Slashdot Mirror
Can Watermarking Help Find GPL Violations?
bitkid writes "I recently run across techniques that can be used to
watermark
program code.
While I yet have to see some source code for this to play with, the authors claim that
the watermarks can be introduced into the source code and can be found in the compiled executable.
My question for the slashdot-crowd is: Do you think free software (GPL or other viral licenses)
should be watermarked? This could help to find GPL violations (think
Everybuddy or
Linksys) or can
be used in court someday against the next SCO to prove authorship.
What might be the ramifications of this?"
This would be useful to prove that code is under the GPL, but this could be simply gotten around by just looking at the code, then rewriting it yourself. But, of course this will take time and money, something the big business hate to spend.. But the technology is useful.
To NULL or not to NULL.
I would be very careful with using something like this. Its nice to think that one could use watermarking for protecting GPL'ed code. However, should the technique prove successful, expect to see everything under the sun watermarked by less benevolent entities.
C - A language that combines the speed of assembly with the ease of use of assembly.
GPL appears to common sense still found in people, and simply decency.
If the trademark stuff gets too hectic, then maybe this will be needed, but for now i dont think it's needed
Open Source Java Web Forum with LDAP authentication
It might cause the sky to fall down on our heads, or the atmosphere to evaporate, killing us all with solar radiation.
Get your own free personal location tracker
we are talking about a bunch of 1s and 0s here. If it can be watermarked, it can be unwatermarked. A simple script will be able to rearrange stuff to disrupt the watermark without affecting the execution of the program.
What would be the point in watermarking text? I take it (I haven't read the article but I don't reckon you have either) what is proposed is some way of coding so that a particular watermark structure has to get generated by the compiler and will appear in the executable binary. I have no clue whether this is possible or not, whether it would survive (say) an obfuscator program being run on the source or being compiled with a different compiler, or minor changes to the code, but imagine these would be pretty crucial features.
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
This has no effect on GPL:ed code... The code is written, it can be copied, there is _NO WAY_ to watermark TEXT. Why is this news?
Either you are an idiot, or you just were in such a rush to make the 3rd post you forgot to read the article or even think about the concept of watermarking.
It would be trivial to put a watermark in sourcecode, you just have to develop the program so that the watermark was essential to the programs operation.
What would be the point in watermarking text? I take it (I haven't read the article but I don't reckon you have either) what is proposed is some way of coding so that a particular watermark structure has to get generated by the compiler and will appear in the executable binary. I have no clue whether this is possible or not, whether it would survive (say) an obfuscator program being run on the source or being compiled with a different compiler, or minor changes to the code, but imagine these would be pretty crucial features.
Read the article, or atleast the summary on the IEEE link. They specifically address these knee-jerk complaints.
Hmm. I've now read the article and it seems I was right. The watermarks aren't perfect though, 8% of them can be destroyed by either a decompile/recompile or an obfuscator attack. It seems pretty specific to java, too, which (to my mind) makes it of pretty limited use given how desperate the rats seem to be to get away from that particular sinking ship. (Yes, I know Java's great'n'lovely'n'wonderful, but Windows support is laughable so 95% of users are barely able to use it, so save your flames for Redmond...)
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
I think this would only help the most blatent copying. If the watermark code is embedded in the datastructures of the source code either it would be fairly easy to remove or the software would be in such a state that it would be hard to maintain and evolve. The attempt to avoid piracy would have a negative long term effect on the project.
I can still see this being useful if blatent copying of the software is the biggest problem the project faces, however I'm having trouble envisioning a scenerio where that's the case.
it wont work. open source is too "open" for this to be possible.
c0w goes moo.
The paper cited in the first link is from a professor I once had.
On his website I found his full article, if you want some details about watermarking techniques. It's has a lot more meat than presentation slides.
The main idea is that you embed the watermark into the code and then obfuscate it. The resulting code is unreadable, otherwise watermark would be trivial to remove, which makes it absolutely useless as far as open source is concerned.
Er, what complaints? I wasn't complaining about anything, just speculating on the nature and limitations of the technology. Anyway (see other post) I've now read it and my speculations turned out to be pretty much right - the points I mentioned are requirements, and to some extent they're met.
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
Wouldn't that have been a nice thing to put in the post text?
