Slashdot Mirror
Can Watermarking Help Find GPL Violations?
bitkid writes "I recently run across techniques that can be used to
watermark
program code.
While I yet have to see some source code for this to play with, the authors claim that
the watermarks can be introduced into the source code and can be found in the compiled executable.
My question for the slashdot-crowd is: Do you think free software (GPL or other viral licenses)
should be watermarked? This could help to find GPL violations (think
Everybuddy or
Linksys) or can
be used in court someday against the next SCO to prove authorship.
What might be the ramifications of this?"
This would be useful to prove that code is under the GPL, but this could be simply gotten around by just looking at the code, then rewriting it yourself. But, of course this will take time and money, something the big business hate to spend.. But the technology is useful.
To NULL or not to NULL.
I would be very careful with using something like this. Its nice to think that one could use watermarking for protecting GPL'ed code. However, should the technique prove successful, expect to see everything under the sun watermarked by less benevolent entities.
C - A language that combines the speed of assembly with the ease of use of assembly.
This has no effect on GPL:ed code... The code is written, it can be copied, there is _NO WAY_ to watermark TEXT. Why is this news?
c0w goes moo.
GPL appears to common sense still found in people, and simply decency.
If the trademark stuff gets too hectic, then maybe this will be needed, but for now i dont think it's needed
Open Source Java Web Forum with LDAP authentication
The watermark can be pulled out, and even propreitry software can dewatermakred, you just need to be a binary overlord to crack it.
Is to switch to BSD license.
Watermarking is so RIAAish.
It might cause the sky to fall down on our heads, or the atmosphere to evaporate, killing us all with solar radiation.
Get your own free personal location tracker
we are talking about a bunch of 1s and 0s here. If it can be watermarked, it can be unwatermarked. A simple script will be able to rearrange stuff to disrupt the watermark without affecting the execution of the program.
I think this would only help the most blatent copying. If the watermark code is embedded in the datastructures of the source code either it would be fairly easy to remove or the software would be in such a state that it would be hard to maintain and evolve. The attempt to avoid piracy would have a negative long term effect on the project.
I can still see this being useful if blatent copying of the software is the biggest problem the project faces, however I'm having trouble envisioning a scenerio where that's the case.
The paper cited in the first link is from a professor I once had.
On his website I found his full article, if you want some details about watermarking techniques. It's has a lot more meat than presentation slides.
The main idea is that you embed the watermark into the code and then obfuscate it. The resulting code is unreadable, otherwise watermark would be trivial to remove, which makes it absolutely useless as far as open source is concerned.
Wouldn't that have been a nice thing to put in the post text?
Obviously Java's structure (class files, interpreted code, easy decompilation) makes this easier to accomplish than it would be in C or C++ (or any other language compiled for a particular architecture). It just doesn't make all that much sense for code intended for C compilation, where the source code is freely transmitted. You rewrite out the watermark, it's as easy as that.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Caveat - I haven't read the paper but from the description is looks like you apply your watermark to the class files after compilation.
... therefore not applicable in its current form to source code which would be required for any usefullness to GPL.
/.
So,
1) only protects binaries not source
2) its for Java which is easier due to the cannonical form (bytecodes) that can be manipulated by the watermarking tool. You could probably do this to protect GPL binaries but with less portability
IMHO opinion, not usefull for source but sure if you're worried that some of your precompiled binaries are being ripped, then maybe.
For source, you need to detect common code patterns and use source tools that have been discussed elsewhere on
Couldn't the watermark be very easily defeated simply by copy-pasting the code text into a new file and recompiling? You could also simply manually copy word for word the code anew and, poof!, no watermark.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
and even then it would be tricky, and me
be circumvented.
Whatermarking is based on taking advantage of some redundancy in the data marked. If ypu are aware
of the redundancy you can elliminate it.
signing code is much more tricky than signing sound
or images, and they havn't figured out yet how
to make any of these tamper proof.
probably simply adding more optimizations would erase most watermarkings.
Me.
I wrote a book ages ago about Windows File Formats. Included in the book was some code which was written by a third party. I obtained permission from the code's author to put it in the book, but it was very clearly copyrighted by the author of the code, both in the code, and in the book.
So Intel is working on a product and they just swipe up the code out of the book, never ask for permission or anything, and use it in a commercial product (VTune). The author of the code, of course, was furious. He approached Intel. They blew him off. He had reverse engineered their code. He could produce an exact replica of the binary with his own code using the MS C compiler.
He never got anything out of Intel. I suppose he could have hired attorneys, but he wasn't a wealthy guy. He couldn't find attorneys to take it without cash up front. So my question is: How do watermarks help him? I mean the guy could put the binaries side-by-side, and there was no question, it was his code.
Your code is as protected as the lawyer you can afford...
Just keep it to yourself and mod me down thanks.
I like the idea behind it but I don't think it's the answer. It would be easier and more applicable to have a 3rd party database that held published coding rather than having to graph and mark my work everytime I released etc... this way I have it (1) in the public domain and (2) have a published reference for it. (For smaller works).
And borrowing code despite our hatred for it is one of the tools of software development, not so much in the word for word copying and ctrl-V (thats a whole separate discussion) but capturing the methods and innovating them, then re-releasing it into the wild for the next innovator or janitorial white hat. Thats what open source coding is for me anyway not the profit or the credit but the goal.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
Isn't the code itself a watermark? Sure, you can change things here and there, but ultimately the similarities are going to be far to much to be pure coincidence.
