? Or did those laws specifically exempt printed ("published") material?

Just playing devil's advocate here. Loopholes are ways to get around the "intent and result" you mention. And ideas like the grandparent post may be valid loopholes.

Re:P2P

What you're talking about is "Fair Use" one of the most misunderstood aspects of copyright law.

Fair Use basically allows excerpting parts of a work for certain purposes such as citation or criticism.

If your purpose for publishing a small chunk boils down to "so the receiver can combine with lots of other small chunks and get the entire work" then clearly you're way outside of fair use.

You might as well claim that ALL internet trading is legal since no single IP packet contained the whole file!

(IANAL; but clearly neither are you :-)

Re:P2P

[technix4beos]

At first glance, this appears to be a very unique and clever way of transferring information about a copyrighted work.

However, this would be very similar to using analog methods to record music from the radio or the soundcard.

Someone correct me if I'm wrong, please.

*still chuckling*... A very clever idea indeed. Would this mean that once the original material has been verified elsewhere, that the subsequent information can be shared wholesale? ie: shared normally through p2p.

Re:P2P

[conteXXt]

It's should be informative in the truest (binary) sense. "Go fish" would mean byte=zero if question was is byte = 1

I am sure everyone else got that meaning though.

Re:P2P

[netsharc]

And considering it's only yes and no, you can encode the yes'es as 1s and the no's as 0s!

Sheesh, either some people are missing the joke or the grandparent post is joking, or you (parent post) is joking.

Re:P2P

[Bingo+Foo]

You might as well claim that ALL internet trading is legal since no single IP packet contained the whole file!

I think you just did.

Re:P2P

There is only one class of manimal missing the damn joke:

The moderators who marked the original 'interesting' instead of funny.

Ban slashdot moderation, or at least ban moron moderators.

Re:P2P

[EvanED]

Copyright law makes no such restriction, though it does say that the purpose for which the material used is one of the criteria that need to be used in determining fair use. Even commercial uses are allowed provided the judge feels the total of all the criteria is acceptable. Otherwise commercial parodies, satires, etc. would be out.

But yes, I agree in this part that I think claiming a P2P service that uses this protocol constitutes fair use is pressing it.

Re:P2P

[kfg]

Very cute. :)

However, let me ask you this:

Taking as assumed that this, through some really strange quirk of law, turned out to be legal, why on earth do you suppose this would avoid legal action?

It's legality could only be determined by legal action.

Got $50k and five years of your life to defend your concept?

Do you begin to see the problem with being right, but small?

KFG

Re:P2P

[Big+Smirk]

Copyright law covers derivative works. Doesn't really make a difference how you made the 'other' song, unless you can demonstrate that the other song can be made independant of the first.
Now were is that spell checker.

Re:P2P

[squiggleslash]

Not true. Parodies are a specifically exempted part of copyright law. They're not a function of some other part. Remember that freedom of speech trumps copyright law (it is, after all, an amendment, whereas copyright's mandate is in the document being amended), and therefore as time has gone by, there have been cases where judges have been convinced that the only way in which an idea could be expressed would run against copyright and hence, for that specific case, copyright could be legally violated. Parodies are one of them. Reviews are another. But quoting bits in other contexts where it clearly isn't necessary to do so to express the view what you're trying to express most certainly is an illegal violation.

The worst case I've heard comprised of a piece of music called "Yes we have no bananas", whose author was sued by the estate of the composer Brahms, for copying four notes from one of the latter's compositions.

Yes, the suit was successful.

Yes, the law is bananas.

Re:P2P

[jafiwam]

There was a theorem proved a while back that any given string of arbitrarily long data could be found in Pi.

deCSS is in there.

You could simply encode by using a big CPU to calculate the values, and get the next mp3 you wanted by a simple hash of "start here in Pi" and "end here in Pi". All you need to know is Pi and the start and end. No download required. No copyright on it either, as it's just as valid for you to store "12" on your hard drive as it is a portion of Pi.

How are they going to regulate a naturally occuring (yet irrational number)? Classify it?

"No officer, I wasn't pirating! I was doing math!"

Re:P2P

[WolfieN]

Interesting Concept. But, instead of decrypting on demand.. why not make them download a list of formulas.. which then could be converted to a file using a "Third-party" converter?

Re:P2P

[Feztaa]

Although it's a nice technicality, the fact of the matter is that you're facilitating somebody else's download of the file.

I don't really think it matters that they got part from you, part from somebody else, etc etc etc, just that they got it and you gave it to them.

(I got a note from my ISP about how I was sharing a movie on BT, although nothing has come of it as yet).

Re:P2P

Yeah I like the way you think.

I don't however, understand why this is different to sending mp3s? Data is just a bunch of 1's and 0's, I could easily be using the data of an mp3 file for some other use than listening to it!

do you think that convincing judges of your intended use is all you need to do? If this is the case, I argue that we don't even need to change it into forumlas, just strip the mp3 header info.

"but it's just data!"

or maybe just make a program that interprets mp3's data as a picture or something, and say that's why we're using it!

Re:P2P

[hikaru1]

that's a great argument! but how many years would it take my cpu to compute pi to the correct place?

Re:P2P

[JackpotMonkey]

So provided I never permit upload of the whole file to a single downloader, would I be in the clear?

Problem: You have to prove that you didn't upload the whole thing. To have it shared I would assume that you have downloaded the entire app/song/game/whatever yourself. Unless you can prove in court (with logs or whatever) that these particular bytes of the file NEVER got shared you are almost garunteed to be at the losing end of that legal battle.

If you were to only download a neglagable amount of the file that falls below the minimum for copywrite infringment to only share that part then you would probably be able to escape prosecution, but then why bother anyways except to share a fragment of a file, that fragment is most likely the most prolific (sp?) part (as it was the first and therefore the fastest/most shared section of the file in question)?

Re:P2P

[identity0]

So basically, you're sending the other peer a file, and asking for a diff between it and the song file. Since you have the random file and the diff output, you would be able to piece together the original song file.

That's an interesting idea, but I don't think it'll hold water in court. Remember, MP3s are also machine-made derivatives of the original music tracks, and quite different data-wise from raw music - but courts have no problems holding that as copyright infringement. In the end, all that matters is what comes out of your speakers. A judge is going to look at whether you 'got' the music from someone illegally, regardless of how it's transmitted.

Re:P2P

[PetiePooo]

I realize that this thread is mostly in jest, but you're all missing the bigger point. The problem isn't the actual transfer of the file.. its indexing the files that are available. How can you legally say to the room-temp-IQ crowd that "I have a song here, but its not available.. sorta.." and still get away with it?

Remember those college students that just ran an indexing web page listing all of the songs on their fellow students' shared folders? They didn't share the files themselves, but they're now working their way out of debt thanks to the RIAA.

There are hundreds of ways of actually transfering the file without attracting undue attention (Waste would be my favorite at the moment). But how do I find the person who has that file that I want when he's not telling the world that he has it because the world includes that suit-happy association whose business model it obliterates?

How do I find that person?

Seriously, I want to know. I'd like to borrow some of his/her CDs for personal use. Of course, I have some to lend as well...

Re:P2P

[aardvarkjoe]

You just download a copy of pi with your "filesharing" program.

The cool part about this is that you will then have a copy of every song ever written already available on your computer. All you need is somebody to tell you where it is...

Re:P2P

[EvanED]

Note that I went into US mode there; it's possible that Canada or other is different. If you too are talking about US law, continue...

Cite where this is from. All decisions on what is fair use and what is not are judicial and when people say "parodies are allowed" they are citing case law rather than Congressional decisions. The word "parody" does not appear in Title 17 for instance, nor does "satire", at least if Cornell's search is worth its salt.

Re:P2P

[CAIMLAS]

This is a nitpick, but...

Copyright violation is not illigial. It is a civil violation and up to the copyright holder to challenge that use in court.

Thus, why people aren't getting arrested, and the RIAA is sueing them. Granted, they're stepping over the line, but fuck 'em, it's their funeral.

Re:P2P

[arcade]

Computer geek types who want to be clever need to understand one thing. Much of the law is based on intent and result. It doesn't matter if you print a file out, fax it, then send it via piegon droppings.

Actually, I've got a funny little story about exactly that. The US have (had?) this funny law about exporting strong crypto.

Now, this law only covered the electronic implementation of the crypto systems. If you remember Phil Zimmerman of PGP fame .. well .. he got into a lot of trouble for releasing PGP.

To make it _legal_ .. what did he/they do? Well, they _printed out_ the source code. Then they mailed it to the University of Oslo (Norway), where the entire source code was scanned in and checked for errors - then compiled and distributed.

Legally.

If my memory served me right this was in the late 80s of the early 90s.

Re:P2P

[suss]

So provided I never permit upload of the whole file to a single downloader, would I be in the clear?

Didn't seem to have worked for napster...

"99% and you disconnect me?! No! You fucker! Die! Die! Die! Nooooooooooo!"

Re:P2P

[hikaru1]

yes, but to have a "copy of pi" on my computer, my hard drive would have to have infinite storage capacity. in other words, i would have to have a copy of every mp3 that was ever created, ever could be created, and also every other combination of numbers possible. no, we'd actually have to have our computers generate pi to the required decimal place.

Re:P2P

[squiggleslash]

That's correct. I never said that parodies were specifically exempted in the legislation itself, what I said is that they're specifically exempted in law rather than as part of something else (of course, you could argue that they're exempted as part of the first amendment, but that's where we get into the constitution. The person I was responding to thought that parodies are exempt because short extracts are exempt, but that's not the case, and indeed short extracts most certainly are not, by themselves, exempt.)

Looking at what I wrote, I could have been clearer. I was trying to make the point by talking about how judges generally looked at the first amendment in addition to copyright law and allowed things that would be violations of the latter if banning them would violate the former. There are a variety of ways in which the law can allow things, one is if the law is specifically worded as such, another is if the constitution prevents that law from covering certain areas. By itself, saying something is exempted in law will probably get interpreted as the former by most people even if I mean the latter.

Re:P2P

Or how about just keeping the yes/no bit

so the response to:
Is bit 0 a 1?
Is bit 1 a 1?
Is bit 2 a 1?
Is bit 3 a 1? ...

would be:
Yes
Yes
No
Yes

And then we could make the whole process
quicker by representing Yes by 1 and No by 0
how could -anyone- think thats the same as
copying ?

Re:P2P

[cbiltcliffe]

But how do I find the person who has that file that I want when he's not telling the world that he has it because the world includes that suit-happy association whose business model it obliterates?

How do I find that person?

Simple. A P2P client with a licence that specifically disallows use by the RIAA/MPAA, it's employees, agents, etc. If they use it, they infringe the author's copyright, which is what they say they're trying to uphold.
Then, an encrypted protocol that's illegal for them to hack under the DMCA that they lobbied so hard to get.

I'm currently working on one of these. If anybody wants to help, email me at the address on the website in my sig.
Unfortunately, it can't be GPL, because then I couldn't stop the RIAA from using it. It will, however, be free-as-in-beer, and free of adware.
I'd also like a lawyer to help me with the wording of the licence, so it's absolutely bulletproof. I know there are a few lawyers on here, so it you want to help, send me an email.

Re:P2P

[BardicStorm]

Theoretically if you can reduce any digital file down to simple binary, then it would be possible.

One must simply write a program that sequentially increases the binary value of a file, then saves that file. If you start with those binary values that indicate the file is an MP3, then just increase all other bits within the file sequentially, it would theoretically be possible to create not only every existing work out there, but every future work as well.

Of course the time and resources this would require are a bit unreachable I think, it is possible to do with todays technology, just not feasible.

For that matter, you could theoretically do the same thing for anything which can be made digital and stored in binary on a computer (documents, art, etc.).

Re:P2P

[SillySlashdotName]

"Remember those college students that just ran an indexing web page listing all of the songs on their fellow students' shared folders? They didn't share the files themselves,... "

I remember that they DID have infringing material on their computer, and that they WERE sharing that material.

Because they settled out of court, we will never know if the indexing or the sharing (or both) were illegal - that was never addresed in court.

Re:P2P

[MyHair]

Seriously, I want to know. I'd like to borrow some of his/her CDs for personal use. Of course, I have some to lend as well...

I've recently discovered a couple of things called "family" and "extended family" that seem to have a rather diverse collection of CDs. I've also heard about "socializing" and "friends", but I've been afraid to venture there yet.

Seriously, I'm CD-swapping offline now and am surprised at the variety available to me. By the way, I avoid swapping with coworkers because they're more likely to turn and stab you in the back.

Re:P2P

Another question,

If the MP3s are encrypted and chopped into pieces (say 50k chunks), could those individual pieces be legally distributed as no single piece is a meaningful piece of data/audio?

ie. If you had a host that kept track of what pieces are needed to for a particular download, could individuals share and distribute pieces without legal issues?

skuzmak@slb.com

Re:P2P

[Thyrsus]

No, you're not sending the same bits as in the file. Instead, assuming the question bits were generated randomly, you're encrypting the file with a one time pad that was sent in the clear. Elegant! Still unfair to the artist, however.

Re:P2P

[42forty-two42]

Well, you just need to be anonymous while transferring the file.

Re:P2P

[Merk]

And to what degree of precision would you have to know Pi to do this? And how much storage would be required to store it? And how much computing power would it take to find the relevant section of Pi that contains what you want?

I hope you're joking, because this makes about as much sense as the infinite monkey Shakespeare concept. There's no question it's true, but it is also irrelevant.

Re:P2P

[BLAMM!]

I smell a distributed project!

Each client gets a block of pi, starts at the first digit, and attempts to play the next 9238472093847 bits as .mp3 (or any other media format) looking a coherant audio (or video) pattern. Move to bit 2. Rinse. Repeat. Profit!

Re:P2P

[BLAMM!]

Power, schmower! Did that stop SETI@home? The internet has all the computing power you could ever need.