Obviously Java's structure (class files, interpreted code, easy decompilation) makes this easier to accomplish than it would be in C or C++ (or any other language compiled for a particular architecture). It just doesn't make all that much sense for code intended for C compilation, where the source code is freely transmitted. You rewrite out the watermark, it's as easy as that.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Caveat - I haven't read the paper but from the description is looks like you apply your watermark to the class files after compilation.
... therefore not applicable in its current form to source code which would be required for any usefullness to GPL.
/.
So,
1) only protects binaries not source
2) its for Java which is easier due to the cannonical form (bytecodes) that can be manipulated by the watermarking tool. You could probably do this to protect GPL binaries but with less portability
IMHO opinion, not usefull for source but sure if you're worried that some of your precompiled binaries are being ripped, then maybe.
For source, you need to detect common code patterns and use source tools that have been discussed elsewhere on
Unless you are talking about obfuscating the code so that it is incomprehensible to most... in which case, why bother with open source at all?
File under 'M' for 'Manic ranting'
again, read the article. they are talking about java code in which you dont have the source, but an easy to decompile class file.
even if you did have the code as with gpl software, it wouldn't be totally trivial to remove the watermark, because it wouldn't be immediately obvious which code contributed to the watermarking.
and even then it would be tricky, and me
be circumvented.
Whatermarking is based on taking advantage of some redundancy in the data marked. If ypu are aware
of the redundancy you can elliminate it.
signing code is much more tricky than signing sound
or images, and they havn't figured out yet how
to make any of these tamper proof.
probably simply adding more optimizations would erase most watermarkings.
Me.
I wrote a book ages ago about Windows File Formats. Included in the book was some code which was written by a third party. I obtained permission from the code's author to put it in the book, but it was very clearly copyrighted by the author of the code, both in the code, and in the book.
So Intel is working on a product and they just swipe up the code out of the book, never ask for permission or anything, and use it in a commercial product (VTune). The author of the code, of course, was furious. He approached Intel. They blew him off. He had reverse engineered their code. He could produce an exact replica of the binary with his own code using the MS C compiler.
He never got anything out of Intel. I suppose he could have hired attorneys, but he wasn't a wealthy guy. He couldn't find attorneys to take it without cash up front. So my question is: How do watermarks help him? I mean the guy could put the binaries side-by-side, and there was no question, it was his code.
Your code is as protected as the lawyer you can afford...
Just keep it to yourself and mod me down thanks.
I like the idea behind it but I don't think it's the answer. It would be easier and more applicable to have a 3rd party database that held published coding rather than having to graph and mark my work everytime I released etc... this way I have it (1) in the public domain and (2) have a published reference for it. (For smaller works).
And borrowing code despite our hatred for it is one of the tools of software development, not so much in the word for word copying and ctrl-V (thats a whole separate discussion) but capturing the methods and innovating them, then re-releasing it into the wild for the next innovator or janitorial white hat. Thats what open source coding is for me anyway not the profit or the credit but the goal.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
yep.
Isn't the code itself a watermark? Sure, you can change things here and there, but ultimately the similarities are going to be far to much to be pure coincidence.
The purpose of digital watermarking seems to be to identify unique instances of the thing being watermarked. So if I have a copy of Britney Spears' album, it's obviously copyrighted by her record company. With watermarking I can get more specific, and see that it was burned from a CD which was sold to Bob Jones. With the GPL this isn't useful. Sure, the code might have been derived from a copy sold to Bob Jones, but he may have legally made a million copies and distributed them around the globe before the GPL was violated, by someone else. You can't control the watermarks, because you can't control the distribution.
Uh, then how do consultants and companies who provide "services" like adding features and customization make money?
Answer: They DO believe in money for services.
I have 3656.9 Bogomips. How many Bogomips do you have?
File under 'M' for 'Manic ranting'
It means "if I remember / recall correctly."
-- My choice of computing platform is a symbol of my individuality and belief in personal freedom.
Look at the techniques. This stuff is designed for use on binary-only software (with the sole exception of the comment embedding, which is easy to strip, and the embedded strings, which are easy to remove/modify).
The approaches they're talking about are done at the compilation phase or post-compilation on Java bytecode.
It's *extremely* difficult to produce good, reliable watermarks, because different compilers will build software differently, as will different optimization options.