The purpose of digital watermarking seems to be to identify unique instances of the thing being watermarked. So if I have a copy of Britney Spears' album, it's obviously copyrighted by her record company. With watermarking I can get more specific, and see that it was burned from a CD which was sold to Bob Jones. With the GPL this isn't useful. Sure, the code might have been derived from a copy sold to Bob Jones, but he may have legally made a million copies and distributed them around the globe before the GPL was violated, by someone else. You can't control the watermarks, because you can't control the distribution.
If we could eventually get to the point of GPL code disallowing use by any software patent holders we could choke them off too.
It is becoming impossible to write code without violating some patent granted by the unknowledgeable patent office.
The FSF thought police.
or confuse run with ran without puttin have in front of the adv.
Uh, then how do consultants and companies who provide "services" like adding features and customization make money?
Answer: They DO believe in money for services.
I have 3656.9 Bogomips. How many Bogomips do you have?
It means "if I remember / recall correctly."
-- My choice of computing platform is a symbol of my individuality and belief in personal freedom.
Look at the techniques. This stuff is designed for use on binary-only software (with the sole exception of the comment embedding, which is easy to strip, and the embedded strings, which are easy to remove/modify).
The approaches they're talking about are done at the compilation phase or post-compilation on Java bytecode.
It's *extremely* difficult to produce good, reliable watermarks, because different compilers will build software differently, as will different optimization options.
I'd essentially say that source-based watermarks are a lost cause (at least with C, and with the current constraints of readability and simplicity on code).
A much better approach would be a project that does fuzzy comparisons on binaries, and is somewhat aware of ELF. Basically, you'd have a program that would have a set of known GPL code (a compiled Linux system would work well) and compare it to a set of compiled code.
This is still not perfect if the person is malicious and just tries using a different compiler. This has happened before with xvid and use of icc. However, there aren't *too* many compilers out there.
Hmm...this is an interesting problem.
A more interesting approach that just occurs to me now -- in general, the proportions of compiled code should be roughly the same, independent of compiler -- adding padding, etc. Generate a call graph of the function tree in a set of GPL code. Then your checker would do fuzzy matching on chunks of that call graph against the suspicious code. It'd take a bit of massaging. It'd also still need some manual looking at the target once identified. However, this should be able to run in a pretty automated manner (even if it takes a long time to run) and could potentially turn up some interesting goodies. It'd certainly discourage commercial folks from ripping off GPL-using authors and companies.
Try taking a Windows system with a lot of installed (non-GPL) software and a Linux system with a lot of (GPL) installed software. Start a comparison running. See what turns up.
May we never see th
Free SCO t-shirt
Get them while they are available.
In 2 years this company is going to be bigger than Microsoft.
Don't miss a chance to tell your children.
Pardon my naievity. I just wanted to ask, are GPL violations a big problem?
If it's happening all the time and this is a method slow progress of it, then I don't see a huge issue with it. But if it is a once in a while type of thing, then how could this have anything but a negative impact on GPL? The potential is there (reality could tell a different story) for people to shy away from it, worrying that they haven't quite got all their ducks in a row. If it's easy to automatically scan their code and say they're in violation, well then what? I guess what I'm trying to say is that it could be mishandled, thus treating the users of GPL code like they're potentially thieves. It strikes me that one of the compelling factors of GPL is their reliance on the honor system. Whatever you do, don't play games that can damage that bright point of GPL.
Maybe I'm looking at this the wrong way. I suppose it could be used to defend against an accusation not unlike what SCO has claimed. "You copied our code!" "No, we used GPL'd code, see?" In that case, my previous comment about disrupting GPL's trust might not be as likely. "Well, we're just doing it so that this sort of thing doesn't happen again." I can see people nodding their head in agreement in that case.
In short, it's one thing to do it if your aim is to defend yourself from SCO'esque accusations, it's another to use it to look for victims to sue. Whatever is implemented, be very careful about damaging GPL's image to the community that values it.
"Derp de derp."
Currently, there seems to be no way to embed a sensible digital watermark that can't be removed from audio, as one can always make little changes to the original that make little difference to the listener, but upon which the watermark depends. I figure the same is true for software - one can always add new variables, reorder parameters, reorder instructions and insert fake ones, unroll loops, inline functions, stuff like that. It's what polymorphic viruses have been doing for years.
So could one use a virus checker to find GPL software fragments in binaries? No. Embed an existing virus in another (itself polymorphic and/or encrypting) shield, and the virus checkers won't find it.
So, this _might_ find code fragements unintentionally or idly included in a proprietary binary. But if a manufacturer wants to deliberately steal software, then they can encrypt it and polymorph it, and it'll take reverse engineering to find it. And the whole point of these watermarks is that they work automatically, without the need for reverse engineering.
Code cannot enforce law.
## W.Finlay McWalter ## http://www.mcwalter.org ##
Read the presentation. Although complete sentences aren't exactly present, there seems to be the indication that access to the source can provide an attack on the watermarking scheme: well, duh, if it's open source just modify the source to eliminate the watermark.
But what's the likelihood a lazy company/individual will actually do this before violating the GPL? Probably slim, but more of the world seems to be going GPL anyway; and if the whole world did GPL, why would you need watermarks?
Point is: if the monopolies of the world insist on using GPL code without releaing the source, they'll expend the effort to remove the watermark.