Someone needs to take this idea and run with it as a distrubted project. Not me, of course. I'm just the idea guy. I wouldn't have a clue where to start.

Re:P2P

[aminorex]

There is actually an algorithm which allows you
to compute any given digit of Pi without computing
the other digits. You wouldn't need to store it,
because you can just compute it when you want it.
Look up is still a bitch, but only because no one
has been working on it so far.

Re:P2P

And while you are at it, add all law enforcement and government agents to the blacklist ;)

Re:P2P

[Tetsujin28]

Copyright violation is not illigial. It is a civil violation and up to the copyright holder to challenge that use in court.

Not correct. U.S. copyright law also has provisions for criminal prosecution for copyright infringement.

openssh 3.7.1 STILL gots holes

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2003-0682

may I suggest a nice bottle of '01 -fstack-protector?

draconian, defined.

[lingqi]

Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network.

That's a draconian policy if I've ever heard of one!

To reformat you need to backup - and if you have more data to backup than some puny CDRs? and you can't get on the network to backup onto your friend's gigantic file server that he has kindly carved out a nice chunk for you for a week? and I have a laptop so it's not exactly a good idea to be pulling drives out?

all practical concerns I'd face if I was part of the MIT network - but glad that I am not on the MIT network, and that blaster didn't come my way. heh...

poor suckers who'd have similar problems with me, though - maybe that kind of explains why there are still so many people un-connected... they are all looking for used tape drives...

Re:draconian, defined.

[The+Blue+Meanie]

...if you have more data to backup than some puny CDRs? and you can't get on the network to backup onto your friend's gigantic file server...

You get a hub and some cables and some private IP addresses and you get to work. That doesn't make the policy any less draconian, though.

Re:draconian, defined.

[ice-monk]

To reformat you need to backup - and if you have more data to backup than some puny CDRs? and you can't get on the network to backup onto your friend's gigantic file server that he has kindly carved out a nice chunk for you for a week? and I have a laptop so it's not exactly a good idea to be pulling drives out?

Grab a knoppix (or similiar) disk and upload that why.
Reboot. Install. Retrieve.

Re:draconian, defined.

Kinda a cute draconian policy....

1) reformat harddrive
2) reinstall windows from the CD, (back to the version without Service Packs, security updates, etc.)
3) Get network access reenabled
4) Pray MSUpdate is faster downloading and installing all the updates than MSBlaster et al. is at find the vulnerabilities that used to be patched.

Re:draconian, defined.

How about using the BUILT IN FIREWALL in Windows 2000 or XP? That is, if you're too fucking poor to buy a Linksys hardware type.

Re:draconian, defined.

[FCKGW]

More likely:

1) Reformat hard drive
2) Reinstall Windows from CD
3) Install the patch from CD
4) Get network access reenabled
5) Ignore recommendations and never touch Windows Update, never intall a firewall, and never install antivirus software.
6) Get hit by the next Windows worm.
7) Go to step 1. Do not ???, do not Profit!

Re:draconian, defined.

[conteXXt]

anon was correct. The latest viruses (virii :-), worms more correctly) attack and attach BEFORE you log in (if they are already there.).

To fix, you would need a boot disk for Windows that mounts the harddisk and rewrites the security policy without enabling the windows kernel ( HUHHUH I said Windows Kernel. I meant DOS,sorry. :-)

Re:draconian, defined.

[JonnyQabbala]

I for one welcome our windows update overlords!

Re:draconian, defined.

[E-Rock]

Even more likely:

1. Call your buddy to clean the computer, or do it yourself since it's simple
2. Call IT support
3. Lie to the overworked underpaid slave/student who doesn't actually care
4. Laugh at all the dumbasses who formatted their computers.

Re:draconian, defined.

Enable the firewall before you plug the FUCKING network cable in, genius.

Re:draconian, defined.

[serial+frame]

I'm curious, do you *HAVE* to reinstall OSes, even if you're, erm, running NetBSD or some such? My first guess would be no, but it's unsafe to assume such things sometimes.

Re:draconian, defined.

[AArmadillo]

I agree with you, but one would think that MIT students wouldn't be the type of people that would get a computer virus. I mean, really, these are some of the best and brightest engineering students in the world, and they didn't patch their systems for blaster? I wonder how they actually ensure that you reformat your computer, however (which just opens it up to any security holes the user may actually HAVE patched)... do they force you to reformat in front of network personell? I can't imagine they have the kind of staff to sit around there and wait while each infected student reformats and reinstalls their computer.

Re:draconian, defined.

Well since they only shut off people infected with MS worms, you'd never be in this situation if you weren't running windows...

Re:draconian, defined.

[EvanED]

Many colleges don't allow devices such as hubs to be connected to networks; PSU says that the only thing you may connect is a PC. And I'd argue that most college students *are* "too fucking poor" for a hardware firewall to be a worthwhile investment.

Re:draconian, defined.

[Quixote]

"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it."
-- Linus Torvalds

So, just share your files via a handy backup utility called "Kazaa(lite)", and presto! Problem solved! ;-)

Re:draconian, defined.

The policy at the US Naval Academy is very similar. Somehow, the IT department knows whether or not Windows XP boxes have installed the patches for MSBLaster or not. If their scripts detect that you have not installed the patches, then your network port gets shut down, and you have to take your computer down to them to get reformatted and reinstalled, by them.

In my particular case, I dual boot XP and Red Hat 9.0, and installed all the patches for XP, so I didn't have anything to worry about, but I don't know what would happen if you just ran Linux.

Re:draconian, defined.

I'm getting really sick of this joke, but this is by far the best version I've heard yet! It works on so many levels. Great job. I hope you get modded both up and down!!!!

--
me

Re:draconian, defined.

Just because someone is an engineer or an engineering student doesn't mean they have a modicum of common sense. I work with a bunch of EE s and some have the common sense of a rock.

Re:draconian, defined.

I tried that, but everything got corrupted except for my pr0n.

Re:draconian, defined.

[Overly+Critical+Guy]

Sounds like a good excuse to reinstall something other than a Microsoft operating system.

Har har har.

Or, they could just download and install the patches that have been out for good while now. In the midst of reports of Linux being the most breached OS and SSH and sendmail vulnerabilities, I find the submitter's comment amusing, unnecessary, and hypocritical.

Next.

Re:draconian, defined.

[skookum]

Since we're in a list-making mood, how about:

1. Run blaster-cleanup.exe (or whatever it's called)
2. Phone network support
3. "Yes, I reformatted and reinstalled. My MAC address? It's ..."
4. Connect to net, resume fast downloads of pron.

Re:draconian, defined.

Does their policy say how many NICs that PC may have, and what iptables rules I'm allowed to use?

Didn't think so. Score nil for idiot managers with no concept of reality!

Re:draconian, defined.

[HeghmoH]

You have a laptop, so it's not a good idea to be yanking drives.

But you have a laptop. Just take the entire computer to your friend's place and you're set.

Re:draconian, defined.

[dogfud]

Whee..!!!
1.) back up blaster worm
2.) reformat HD
3.) restore blaster worm
4.) rinse, lather, repeat.

=^)

Re:draconian, defined.

I'd say it's not just draconian, it's ineffective. Once someone has wiped their disk and re-installed Windows, we absolutely positively know the following two things about their PC:
1) It does not have the latest Windows Update patches.
2) It does not have anti-virus software of any kind.
If we reconnect this machine to an infected network, it won't last the time it would take to install and update anti-virus software before it's infected again! So this will accomplish nothing.
I would recomment that MIT put on CD-ROM the appropriate updates (Windows service packs & updates, and latest virus definitions) and distrute CD-ROMs to the students. Tell the students to disconnect from the network, install all the updates, and run a virus scan (and delete quarantined virus files) before reconnecting. THAT will make a clean machine that can be reconnected to the network and not be re-infected.

Re:draconian, defined.

How about -1, Troll and then +5, Funny. That way he'll lose karma for posting the stupid cliche, but people will still be able to see it no matter if they're browsing at -1 or +5.

Is being sued the worst that can happen?

Cause I don't have any money.

Re:Is being sued the worst that can happen?

You could be done up like the goatse.cx dude while being interrogated.

Gah, incidentally, does anybody know how/where they got that picture?

Re:Is being sued the worst that can happen?

this says they came from stileproject. Maybe that's true. Who knows where they got 'em from? hmm...

Re:Is being sued the worst that can happen?

[Daniel_Staal]

No problem. You'll soon have negative money.

Re:Is being sued the worst that can happen?

You could be done up like the goatse.cx dude while being interrogated.

This is Canada we are talking about, not USA.

Re:Is being sued the worst that can happen?

[Krach42]

I'm not poor. Just my account balance is so large that it overflowed on the bank computers...

Yeah... that's the story.

Re:Is being sued the worst that can happen?

Cause I don't have any money.

FYI, the sort of fines and judgments you may be subject to for contributory copyright infringement are likely non-dischargeable in bankruptcy. Just an FYI.

GF.

Art of the Saber format?

[dspeyer]

The file's has a .mov extension, but neither file nor xine seems able to recognize it. Does anyone know what format it is, and how to play it?

Re:Art of the Saber format?

[Teach]

The file's has a .mov extension, but neither file nor xine seems able to recognize it. Does anyone know what format it is, and how to play it?

MPlayer with the Quicktime support compiled in plays it fine. It's using the SVQ3 decoder module, if that helps.

Re:Art of the Saber format?

[PhoenixFlare]

Normal Quicktime (in Windows) is playing it fine...Whatever the problem is, it's not with the file.

Re:Art of the Saber format?

[Quino]

Mayne you need to update your software? Runs fine in Xine for me

Re:Art of the Saber format?

[nlangille]

Its a quicktime file. So, you'll need either Quicktime, or a clone of Quicktime that runs on your system...

Re:Art of the Saber format?

[DraKKon]

Apple's Quicktime Player v6 wouldn't play it either...

Re:Art of the Saber format?

[shadowbearer]

Xine 0.9.21 plays it just fine for me, sound and everything. Perhaps you need to upgrade or install the windows codecs.

Gentoo 1.4, 1.4 ebuild of Xine.

SB

Re:Art of the Saber format?

[skookum]

Yeah, for all of slashdot's whining about open source, you'd think they'd actually take a stand and not post links to crappy proprietary formats that require shitty software like quicktime to play.

Re:Art of the Saber format?

[l-ascorbic]

QuickTime is an open format. Go take a look for yourself.

OpenSSH updated patch

[Zocalo]

And since the Slashback didn't mention it; if you patched your SSH yesterday to version 3.7p1, then patch again to v3.7.1p1. It would appear the bug wasn't quite squashed the first time around.

PS. Don't feed the trolls! Given the recent DCOM fiasco, it's fairly obvious where this thread goes...

Re:OpenSSH updated patch

It has been really entertaining to watch the posts claiming 'they have used these exploits successfully against OpenBSD' appearing in numerous online forums. However, nobody as of yet has coughed-up any actual code for an exploit; it is as elusive as evidence of ghosts and UFOs. There appear to be a few netizens with an OpenBSD grudge -- you figure it out.

Re:OpenSSH updated patch

[RajivSLK]

This is the patch that I used on the 3.2.3p1 code. I didn't want to upgrade all the way to 3.7

It seems pretty straight forward and the changes are pretty obvious. Is there somehting else?

--- buffer.c
+++ buffer.c
@@ -69,6 +69,7 @@
void *
buffer_append_space(Buffer *buffer, u_int len)
{
+ u_int newlen;
void *p;

if (len > 0x100000)
@@ -96,11 +97,13 @@
goto restart;
} /* Increase the size of the buffer and retry. */
- buffer->alloc += len + 32768;
- if (buffer->alloc > 0xa00000)
+
+ newlen = buffer->alloc + len + 32768;
+ if (newlen > 0xa00000)
fatal("buffer_append_space: alloc %u not supported",
- buffer->alloc);
- buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+ newlen);
+ buffer->buf = xrealloc(buffer->buf, newlen);
+ buffer->alloc = newlen;
goto restart; /* NOTREACHED */
}

Re:OpenSSH updated patch

The advisory patch posting at http://www.openssh.com/txt/buffer.adv has more than this, and includes file channels.c.

Re:OpenSSH updated patch

[Overly+Critical+Guy]

PS. Don't feed the trolls! Given the recent DCOM fiasco, it's fairly obvious where this thread goes...

Yet, it's not trolling to say, "Sounds like a good time to install a non-Microsoft system, hyuck!" Slashdot double standard #38,986.

MIT say it isn't so

[segment]

"MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."

Reformat? That's pretty dumb

B. Clear your computer of the Blaster worm

1.On the taskbar at the bottom of your screen, click Start, and then click Run. Type in services.msc and click on OK.

2. The Services window will appear. Enlarge it, if small, so you can see things. Click on the Name heading so the list is in alphabetical order. Look down the list for Remote Procedure Call (RPC) which Provides the endpoint mapper, etc. Do not choose Remote Procedure Call (RPC) Locator, which Manages things. Right click on Remote Procedure Call (RPC) and left click on Properties.

3. Click on the Recovery tab, and change first, second and subsequent failures to Restart the service, not Restart the computer. Click on Apply then OK. Close the Services window.

4. Hold down Ctrl and Alt keys and press the Delete key. The Windows Task Manager window will appear. Click on Processes. Click on Image Name to put the list into alphabetical order. Look down the list for msblast. There it is. Right click on it and click on End Process. Close all windows.

Total time to find this info: less than 30 seconds on Google cache... Interested in SoBigF? Check out my psychotic rants on it.

As for so called security team of whatever, I don't know why they would tell their users to format their machines... Seems a bit irresponsible, and makes me think their too lazy to read something like the DOC I just linked (Google cache link)... Hell they don't have to if you think about it... Print it out and throw it on every damn door. Come on if MIT can hang cars off bridges, place cars on roofs for pranks don't tell me they cant ctrl-p a damn doc...