I'd essentially say that source-based watermarks are a lost cause (at least with C, and with the current constraints of readability and simplicity on code).
A much better approach would be a project that does fuzzy comparisons on binaries, and is somewhat aware of ELF. Basically, you'd have a program that would have a set of known GPL code (a compiled Linux system would work well) and compare it to a set of compiled code.
This is still not perfect if the person is malicious and just tries using a different compiler. This has happened before with xvid and use of icc. However, there aren't *too* many compilers out there.
Hmm...this is an interesting problem.
A more interesting approach that just occurs to me now -- in general, the proportions of compiled code should be roughly the same, independent of compiler -- adding padding, etc. Generate a call graph of the function tree in a set of GPL code. Then your checker would do fuzzy matching on chunks of that call graph against the suspicious code. It'd take a bit of massaging. It'd also still need some manual looking at the target once identified. However, this should be able to run in a pretty automated manner (even if it takes a long time to run) and could potentially turn up some interesting goodies. It'd certainly discourage commercial folks from ripping off GPL-using authors and companies.
Try taking a Windows system with a lot of installed (non-GPL) software and a Linux system with a lot of (GPL) installed software. Start a comparison running. See what turns up.
May we never see th
Oh, come on, he is right.
;)
If you can get a local copy of the class file, you can decompile it, rearrange it and create a new binary with a different (or nonexistent) watermark.
If you make source code or the executable dependent on the watermark (bad idea) this can be easily circumvented as well (won't go into the tech details but it is easy to do)
Nothing is bullet-proof in the digital world. Get used to it
Pardon my naievity. I just wanted to ask, are GPL violations a big problem?
If it's happening all the time and this is a method slow progress of it, then I don't see a huge issue with it. But if it is a once in a while type of thing, then how could this have anything but a negative impact on GPL? The potential is there (reality could tell a different story) for people to shy away from it, worrying that they haven't quite got all their ducks in a row. If it's easy to automatically scan their code and say they're in violation, well then what? I guess what I'm trying to say is that it could be mishandled, thus treating the users of GPL code like they're potentially thieves. It strikes me that one of the compelling factors of GPL is their reliance on the honor system. Whatever you do, don't play games that can damage that bright point of GPL.
Maybe I'm looking at this the wrong way. I suppose it could be used to defend against an accusation not unlike what SCO has claimed. "You copied our code!" "No, we used GPL'd code, see?" In that case, my previous comment about disrupting GPL's trust might not be as likely. "Well, we're just doing it so that this sort of thing doesn't happen again." I can see people nodding their head in agreement in that case.
In short, it's one thing to do it if your aim is to defend yourself from SCO'esque accusations, it's another to use it to look for victims to sue. Whatever is implemented, be very careful about damaging GPL's image to the community that values it.
"Derp de derp."
Currently, there seems to be no way to embed a sensible digital watermark that can't be removed from audio, as one can always make little changes to the original that make little difference to the listener, but upon which the watermark depends. I figure the same is true for software - one can always add new variables, reorder parameters, reorder instructions and insert fake ones, unroll loops, inline functions, stuff like that. It's what polymorphic viruses have been doing for years.
So could one use a virus checker to find GPL software fragments in binaries? No. Embed an existing virus in another (itself polymorphic and/or encrypting) shield, and the virus checkers won't find it.
So, this _might_ find code fragements unintentionally or idly included in a proprietary binary. But if a manufacturer wants to deliberately steal software, then they can encrypt it and polymorph it, and it'll take reverse engineering to find it. And the whole point of these watermarks is that they work automatically, without the need for reverse engineering.
Code cannot enforce law.
## W.Finlay McWalter ## http://www.mcwalter.org ##
Read the presentation. Although complete sentences aren't exactly present, there seems to be the indication that access to the source can provide an attack on the watermarking scheme: well, duh, if it's open source just modify the source to eliminate the watermark.
But what's the likelihood a lazy company/individual will actually do this before violating the GPL? Probably slim, but more of the world seems to be going GPL anyway; and if the whole world did GPL, why would you need watermarks?
Point is: if the monopolies of the world insist on using GPL code without releaing the source, they'll expend the effort to remove the watermark.
Furthermore, they are not talking about techniques that you could use if the "attacker" had access to the source code. (See the full paper, linked to in a comment above.)
