Slashback: Blaster, Sabers, Canada

Slashback tonight brings you more on the recent cracking of GSM encryption,the odds of file sharers escaping industry scrutiny in Canada, the recently found (and stomped) OpenSSH bug, installation-time ads in Mandrake, and more. Read on below for the details.

Art of the Saber Jagaast writes "As a counterpoint to all the hype about the Star Wars kid, here's a Star Wars fan film that's actually very well done. Art of the Saber is 'a light saber fight sequence with the flavor of a Hong Kong martial arts action movie.' Well worth watching." Update by J : I've made torrents available.

Vote early, often, and reversably. An anonymous reader writes "As a follow up to a previous story here on Slashdot on electronic voting, Excite has a story on the same subject with a bit more information including this amazing quote from Deborah Seiler, Diebold's West Coast sales representative: '"These activists don't understand what they're looking at," Seiler said.'"

GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"

Mandrake ads...take 2 *no comment* writes "Apparently there has been some controversy over the ads in the upcoming Mandrake 9.2. I thought it was pretty cut & dried, but apparently Mandrake thought it was enough of a controversy to to release a written statement about it. I wonder how many flames were posted in the slashdot forum using the download version of Opera."

Blaster Worm still alive and well on MIT campus fwc writes "MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."

A big AWOOOGAH for Canadian file sharers. Rumor writes in response to a recent story suggesting that Canadian users could swap files scot-free: "Listen, Canadians, don't go using your p2p apps and thinking you are immune from lawsuit, you are liable for copyright infringement if you share files on p2p apps.

To wit: a fellow law student and I have written an analysis of s. 80 of the Copyright Act and we've concluded that one can download music safely under the Private Copying provision, but no one can share or upload files without infringing on copyright.

In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement.

The upside is that you can accept copies from other people (ie. download) all you want. Although there might be an issue of contributory infringement to worry about... I won't go into analyzing that, since so far the record companies are only suing uploaders.

The article can be found on greplaw.

I've recently confirmed this analysis with an IP law professor at my university, so I'm pretty damn sure of it. So, please, be aware of this danger. Downloading cool, uploading/sharing not. I guess the situation still better than nothing."

Why not ask for your money back? zaaj writes "There are several articles out about a newly found/fixed(openssh.org) buffer management bug in OpenSSH and some derivatives. Cisco's Advisory only mentions DoS attacks against certain of their SSH-enabled devices, but ZDNet's article hints at rumors of long-existing root exploits. Regardless, RedHat's got their typical list of updated packages with the patch back-ported. A few other distro's have info in the vendor section of Cert's advisory CA-2003-24"

Re:P2P

"Yes officer, but what if I crossed the street against the light, but I was walking on my hands, then it wouldn't be jaywalking, now would it? No? Well, what if I was skipping?"

Give it up, the law does not look kindly upon those looking for a loophole (unless you've made a large campaign contribution).

About Mandrake, ads and our community

[Compact+Dick]

The furore about Mandrake placing one commercial ad tarnishes the Open Source users' image. Here is a financially struggling firm trying to make some money through ethical means, and we feel violated having to view it? As mentioned in the press article, they have had ads before, and none of the intrusive, irrelevant shit found on the web. Why shouldn't they try every ethical, non-invasive means to stay afloat?

I've always held Mandrake in high esteem as they are the [possibly only] commercial entity that adheres closest to the principles of Free Software, listens to community feedback, and, if you read the press release about the ad, very polite in their communication - even when lesser people would've ignored us or told us to fuck off. Do you imagine slagging them off for being French makes you look intelligent? Hell, if they are typical of France, I would hold them with deep respect.

Remember - we all have our favourite distros, preferences, and so on. But until the day we realise that a loss for our [Mandrake-loving] peers is a loss for the entire community, we are not living by, and upholding, the principles of freedom, choice and tolerance.

Mandrake ads and Paid Links

[stretch0611]

I use Mandrake and this probably won't stop me from using it. According to the release, "There will be one paid-ad in the installation procedure, and a few paid-links in bookmarks."