Re:MIT say it isn't so

[aredubya74]

I have one word for you: copycat. Frankly, network admins were quite lucky that there weren't more Blaster copycat virii introduced. Just because the first and most well-known version of this worm was somewhat benign in impact (and easily removed), doesn't mean others don't have additional nastiness thrown on to em. As a former network abuse desk guy, when a customer called us who had an ongoing infection running on a server, we always recommended:

- disconnect the box from the network
- perform reasonable local analysis of the system to attempt to discern the source of the infection
- wipe the disk and reinstall OS and apps from original media
- repatch via disk or LAN (download patches to another server, and install)
- reattach to the network, and keep a close eye on said system

Reasonable steps, it would seem. Also, this reminds any admin worth his salt to keep those patches updated, or else be cursed with time-consuming reinstalls.

Re:MIT say it isn't so

[FCKGW]

The average (l)user isn't smart enough to follow clear directions like that and will probably screw it up. Even users from MIT.

Reformatting will get rid of whatever spyware they have, too, at least for a little while.

I'm not defending their policy. I'm just bitter from having to deal with lusers. ;-)

Re:MIT say it isn't so

[42forty-two42]

It'll restart unless you delete it and its registry key. Just terminating it is insufficient.

Instant Ciphertext-Only... PS?

[eddy]

Anyone managed to download the postscript version? The PDF version is horrible.

Re:If this was a Microsoft bug

No, if it was a microsoft bug it would have been swept under the carpet, a MS only patch would have been released late giving everyone time to exploit to their heart's content, leaving those who want to patch it no option but to use MS's patch and any other little extras they may (as they do) slip in at the same time, no chance to just recompile and fix the one single problem, and then due to Microsoft's half assed nature they would have STILL left the problem only half fixed, and a worm would pop up in a couple of weeks that brings the internet to it's knees. Again.

That's what would happpen if it were a Microsoft bug.

Copying for someone else's use?

[phr2]

Um, I don't get that, if I let someone else use my cassette deck to record one of my cd's, how is it that I'm the one doing the copying? And if I let them use my computer to do the same thing, what's different? Why does it matter if the computer is remotely operated over the net?

Re:Copying for someone else's use?

[kryonD]

You're not. And if you invite me over to your house, leave the door unlocked, your computer unsecured, and I just happen to burn all your mp3's to CD, you haven't done anything wrong either.

But when you knowingly place copyrighted music into a public forum via the internet, that's the same as you using your own casette recorder to make copies and giving them away.

Sorry, but I don't think saying that you didn't realize people were actually downloading the mp3's you shared over Kazaa will hold up as a legal defense.

Re:Copying for someone else's use?

[msimm]

Wouldn't it be more like your standing on your porch waiving your CD at passers by?

I mean to make your Mp3's (Ogg's) available you have to do it intentionally, at least in my experience.

Re:Copying for someone else's use?

Sorry, but I don't think saying that you didn't realize people were actually downloading the mp3's you shared over Kazaa will hold up as a legal defense.

I just like to show off how many mp3s I've got... the internet is great for that. I never told anyone they could copy anything.

Re:Copying for someone else's use?

[driptray]

But when you knowingly place copyrighted music into a public forum via the internet, that's the same as you using your own casette recorder to make copies and giving them away.

No it's not. The downloaders are the ones making the copies. They use your PC to do so.

The original article claims that it is the uploader who does the copying because the uploader is responsible for what their computer does, but I can't see how this differs from my being responsible for what my CD-burner does if I let you use it.

Re:Copying for someone else's use?

[gdeinsta]

The public library here in Ottawa advertises that they have CDs and DVDs to lend out. They even have an on-line catalogue. They are perfectly happy for people to borrow them, take them home, and copy them. None of this is illegal in Canada. How is putting the CD or DVD online legally any different?

It's a Quicktime file...

You need a quicktime player. There is the official one from Apple, and for some reason my WMP Classic shell is playing it...

Blaster and variants

[kaan]

I'm not too suprised to see that Blaster is still running around, even at MIT. I work in an office that's behind a firewall, but it wasn't until yesterday that somebody discovered one of the Blater variants in our internal network. Most likely it was introduced by somebody taking their laptop home, and then back to the office. So what's the big deal? We're a small software house with reasonably intelligent folks working here, but that didn't stop people from a) avoiding the install of Microsoft patches on their office machines, even though these are internal machines and thus "immune" from external traffic, and b) from taking a laptop computer home and using it on a non-firewall protected environment. That we're seeing stuff like this still happening on MIT campus doesn't suprise me. Sure, a good number of /. readers will scoff at this, but there are plenty of intelligent people out there who still think that a firewall will protect them from everything. And that's just the reasonably intelligent people. What about the average, non-technical folks who don't even know what a firewall is? What the heck has to change (other than Microsoft cleaning up Windows, and shutting down all of its stoopid ports) for this kind of things to stop?

Re:Blaster and variants

i work at an isp, and when i emailed out the info about the patches, we put information up on our website but only 4 of the 10 people read it and 2 patched their systems (the other 2 where mac & linux users). our boss, two managers and our computer repair/hardware guru where taken down.
when i asked what happened? why didn't you patch your system?

3 didn't understand the emails or the website.
3 didn't think it applied to them because they where using WinXP... even though the email and website han WinXP listed first.

and these are people who work with computers and claim to be knowledgeable about it.

Re:If this was a Microsoft bug

[AntiOrganic]

This is assuming they don't say "this bug can't be fixed without multiple architectural changes to the underlying OS, just have your firewall block all packets on this port kthxbye [slams door]."

Reformat and reinstall? Ack!

[kcurtis]

OK, so the student reformats the drive and reinstalls windows. Whee! Network access is turned back on.

Of course, no patches have been installed, since they are available as downloads unless MIT is distributing service packs and patches to the students via CD.

So now you have completely unpatched machines on the network, at least for the time it takes to repatch.

I've had rebuilt machines reinfected during that short time (yes, I should have thought of that first).

Maybe they have something in place to prevent this from happening, but that isn't indicated one way or another.

Besides, given the ease of fixing problems like these without reinstalling the OS, why bother forcing a drive wipe?

Just wondering if they're forcing everyone with the SSH hole to reformat and reinstall? (Yes, not as serious since it isn't a worm, but still)

Re:Reformat and reinstall? Ack!

[gl4ss]

because 'format the thing' is the sort of thing (almost)anyone with little knoweledge of pc's would do(little knoweledge is worse than nothing at all though..) still. they have some spyware-> reformat. they got some driver problems->reformat, they got some issues with temperorary files->reformat. it's the sort of knee jerk reaction anyone can do and think his doing something useful, yet annoying.

they might instruct them to shut down the services(i doubt they would be able to, the users, and if they were, why not do just that and run a cleaner to get rid of it) before hooking up back to the network.

though, it sounds like a real awful measure(and frankly like something that would NEVER be done on our university student housing network, rather you're just cut for certain peroid of time if you have excessive traffic out of the network, and of course all normal telecommunications laws apply) and quite impossible to control as well(heck, you're expected to let them on your computer? byebye privacy, and don't bitch about that they don't have to accept the conditions that give the access to them, because that's a slippery road) since you would pretty much have to take their word for it that they did the reinstall(and just didn't stick a knoppix cd in and say 'hey, i'm using this now, i don't have a windows installation' whilst having that other hd in the drawer)

quite amazed at mit taking such retarded action.. yelling reformat&reinstall is so windows95'ish ;). and most of the time totally useless measure, more harm than whats it worth. if they got so serious issues about blaster i just can't keep from thinking that their network has some other, far more bigger issues as well(inability to keep kazaaish bandwith hoggers at bay springs to mind, and this whole reformat thingy might be an attack against them as well).

Re:Reformat and reinstall? Ack!

[Symbiosis]

Of course, no patches have been installed, since they are available as downloads unless MIT is distributing service packs and patches to the students via CD.

Actually, we are, but aside from that, we also tell them how to (temporarily) use the built in firewalling of winxp and win2k to prevent a compromise while installing the patches. Yes, there were cases of people getting recompromised before patching was finished. As a test, an unpatched laptop was placed on the network. Time to compromise: ~1 minute.

Besides, given the ease of fixing problems like these without reinstalling the OS, why bother forcing a drive wipe?

see also http://slashdot.org/comments.pl?sid=78878&cid=6990 610 and my reply

Just wondering if they're forcing everyone with the SSH hole to reformat and reinstall? (Yes, not as serious since it isn't a worm, but still)

No, that's a vulnerability, not a compromise. :-p

Re:Reformat and reinstall? Ack!

[EvanED]

"Of course, no patches have been installed, since they are available as downloads unless MIT is distributing service packs and patches to the students via CD."

This is not unlikely, especially given this policy. PSU had a massive PR campaign called "disinfect before you connect" where they printed what must be a couple thousand CDs with the patches and stuff, and handed out flyers to everyone, and had RAs try to get people to patch, and stuff like that.

Re:Reformat and reinstall? Ack!

[Zebbers]

Id be willing to bet MIT distributed cds...my school did....

Re:Reformat and reinstall? Ack!

[kcurtis]

Good points.

I think it's overkill, but I can appreciate the reasons.

I'm not a Mandrake user, but...

[hankaholic]

I don't use Mandrake, but I have to respect any company that knows enough to number points in a press release starting with zero.

Canadian Loophole

[Goldberg's+Pants]

I thought when the story was posted the other day it smelled off. Copyright law here as I understand it says you can LEND a CD to someone and they can copy it, that's legal. If you copy it for THEM though, that's illegal.

The loophole? Okay, on a P2P app, when someone downloads a file from you it is REMOVED from your hard drive. Translation: You've lent it to them. Then you get sent the file back. They've made their copy by "borrowing" yours, and then given it back.

Probably not viable since there'd be wankers who'd download and then kill the software so you don't get your song back (the RIAA would love to abuse that I bet!) but still, there has to be some loophole as the law doesn't take P2P into account.

Re:Canadian Loophole

[schon]

If you copy it for THEM though, that's illegal.

I think that the question is - when a file is transferred, who is making the copy?

I'd say that the receiver is making the copy, because it doesn't exist until it's on his HD. (A 'copy' is something that's "fixed in a tangible form" - by definition, it can't be fixed until it arrives at the destination.)

The poster says he's run it by his law professor - but does this professor truly understand computers, or does he have the same understanding as the writers of ST:Voyager?

Re:Canadian Loophole

[mkldev]

Well, U.S. law would say "fixed in tangible form". However, it isn't part of the definition of a "copy".

Something I found interesting, in a section called "Scope of exclusive rights in sound recordings", was this:

From Title 17 USC, Chapter 1, Section 114:
The exclusive rights of the owner of copyright in a sound recording under clauses (1) and (2) of section 106 do not extend to the making or duplication of another sound recording that consists entirely of an independent fixation of other sounds, even though such sounds imitate or simulate those in the copyrighted sound recording.

Given that the audio encoding algorithms used in perceptual codecs, by definition don't reproduce the actual sounds, but rather the composition of a series of sinusoidal or similar functions (which, by definition, are distinct sounds unto themselves) that imitate those of the original sound... I think you can see where I'm going with this line of reasoning.

Not that this makes it ethically or morally right, but it is yet another potential hole in the RIAA's case. Now, of course, ASCAP or BMI could still come knocking on your door asking for composer/publisher royalties, but then again, they aren't the ones suing people.... I'd like to think they have more sense than that.

Re:Canadian Loophole

[EvanED]

However, the MP3 is not an "independent fixation of other sounds", if it was not considered tantamount to the original it would almost certianly be considered a derivative work.

Re:Canadian Loophole

In Finland, it is explicitly stated that you can let someone else manufacture copies for you (for personal use). Downloading over P2P is fine, but sharing is considered to fall under "public performance" meaning you should pay the relevant fees.

Re:Canadian Loophole

[Alsee]

I think that the question is - when a file is transferred, who is making the copy?

Only the person in possession of something is capable of creating a duplicate. You cannot be copying (and potentially infringing) by receiving something. Only the person senting the file can do that. The RIAA has made all sorts of deceptive statments painting downloading as illegal, yet they have never gone after a downloader because they know they have no case. All lawsuits have been against people sending files.

Disclaimer: I have only been reading US copyright law and haven't looked at Canadian law, but it's pretty hard to imagine any coherent legal model for the receiver to be doing the copying (and potentially infringing). If it ever did work that way then ordinary websurfing would make everyone guilty of infringment.

-

Re:Canadian Loophole

[schon]

If it ever did work that way then ordinary websurfing would make everyone guilty of infringment.

It's funny that you brought this up.

At the Canadian copyright reform hearings last year, one of the speakers noted that before the copyright law was amended, this was indeed the case.

So, it seems like the Canadian and US laws are indeed very different.

reformatting without patching??

[lplatypus]

Why are the MIT sysadmins being so draconian as to require infected computers to be reformatted, without solving the cause of the problem by *requiring* the windows bug to be patched? The article says "Reinfection rates are very high". Unbelievable!

MIT requires a reformat?

[nurb432]

Isnt that a just bit extreme?

Proper patching and de-infecting should be enough.. until the next round.

Re:MIT requires a reformat?

[dr_dank]

Proper patching and de-infecting should be enough.. until the next round.

I disagree. Who is to say that machine was infected by a new strain of the worm that would plant spyware or a trojan? You just can't fully trust a compromised machine.

Re:MIT requires a reformat?

[Sloppy]

Isnt that a just bit extreme?

Isn't still running MS Windows, after all these years, also a bit extreme?

Which is more extreme? One of these acts has been increasing in extremity, for a very long time. The other act started out as extreme, but at least it's stable and doesn't get any more insaner as the years drag on.