This would work about as well for open source software as adding easter eggs (which they also discuss). From my perspective, this is a fine paper but easter eggs are still a lot more fun to write.
-- MarkusQ
Comment removed based on user account deletion
Does it not defeat the point to tell everyone it is there? If we know it is going to be used we can work around it.
Strangelove:
Yes, but the... whole point of the doomsday machine... is lost... if you keep it a secret! Why didn't you tell the world, eh?
personally, as the lead developer of a large and significant (though niche) libre software project, my interest in watermarking is not to prevent illegal copying but merely to trace copying. i have thought recently about embedding serial numbers in executables. nothing would check them, providing little incentive for hackers to remove them, but they would allow me to learn who redistributed the program and on what scale. perhaps.
Obligatory comment.
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
The first article compares normal and watermarked code. The watermarked code is significantly slower and bigger.
Contribute to civilization: ari.aynrand.org/donate
And when you learn how to program, and learn about such topics as "steganography", and how such topics differ from "stenography", perhaps you won't be such a fucking idiot ;)
The point is not that watermarking is foolproof.. but, let's say you suspect some software out there is using your code without permission.. you need some kind of evidence in order to get a court to order a more thorough review... you can't just say "This might be mine because I said so, your honor". Watermarking would let you analyze a binary from some vendor (no reverse engineering involved here), and, if the mark is found, and the software could concievably contain your code, is probably enough evidence to get a court to proceed.
It's called the US Copyright Office.
You deposit your code with the Copyright Office. It costs a nominal amount of money ($20 IIRC). At a later, the copyright holder can obtain a certified copy from the copyright office, with a certificate that says what day it was filed. This can be used as legal evidence.
ESR and others argue that GPL is "free" as in "free speech." Well, in the United States, we enjoy a lot of this "freedom" (at least until the RWEs are through with us). Much of this has to do with the fact that we go to great lengths to NOT encumber ourselves with systems designed "to get the bad guys." Rather, we depend on a system of mutual responsibility and respect for the law. It's only when an infraction occurs should we seriously consider using effort to detect such fraud. Americans need to be less afraid of their neighbors and demand each other to rise to our expectations.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
When you learn how to program, and read such topics as "stenography" you won't be such a fucking idiot.
And when you become functionally literate and learn how to comprehend what you read, you'll find out all about "steganography." Or do you want him to become a secretary, you putz?
Many GPL/LGPL'ed programs and libraries use a rcsid type of system. Every file something like static char rcsid = "@(#) $Id: file.c,v 1.7 2002/04/11 14:35:13 username Exp $"; in them. Its easy to take them out, but some people who steal code are to ignorant to take them out, and they only help when people steal whole files, but are they still worth using to id code?
Patrick "Diablo-D3" McFarland || http://AdTerrasPerAspera.com
Its cutting off your nose to spite your face sort of thing, and is probably something that OS is just going to have to live with for the moment until the concept of OS wins over and eventually is the norm.
This comment does not represent the views or opinions of the user.
In any piece of code there are certain patterns to it. Look for them. Particularly data structures which the code's effectiveness is tightly linked to. Most thieves are lazy, so they will leave some of the code unchanged. Very few persons are both willing to steal code and willing to take the time to fully obfuscate it.
The nice thing about this approach is you can wait until you suspect someone of stealing before you even bother thinking about the issue.
Oh, and in response to someone who asked if GPL violations are common. Yes they are, very common indeed, because free software is easy to get the source code for. Lots of startups, especially ones involved with web caching, steal from GPL'd code long enough to ship a first release.
Heck, if it were not for the current concerns that CDR media self-destructs in a couple of years, I might even be willing to take such a task on myself. Anyone have any insight on a reliable and trusted form of storage (that is affordable in large amounts) that might make this work?
Of course, there are concerns on both keeping duplicates and liability. To be anywhere near safe multiple locations would have to be used to store the files (should this be the responsibility of the storage agent, or should the owner maximize his chances by submitting to multiple storage sites and accepting that the sites keep only one copy that might be destroyed by fire or even another 9/11 type terror attack?)