You missed a couple:
9 - Get rich
This one might be a bit hard. Even in America, it takes a lot of work to make real money. You will have to be smart enough to invent some good ideas, and patient enough to see them through. If you're from Europe, you are probably used to treating your work casually while you goof off and act snooty, but you'll have a hard time blending in with Americans that way.
10 - Stop whining
This may be even harder than #9. As a European, you are no doubt accustomed to whining about everything while never doing anything. In the United States, such attitudes simply result in you getting left behind. The real Americans will get out there and do the jobs that need to be done, regardless of how dirty their hands get.
Good luck!
Furthermore, they are not talking about techniques that you could use if the "attacker" had access to the source code. (See the full paper, linked to in a comment above.)
This would work about as well for open source software as adding easter eggs (which they also discuss). From my perspective, this is a fine paper but easter eggs are still a lot more fun to write.
-- MarkusQ
Comment removed based on user account deletion
Does it not defeat the point to tell everyone it is there? If we know it is going to be used we can work around it.
Strangelove:
Yes, but the... whole point of the doomsday machine... is lost... if you keep it a secret! Why didn't you tell the world, eh?
personally, as the lead developer of a large and significant (though niche) libre software project, my interest in watermarking is not to prevent illegal copying but merely to trace copying. i have thought recently about embedding serial numbers in executables. nothing would check them, providing little incentive for hackers to remove them, but they would allow me to learn who redistributed the program and on what scale. perhaps.
http://www.faqs.org/docs/jargon/I/IIRC.html
This seems kind of like copy protection though, you can spend effort doing it only to have it circumvented. Eventually most software places reach some point where the give up on the tricks and either require active authentication, a piece of hareware or they ignore it. It's quite a bit different from the bad old days when they would do tricks to disks to prevent them from being copied.
I prefer that we place our efforts in GPLing more software and making it better rather than trying to watermark what we have. If we're really worried then maybe we should have a whistle blowers program set up for the developers of software to call and rat out their companies should the GPL be violated.
Obligatory comment.
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
The first article compares normal and watermarked code. The watermarked code is significantly slower and bigger.
Contribute to civilization: ari.aynrand.org/donate
... unless the pirate is really stupid. With GPL'ed code, one would have to disclose the source code and the build process, including the specifics of the process used to watermark the binary. The "source after insertion of the watermarking code" is not the source, according to the GPL
A would-be pirate of GPL'ed code probably would be smart enough to remove the watermark step.
HEY a troll think ill feed it.
What in the world are you talking about we learned all about these sorts of thing from the euros. Perhaps you should bone up on number 4.
or how about this
1. Why would I WANT a gun. It is my 'right' but I do not need it. But that is the 'teeth' to our rules (the constitution). We have guns...
2. Stone what the hell is a stone. I weigh 190lbs thank you very much. Or 13.5714286 stone. But I though the rest of the world had a hard on for kilos, or 86.1825503 kilograms. But Im american so therefor im 'fat'.
3. Yes need to learn MORE lingo like 'I pulled one in the loo'. Instead of 'I fucked her in the bathroom'.
4. Know my history very well thank you very much. And I know where poland is. Do you know where say Oregon is? Because most people outside of the united states dont care. What makes you think I care about YOUR geography. Oh and dont think americans are the masters of 'weapons of mass destruction', being invented by the French and British.
5. Yes like we should spout on about being one big happy UN family. How we should be using the Euro. Stuff like that. Also that 'free market' you dont like so much has made your goverment sponsered programs look rather expensive havent they with your 3 euro per minute calls. Im sure your doing a lot better now with your 30 euro per month cell phone. How other countries dont use the 'global standards', that were invented by a committee that forgot to invite the people who make the stuff.
6. Yes you watch too much of the tele if you think thats all people do. I earn a decent wage thank you very much. Its also kept some compaines honest. Make shoddy work and you might get sued...
7. Yes there are babies out there. But it comes more from people not taking responsibilty for what they do. Hey with freedom comes responsibility. Like watching what you say so you dont get a number 6 done to you.
8. I know, Ill watch some BBC. Oh wait thats the same sorta crap too. But there are no chanels like the history chanel, or pbs, or TLC, or Discovery. But you KNEW that right.
Think Ill excercise my right of free speach to ask you to keep your damn mouth shut. As you do not know what you are talking about.
So there you have it 8 myths about american life refuted. Come on over its actually kinda nice here just like there. But please wipe your feet before you come in. For it is easy to sit on the side an take pot shots. But its much harder to go and do something about it. You sir are a racist. You too can follow his easy 8 steps and become a racist as well. Peace!
or not?
With the GPL I am allowed to do that.
Only if I use binaries, there can be a watermark embedded.
NoSuchGuy
Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
The point is not that watermarking is foolproof.. but, let's say you suspect some software out there is using your code without permission.. you need some kind of evidence in order to get a court to order a more thorough review... you can't just say "This might be mine because I said so, your honor". Watermarking would let you analyze a binary from some vendor (no reverse engineering involved here), and, if the mark is found, and the software could concievably contain your code, is probably enough evidence to get a court to proceed.
For further reference.
It's called the US Copyright Office.
You deposit your code with the Copyright Office. It costs a nominal amount of money ($20 IIRC). At a later, the copyright holder can obtain a certified copy from the copyright office, with a certificate that says what day it was filed. This can be used as legal evidence.