It's just a question of when one of them passed, or will pass, the other. Pretty subjective, I guess. But when you see it keep happening year after year, with complete oblivion to experience and a total lack of capacity for learning, it's hard to keep a straight face when anyone throws around the word "extreme."

You always keep thinking, "Is that finally the last lemming that will jump off the cliff?" and they just keep surprising you with their determination.

Re:MIT requires a reformat?

You're an idiot. Please don't talk ever again.

Whoever pays Diebold=Election Winner!

[setzman]

I predict Bush/Cheney, and other republicans by a landslide.

Seriously though, from what I saw in an election on September 9 here, we have an even bigger problem that doesn't involve connectivity. Anybody could just go in and punch their votes as many times as they want, as long as the total number of votes doesn't exceed the number of registered voters in that district. This would have to be done by a voting official though, which could easily be arranged. This could also be done by anybody who just wants to screw around as long as they aren't being watched by the monitoring officials.

Things like this, along with the issues with Diebold, are putting the rights of the people to vote at stake, and something (what I don't know) needs to be done.

Re:Whoever pays Diebold=Election Winner!

[stretch0611]

Anybody could just go in and punch their votes as many times as they want, as long as the total number of votes doesn't exceed the number of registered voters in that district.

In other news, voter turnout in ZZZZZ county was 90% compared to the 15% it normally has. I doubt that would happen without anyone noticing.

Here is a possibility for a decent voting system. (dont forget to read the replys from this prior post as well.)

Re:Whoever pays Diebold=Election Winner!

[RIAAwakka_nakka_bakk]

The turnout rates could be increased slightly across a large area to make up the difference and to keep the 15% to 90% from happening. The increase could be attributed to lots of things that would be pointed out to the media.

The article you mentioned seems like a good system, and could be easily done by diverting some federal $$$ to the project. Then again, we will probably never see anything like this in our lifetimes.

Re:Whoever pays Diebold=Election Winner!

Things like this, along with the issues with Diebold, are putting the rights of the people to vote at stake,

Let's face it, the rights of the people to vote have been a sham for quite some time. When the voter's choices are Dumb and Dumber, and laws and court decisions are sold to the highest corporate bidders, the people's right to vote (along with just about any other right) are moot. They used to hold elections in Iraq, too.

and something (what I don't know) needs to be done.

The US Founding Fathers knew what needed to be done. It's called "revolution".

Re:Whoever pays Diebold=Election Winner!

Oh my god! You dare say "revolution"! How dare you threaten the American government by saying we should take up arms against it?! You even say that we had to choose between Dumb and Dumber? Are you saying the great GWB is dumber? I'm turning you in to Mr. Ashcroft right away!!

Why would we bitch about Mandrake?

[msimm]

Good intentions by themselves are not a sound business model. Income is. Mandrake has been a progressive and remarkably loyal supporter of the open source movement. Ads? Good, because I want to see Mandrake survive for another couple of years.

I didn't see too much complaining myself (maybe I ignored some of it) but I'm sure some got hysterical about it (it wouldn't be a internet-age community without someone getting hysterical).

Anyhow, I wish them best of luck. Good idea whoever decided on this. Programmers need to get paid and I *want* my Mandrake. ;-)

About Mandrake, ads and our community

[Compact+Dick]

The furore about Mandrake placing one commercial ad tarnishes the Open Source users' image. Here is a financially struggling firm trying to make some money through ethical means, and we feel violated having to view it? As mentioned in the press article, they have had ads before, and none of the intrusive, irrelevant shit found on the web. Why shouldn't they try every ethical, non-invasive means to stay afloat?

I've always held Mandrake in high esteem as they are the [possibly only] commercial entity that adheres closest to the principles of Free Software, listens to community feedback, and, if you read the press release about the ad, very polite in their communication - even when lesser people would've ignored us or told us to fuck off. Do you imagine slagging them off for being French makes you look intelligent? Hell, if they are typical of France, I would hold them with deep respect.

Remember - we all have our favourite distros, preferences, and so on. But until the day we realise that a loss for our [Mandrake-loving] peers is a loss for the entire community, we are not living by, and upholding, the principles of freedom, choice and tolerance.

Re:About Mandrake, ads and our community

[Meat+Blaster]

Frankly I don't really care about it, and if I used Mandrake this wouldn't stop me.

But I think the irritating factor for some people is having ads in something you've paid for, and from what I've heard there will be (easily removable Linux-related) ads even in the commercial version. Now in many cases we accept ads on things we pay for, such as cable television and magazines, because we recognize our subscription fees alone are not enough to keep some things afloat.

I don't know enough about Mandrake to know if this is the case with their commercial packs, but it's entirely possible. Perhaps they could offer separate no-commercial packs for a premium, but it costs money when you increase selection. If things will be as unobtrusive as they claim, and they make five or six figures from advertising in each release, I'd hope Mandrake enthusiasts could deal with it.

Uberhacking

[Rosco+P.+Coltrane]

With all the neat technical things I learn on Slashdot about hacking, viruses and Canadia, I have to ask the question: is there a chance I can get an SSH shell on Tom Green's cellphone to plant the Blaster worm on it? Then I'll chop his head off with a Mandrake-enabled light saber.

I really can't stand Tom Green ...

Bzzt

You still have to delete the value from the HKLM/Software/Microsoft/Windows/CurrentVersion/Run registry key. Thanks for playing.

I don't think there's anything wrong with asking these people to wipe the hard drive. It's a clean sweep. There's two types of people in the world, people who never get a virus on their computer (because they protect themselves properly) and people who have THOUSANDS of viruses. If you're in the second category, I've got little sympathy.

Mandrake ads and Paid Links

[stretch0611]

I use Mandrake and this probably won't stop me from using it. According to the release, "There will be one paid-ad in the installation procedure, and a few paid-links in bookmarks."

Usually when I am installing an operating system, I leave the room or do something else when I am done with any user interaction. Why should I care if the show an ad while the OS is being copied to my hard drive and I am not looking?

As for the bookmarks who cares if I can delete them. Microsoft does this, Netscape did this(and now AOL does this.) You have to pay for Microsoft's OS (In more ways than one), and with AOL's version of Netscape they have things like Net2Phone that you can't remove. (I admit when AOL posted its ad links that could not be removed, I switched to Mozilla.)

As long as Mandrake sticks to their words from their press release, "ads won't be intrusive (no pop-up windows) and can be removed easily;" I will not mind if they make a few bucks to stay afloat financially.

Fanfilms

[blincoln]

Art of the Saber is one of legions of "lightsaber effect" videos made by fans.

TFN Fanfilms has a huge library of Star Wars home movies. Many of them have excellent stories, and do much more than display the rotoscoping skills of the creators.

Duality is one of the most visually impressive, but because of conflicts between the two guys who made it it's not available on TFN anymore.

Whaaaaa????

Cavin said that Network Security requires users to reformat their hard drive and re-install their operating system before the network drop is turned back on.

You've got to be shitting me. If their IT department is too fucking stupid to cut/paste Blaster removal instructions, they should just turn out the lights and go home. They've got no business accepting money for that kind of "work". It took me about 5 minutes to clean Blaster off my Grandpa's computer (he got hit before the virus defs were upated). I went to www.symantec.com, clicked on "download virus removal tool" and followed the instructions for blaster removal. Problem solved.

Re:Whaaaaa????

[htmlboy]

Problem solved.

you've got to be shitting me. if you're too fucking stupid to understand the difference between a vulnerability and a virus, you should just disconnect yourself from the internet. running symantec's virus removal tool doesn't fix the problem.

the format and reinstall requirement is a pretty standard course of action. if a user has one virus, it's not unlikely that they have more. but the bigger reason for the policy is usually user education. if someone's personally inconvenienced by their own negligence, they might take more proactive measures to stop it from happening again. simply cleaning the virus doesn't provide the user with any incentive to care.

Reinstall catch-22?

[TornSheetMetal]

If you reinstall your OS, it won't have all the patches and it can get re-infected. If you're not on the network, how do you get the patches. Also, I wouldn't want to copy the patches onto a CDR because that might be copyright infringement. Many schools have honor policies where they could kick you out for breaking the law, especially when using University property to help you do it. Though, I can understand the school wanting "compromised" systems to be formatted and re-installed. Once your system is compromised you can't be sure what's on the system anymore.

Omaha?

[krony]

What brings you to my sweet town of Omaha?

I better go read up on the local conferences...

Reformat and Reinstall sounds right to me...

[carlfish]

Reformat and reinstall is a pretty standard response to a root-level system compromise. It also serves as a rather effective deterrent to users who might want to delay installing patches in the future.

The command-line exploit for the hole was available several weeks before the Blaster worm came out. I demo'd it in the office by breaking into my Boss's workstation (Yes, while he was watching over my shoulder). Compile the exploit on a Linux box, run it against a remote NT host, up comes a nice command-shell with Administrator access.

While the Blaster worm itself is pretty easy to get rid of, the RPC/DCOM bug is a remotely-compromiseable hole that gives you Administrator privileges. As such, it's quite possible that vulnerable machines could have been backdoored by something other than the worm (or by some rare variant of the worm) in the process.

A Blaster-infected machine was wide open for long enough for the virus to catch it. At that point, you have no idea what malware could have be installed. You're pretty sure it's "just" the regular worm, and the standard removal instructions are all you need, but how sure is that? Network security want to be completely sure that their network doesn't become a home of a few thousand more DDOS drones.

In my judgement MIT security may be being a little paranoid, but if you work in network security, you're paranoid by definition anyway.

Charles Miller

Re:Reformat and Reinstall sounds right to me...

[Symbiosis]

As someone who works for Network Security, I feel I have to chime in here.

Basically, what Chris said was right. A format and reinstall is the standard response to a root-level system compromise, which the RPC vulnerability leaves a system open to. It's also enough of a pain in the rear, that people don't want to have to do it again.

Furthermore, Network Security only has two full-time staff members, a handful of student employees (the category I fall under), and a handful of volunteers from here & there. Under normal loads, we don't have the resources to do forensics or any type of individually tailored recovery advice. With the thousands of computers being compromised on campus, it's the quickest (and easiest, believe it or not) solution for everyone.

Give us a break, this thing has generated way more overtime hours than any one (or two now) security hole(s) should be allowed to do. :-p

Re:Reformat and Reinstall sounds right to me...

[chazzf]

I'd have to disagree. Fixing a Blaster infection on an XP involves removing the virus, which takes perhaps ten minutes, then patching, which is perhaps another thirty minutes. All of this can be done by the end user given sufficient instructions, or by a hired college student.

Moreover, at Kalamazoo College (where I work), we mandate up to date av software. Period. We don't let them on the network until we've verified that fact. Manpower intensive? Perhaps. But I'd humbly suggest that if a school as small as ours can manage it, so can MIT. I mean, reformatting? I can understand the concern over a root-level exploit, but there's an effective solution that's far less draconian...

Re:Reformat and Reinstall sounds right to me...

[Symbiosis]

The problem is not Blaster. The problem is that we have no way of knowing who else got into their machine while they were still vulnerable. Most users lack the experience to properly say that nothing else has been altered, and as I mentioned before, we lack the manpower to go through and verify the thousands of computers on campus.

Mandating up to date antivirus software is good, and the fact that you are able to make sure everyone has it before getting on the network is noteworthy. However, do you also periodically sweep through and ensure that they keep their virus definitions up to date? Do you go through and make sure everyone's got their operating systems patched? We did as extensive a "pr" campaign for patching windows machines as we could when the vulnerability was announced. We still got hit hard. There are just too many points of failure, and most of them human--and, therefore, very unpredictable.

The fact of the matter is, there are tens of thousands of computers on campus (granted, not all windows). Just because we are a techinical school does not mean that everyone who runs a computer on campus is a computer whiz. There are plenty of X Engineering majors who posses only basic computer knowledge. They don't need it, so why bother? There's also a ton of office workers, administrative assistants, etc, etc. It's just not practical to do much of anything on a per-machine basis. So we go with what we know works in every case: a full format and reinstall will get rid of everything and have you squared away.

Besides, Windows needs a little f&r every now and again anyway. ;-)

Re:Reformat and Reinstall sounds right to me...

[philos]

Why are the dorms not firewalled? I understand that professors may need unfettered Internet access for projects, but that doesn't seem like a valid reason not to have the resnet systems behind a firewall and an IDS/IPS.

Likewise, IMHO all lab computers and servers should be firewalled and protected. It seems like academic freedom is a poor excuse for lax security.

That being said, the decision to make dormers reformat before reconnecting is right on. Who knows if a backdoor or rootkit was installed on those systems. Is it possible to put additional guidlines on the connection of systems, such as all connected systems must be running up-to-date antivirus?

Please don't construe this as a flame. I've had this conversation with a friend of mine that works in IT at a major Missouri univerisity several times, and I still don't get this idea of "academic freedom" completely, I guess.

Re:Reformat and Reinstall sounds right to me...

[eples]

A format and reinstall is the standard response to a root-level system compromise, which the RPC vulnerability leaves a system open to. It's also enough of a pain in the rear, that people don't want to have to do it again.

How will re-installing the OS and putting it back on the network without any security patches help alleviate the problem? Won't the machine get re-infected?

IIRC, people often did not have time to even shut down their machines in heavily infested networks.

Re:Reformat and Reinstall sounds right to me...

[Jokkey]

Why are the dorms not firewalled? I understand that professors may need unfettered Internet access for projects, but that doesn't seem like a valid reason not to have the resnet systems behind a firewall and an IDS/IPS.

Sometimes firewalls don't help. At our college, at least, the resnet systems are behind a (somewhat minimal, admittedly) firewall. The firewall happily blocked Blaster and Nachi and all their variants, right up until the point where students returning for the summer plugged in already-infected computers inside our firewall and hosed our network.

(The Linux box that does our routing couldn't handle the sudden jump in traffic. I find it ironic that Nachi, a "good" worm that's supposed to stop Blaster, did far more damage to our network with its massive ping sweeps than Blaster did.)