There is another valid use for this too, software escrow. Some businesses fear doing software work with a small contractor unless he hands over all of his sources, because if he goes out of business or dies they might go down the tubes with him. On the other hand, small contractors are just as concerned about turning over their technology and having it stolen (a company in the state of Washington that is said to do this comes to mind). An escrow service would help with this; but it would be difficult for any such service to verify back to the client company that the source placed in escrow was good source rather than just something submitted to make the client think the true source was in escrow. Again, any thoughts on this, short of having the storage/escrow company actually build a working copy of the software from the source?
I'm an American. I love this country and the freedoms that we used to have.
If you took time to re-write every line of code so that it was "obfuscated", as in, no longer had any of the same structure or even ways of going about doing things.. is that theft?
if I watch Star Wars, like Star Wars, and make my own movie with the same plot (Non-X who wants to be X becomes the best X ever thanks to barely-explained element Y over the course of two hour or so), having none of the same characters or settings (though characters and settings exist which carry out the same roles where neccessary), am I doing anything criminal?
I'm not trolling, I'm asking: Where's the line between "theft" and "inspiration"? If completely re-writing code to carry out the same functions (having said code as refrence) is theft, then cloning something the way OpenOffice tries to is certainly also theft, not to mention that SCO's claims would have no defense against them whatsoever.
I'm not bashing the GPL, I just think you're being extreme in saying that such a level of "obfuscation" would still have you as a theif.
-- 'The' Lord and Master Bitman On High, Master Of All
The resulting code is unreadable ... which makes it absolutely useless as far as open source is concerned.
Um, surprising as it may sound, I have looked at some open source code, you know, and some bits of it could reasonably be described as, you know, just a tad "unreadable". So there's nothing to be lost here.
Put a copy in an envelope - printed or CD, whatever you like. Post it to your solicitor and have them put it in their safe unopened.
Later when Parasitesoft trys to claim you stole it from them, the solicitor can produce this as legally acceptable evidence of its date of existence.
I'll see your Constitution and raise you a Queen.
I'll bite...
...your head off.
1. http://linux.tucows.com/preview/8092.html
2. You haven't described your grandma's physical disabilities.
3. http://www.kde.org/ AND http://www.apple.com/macosx/
4. http://support.daemonnews.org/
5. True. FreeBSD and NetBSD split soon after 386BSD's release, and then OpenBSD split from NetBSD when the maintainers stopped tolerating Theo's eccentricity.
6. http://www.freebsd.org/
7. Distros include binaries.
8. True on the desktop, apart from Mac OS X. Half credit.
9. POSIX conforming apps are source code compatible across Linux and BSD.
10. http://www.yahoo.com/
Score: 85% troll
Will I retire or break 10K?
What happens when it gets wet?
Heck, I've lost two keyboards to spilled coffee so far this year...
Oh well, what the hell...
they all require secrecy, until the time of need. (lawsuit)
simplest form would be to insert extra characters to the text based on a set formula.. i.e. after every 49th "A" insert a space.. and after every 273rd "e" insert a tilde
most people will take it for a typo..
yet if you can show the consistency, you might be able to defend it..
every day http://en.wikipedia.org/wiki/Special:Random
Well, this can always be solved by some DRM. And then when the DRM fails, all we need to do is invoke then DMCA. That's the key to open-source: proprietary DRM and invoking unfair laws.
I've never been a big fan of the GPL, and though I sympathize with Linksys, I think they should still follow the guidelines of the GNU GPL. Shoulda have used BSD...............
~UltraSkuzzi
This comment is liscensed by SCO.
What about secretly adding some code, preferably something all compilers would treat the same? I assume a text variable would do? e.g: var char[20] ='Wde3kbv9s4s8se/#f,#q"; Or preferably something that would seem more 'authentic', like 'SLPT version 3.107' ? In my simple mind I am in the hopeful belief that no compiler would alter it, but rather store it as simple text? Now someone clever would have to think out a better 'fignerprint'. It has to be long enough so there's no real chance for random data to be alike the fingerprint, and seem like a real variable. This won't work of course, if the thieves changes all the variable names.
If you have access to the source, you could probably find a way to remove the watermarks, unless they are somehow tightly worked into the executable code itself. And, if they're tightly worked into the executable code itself, then this has to mean that the code will not be as efficient, and that there'd be some kind of performance cost to watermarking that does not benefit the end user at runtime.
You see? You see? Your stupid minds! Stupid! Stupid!