ESR and others argue that GPL is "free" as in "free speech." Well, in the United States, we enjoy a lot of this "freedom" (at least until the RWEs are through with us). Much of this has to do with the fact that we go to great lengths to NOT encumber ourselves with systems designed "to get the bad guys." Rather, we depend on a system of mutual responsibility and respect for the law. It's only when an infraction occurs should we seriously consider using effort to detect such fraud. Americans need to be less afraid of their neighbors and demand each other to rise to our expectations.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
No
Not really. You were already born, and therefore the crime already has already been committed. It's best to just move on, accept the mistake your parents (brother and sister as we all know) made and move on.
Many GPL/LGPL'ed programs and libraries use a rcsid type of system. Every file something like static char rcsid = "@(#) $Id: file.c,v 1.7 2002/04/11 14:35:13 username Exp $"; in them. Its easy to take them out, but some people who steal code are to ignorant to take them out, and they only help when people steal whole files, but are they still worth using to id code?
Patrick "Diablo-D3" McFarland || http://AdTerrasPerAspera.com
Its cutting off your nose to spite your face sort of thing, and is probably something that OS is just going to have to live with for the moment until the concept of OS wins over and eventually is the norm.
This comment does not represent the views or opinions of the user.
OK, i'll make it easy on all of you. Hear is the article:
?? - Wear is the article?
Amusingly, most of the stereotypes apply to several other countries in the world.
:P) on a map, then my response would be "Okay, point out where Mount Rushmore is. Disney World? Hollywood? Idaho? Devil's Tower? Yosemite? etc". The United States something like 1/3rd of a rather large continent, as opposed to many other countries that are barely bigger than an average sized American state. Most of us here in the US have to travel really far to leave the country.
I'm an American, I found a couple of these funny (like the watch the Watch Abysmal TV, or the 'Sue everyone you ever meet), but the rest are just so generic and apply to much more than just Americans.
I wouldn't call it flamebait or troll. It'd either have to be funny or mean, and it didn't really succeed in being either. America has its problems (just like every other country...) but we also have a much much larger area and more people than most english speaking countries. Not only is it really hard to generalize with such a large population, but it sheds some light on some of those stereotypes like why geography isn't our best subject. If somebody wants to criticize me for not being able to point out Austria (not australia
Piece of advice for all of you who enjoy blasting America: Consider what life over here is like before you make fun. Want to make fun of us over the geography stereotype? Think about what it'd be like for you to travel to the Americas from Europe. Want to make fun of us over gun ownership? Think about how America gained its independence. Want to make fun of us over percieved obesity? Well, you can have that one. It's a little ironic, really. A good chunk of that obesity comes from working too hard, believe it or not. Who has time to cook a decent meal these days? Want to make fun of our lingo? Think about your own slang. Wanker? Pfft. Yeah that's such a cool term.
In short, if you're going to make fun of America, at least pick on something that is unique to us and a legitimate criticism. I'll even throw you a couple of bones here: America's obsession with celebrities and the circus we call a legal system. Believe me, you'll even get Americans laughing at jokes about those.
-
How to use a comma.
-
How to use a question mark.
-
How to use an apostrophe, you idiots!
HTH. HAND.In any piece of code there are certain patterns to it. Look for them. Particularly data structures which the code's effectiveness is tightly linked to. Most thieves are lazy, so they will leave some of the code unchanged. Very few persons are both willing to steal code and willing to take the time to fully obfuscate it.
The nice thing about this approach is you can wait until you suspect someone of stealing before you even bother thinking about the issue.
Oh, and in response to someone who asked if GPL violations are common. Yes they are, very common indeed, because free software is easy to get the source code for. Lots of startups, especially ones involved with web caching, steal from GPL'd code long enough to ship a first release.
Heck, if it were not for the current concerns that CDR media self-destructs in a couple of years, I might even be willing to take such a task on myself. Anyone have any insight on a reliable and trusted form of storage (that is affordable in large amounts) that might make this work?
Of course, there are concerns on both keeping duplicates and liability. To be anywhere near safe multiple locations would have to be used to store the files (should this be the responsibility of the storage agent, or should the owner maximize his chances by submitting to multiple storage sites and accepting that the sites keep only one copy that might be destroyed by fire or even another 9/11 type terror attack?)
There is another valid use for this too, software escrow. Some businesses fear doing software work with a small contractor unless he hands over all of his sources, because if he goes out of business or dies they might go down the tubes with him. On the other hand, small contractors are just as concerned about turning over their technology and having it stolen (a company in the state of Washington that is said to do this comes to mind). An escrow service would help with this; but it would be difficult for any such service to verify back to the client company that the source placed in escrow was good source rather than just something submitted to make the client think the true source was in escrow. Again, any thoughts on this, short of having the storage/escrow company actually build a working copy of the software from the source?
I'm an American. I love this country and the freedoms that we used to have.
If you took time to re-write every line of code so that it was "obfuscated", as in, no longer had any of the same structure or even ways of going about doing things.. is that theft?
if I watch Star Wars, like Star Wars, and make my own movie with the same plot (Non-X who wants to be X becomes the best X ever thanks to barely-explained element Y over the course of two hour or so), having none of the same characters or settings (though characters and settings exist which carry out the same roles where neccessary), am I doing anything criminal?
I'm not trolling, I'm asking: Where's the line between "theft" and "inspiration"? If completely re-writing code to carry out the same functions (having said code as refrence) is theft, then cloning something the way OpenOffice tries to is certainly also theft, not to mention that SCO's claims would have no defense against them whatsoever.