Re:Reformat and Reinstall sounds right to me...

[aminorex]

> The problem is that we have no way of knowing who
> else got into their machine while they were still
> vulnerable

Let me guess. The guy who came up with this
policy was a math major?

Brass rats. Sheesh.

Re:Reformat and Reinstall sounds right to me...

[aminorex]

Oh, and don't forget to make sure they flashed
their BIOS as well.

'ware the evil NVRAM-wocky!

Re:Reformat and Reinstall sounds right to me...

[Symbiosis]

They actually need to be patched (this obviously requires some sort of non-internet based medium to do, which is available all over the place) or have enabled the built in tcp/ip filtering before they're allowed back online. They don't need to keep the filtering once they're patched, that's up to them at that point.

Re:Reformat and Reinstall sounds right to me...

[Symbiosis]

Generally speaking, firewalls tend to lull users into a false sense of security. The whole "I've got a firewall, I don't need no stinkin' patches" complex. As we all know, it only takes one person to take their laptop to starbucks and come back with a worm to screw everyone behind the firewall.

It's a lot better to try and instill in people a sense of importance and personal responsibility to keep their systems secure. Sometimes a little negative reinforcement does the trick. (I know a guy who got hit twice. He updates regularly now. ;-))

As a whole, we try to impose as little restrictions on the network as possible. (We did do some port blocking temporarily to try to slow the worm, but it wasn't as effective as you might think.) What you do with your little slice of bandwidth is up to you, as long as you're not encroaching on anyone else's. (i.e. flood pinging all of campus with your worm ;-)) Freedom is good. 8-)

Dude!

That was the best laugh I've had all week. I salute you, sir.

You can, but you'd be wrong...

[wirelessbuzzers]

... because it's a heap buffer. Furthermore, it's not a simple buffer overrun, but an error in reallocation. As far as I've seen, there are no known exploits of it either. If there are, please link.

Re:when somebody really screws you you have no cho

Um. Soap Opera?

Re:I clvaim this post!

[users.pl]

YOU FAIL IT.

Canada File Sharing Idea

[c_oflynn]

According to Canada's laws its OK to make a copy for your OWN use, so the problem with sharing is you make a copy for someone else's use.

What if instead we did this:

Person A MOVES the file to Person B, who then makes a copy. Person B then MOVES the original back to person A. Hmm...

Re:Canada File Sharing Idea

[green1]

problem is the law only covers making a first generation copy for personal use, as was pointed out earlier here are 2 cases, the first is legal, the second is not even though both have the same net result.

1) I lend my cd to you, you make a copy and return my cd. then I lend my cd to a second person who copies it and gives it back. net result: I have the orriginal and 2 other people have copies, all perfectly legal.

2) I lend my cd to you, you make a copy and return my cd. then you lend your cd to a second person who copies it and gives it back. net result: I have the orriginal and 2 other people have copies, but this time the law was broken.

so for what you suggest to be legal the file that you orriginally move to person B's computer has to be the "orriginal" file that you got from the record industry, and not already be a copy. and considering the willingness that the industry has shown to distribute music electronically, this isn't verry likely.

as such your suggestion breaks the law as soon as you send that file to person B because it wasn't the orriginal you gave away, it was already a copy.

time stamp (re:Vote early, often, and reversably.)

[jdunlevy]

The Excite (AP) story:

March said he found absentee ballot totals from 57 of 164 San Luis Obispo County precincts in an easily accessible File Transfer Protocol site operated by North Canton, Ohio-based Diebold. The votes were time-stamped at 3:31 p.m. on March 5, 2002 - more than four hours before polls closed.

Is it possible in this case, Jim March (love how it's the March 2002 incident, and his name is March, but I digress) doesn't know what he was looking at?

What does the time stamp mean? Is it necessarily the time it was uploaded to the server where he was looking at it, or could it just be the time the original file (or directory, or whatever it was exactly that was time-stamped) was created on the client machine, and the creation time was retained when it was transferred at some later time to the server where March found it?

I said this yesterday about updoading in Canada

[geekee]

"In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement. "

I said essentially the same thing yesterday when the original article came out and I got modded up 1 for insightful and modded down 1 for overrated. Where's the justice? :-)

Re:I said this yesterday about updoading in Canada

[DrWhizBang]

there. i had no mod points when i read your comment yesterday. feel better now? i do ;-)

Lightsaber nitpicking

[Scrameustache]

Very cool saber fight, but:

Only siths have red sabers.

Art of the Saber

[EngMedic]

All i can say is, Lucas had better be taking notes -- lightsaber fights never looked this good in any of the movies.

Idea for Canadians

[bstadil]

If you can download without being in violation of copy right you only need to solve the Make Available problem

Here is how:

Break up any mp3 files into say 10 RAR and calculate MD5 for each part plus total.

Name the 10 parts equal to their MD5 number

Make small Identity file that contains above plus all of the normal mp3 ID's like Name, artist etc.

Make small plug in that disallows for any more than 3 or so of the parts to be made available for up load and obviously never the total mp3 file.

Make small script that takes Identity file as input and as output automatic tries to find and download all MD5 pieces.

Once retrieved combine and play.

If real fancy you could make the "Encryption" / "decryption" function DMCA proof, so RIAA can not legally tamper with it.

I am sure we can elaborate but you get the idea.

Oh yeah

[shadowbearer]

Love the sunglasses from Walmart, dude

SB

Blaster/SoBig

[MNJavaGuy]

The University of Minnesota has a similar policy for using it's network, except for the whole reformat thing. They were actually nice enough to provide each student with a CD that had all the necessary patches and removal tools on it. Your ethernet jack was disabled until you proved to them that you had been patched.

Seems like a much more reasonable way of dealing with it than MIT's policy.

Re:Blaster/SoBig

[christopherfinke]

Your ethernet jack was disabled until you proved to them that you had been patched.

No it wasn't. They just politely "asked" that you patch before connecting, and if it was found that you didn't, your ethernet jack would be cut off, with the possibility of your entire residence hall being cut off as well.

How's that for peer pressure? 12 floors of college students without Internet access because of you. I wouldn't want to go through that again - I mean, ever... for the first time...

Re:Blaster/SoBig

The University of Minnesota has a similar policy for using it's network, except for the whole reformat thing. They were actually nice enough to provide each student with a CD that had all the necessary patches and removal tools on it. Your ethernet jack was disabled until you proved to them that you had been patched.

While I think that the Gophers were doing the right thing, I think that that they may have been breaking the law. Microsoft specifically refused to let ISPs distribute the patch to users in this manner. UMinn's licensing may have permitted this, however. I dunno. I do know that people that tried to do this to help solve the Blaster problem during the height of it were rebuffed by MS.

Re:Blaster/SoBig

[MNJavaGuy]

Hmm...I had to call up before mine would work. Perhaps the person who was in this room before hadn't patched. That or they just wanted to remind me of the etherjack nightmare we had in our Pioneer Hall room.

Yeah, sure, they came out right away for that work order /sarcasm
We finally just broke down and bought a switch to share the one good jack.

Re:Blaster, Sabers, Canada

Wow..looks like someone needs to go back to troll school. Completely ineffective, much like your other attempts.

Star Wars Kid Update

[BalaClavaChord]

FYI. Looks like the Star Wars Kid didn't get into Episode 3. It was announced on the radio today that principal photography on the film has finished at Fox Studios here in Sydney.

OpenSSH bug

[muzza]

From the zdnet article "It's not uncommon for vulnerabilities in Unix-style systems to be exploited for months by the underground community, Maiffret said."

I guess thats in contrast to windoze vulnerabilities which go for years exploited by the underground community (whoever they are- any-one want to own up?) and then more years exploited by who-ever wants to.

Law School Analysis Flawed

[rtrifts]

The problem with law school is that while you learn the theory of law, you don't learn much about the practice of law. That comes only after law school.

All the potential copyright actions in the world aren't going to matter when you don't know who to name as a party defendant.

The DMCA has a subpoena provision which has been interpreted to require an ISP to provide the identity of the Kazaa user (say) in the USA.

No such similar provision exists under Canadian law and the DMCA has no applicability in Canada in a civil suit. The closest you could get to it is a Bill of Discovery for an intended action.

While you might get such a discovery right against the ISP, this area of the law is wholly unexplored in the context of file sharing in Canada.

Getting a Bill of Discovery granted for a novel action is also problematic.

And most of all - it would be extremely expensive. You can't just do all your Bills of Discovery in one motion either. To do them all at once would amount to a Class Proceeding, which in this context, would first require a certification motion and motions to strike before you ever got a single user name. And then it's appeals to the Divisional Court, Court of Appeal, motion for Leave to Appeal to the SCC and maybe even leave granted...

Four years later...your Kazaa user isn't even with the ISP anymore and Kazaa is yesterday's news. What now Mr. Bronfman?

Theory is fine - but $$$ and delay are the essence of the practice of litigation.

Robert Trifts
Barrister & Solicitor (Ontario)

Re:Law School Analysis Flawed

[lazyl]

The DMCA has a subpoena provision which has been interpreted to require an ISP to provide the identity of the Kazaa user (say) in the USA. No such similar provision exists under Canadian law and the DMCA has no applicability in Canada in a civil suit. The closest you could get to it is a Bill of Discovery for an intended action.

Now IANAL, but you seem to be assuming that the ISP will refuse to cooperate until they are legally required to. But with all the media attention surrounding this issue lately, would it not be concievable that a large corporation may be able to bully and intimidate an ISP into revealing a file-sharers identity?

A friend of mine (here in New Brunswick) used to share a lot of media on gnutella and then one day the MPAA sent his ISP (Aliant, the east coast telco) a letter. They immediately forwarded it to my friend and insisted that he stop. If, next time, they (or somebody else) wants to take legal action and requests his identity, what are the chances that the ISP would refuse? Not too good, I would think.

Who's running the computer?

[Spazmania]

what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing.

The Crux of this argument revolves around a simple question: Who is operating the computer?

Possible Answer #1: The owner of the computer is operating it. Even if he does not explicitly review and authorize each operation that the computer performs, the owner still dictated the paramaters under which the computer would make those decisions. As a result, the computer copying and sending the music file is identical in every respect to the owner copying and sending the file... a clear copyright violation.

The parallel to this notion is that you go to a friend's house, point to a CD on his shelf and say, "I want that one." The friend then burns you a copy of the CD and gives it to you, a clear violation.

Possible Answer #2: The remote individual is teleoperating the computer. The owner has permitted some limited form of teleoperation, but each action the computer takes is at the behest of that remote individual. Since the non-owner individual is running the remote computer, its actions in making a copy for that individual's personal use are reasonable and completely legal.

The parallel to this notion is that you go to a friend's house, point to a CD on his shelf and say, "I want that one." You then take it off the shelf and copy it using your friend's computer while he stands by and watches. Legal in Canada.

Possible Answer #3: The computer is operating itself. Soon it will take over the world. Muahaha. We'll relegate this answer to science fiction where it belongs.

The current caselaw is varied and confusing. Generally though, the following theme has developed: INTENT. If the owner knew and expected the computer to be used for a specific purpose, then when the computer does its as if the owner did that same action himself, regardless of who actually instigated the action. If the owner did not know and should not reasonably have known that the computer could perform such an action, then whoever actually induced it to perform that action is the guilty party.

Lets set up exteme hypotheticals to illustrate that theme:

Example #1: You rig an electric chair to a computer and a modem so that the next time a telemarketer calls, the chair will electrocute its occupant. A telemarketer calls. Who is guilty of murder, you or the telemarketer? Duh. You of course.

Example #2: Your Windows laptop gets a worm on it. You don't know it. You carry it to work behind the corporate firewall where it runs rampant, deletes everything and ruins the company. Are you guilty of destroying the company or is it entirely the worm author's fault? You're absolved; its entirely the worm author's fault.

So, how does all this help with the question of who's running the computer as it makes and sends the copy of the song? Well, it doesn't really. You could make a powerful argument that running a P2P server is no different than inviting the public at large to use your computer. You could strongly counter that by specifically setting up the computer to copy those particular songs, you and not the stranger are the agent of its copying. You could argue that its no different than radio, deliberately putting specific songs into the ether where any stranger can record them.

In fact, you can argue the issue back and forth through a lot of permutations. Before the matter is settled, you can expect the courts to argue the issue back and forth through a lot of permutations, ruling both ways while they seek the right balance.

So basically, the short answer is:

If you want to try to prove a point, go ahead but beware: Folks who want to live don't jump in front of trucks and epect them to stop, and the courts are behaving like a drunk drivers. Your best bet for longevity is not to play in the street.

Re:Who's running the computer?

[Wateshay]

Example #1: You rig an electric chair to a computer and a modem so that the next time a telemarketer calls, the chair will electrocute its occupant. A telemarketer calls. Who is guilty of murder, you or the telemarketer? Duh. You of course.

Example #2: Your Windows laptop gets a worm on it. You don't know it. You carry it to work behind the corporate firewall where it runs rampant, deletes everything and ruins the company. Are you guilty of destroying the company or is it entirely the worm author's fault? You're absolved; its entirely the worm author's fault.

Example #3: You fail to replace the batteries in your fire alarms. An arson sets your house on fire, and because the fire alarms don't go off the fire gets too big and burns down your neighbors house, too, killing your neighbor. Who's guilty of murder? The arson, of course. Are you still guilty of actionable negligence? I'm not positive, but I'm pretty sure you would be.

Re:Who's running the computer?

[rtrifts]

This is just ill-informed nonsense.

In a criminal trial, this might be of use, but intent is not at issue in a civil copyright action.

You either did or you did not; try is not the issue.

As for ghosts and teleoperators, the test is simply a statutory violation on the balance of probabilites. This Perry Mason puffery is irrelevant.

Re:Who's running the computer?