Some benchmarks were posted the other day comparing scaling of a few BSD kernels and two Linux kernels, which gives me an idea.
Do you think you could collect statistics from a running gpl'd program (exe1) and compare it to a "mystery" programs (exe2) statistics, given the same input, and if they match too closely, put (exe2) to the torch to find more similarities?
To minimize variables, you could run both on some combination of hardware emulators (bochs), and system call/library emulators (wine/cygwin), and have tables of OS overhead for common functions to subtract off. Granted it would be initially a lot of work, but as programmers are lazy, we attempt to automate as much as humanly possible.
The problem is that it would need wide deployment but could be used only once of a few times.
The reason is that once the nature of such a watermak is knowen, all currently published schemes can be easily removed. Proving publicly that one piece of code was stolen is enough for that.
In addition, depending on the language and compiler used, finding a watermark can be extremely difficult. Just think of different levels of optimization, different compiler verions and different libraries used. The often proposed scheme to use variable names is almost completely useless. Replacing all variable names with generic ones can possibly be done with a perl-script written in a day.
In my personal opinion watermarking is not advanced enough today to prove anything. And there is a good possibility that it never will be.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Watermarking will just be another way of clouding an issue. With GPL-IP you need a protective shield, that is accepted by the UN (under international treaties) and major governments that are willing to pound and fine pirates and thieves of GPL-IP. The UN needs to come together to provide for the common defense of GPL-IP, the Public property of humanity (the Genetics, Genome, Evolution, ...), ... a few other major items.
.... They may even subcontract to India, Pakistan, Iran, Saudi Arabia, Israel, ... to develop major/unique viruses for Linux, Open-Office, ... in attacks to destroy the "Open Source and GPL" communities and others with open standards concepts.
...), and major public property content is a gift to humanity and should be properly achieved and protected from potential destructive practices of megalomaniacs. Such official filling and library index registration should be able to provide legal evidence and protection for posterity.
As for all the copyright and patent stuff, let them protect their shit, it is their right (I have always paid the OEMs and OSDs for my hardware and software). Twenty/fifty years from now they, their company, and products will be under the pile of dust (I suspect), but for now expect a powerful affiliation of the vicious, powerful, and foolish to try and maintain by any means the present amicable conditions for greed and control. They will try their best to destroy GPL, Linux,
I do believe it is advisable that every new version (X.0) release should be properly labeled and identified for contributors/community (GPL-IP) then placed in the LOC, ECLAS, IPL, PG, maybe other major libraries. of major "open source" products (Linux, Open-Office,
OldHawk777
Reality is a self induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Having read the .PDF paper and then skimmed the /. comments it would seem few people have taken the time to actually read (or understand) the paper before commenting on it. Hats-off to those who have.
.class files, as opposed to signing .cab's for whole Java apps/applets. .class, which is achieved by pretending to call the dummy method(s) from other methods using always-false logic constructs.
.NET and other bytecode environments.
.class files from decompile/recompile attacks than *I* feel it should have: five of the ten .class files crashed their test decompiler (Mocha), thereby "protecting" their watermarks. If someone is keen to re-source your .class file, particularly if there's money to be made, I'm fairly certain they'd try another decompiler instead of giving-up on just one crash. I suspect that these five .class files could be decompiled by another utility, so the question of their watermark protection remains unanswered. Potentially this could cause up to 18 (instead of 3) of their 23 watermarks actually being defeated. This is entirely feasible, since only 3 of the 8 watermarks fully tested survived (the other 15 being in the five .class files which crashed Mocha).
.class, you'd have to compile it, watermark it, decompile it and then post the decompiled version. Not very pretty and what about comments? I suppose you could have a Perl script reinsert comments from the original source, or copy-and-paste the watermarked dummy methods back in.
What is the essence of this watermarking technique?:
- For embedding copyright information into individual
- It modifies compiled Java bytecode, shuffling eight bytecode operators in targeted "dummy" class methods. The shuffling is able to encode only three bits per operation, so watermarks need to be short or dummy methods need to be large.
- It relies on the watermarked dummy method(s) appearing in stolen (decompiled/recompiled)
What are its downfalls?:
- The technique is specific to Java. Forget about using it for other languages which output platform-specific machine code binaries, although it might be possible to modify it for use in
- If an intelligent thief (or smart optimizing compiler) is able to detect the always-false condition used to shield the dummy method(s) the watermark(s) will be removed.