I'm not bashing the GPL, I just think you're being extreme in saying that such a level of "obfuscation" would still have you as a theif.
-- 'The' Lord and Master Bitman On High, Master Of All
On either being a great troll,
Or a stupendous idiot.
I used to bulls-eye womp-rats in my pants
In American, it is common to bathe or shower at least once per day. Covering up your stench with perfumes is not acceptable in America.
I hope this helps.
The resulting code is unreadable ... which makes it absolutely useless as far as open source is concerned.
Um, surprising as it may sound, I have looked at some open source code, you know, and some bits of it could reasonably be described as, you know, just a tad "unreadable". So there's nothing to be lost here.
Put a copy in an envelope - printed or CD, whatever you like. Post it to your solicitor and have them put it in their safe unopened.
Later when Parasitesoft trys to claim you stole it from them, the solicitor can produce this as legally acceptable evidence of its date of existence.
I'll see your Constitution and raise you a Queen.
Sorry for any inconvenience.
I'll bite...
...your head off.
1. http://linux.tucows.com/preview/8092.html
2. You haven't described your grandma's physical disabilities.
3. http://www.kde.org/ AND http://www.apple.com/macosx/
4. http://support.daemonnews.org/
5. True. FreeBSD and NetBSD split soon after 386BSD's release, and then OpenBSD split from NetBSD when the maintainers stopped tolerating Theo's eccentricity.
6. http://www.freebsd.org/
7. Distros include binaries.
8. True on the desktop, apart from Mac OS X. Half credit.
9. POSIX conforming apps are source code compatible across Linux and BSD.
10. http://www.yahoo.com/
Score: 85% troll
Will I retire or break 10K?
What happens when it gets wet?
Heck, I've lost two keyboards to spilled coffee so far this year...
Oh well, what the hell...
they all require secrecy, until the time of need. (lawsuit)
simplest form would be to insert extra characters to the text based on a set formula.. i.e. after every 49th "A" insert a space.. and after every 273rd "e" insert a tilde
most people will take it for a typo..
yet if you can show the consistency, you might be able to defend it..
every day http://en.wikipedia.org/wiki/Special:Random
I've never been a big fan of the GPL, and though I sympathize with Linksys, I think they should still follow the guidelines of the GNU GPL. Shoulda have used BSD...............
~UltraSkuzzi
This comment is liscensed by SCO.
Bleh.
'Thank, you, as, IF, I, really, care'?
What about secretly adding some code, preferably something all compilers would treat the same? I assume a text variable would do? e.g: var char[20] ='Wde3kbv9s4s8se/#f,#q"; Or preferably something that would seem more 'authentic', like 'SLPT version 3.107' ? In my simple mind I am in the hopeful belief that no compiler would alter it, but rather store it as simple text? Now someone clever would have to think out a better 'fignerprint'. It has to be long enough so there's no real chance for random data to be alike the fingerprint, and seem like a real variable. This won't work of course, if the thieves changes all the variable names.
glad you could refut all my .'s in fact just to piss you off i am going to use bad speling and gramer just for u so instead of talking about what was wrong you point out gramur earors i hatttttttttes gramur nazis
Also before you get your panties in a bunch. Think about this, its a informal forum. Have fun. If I was writing a novel MAYBE just MAYBE I would give a shit. Peace!
If you have access to the source, you could probably find a way to remove the watermarks, unless they are somehow tightly worked into the executable code itself. And, if they're tightly worked into the executable code itself, then this has to mean that the code will not be as efficient, and that there'd be some kind of performance cost to watermarking that does not benefit the end user at runtime.
You see? You see? Your stupid minds! Stupid! Stupid!
Some benchmarks were posted the other day comparing scaling of a few BSD kernels and two Linux kernels, which gives me an idea.
Do you think you could collect statistics from a running gpl'd program (exe1) and compare it to a "mystery" programs (exe2) statistics, given the same input, and if they match too closely, put (exe2) to the torch to find more similarities?
To minimize variables, you could run both on some combination of hardware emulators (bochs), and system call/library emulators (wine/cygwin), and have tables of OS overhead for common functions to subtract off. Granted it would be initially a lot of work, but as programmers are lazy, we attempt to automate as much as humanly possible.
What, didn't you here him correctly?
The problem is that it would need wide deployment but could be used only once of a few times.
The reason is that once the nature of such a watermak is knowen, all currently published schemes can be easily removed. Proving publicly that one piece of code was stolen is enough for that.
In addition, depending on the language and compiler used, finding a watermark can be extremely difficult. Just think of different levels of optimization, different compiler verions and different libraries used. The often proposed scheme to use variable names is almost completely useless. Replacing all variable names with generic ones can possibly be done with a perl-script written in a day.
In my personal opinion watermarking is not advanced enough today to prove anything. And there is a good possibility that it never will be.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Watermarking will just be another way of clouding an issue. With GPL-IP you need a protective shield, that is accepted by the UN (under international treaties) and major governments that are willing to pound and fine pirates and thieves of GPL-IP. The UN needs to come together to provide for the common defense of GPL-IP, the Public property of humanity (the Genetics, Genome, Evolution, ...), ... a few other major items.
.... They may even subcontract to India, Pakistan, Iran, Saudi Arabia, Israel, ... to develop major/unique viruses for Linux, Open-Office, ... in attacks to destroy the "Open Source and GPL" communities and others with open standards concepts.