[driptray]

Thanks for this clear analysis.

I would suggest that if you want to increase the chances of "possible answer #2" being accepted, you should share more than just copyrighted music. Sharing every file on your PC (if you run all free software) would be a great way to indicate that you have no INTENT to distribute copyrighted music. Alternatively, get a bunch of freely copyable music (mp3.com?) and share that along with the copyrighted tunes.

Re:Who's running the computer?

[Spazmania]

intent is not at issue in a civil copyright action

Intent can be a deciding factor in virtually every form of litigation. You just have to find the right angle.

Take an obvious example: A red-light camera caught a snapshot of your car, proving that you ran a red light. What factors could cancel this? "Gee your Honor, I was just trying to get out of the way of that ambulance behind me as required by law." Your intent voids what would have been a violation.

the test is simply a statutory violation on the balance of probabilites.

I think you mean balance of the evidence, also referred to as the preponderance of the evidence. Probabilities are something better left to mathematicians than lawyers.

The thing you're missing is that Intent is a part of that balance. There is often no disagreement on the forms of intent that could be relevant to the case, but its there behind the scenes even then.

Re:Who's running the computer?

[Spazmania]

because the fire alarms don't go off the fire gets too big and burns down your neighbors house [...] Are you still guilty of actionable negligence?

Only if they can prove that:

A) Your fire alarms going off would have made a difference. I don't know about your fire alarms, but mine are only audible indoors when the windows are closed. They make a difference only to the escape of folks within the house.
B) You knew or should have known that your fire alarms were not in working order. "Why yes your honor, I test them at least once a year. They worked the last time I tested them."

If you're looking for a tricky example, go for the classic attractive nuisance: the backyard swimming pool. If the neighbor's kid drowns in your pool while its unattended, you're going to get nailed for wrongful death unless you bent over backwards to prevent him from swimming in it. Even with a lock, a fence and barbed wire, its no sure thing you'll beat the lawsuit.

This is getting far afield of the topic though. We were talking about when you are or are not responsible for what your computer does.

Re:Who's running the computer?

[Spazmania]

Interesting.

You'd want to couch this in some sort of ideological theme. "I don't believe in privacy, so I leave my entire computer open in a read-only mode to everyone on the Internet."

Or maybe something simpler. "I leave that computer open in read-only mode to everybody as an example of how to correctly set up a so-and-so system. I invite anonymous guest users to log on a give it a spin so long as they don't do anything illegal."

Interesting.

Re:Who's running the computer?

[rtrifts]

No, actually, I meant exactly what I said, and I was correct.

Intent is irrelvant in a civil copyright suit. It is not a matter of finesse.

Your example of the ambulance is not a defence of intent at all; it is, in fact, an attempt to resort to the defence of necessity, a defence which is necessarily carefully circumscribed under Canadian law (and certainly of no application here).

As for "balance of probabilites" - that is exactly the term used in our courts. When one refers to evidence, the term is "preponderance of the evidence".

The parent was Perry Mason fluff - and it's just wrong headed both in fact and in law. It's just *wrong*.

Robert Trifts
Barrister & Solicitor (Ontario)

Re:Who's running the computer?

[Rumor]

Copyright infringement cases concerning FTP servers have created a strong likelihood of #1 being the case. FTP operators have attempted to avail themselves of the argument that they are not in control of the server when a person sends it a request and takes what they wish from the server, and courts have consistently denied this argument.

At the end of the day, the sharer is still the one who installed the p2p app and ran the program. They actively made the files available to the public, and that is one reason they would be liable. At critical points in the process, the sharer was in care and control of the computer.

Exceptions have been made for copyright infringement for ISPs under Canadian law. The exception is specific only to ISPs, and is very narrow. The rationale is that they are entirely passive transmitters of data. A file sharer would not be a passive transmitter of copyrighted data, because the copies originate from them. The Copyright Board has made it clear that if the data originates from a source, that source is not a passive transmitter and not exempted from infringement. Keep in mind that without this expressly stated exception, even ISPs would be liable for infringement, and it's very difficult to say that they play any active role in a copying process that simply passes through their network.

Finally, I'd like to point out that even if we disregard this specific issue of control of the copying process, a file sharer would _still_ be liable under the act. My colleague Ryan Black first pointed this out: every mp3 on a sharer's hard drive was either downloaded by him or ripped from another source. All of those copies, then, are protected under s. 80 only so long as they are for private use only. The moment one of those mp3s is used to make another copy for another person (regardless of who technically made the copy), it is no longer for private use only. Therefore, each mp3 on a hard drive that is downloaded by someone else becomes an infringing copy itself, because s. 80 no longer protects it.

Re:Who's running the computer?

[PhilHibbs]

I don't know about your fire alarms, but mine are only audible indoors when the windows are closed.

I don't know what's wrong with your fire alarm, but mine is audible indoors even when the windows are open!

Re:Who's running the computer?

[bwalzer]

As for ghosts and teleoperators, the test is simply a statutory violation on the balance of probabilites.

I'm not sure I understand this in context. Are you saying that a Canadian civil court might find that both the uploader and downloader have infringed a copyright in the case of P2P? How else could the question of who actually did the copy be unimportant?

Note that people who are skilled in the art of networking computers find some of the distinctions make in the copyright act pointless. Excessive deconstruction of the ideas found in such a statue is simply well deserved mockery.

Re:Who's running the computer?

[Spazmania]

are only audible indoors when the windows are closed.

Allow me to rephrase that: when the windows are closed, are audible only indoors.

Better?

Fine

[Hal+The+Computer]

Have you got any 0s?

;-)

Re:Fine

[citog]

would you like some 1s, to go, with that?

contributory infringement

[Coneasfast]

Although there might be an issue of contributory infringement to worry about

how do i know the person im dowloading from lives in canada or somewhere else where sharing is illegal? a typical user wouldn't know this information or how to find it, they would just download

Re:omg omg

[Gherald]

Its just a joke, sheesh.

Out of curiosity

[_avs_007]

Lets say I record Justin Timberlake off the radio. Then I make a copy of it and start handing them out. Whats the difference between this, and if those other people recorded it off the radio too. End result is the same, multiple people with copies of the same song.

Hell FOX even says you can copy broadcasted shows from friends. So why is copying from one broadcast medium ok and another not?

Now before anyone says, "Oh, but if you copy the CD and share it, you are sharing songs that were not broadcasted", let me respond...

If you look at the music shared on Kazaa, most of it is the stuff that gets airplay. I have yet to see any songs from CDs that I own being shared by other users on Kazaa that did not get airtime. Besides, I heard that most of the "popular" songs on P2P are the radio-mix version anyways, which you can only get from the radio most of the time.

Heck, I could even say, "I didn't make multiple copies, I just recorded the same song off the radio on multiple occasions..."

Of course, I'm not saying I condone piracy or anything, just saying.... :)

Art of the Saber

[Tidal+Flame]

I don't mean to bitch unnecessarily, but Art of the Saber has been online for some time now. Ho hum.

Just compensation

[gsparrow]

The artist must be compensated in the end.

Re:Just compensation

[moncyb]

Assuming the artist wants to be compensated in the first place. Or are you suggesting taking money from people who legally download a song which the artist has released on a license which allows copying?

Re:Just compensation

[gsparrow]

For those artists that fall outside the license which allows copying, I don't think it's a stretch to say that they would want to be compensated for their Music. Would you like to go work all day and then not get paid for it?

Shamless plug Infection Control

Re:Just compensation

[moncyb]

You have a point, but most of the plans for "just compensation" are not very just to those who don't want RIAA crap.

How would you like it if you volunteered at a soup kitchen, then some thugs came and mugged all the homeless people to "justly compensate" food service workers. You don't even get any of the money either--as if you'd want it if they offered.

A bunch of retailers complain about shoplifting, so they get congress to pass a law which requires auto manufacturers to pay a tax to retailers for "just compensation." Because we all know shoplifters use cars to transport their stolen goods (not always true), so therefore everyone who owns a car must be a shoplifter. (yeah, right. They've been smoking that SCO crack, haven't they).

Again, a bunch of retailers complain, so they get congress to pass a law to "help curb" shoplifting. This law allows any retailer to file a complaint to the owner of any building and say a tenant is a shoplifter. If the owner doesn't comply, he/she can be sued for anything the tenant stole. So guess what happens? The retailer spam out complaint without checking to see if their victims are really shoplifters, and because the owners don't want to risk being sued, a lot of people get kicked out of their apartments regardless of whether or not they are a shoplifter.

How about if someone shoved you into a box, and if you want to speak to anyone or even move your hands, you have to ask permisson from some company. A company who likes to censor what you say. A company who sells hand motion directions, so they won't give you permission to move your hands unless you buy from them. Do you think this is fair?

That about sums up the ideas for "just compensation" of the "artists." Notice people who don't want anything to do with the RIAA get screwed bigtime.

Re:RRRRRR!!!

Can I help you with something?

Those stupid math guys.

[JoshRoss]

How could some people be smart enough to crack GSM and not smart enough together a PDF that does not look like ass?

I don't know shit about dot products but I do know a shitty looking PDF when I see one.

Somebody give these folks some fonts!

Re:Those stupid math guys.

How could some people be smart enough to crack GSM and not smart enough together a PDF that does not look like ass?

Looks like it was done with LaTeX, dvips, and ps2pdf. They missed the "-Ppdf" option to dvips, which loads the correct fonts for conversion to PDF. If there's no included PostScript (e.g., figures), then pdflatex is an alternative.

Re:Those stupid math guys.

[JoshRoss]

Maybe I should start something like a neighborhood watch for web content. We could fix up low-fi content on the weekends. It could be fun... or anal...

I bet those guys have white shirts with yellow armpits. And, I'm sure that they don't flush the toilet.

One summer back, I worked with this guy who just smelled bad. At first I didn't do anything. I tried to be polite. After a while I was joking around with him and brought to his attention that he smelled bad. Of course heeee couldn't smell the stench. After that what can you do?

Re:Those stupid math guys.

[meowsqueak]

Here's my latex2pdf script that I wrote. Produces really nice looking PDFs from LaTeX source:

$ cat bin/latex2pdf
#!/bin/sh

latex $1.tex
latex $1.tex
dvips -Ppdf -G0 $1.dvi -o $1.ps
ps2pdf -sPAPERSIZE=a4 -dMaxSubsetPct=100 -dCompatibilityLevel=1.2 -dSubsetFonts=true -dEmbedAllFonts=true $1.ps

Re:Those stupid math guys.

[N+Monkey]

How could some people be smart enough to crack GSM and not smart enough together a PDF that does not look like ass?

I don't know shit about dot products but I do know a shitty looking PDF when I see one.

Somebody give these folks some fonts!

As it prints out fairly well (even on an ancient laser printer), couldn't you equally say it's a failing of the pdf viewer software in that it can't adequately render certain fonts?

Second-hand lending legal?

[Spazmania]

Now here's a random thought: In Canada, your friend is allowed to lend you a CD, and once in possession of it you're allowed to make a copy for personal enjoyment. But are you allowed to lend that copy to a different friend? Does that second-hand lending still constitute "private use," or is lending a copied CD infringement?

Re:Second-hand lending legal?

[Amaruit]

Nope, the copy you made for your "private use" from your friends original cannot be then given to a third party or even the original friend. I know it's odd but that's how the Act is set up.

Re:Second-hand lending legal?

[Spazmania]

That's what I figured. Renders the whole discussion moot; with the P2P server, the owner infringed the copyright by granting access to the computer containing the copy of the song to someone other than himself. Every action beyond that point expanded the infringement. To avoid infringement, the P2P server would have to have possessed an original, owned copy.

Copycat?

[mindstrm]

Most of us patched the first time.
Copycats don't bother us.

You see, due to the nature of the original "benign" version, as you call it, you had to patch systems in order to not get re-infected in a hurry....

"virii" is not a word.

End result?

[mindstrm]

It's the same under certain conditions only.
In the scenario you described, it would make no difference.

Let's look at another one now...
Let's say we have
a) A guy who goes out, spends lots of time, and over a year manages to borrow and make copies of 1000 cds, either by taking them from the library, friends, strangers, etc.

b) A guy who makes 1000 copies of commercial CDs, and gives them away on the sidewalk.

Guy A took personal time and effort, and how much he got was directly related to his time and effort.

Guy B let a whole bunch of people get copies of music with NO effort.. they just had to walk by his booth.

A distributor can cause a lot of damage in a hurry.
An individual making personal copies really isn't.. he's only affecting his own habits.

The point of the law is, more or less, that if YOU take on the effort to acquire temporarily, and copy, whatever music you want, it's okay.. but if you set it up to distribute to others, it's not.

This makes sense. The fact that we want to split hairs about what digital music sharing is all about just confuses things.

I'd like a wood chipper.

[pr0ntab]

So I can chop me up some FUNNY PEOPLE and make a FUNNY PEOPLE STEW.

Not so funny now, Star Wars joke man, inside my gut, eh?

We need 'rolling' service packs!

[MarcQuadra]

I think Microsoft should have a 'rolling' security pack going, every update would be added to one big cumulative package that was kept current on windowsupdate. Imagine how great it would be to only have to apply ONE big patch after a clean install, instead of install, update IE, service pack, critical updates, repeat until clean.

Also, products like IE6, DirectX, and WindowsMedia could be rolled into another 'rolling upgrades' patch that would be similar in nature.

I'm getting REALLY sick of supporting Windows 98 and 2000 machines, it's beginning to take several hours to manually apply all the updates. XP isn't any better.

I understand that a lot of sysadmins would want to take things 'piecemeal', and the current methods should be kept as well for them.

i see your point

[_avs_007]

But with P2P networks, doesn't the receiver still have to make some sort of effort to try and find the stuff, and then download it? It's not like it takes 2 seconds to download it. Oftentimes it could take a few hours, even days or weeks to find and download something particular.