- The larger your watermark, the larger you need to make your dummy method(s), or you need to embed more of them. The larger you make your dummy methods, the more obvious it will be that there's something strange about them.
- Optimizing compilers could still destroy the modified operators used to form the watermarks.
The paper also claims it protected more
How does this technique benefit GPL? I'm not sure that it would. Even if the above problems were fixed:
- To submit "source code" for your protected
- It's really designed to embed personal/corporate copyrights into code, protecting the IP of the submitter not the GPL community. I suppose the GPL community could design a community-wide watermark policy, but then that would become public knowledge and so thieves would be aware of its existence and be inclined to search harder to remove it.
Do you think free software (GPL or other viral licenses) should be watermarked? This could help to find GPL violations (think Everybuddy or Linksys)
You missed the point of Free Software. Ignoring some of the antics of zealous fringe, the idea of "Free Software" isn't to be a separate-but-equal analogue to proprietary software. The point of Free Software is freedom, not surveillance. Too many advocates for Free Software say their contributions are free, but act as proprietary masters with their obsession over owning, controlling and regulating the software.
It saddens me to see people advocating watermarking Free Software. Next they'll want a "FSSA" analogue to the BSA and their brownshirts.
Don't blame me, I didn't vote for either of them!
not to make it impossible to remove the watermark, but to make it too much trouble. If it is easier/cheaper to write the code from scratch than it is to remove the watermark(s) from existing code, then it has done its job.
01001001 00101100 00100000 01100110 01101111 01110010 00100000 01101111 01101110 01100101 00101100 00100000 01110111 01100101 01101100 01100011 01101111 01101101 01100101 00100000 01101111 01110101 01110010 00100000 01101110 01100101 01110111 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110110 01100101 01110010 01101100 01101111 01110010 01100100 01110011 00101110
one hundred twenty
is just enough characters
to write a haiku
Ok, assume a corporation CAN sucessfully steal GPL code, with or without watermark. Let's say M$ paints an IE browser look on top of the mozilla firebird codebase:
So aside from ethical issues, why should the GPL community really care?
Everyone should be able to watermark software. Further, forging a watermark should be a felony. This is not a matter of good guys vs bad guys, or open source vs closed source. It is a matter of protecting everyone's intellectual property from thieves, GPL'd code, and Microsoft's code alike.
No legal value in this. Urban myth.
Right. And how about ol'fashioned TRUSTING PEOPLE on this issue? If somebody misuses code, they will be found out sooner or later. Anyhow, it's not like you lose anything on it. Later they'll be all the wiser for being permitted to make a mistake.
Are we no better than the big conglomerations where we can't trust anyone and are filled with fear and dread of all the abuse that _MIGHT_ happen?!?
I just ask. It's up to you to answer..
http://www.debunkingskeptics.com/
It's GPL... so the code is there... so... it won't work...
For closed sources... it will work... for open sources... no can't do...
It would certainly be useful. I was recently sacked from a small company, I believe for pushing the GPL licensing issue. The company I worked for, has wrapped up a couple of well known GPL'd products and sold them on to a customer without the copyright notices etc. I'm wondering whether I should pursue this. However, as they distributed the downloaded executables for this rather than re-using source code, watermarking isn't really necessary in this case...
For instance, if an expensive football player goes to the hairdresser, that is front-page news on all the tabloid newspapers.
I sympathise with your complaint that outsiders critisise the "wrong things" about the USA (e.g. unbridled gung-ho military power, calorie intake, geography, death penalty, human rights) which are things that are prioritised differently in the USA by a large chunk of its population, but that is the nature of inter-culture comparisons. We can at least agree on the lawyers. I would add spammers :-) (and yeah, I'm sure they *must* be korean even though they advertise fake viagra in english through US phone numbers. Pretty much all my spam comes from the USA, apart from C++ job offers (UK recruiters) and the occasional Nigerian millionaire.)
At the same time, USians make feeble attacks at British things (e.g. cars still driving on the left since we were never Napoleonised, bad dental care, eating fruit (limes) to prevent vitamin C deficiency, using the word "liberal" as an adjective not a swearword) and miss the wide open targets that matter to locals (double the death rates from some cancers, Victorian public transport, schizophrenic attitude to USA/EU, binge drinking).