...), and major public property content is a gift to humanity and should be properly achieved and protected from potential destructive practices of megalomaniacs. Such official filling and library index registration should be able to provide legal evidence and protection for posterity.
As for all the copyright and patent stuff, let them protect their shit, it is their right (I have always paid the OEMs and OSDs for my hardware and software). Twenty/fifty years from now they, their company, and products will be under the pile of dust (I suspect), but for now expect a powerful affiliation of the vicious, powerful, and foolish to try and maintain by any means the present amicable conditions for greed and control. They will try their best to destroy GPL, Linux,
I do believe it is advisable that every new version (X.0) release should be properly labeled and identified for contributors/community (GPL-IP) then placed in the LOC, ECLAS, IPL, PG, maybe other major libraries. of major "open source" products (Linux, Open-Office,
OldHawk777
Reality is a self induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Having read the .PDF paper and then skimmed the /. comments it would seem few people have taken the time to actually read (or understand) the paper before commenting on it. Hats-off to those who have.
.class files, as opposed to signing .cab's for whole Java apps/applets. .class, which is achieved by pretending to call the dummy method(s) from other methods using always-false logic constructs.
.NET and other bytecode environments.
.class files from decompile/recompile attacks than *I* feel it should have: five of the ten .class files crashed their test decompiler (Mocha), thereby "protecting" their watermarks. If someone is keen to re-source your .class file, particularly if there's money to be made, I'm fairly certain they'd try another decompiler instead of giving-up on just one crash. I suspect that these five .class files could be decompiled by another utility, so the question of their watermark protection remains unanswered. Potentially this could cause up to 18 (instead of 3) of their 23 watermarks actually being defeated. This is entirely feasible, since only 3 of the 8 watermarks fully tested survived (the other 15 being in the five .class files which crashed Mocha).
.class, you'd have to compile it, watermark it, decompile it and then post the decompiled version. Not very pretty and what about comments? I suppose you could have a Perl script reinsert comments from the original source, or copy-and-paste the watermarked dummy methods back in.
What is the essence of this watermarking technique?:
- For embedding copyright information into individual
- It modifies compiled Java bytecode, shuffling eight bytecode operators in targeted "dummy" class methods. The shuffling is able to encode only three bits per operation, so watermarks need to be short or dummy methods need to be large.
- It relies on the watermarked dummy method(s) appearing in stolen (decompiled/recompiled)
What are its downfalls?:
- The technique is specific to Java. Forget about using it for other languages which output platform-specific machine code binaries, although it might be possible to modify it for use in
- If an intelligent thief (or smart optimizing compiler) is able to detect the always-false condition used to shield the dummy method(s) the watermark(s) will be removed.
- The larger your watermark, the larger you need to make your dummy method(s), or you need to embed more of them. The larger you make your dummy methods, the more obvious it will be that there's something strange about them.
- Optimizing compilers could still destroy the modified operators used to form the watermarks.
The paper also claims it protected more
How does this technique benefit GPL? I'm not sure that it would. Even if the above problems were fixed:
- To submit "source code" for your protected
- It's really designed to embed personal/corporate copyrights into code, protecting the IP of the submitter not the GPL community. I suppose the GPL community could design a community-wide watermark policy, but then that would become public knowledge and so thieves would be aware of its existence and be inclined to search harder to remove it.
Then again, I'm a filthy, unemployed techno-hippie with a case of Canada-envy.
Do you think free software (GPL or other viral licenses) should be watermarked? This could help to find GPL violations (think Everybuddy or Linksys)
You missed the point of Free Software. Ignoring some of the antics of zealous fringe, the idea of "Free Software" isn't to be a separate-but-equal analogue to proprietary software. The point of Free Software is freedom, not surveillance. Too many advocates for Free Software say their contributions are free, but act as proprietary masters with their obsession over owning, controlling and regulating the software.
It saddens me to see people advocating watermarking Free Software. Next they'll want a "FSSA" analogue to the BSA and their brownshirts.
Don't blame me, I didn't vote for either of them!
Bit like when you fight them, they talk a good fight and threaten a lot but when the fight happens they cannot take a punch and seem genuinely surprised that they were beaten.
not to make it impossible to remove the watermark, but to make it too much trouble. If it is easier/cheaper to write the code from scratch than it is to remove the watermark(s) from existing code, then it has done its job.
No amount of bathing will cover up the stench of burning yanks in Baghdad. Reminds me of victory.
okay it's a childish thing to say but if humanity can fix the root problem ("why do people steal/why are people dishonest") then the issue goes away, as does a huge number of other issues that plague humanity.
sorry for stating the obvious but i hate to see developer resources pulled off "deep thought" projects, usability projects, porting, etc. to focus on preventing illegal usage of GPL code.
the other side of the coin is proprietary code...the value of which is really in question. if indeed proprietary code is a "negative branch" that will die out, as i beleive, then the point is moot anyway.
How to use a comma.
How to use a question mark.
How to use an apostrophe, you idiots!
Lame rebuttal, you lose.
01001001 00101100 00100000 01100110 01101111 01110010 00100000 01101111 01101110 01100101 00101100 00100000 01110111 01100101 01101100 01100011 01101111 01101101 01100101 00100000 01101111 01110101 01110010 00100000 01101110 01100101 01110111 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110110 01100101 01110010 01101100 01101111 01110010 01100100 01110011 00101110
one hundred twenty
is just enough characters
to write a haiku
Wow, the amount of snotty ego in your post just *screams* "I AM AMERICAN". Do you ever wonder why the rest of the world hates Americans?