Usually when I am installing an operating system, I leave the room or do something else when I am done with any user interaction. Why should I care if the show an ad while the OS is being copied to my hard drive and I am not looking?

As for the bookmarks who cares if I can delete them. Microsoft does this, Netscape did this(and now AOL does this.) You have to pay for Microsoft's OS (In more ways than one), and with AOL's version of Netscape they have things like Net2Phone that you can't remove. (I admit when AOL posted its ad links that could not be removed, I switched to Mozilla.)

As long as Mandrake sticks to their words from their press release, "ads won't be intrusive (no pop-up windows) and can be removed easily;" I will not mind if they make a few bucks to stay afloat financially.

Re:P2P

[Chris_Jefferson]

Computer geek types who want to be clever need to understand one thing. Much of the law is based on intent and result. It doesn't matter if you print a file out, fax it, then send it via piegon droppings. If at the end of the day you've made a copy, you've made a copy and all the consequences involved.

Similarily (in the UK at least), you can't get around paying for a TV licence by doing something stupid like sending it over ethernet and routing it via your printer or something :)

Who's running the computer?

[Spazmania]

what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing.

The Crux of this argument revolves around a simple question: Who is operating the computer?

Possible Answer #1: The owner of the computer is operating it. Even if he does not explicitly review and authorize each operation that the computer performs, the owner still dictated the paramaters under which the computer would make those decisions. As a result, the computer copying and sending the music file is identical in every respect to the owner copying and sending the file... a clear copyright violation.

The parallel to this notion is that you go to a friend's house, point to a CD on his shelf and say, "I want that one." The friend then burns you a copy of the CD and gives it to you, a clear violation.

Possible Answer #2: The remote individual is teleoperating the computer. The owner has permitted some limited form of teleoperation, but each action the computer takes is at the behest of that remote individual. Since the non-owner individual is running the remote computer, its actions in making a copy for that individual's personal use are reasonable and completely legal.

The parallel to this notion is that you go to a friend's house, point to a CD on his shelf and say, "I want that one." You then take it off the shelf and copy it using your friend's computer while he stands by and watches. Legal in Canada.

Possible Answer #3: The computer is operating itself. Soon it will take over the world. Muahaha. We'll relegate this answer to science fiction where it belongs.

The current caselaw is varied and confusing. Generally though, the following theme has developed: INTENT. If the owner knew and expected the computer to be used for a specific purpose, then when the computer does its as if the owner did that same action himself, regardless of who actually instigated the action. If the owner did not know and should not reasonably have known that the computer could perform such an action, then whoever actually induced it to perform that action is the guilty party.

Lets set up exteme hypotheticals to illustrate that theme:

Example #1: You rig an electric chair to a computer and a modem so that the next time a telemarketer calls, the chair will electrocute its occupant. A telemarketer calls. Who is guilty of murder, you or the telemarketer? Duh. You of course.

Example #2: Your Windows laptop gets a worm on it. You don't know it. You carry it to work behind the corporate firewall where it runs rampant, deletes everything and ruins the company. Are you guilty of destroying the company or is it entirely the worm author's fault? You're absolved; its entirely the worm author's fault.

So, how does all this help with the question of who's running the computer as it makes and sends the copy of the song? Well, it doesn't really. You could make a powerful argument that running a P2P server is no different than inviting the public at large to use your computer. You could strongly counter that by specifically setting up the computer to copy those particular songs, you and not the stranger are the agent of its copying. You could argue that its no different than radio, deliberately putting specific songs into the ether where any stranger can record them.

In fact, you can argue the issue back and forth through a lot of permutations. Before the matter is settled, you can expect the courts to argue the issue back and forth through a lot of permutations, ruling both ways while they seek the right balance.

So basically, the short answer is:

If you want to try to prove a point, go ahead but beware: Folks who want to live don't jump in front of trucks and epect them to stop, and the courts are behaving like a drunk drivers. Your best bet for longevity is not to play in the street.