Its all about definitions

[Mike+Hawk]

accomplice
n : someone who helps another person commit a crime [syn: accessory, accessary]

crime
n : Unlawful activity

And the "copyright infringement!=stealing" bot can stay out because, for today at least, copying without permission and outside of the scope of fair use is still unlawful. Don't fool yourself into thinking you are untouchable. Clear enough?

Re:Its all about definitions

N-Gage
n : the best goddamned portable video gaming system around. [see Tony Hawk Pro Skater - IT'S FUCKING SICK!!!]

Mike Hawk has a small penis!

Downloading from Saudi Arabia

[cdn-programmer]

It would be legal in Saudi Arabia to both download and upload. Since the downloading is legal in Canada there would be no liability under section 80 for a Canadian in Canada to download whatever she wants if she can ascertain the source can legally upload. In fact it would be a real streatch to go after any Canadian who uploads from anyone out of the country.

However, since the communication actually does involve one machine copying from another it would seem the ISP the downloader is connecting to might well be liable for anything downloaded as well as the telecomunications industry. Yet, there are provisions in place so that the telecommunications indusrty has a legal right to copy and cache anything that is put on the net so perhaps they are off the hook too.

It seems the laws with respect to internet content have been designed so that the creators of the work lose the right to control or otherwise profit from the distribution of their content the moment it hits the net. The opportunity to profit transfers to the telecomunications industry.

This means that there is perhaps a business opportunity. If we set up a company in say Saudi Arabia to serve copyrighted material for say a small subscription and legally buy one copy of each CD then any Canadian should be able to rip off the musicians legally. As for Americans, well perhaps we can legally ship pirated music out of Saudia Arabia... I don't know... it is an open question in my mind but I do think it is legal for any American to purchase a legally created CD even if it arrives from Saudi Arabia.

Another way out for Americans might be for each to claim they are offering telecommunications services because under the DMCA they would then gain the right to "cache" any music placed on the net. They might not have the right to listen to it mind you - but then they would have to be caught in the act so to speak.

There is already another business opportunity which is well underway now... this is the resale of used CD's. For about $12 bux I can buy a used CD in the mall near here and then copy it for my personal use and then take it back an hour later for a refund of $6 bux.

Personally I think the spread is too great mindyou. But I suspect the prices will come down with more competition.

If I ever bother to buy a cd burner perhaps I will make some copies but only of material I presently own as albums. I personally consider this fair use. I do not think ripping off artists is morally acceptable but then it was a stoopid liberal politition named Sheila Copps who organised the changes to the copyright act. Thus, WHY the present laws are written the way they are is perfectly understandable.

On the other hand, what this change has accomplished is basically to remove the opportunity to profit from the distribution of copyrighted material away from the recording industry and transfer it without compensation to the retailers who set up little cd exchange shops. In a twist of fate it would seem however that the RIAA effectivly managed to do that to the artistic community because as Janic Ian pointed out, she has never received a royalty cheque where they did not claim she owed them money!

One could argue that this puts recording artists into the same boat as webmasters because webmasters also lose the opportunity to make money from the distribution of their copyrighted materials as soon as they are placed on the net.

Oh well, artists should expect to be poor and die broke!

the real deal

[GISGEOLOGYGEEK]

Arent you allowed to make a 'backup copy' of software in the US without being in violation of copyright laws?

... there's little real difference between that and the arguement over canadian file sharing. Anyone who thinks different is just making a new ignorant EXCUSE to copy music.

On the otherhand the fact that we pay a levy on blank media to compensate the music industry, even on media that is not used for pirating music is a great REASON to copy music.

Drop the excuses, no need for them when there are great reasons out there.

Re:the real deal

[moncyb]

Ahoy me mateys! T'at tis no reason to copy the evil siren's song. Arrr! Me thinks ye 'as been drinkin' too much grog. We should shake their bow and shiver their timbers until they lift the levy! If we a don't g't er way we'll make thems land lubbers walk the plank! The nerve 'ey 'ave. Associatin' us pirates wit' copyright infringers, and a chargin' 'oyalites on media they don't a even produce. Why should I, as a sea goin' pirate have to pay the RIAA so I can share the wind of me own design that my hornpipe blows? Do 'ey own me hornpipe now too? I a jus' want to capture a few wenches and ransack some booty like a good pirate does. What's a wrong with that?

Who makes the copy?

This doesn't have to be so complicated...

The situation is analogous to two casette tape machines hooked together through an analogue cable, one set to "play" and the other to "record". Clearly the "copy" is being made on the machine set to record. So long as the owner of the blank tape is the one to press record, his actions are legal. It shouldn't matter who presses play, since if there was no recording machine on the other end of the line no recording would be made.

The only difference with p2p is that the playback/recording machines are more sophisticated and the analogue cable is replaced by a set of connected digital cables (i.e. the internet). The end result is the same, and is exactly what the lawmakers had in mind when the law was enacted.

Privacy Act

[Dashing+Leech]

I also understand that under the Canadian Privacy Act, ISPs are forbidden from disclosing client information without a legally obtained supeona, which in Canada means judicial oversight. However, IANAL, I haven't researched this (although I planned to), and this is a third-hand account of the law (as a friend saw in a news report). No time to check this now, maybe later if nobody else has.

If true, that doesn't mean you can't be spanked for violations. But music organizations have to go through all the legal hoops to get there and ISPs can't rat you out even if they wanted to.

Who make the copy?

[xxxlazyxxx]

(Whoops, forgot to sign in...)

The situation is analogous to two casette tape machines hooked together through an analogue cable, one set to "play" and the other to "record". Clearly the "copy" is being made on the machine set to record. So long as the owner of the blank tape is the one to press record, his actions are legal. It shouldn't matter who presses play, since if there was no recording machine on the other end of the line no recording would be made.

The only difference with p2p is that the playback/recording machines are more sophisticated and the analogue cable is replaced by a set of connected digital cables (i.e. the internet). The end result is the same, and is exactly what the lawmakers had in mind when the law was enacted.

This is pure sophistry.

(If you don't know what sophistry means, go look it up on the web.) You have no control over which portions a given person downloads. If you happen to be the only one sharing this particular file, then you are, without doubt, sharing the whole file. If somebody writes an appropriate BitTorrent client, they can pull the entire file from you.

The question isn't how much the other party downloads from you. It's how much you make available. You're making the whole available for download; you are therefore subject to action on copyright infringement. Maybe it was serious, maybe not, but there's enough evidence to shift the burden of proof onto you.

Now, if you have logs of what was transferred, you may be able to say to the judge, "Only 100 kB of this file was ever transferred, therefore my crime is not great," and have your punishment reduced -- provided you never again infringe in this manner. If the other party can demonstrate that you knowingly made copyright material available illegally, this argument flies right out the window.

The unfortunate thing about...

[Vegeta99]

being able to download legally, but not upload even if you didn't know you were because intent is not needed means that you are now infringing upon someone's copyright when a person looks over your shoulder and reads the book that you're reading.

Yes they did.

[Jonas+the+Bold]

Those didn't look very good at all, at least compared to the movies. This was more a obviously student kung fu flick, with lightsabers.

Have the moderators even seen star wars?

Numerically-based P2P bypasses copyright?

[dstone]

First, I realize that any action's legality can only -truly- be tested in the courts and we're playing theoretical/law-school games here. But how about this protocol...

1) Server receives HTTP GET for file.
2) Recognize that (for example) a 3 megabyte file can be described by a 24 million bit long number in base 2, or even shorter numbers in other bases you might prefer.
3) Recognize that numbers are free and can't be copyrighted. Every number can and is used for a multitude of purposes.
4) Respond with HTTP code 401 Unauthorized or a 403 Forbidden or whatever is applicable. Heck, create a new code that informs the client that you can't give them the file requested, since copying a digital work -may- infringe on copyright law.
5) In the body of the response, give an extended error code number as per 2) above. It's up to the client how they interpret or use that number. You're giving them a freely available and multi-purpose number.

Nothing in my response to the client was a copyrighted work, just a free number that is not and cannot be copyrighted.

Okay, my tongue is out of my cheek now... :-)

Re:Numerically-based P2P bypasses copyright?

[alienw]

Unfortunately, numbers ARE copyrightable. Pretty much any program, file, book, or any other piece of information can be encoded into a large number. Of course, this does not bypass any copyrights at all, especially given that such a number has no uses other than bypassing copyright laws.

TV license ?

[Olathe]

What exactly is the purpose of a TV license ?

Re:TV license ?

[skinfitz]

Believe it or not in the UK it is actually illegal to "receive or record television broadcast services" without a TV license that costs about $140 a year. (No, really I'm not making this up).

TV Licensing will repeatedly send threatening sounding letters to any address that does not have a TV license listed in their database. The letters tell you that you could be breaking the law and be fined 1000UKP and asl that if you dont use any equipment then you should write and tell them.

I do not have a TV license, because I don't watch TV, however TV Licensing naturally assume that I really DO watch TV and am breaking the law and continuously send me threatening souding letters like the one above. I do actually OWN a TV and a VHS however this is because I have some old tapes that I watch occasionally. (remember - its only illegal to USE it to receive programmes - it is not illegal to simply OWN a TV set although they deliberately word things to make it sound like that) The TV and VHS are detuned and I dont think I even own the cable to plug them into the aerial. I've played the "lets be totally legit" game at my old address where I contacted them via their 0870 number (in the UK 0870 numbers are about $0.18 a minute) and made it clear that while I own a TV, I do not use it to watch TV. They said "fine" and said that they would stop the letters.

A few months later the letters resumed.

I call again, asking which bit they didnt understand and was told that calling them just causes the letters to stop for a few months. I asked why I should periodically have to pay a premium rate call to tell them I'm not breaking the law. They said if I didn't tell them then someone would call around to my house. I researched this and this is truly scary - if a TV License officer calls around (and they do call - but not often) and you refuse them entry, they can go to the police and automatically get granted a search warrant. The solution is to not answer the door.

Re:TV license ?

Boo hoo hoo, whine whine whine. In the time you wrote that, did it ever cross your mind that you could write a letter to your MP and actually try to get the bully tactics of TV Licensing stopped? Of course not; you're the Urban Warrior type who's fighting the man. Hows it feel, Citizen Smith?

Re:TV license ?

[Dominic]

Yeah, bummer if you don't have a telly, but a small price to pay for the BBC I reckon. If the BBC didn't exist then Murdoch would run everything and there would be adverts every two minutes. A bit like American telly really, except probably worse.

Re:TV license ?

[Lord+Kestrel]

It couldn't ever be worse. Have you actually spent any time in the US watching what is broadcasted on the "local" channels?

Re:TV license ?

[aminorex]

In the U.S. we'd just shoot them. No problem.

Re:TV license ?

[skinfitz]

I don't really care about media politics, I just want to be left alone when I really am not doing anything wrong.

Re:TV license ?

[darkonc]

My solution would be to answer the door ask for some ID, Thank him, and tell him that you'll be back in a bit. Then close and lock the door in his face. Take his(her) ID to the phone, and call up the nasty 0870 number and ask to verify his ID, name, and appearance. Once that's done, then let him in.

You do have to let him in, but you're allowed to verify that whomever you do let into your house really is working for the government.

Once you let them in, follow right on their heels, and chat about whatever comes to your mind. Do this until they leave. Don't be overtly implolite or nasty. Just be .... annoying. After a few horror stories, hopefully they'll put you on their "do not visit" list.

This one works a bit better on door-to-door insurance/book salespeople.... A friend of mine invited one in, and was very friendly. She offered some coffee -- and chatted it up about how people always said it was the best coffee they'd ever had. She managed to get about 3 heaping tablespoons of instant coffee to disolve in one cup of boiling water and added sugar to his request.

She brought her "prize" coffee out to him, and proceeded to 'proudly' goad him into drinking the entire thing while he promoted his product. When he had managed to engorge the entire cup, she offered him a second one. At this point, he suddenly remembered a previous appointment and made a hasty departure.

That having been said, the letter indicates that the appropriate thing to do is to write them. This seems both cheaper and faster than sitting on the phone for god-knows-how-long. I'd put the letter and the envelope on a file just waiting for me to update it with the current date. I get their letter, I print my own and send it to them. If they insist on coming to visit you, then I'd be inclined to refuse them entrance and wait for them to get a search warrent. This actually depends on the law. If the law requires you to let them in, then I'd go for plan A (above). On the other hand, if it simply sais that refusal to allow entry can be considered evidence of guilt when requesting a search warrent --- if they're going to be snots about it, you might as well inconvenience them too. It depends on your mood.

Re:TV license ?

[dfries]

That's why you use a VCR. That way you don't even have to be around when the show is on, and you can watch it in 3/4 the time it took them to broadcast. That's if you find the whole thing interesting enought to watch. Some shows you just want to see how it ends, stop, ff, play. Couldn't be easier.

(Unless you wanted to play ~$10/month).

BT rocks

[eagl]

Bit Torrent download - 45ish meg art of the sabre movie in 4 minutes 6 seconds via cable modem. My hardware firewall is making it difficult for me to serve back more than one or two uploads at a time, but this is so cool I'll probably leave BT running another hour or so. I have it set for unlimited upload, but for some reason it seems to top out at around 30kB/s and 2 or 3 connections. Download speed was in the neighborhood of 300kB/s. Just amazing, it's like the slashdot effect in reverse.

I wonder - Could something like BT be used for web sites? That way the more people hit a site, the faster it loads? A browser plugin for entire web pages instead of one file like the current BT?

Uh.... someone patent it quick before MS or SCO reads this!

Re:BT rocks

[moncyb]

cable modem...I have it set for unlimited upload, but for some reason it seems to top out at around 30kB/s

How much does your cable ISP limit the upstream connection? Mine limits it to 256 kbits/s (or 32 kbytes/sec). Sounds like yours does the same.