Here, educate yourself. And don't worry, it's your own academics presenting this material so it's cosher.
http://www.projectcensored.org/
Yes, this is Univeristy sponsored, and accurate.
Ok, assume a corporation CAN sucessfully steal GPL code, with or without watermark. Let's say M$ paints an IE browser look on top of the mozilla firebird codebase:
So aside from ethical issues, why should the GPL community really care?
Everyone should be able to watermark software. Further, forging a watermark should be a felony. This is not a matter of good guys vs bad guys, or open source vs closed source. It is a matter of protecting everyone's intellectual property from thieves, GPL'd code, and Microsoft's code alike.
It sounds like Microsoft. We have become our enemy.
It's a license. If people don't want to use it, then they can just leave it alone. It has a name called the GPL. I thought it was the detractors of GNU/Linux who used these derogatory terms. /., you damn well know, if you're an editor, a lot of the people planning to reply aren't friends of GNU/Linux.
This is like saying, yeah I'm a "pirate" when I go download a backup copy of my old tape collection. It might seem amusing to speak of oneself like that, but it depends who's company you're in. You wouldn't say that in front of just anybody, would you?
It's like people in the black community calling each other nigger. Well, that's cool when you know who you're talking to and you're all friends, but when you're posting a story to
This becomes like a group of blacks referring to each other as niggers in front of a group of white co-workers. That's not really appropriate. Now I say "in front" because it's right there in the topic. It's no sombody's opinion posted in a reply, it's an editiorial move.
If people in the comments want to use lose terms to refer to themselves in a casual way, that's cool. Lord knows I'm not against a fuck you and screw that shit here and there. But I think using derogatory terms in the body of the topic is weird.
What's next? A story about corporate market share for the communist GNU/Linux system?
Isn't that poisoning the debate the follows?
No legal value in this. Urban myth.
The rest of the fucking world fucking hates fucking Americans??? Then why the fuck do hunders of fucking thousands of them fucking try to become fucking americans every fucking year? How the fuck is this fucking relevant to the fucking thread you fucking fuck???
Right. And how about ol'fashioned TRUSTING PEOPLE on this issue? If somebody misuses code, they will be found out sooner or later. Anyhow, it's not like you lose anything on it. Later they'll be all the wiser for being permitted to make a mistake.
Are we no better than the big conglomerations where we can't trust anyone and are filled with fear and dread of all the abuse that _MIGHT_ happen?!?
I just ask. It's up to you to answer..
http://www.debunkingskeptics.com/
It's GPL... so the code is there... so... it won't work...
For closed sources... it will work... for open sources... no can't do...
I can see it now, msn updated to download all java applets and inspect them for there patented watermarked hello world app.
Sanity is madness put to good use
It would certainly be useful. I was recently sacked from a small company, I believe for pushing the GPL licensing issue. The company I worked for, has wrapped up a couple of well known GPL'd products and sold them on to a customer without the copyright notices etc. I'm wondering whether I should pursue this. However, as they distributed the downloaded executables for this rather than re-using source code, watermarking isn't really necessary in this case...
For instance, if an expensive football player goes to the hairdresser, that is front-page news on all the tabloid newspapers.
I sympathise with your complaint that outsiders critisise the "wrong things" about the USA (e.g. unbridled gung-ho military power, calorie intake, geography, death penalty, human rights) which are things that are prioritised differently in the USA by a large chunk of its population, but that is the nature of inter-culture comparisons. We can at least agree on the lawyers. I would add spammers :-) (and yeah, I'm sure they *must* be korean even though they advertise fake viagra in english through US phone numbers. Pretty much all my spam comes from the USA, apart from C++ job offers (UK recruiters) and the occasional Nigerian millionaire.)
At the same time, USians make feeble attacks at British things (e.g. cars still driving on the left since we were never Napoleonised, bad dental care, eating fruit (limes) to prevent vitamin C deficiency, using the word "liberal" as an adjective not a swearword) and miss the wide open targets that matter to locals (double the death rates from some cancers, Victorian public transport, schizophrenic attitude to USA/EU, binge drinking).
And at the french, they (USians) forget about the French navy saving their ass in the war against the British, and focus on WW2 - Germany invades Poland: France and UK declare war: USA says "yeah, go on guys, here's some IBM computers" until they get attacked by Japan a few years later. God, I hate defending the French :-) But if you're going to attack them, how about mentioning that they're always on strike or burning lambs when they're not working 35 hour weeks or blowing up greenpeace boats. But yeah, the surveys about hygiene do still come out in the newspapers.
As for geography, the papers keep printing surveys that e.g. most florida teachers couldn't find florida on a map of the USA (and that's a bloody easy one!) so I might have a decent chance there :-)
Had Bush 2nd even left the country (or got a passport) before he became president?
What a whippersnapper. I miss Sig11...
It would be great if the Free Software Foundation would create a copyright registry. Anyone would be able to upload any file and get back an MD5 sum and a digital time stamp.
The U.S. Copyright Office copyright registry is too expensive! It costs at least $20, it is necessary to fill forms, mail by snail mail, it takes weeks to get acknowledgement, and it is not private!
I suggest that the cost be $1. Pay a minimum of $10 by credit card, and have credit for 10 uploads of 20 megabytes or less.
With MD5 sums it is not necessary to save the file.
Thousands more try to become Europeans than try to become Americans. You suck.
If you looked at the code, and re-wrote it yourself, it wouldn't be a GPL violation.
The only way it would be a violation is if you could prove it was a derrivative work, and for that there'd have to be at least some line of code the same... having *functionally equivalent* lines of code != derrivitive work. If that was the case then Encyclopedias would have ben sueing eachother since the beginning of time for publishing "functionally equivalent" information.
-it's difficult (i.e. NP-complete for those in the know) to analyze the software to remove
-Humans are no more powerful than turing machines.
-Humans can reverse engineer a program in time proportional to the execution time.
If these all hold we're on the edge of a mathematical breakthrough..
thats a load of horseshit you idiot.
a decompile-edit-recompile attack will take care of any silly watermarking scheme.
im posting anonymously since i founded and work for a rather large company. the company was founded on a product which was commercially developed by a former competitor. The competitor at that time was selling the product and we didnt have one..it would take us too long to write one. we bought a copy using a dealer who we had a prior relationship with and we decompiled the code (it was java). Once that was done we saw they had a large and complex watermarking scheme (actually a licensing/copyright scheme) with an obfuscator run on it.
it took us ~1 week to remove all that shit, use our own obfuscator (which was better than theirs!) and voila -- we had a functional product. they lost market share rapidly since we could outprice them (negligible development cost) and we could ship more products than they did. they went bust a while later.
On the (Im)possibility of Obfuscating Programs- Barak, Goldreich, et al. 2001
Once again a lot of missing points!
If you secure for purposes of audits... good.
Software watermarks can be found at fullylicensed in Germany amongst several commercial outfits.
And, if you secure because time is a more valuable commodity than data... good.
"Neocon" (as in conservative without a brain) is a better descriptor. Thanks for the suggestion.
Don't get me wrong, either. I'm also fiercy anti-Democrat. They've become no better than Republicans. To call them "liberal" is as laughable as calling a Republican a "conservative."
Back on topic: In our quest for ultimate geek nirvana, let's pick a better set of values than those ascribed to the United States political parties.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
Better, I can see your point, from your interpretation of the key phrases you selected. Now here is what I think is the main point protecting GPL-IP, Open source and standards, Public Domain (due to age or intent of creator) property must be as aggressively protected from wanton and major assaults by profit motivated thieves and pirates. To do this laws must be passed by governments and internationally agreed upon, just like current laws governing commerce, ....
...), but does exist primarily for the good of humanity not for exploitation (as attempted with the human gnome/genetics) by the international capitalist republic steering the WTO/IMF/... for influence expansion of the capitalist republic. In this manner you are correct there are some folks that have decided (for the greater good of humanity) to provide very real IP to the collective resources of humanity. Again, this concept does not advocate collectivization, but does mean that if someone wants to contribute, then what is provided should not be vandalized and/or exploited by the greedy and unethical fools for profit.
....) does not mean they are the enemy, fools, socialist, ... hell they may JFC come back to visit earth.
...) a label and box (dogma) and they automatically start trying to fit the whole human heard in to an space most cannot fit. This attitude on dogma (religious, political, economic, ...) does not make me a nihilist/anarchist, lets leave everyone outside these BS dogma-boxes. I (like many others) know there must be much better ways for humanity to go forward. The current dogma-boxes are little better then those used by Rome 2K or Egypt 4K years ago. The dogma-boxes are slightly adjusted in attempts to cope with changes in technology and population, seldom or never to improve the human species condition and promote evolution.
... Enron, Global Crossings, .... Yes, it's true. The general public sees as "profit-performance", lies, greed, immorality, ... I see the same. Maybe you should look again.
...) do is of no interest to me (I have none of their stock in my portfolio.
Many folks today do not understand that there is public property (sometimes called not-for-profit code/content/IP/...), which is not for free (and is not a school, city/national park,
Therefor, I can lookup socialism and collectivism, but I am not sure it will get you out of your box-thought process. As another point, simply because someone champions humanity (we are our brothers' keeper when they are sick, uneducated, terrorized,
As noted from my last post dogma BS whether on socialism, capitalism, or is in fact pejorative. Give fools (politicians, dictators, demigods,
The marketplace already significantly rewards "profit-performance" and lies, greed, immorality,
Software MS-Win or Linux, the jury is still out. Currently, I support the EFF and non-profit OSDs. I cannot program but I can make small yearly donations to support their humanitarian mission. What the profit motivated OSDs (SCO, MS,
Oldhawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Of sorry if this offends you. But there really is a LOT of anti-american feelings in the rest of the world. It doesn't take a genious to figure this out. Just watch some non-american news stations, or talk to some non-americans, or better yet, go travel.
The may be off topic, but it is in no way a troll. Neither was my last comment. It's simply the truth. It's times like these when the US centricity of slashdot become painfully apparent.
I still say, let them (M$, others) try! The only way it could detriment the computing world is if the companies say, "it's not our fault the code is buggy, we stole it from open source authors..." which only helps our cause by illuminating the proprietary firms failings.
Wouldn't you love lightweight IPC, universal interconnectivity, powerful scripting, and strong security on windows? I wouldn't mind if they pasted their GUI right on top of Linux 2.6! So long as they don't take away my freedoms to use GPL code.
Imitation is, after all, the highest form of praise.