Could something like BT be used for web sites?

Not likely. BT was made for large files only. Most normal web pages are usually somewhat small and broken up into different files--assuming images. Without images, it is a single file, but really small, sometimes even fitting in a single packet. Doesn't work with BT...I don't know...maybe some sort of minor redesign may make your idea work with the protocol, then again I haven't studied it too closely. I suppose BT is good for a single archive file of the entire site.

Maybe you are wanting Freenet for this? It seems designed to work with web sites, and the more people using it, the better it works...assuming their caches are big enough. Freenet doesn't seem to work well with big files...the caches will turn over too fast. Maybe someone will come up with a hybrid: uses a Freenet style system to distribute web sites and small files, and allows the use of BT for the larger files.

Possible answer #0

[TeknoHog]

The computer is operated by Mr. William Gates III, as indicated by the notion of 'My Computer'.

Reason you aren't a law professor:

"Given that the audio encoding algorithms used in perceptual codecs, by definition don't reproduce the actual sounds, but rather the composition of a series of sinusoidal or similar functions (which, by definition, are distinct sounds unto themselves) that imitate those of the original sound... I think you can see where I'm going with this line of reasoning."

Yes, I can, and I can see the flaws in it. You are misinterpreting the words "imitate" and "simulate". A simulation is where I record myself playing exactly the same notes on exactly the same equipment as, say, Jimi Hendrix (yeah, right...). An imitation is where I play something that sounds like it could be written by Hendrix, but wasn't. What this part of the law says is that the owner of the original recording has no claim to my version, no matter how close to the original it sounds. Read again, this time referring to the definitions: "...the making or duplication of another [not the same] sound recording [recorded performance] that consists entirely of an independent fixation [not from the same recorded performance] of other sounds"; is an MP3 a recording of a different performance? No, it isn't. It is a copy (albeit modified) of a recording of the same performance.

To properly burst your bubble, ALL sounds are a composition of sinusoidal functions, whether encoded or not (a square wave, for example, is a fundamental sine wave plus every harmonic sine wave. This was established long before the electronic computer was invented; try googling for "fourier transform"). Perceptual codecs merely remove sinusoidal components below a certain threshold (hence the "tweeting" sound from low-bandwidth MP3s) based on psychoacoustic priorities; it is, however, the same performance as the original by the same artist. Conversion to MP3 does not change the identity of the performers, the instrumentation used, or the arrangement of notes, so it does not change nature of the recording, only it's quality. So in the case of MP3s, the clause quoted does not apply any more than it would for the same recording passed through an analog multi-band noise gate.

Weasely

As a non-subscriber who often reads Slashdot, I'm struck by how damn weasely some of the posts here are in regards to trying to circumvent the illegal nature of copyright infringement. The intent is what matters, and trying to prove copying music is legal because you squeezed through some loophole/did it bass ackwards with a checksum/polled the server on every bit/etc. just makes you look childish. You knew the music was being copied and you knew it was illegal. (Because this is Slashdot and you're not Joe Computerman who paid $x.xx for Kazaa thinking it would let you download music no strings attached.)

Filesharing (which 95% of the time = copyright infringement) is not going away. Media copyright owners need to understand that and work with it, because there's no way to fight against it and win. But they are going to win against anyone they drag into a court of law who childishly justifies copying content with some loophole.

No one likes weasels.

Art of the Ho's?

[iamhassi]

"Cast
Sith Warrior CALVIN HO
Jedi Knight CARY HO

Crew
Directors CLARENCE HO
CALVIN HO
CARY HO
Martial Arts Choreography CALVIN HO
Editor CALVIN HO
Titles/Credits CLARENCE HO
Rotoscoping CLARENCE HO
CALVIN HO
Special Effects CLARENCE HO "

Lot of ho's in this film...

If you are going to nitpick

[Chuck+Chunder]

you could at least be right.

Copyright violation _is_ illegal (ie prohibited by law).

The word you were probably looking for is "criminal".

"Flawed?"

[Rumor]

I appreciate your opinion, and tip my hat to you for pointing out practicalities of copyright infringement lawsuits against Canadians.

It was beyond the scope of our analysis to consider those issues. We're concerned, in this article at least, purely with a legal analysis of liability of file-sharers.

So, I think the term "flawed" is not particuarly accurate. That aside, we appreciate your enlightening perspective, Robert.

-1 Infeasible

[infolib]

As for Americans, well perhaps we can legally ship pirated music out of Saudia Arabia...

One call from the RIAA later the Saudi anti-terror police descends on you. You wouldn't want that.

Who makes the copy?

[PhilHibbs]

If a Canadian (he) invites another (she) round to use his PC, I presume he can do that. If he lends his PC to her and she uses it to copy music, then that is presumably also legal. If she does effectively the same thing over the internet, why would this be illegal?

you are entirely responsible for what your computer does

Does it say this anywhere in law? If someone borrows my PC and commits a crime with it, am I responsible for their crime?

Re:If this was a Microsoft bug

[ziaz]

If all the users of the world used linux and this bug came out, it would probably remain unpached until they installed a new version of the OS because linux isn't user friendly enough. All of the virus/worm proliferation would be just as bad out there if the average jo computer user was using linux.

Parents

[Amomynos+Coward]

The end of the Art of the Saber: "This film is dedicated to our parents for their undying love and support, and for always putting their children first."

So that's why I never got a light sabre from my parents.

Infections on ResNets....

[wowbagger]

OK, here's something to think about:

When you go to college, you already have to make several purchases (books and such). Why not require students to buy one of the current crop of broadband routers (e.g. Linksys) that provide a layer of firewalling?

Granted, this won't protect the student's computer from local exploits - the worst security exploit of any computer lies between the keyboard and the chair. But for Blaster/Nimda, this would provide another layer of protection - ideally, enough to allow a student to connect their uninfected machine to the network and download the required patches.

In fact, were the routers available in the bookstore, already configured with the appropriate policies by the university, that would greatly simplify the deployment - as the student is buying their books they could also buy a router.

Mandrake Ads

[p0rnking]

That Mandrake Controversy link was available a while back, and I've already copy/pasted it in my post, the last time this was mentioned.

And as I said before, I don't think this is going to be that big of a deal. These are not pop up, in your face ads. During the install, there will be a few non intruding ads that are displayed. These are not full screen ads. And these ads are from companies that Mandrake thinks are relevant, and geared towards the Mandrake user. Also the other ads are basically just links in your browser, which can be easily removed.

And like i've said before, you can't have your cake and eat it too. Companies and Programmers/Developers can't survive on giving things out for free (yes, you can buy the box set, but what % of people who have linux at home actually paid for it ...?). Somehow, they do have to generate money from somewhere to keep on going.

I personally welcome these ads, if it means a "free" high quality linux (compared to Lindows, and a few others where you have to pay, and there is no free downloads).

MIT uses windows???

[shish]

I always got the impression that MIT was on linux / *nix / BSD, eg the protest when Bill Gates came to visit them. Why would a school for the technically advanced use the technically sucky "we designed it so that a tellytubby could use it" OS over a more appropriate technically advanced one?

Re:MIT uses windows???

[WebMasterJoe]

These are clients, not servers. And I'm sure there are a lot of students who are running linux or BSD, but they aren't the ones this article is about. Hence no mention.

But on to your question: Why would MIT use Windows? Well, there are probably students there who want to be programmers. And as aspiring programmers, they probably want to know a platform that has a big consumer market, and that is Windows. There are also probably students who want to be network administrators. There are still a lot of companies that use Windows 2000 networks, and even if you're planning to convert the company to Linux, you won't get hired if you don't know Windows.

MIT requires reformatting?

[gone.fishing]

Okay, I'll admit it, I have a thing against these upper-crust schools. But a school like MIT should employ people who know better, less destructive ways of dealing with worms and viruses! It is after all, perhaps the most highly respected technology school in the country. If they are requiring this, they are teaching their students to always use heavy handed overkill.

It would be like Harvard teaching it's doctors to always amputate a foot to treat an ingrown toe nail. Sure it fixed the complaint but look how many other problems you introduce!

In my case, I guess I'll continue to look at these schools like I always have. But I hope that it has caused a few others to wake up and see that an education from a "good" school is not much better than an education from the school down the street. It just has more "snob" appeal.

Send them the ones!

[thebruce]

You could... just send them a file with only the 1 bits through the whole file. They can fill in the rest! That's not illegal is it? You're not sending the 0's.......

Copyright law doesn't make sense in computers

[iplayfast]

In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement.

How is this any different then physically copying. I go to a friend and as to borrow a CD to copy. The friend get's it and gives it to me.
In the case of the computer, the computer get's a copy from the disk and gives me the copy. But is the copy an exact copy of what was on disk? No! The copy is broken up into chunks that are sent over the net.

copyright allows a different representation of a work. The copy being recieved is different then the original work. The computer recieving this takes this different work and put's it together in a differnet way which exactly matches the original work that was on the original computers disk.

My question is, If someone makes a derived work from a work that is significantly different, and in no way could be confused with the original work, and then someone else takes this derived work and combines it with other derived works to recreate the original, where does the copyright law fit in?

If the law is by intent, then machines do not have intent, only users, so the argument that one machine asks for the file and the other gives it is bogus. It is the users who are doing the asking and giving, the machines are just the tools that they are using.

Uploading and downloading, defined.

[HTH+NE1]

Nice tying of the topic together, but no.

There is no uploading involved in P2P. You don't upload to a server which then shares your data; your machine is your server, and it doesn't move. Everything is downloaded.

Remember that to upload is to push data to another machine and to download is to pull data from another machine. Upload/download isn't just direction of transfer; it also involves who is the actor causing the transfer and where he is in relation to that transfer (not physical location).

(Aside: FTP allows someone to transfer files from one system to another from a system which is neither source or destination. Either this is still considered uploading or it is neither uploading nor downloading.)

So, back to the thought of backing up your system with KaZaA: you have your original system, the whole system shared on the network. Then you wait for the rest of the world to pull it from your system (download). Only then do you have your backup stored on a myriad of servers on the net. (This will take a very long time as some files are not as interesting as others.) Then reformat, reinstall, (hope you can actually enable the firewall if the system doesn't detect an Internet connection,) reconnect to the net, download the P2P client, and then hope that everyone that pulled bits of your system is still online and sharing long enough for you to get everything back.

And there's the problem that they won't let you put your system on the net to do this sharing anyway.

Drives are cheap these days. Just get a new one (probably bigger) and do a fresh install on it. Then after all necessary precautions are taken, copy the disinfected files from the (???)-hazard drive to the new one.

Pi isn't copyrighted...

[SolemnDragon]

If you put long chunks of it on a server- "Pi at 7,000082370222 (squared) decimals" for example, and then let people download pieces of it at will, you would have a situation where what people are downloading would be part of a math answer set, and it would have to have huge storage, and more importantly, store it in order. Because that's the only way to provide a valid context for the arguments that since ALL of the information is present, what people do with pieces of it is up to them. Make the info stream slightly longer than the songs, if possible. And this might actually have math value to universities, as it could be used to offer number sets as well as simple pieces of pi. (yikes. pun was not intentional.)

Because this is a valid use of the technology, and because certain sections could be representative of other things, we'd have the curious situation of the burden of guilt possibly switching to the downloader. You're uploading a real math answer, and they're downloading only the chunks that can be turned into music. The storage does seem wildly impractical, but still... it's an interesting idea...

On the other hand, it's been demonstrated that valid alternate-use technology has a tough time in the courts, no matter how useful and valuable it is. The same P2P that makes the RIAA unhappy can be used to share research, genealogy info, all manner of very useful and legal things.

just my 3.14&ct..... cents...

Re:Pi isn't copyrighted...

[Morosoph]

Calculating Pi one digit at a time, means that your server doesn't need to be so huge (sorry for being so geeky), just compute it on the fly!

As for IP, it's an even worse nightmare for mathematicians than programmers. I don't know of any patented maths, but I know that people have tried. Arguably, maths is discovered rather than invented; I'd hope that maths and numbers could avoid copyright.

Canadian File Sharing

If you share files, you're not copying for someone else. Your computer may be making a temporary copy in memory to facilitate sending the file to the downloader. But if this is considered copying, then so would playing an MP3 file on your computer, since it must be copied to memory first.

Now, playing an MP3 could be considered private copying if no one else could hear the song. But if someone else is in the room (and you're not using headphones), then it's no longer private copying. So, if file sharing is illegal in Canada, then so is playing music on your computer.

This would also make playing music on any device that uses a buffer illegal (e.g. a cd player with anti-skip).

Not Fair!

[QuackQuack]

I was just in Canada last week, and I can tell you it's nothing like Hoth! I did not see a Tauntaun anywhere, nor was I captured by a single Wampa during the time I was there. Please try to be more sensitive in the future!

Thank You,

P.S. The Probots in Canada are the friendly sort, nothing like shown in the movie.

I don't see the difference

[phr2]

from that Canadian legal point of view. Effort of acquisition has nothing to do with it.

Suppose your Guy A spends years collecting those 1000 CD's and compressing them to his hard drive (they make about 60 GB of Ogg files). Now he invites me to his house. His computer is powered off. With his permission, I sit in front of his computer, power it up, and use his DVD burner to copy those 60 GB of Ogg files to a handful of DVD-R media that I brought with me. I power his computer back down and take the DVD-R copies back to my own home.

Is there some bizarre stretch of the imagination through which it can be claimed that he rather than I made those DVD copies? If not, what I've done is legal in Canada since I made the copies for myself, even though it was 1000 CD's with very little effort.

So I don't think effort has anything to do with the legality.

A good time

[ralphclark]

That light sabre duel (note correct spelling of SABRE) was really something. I really enjoyed watching it. Kudos to Cary Ho and Calvin Ho for their efforts.

But then again, I guess you're always guaranteed a good time ... with a couple of Hos ...