And at the french, they (USians) forget about the French navy saving their ass in the war against the British, and focus on WW2 - Germany invades Poland: France and UK declare war: USA says "yeah, go on guys, here's some IBM computers" until they get attacked by Japan a few years later. God, I hate defending the French :-) But if you're going to attack them, how about mentioning that they're always on strike or burning lambs when they're not working 35 hour weeks or blowing up greenpeace boats. But yeah, the surveys about hygiene do still come out in the newspapers.
As for geography, the papers keep printing surveys that e.g. most florida teachers couldn't find florida on a map of the USA (and that's a bloody easy one!) so I might have a decent chance there :-)
Had Bush 2nd even left the country (or got a passport) before he became president?
It would be great if the Free Software Foundation would create a copyright registry. Anyone would be able to upload any file and get back an MD5 sum and a digital time stamp.
The U.S. Copyright Office copyright registry is too expensive! It costs at least $20, it is necessary to fill forms, mail by snail mail, it takes weeks to get acknowledgement, and it is not private!
I suggest that the cost be $1. Pay a minimum of $10 by credit card, and have credit for 10 uploads of 20 megabytes or less.
With MD5 sums it is not necessary to save the file.
If you looked at the code, and re-wrote it yourself, it wouldn't be a GPL violation.
The only way it would be a violation is if you could prove it was a derrivative work, and for that there'd have to be at least some line of code the same... having *functionally equivalent* lines of code != derrivitive work. If that was the case then Encyclopedias would have ben sueing eachother since the beginning of time for publishing "functionally equivalent" information.
the point to watermarking code is :
a) locating the code portions related to the watermarking is not trivial. It doesn't mean the source code is unreadable, it means locating this code cannot be done via automatic tools, you need actual humans (i.e. paid programmers who cost you money) to browse through thousands of source lines.
b) removing that code isn't trivial either. Once you located the code, you see it consists of lines dispersed through several thousands lines of code. Since the watermark is deeply embedded in the data structures of the program, to remove it you need to carefully examine and rewrite large portions of code. Again, this cannot be done via automatic tools, you need programmers to do it, then you need to test the code to be sure no bugs were introduced in the process.
Basically, watermarking code means to remove the mark you need to spend a lot of money with humans specialists, who will spend almost the same time and efforts removing the watermarking than it would have cost to program the thing from scratch.
Kirinyaga
"Neocon" (as in conservative without a brain) is a better descriptor. Thanks for the suggestion.
Don't get me wrong, either. I'm also fiercy anti-Democrat. They've become no better than Republicans. To call them "liberal" is as laughable as calling a Republican a "conservative."
Back on topic: In our quest for ultimate geek nirvana, let's pick a better set of values than those ascribed to the United States political parties.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
Better, I can see your point, from your interpretation of the key phrases you selected. Now here is what I think is the main point protecting GPL-IP, Open source and standards, Public Domain (due to age or intent of creator) property must be as aggressively protected from wanton and major assaults by profit motivated thieves and pirates. To do this laws must be passed by governments and internationally agreed upon, just like current laws governing commerce, ....
...), but does exist primarily for the good of humanity not for exploitation (as attempted with the human gnome/genetics) by the international capitalist republic steering the WTO/IMF/... for influence expansion of the capitalist republic. In this manner you are correct there are some folks that have decided (for the greater good of humanity) to provide very real IP to the collective resources of humanity. Again, this concept does not advocate collectivization, but does mean that if someone wants to contribute, then what is provided should not be vandalized and/or exploited by the greedy and unethical fools for profit.
....) does not mean they are the enemy, fools, socialist, ... hell they may JFC come back to visit earth.
...) a label and box (dogma) and they automatically start trying to fit the whole human heard in to an space most cannot fit. This attitude on dogma (religious, political, economic, ...) does not make me a nihilist/anarchist, lets leave everyone outside these BS dogma-boxes. I (like many others) know there must be much better ways for humanity to go forward. The current dogma-boxes are little better then those used by Rome 2K or Egypt 4K years ago. The dogma-boxes are slightly adjusted in attempts to cope with changes in technology and population, seldom or never to improve the human species condition and promote evolution.
... Enron, Global Crossings, .... Yes, it's true. The general public sees as "profit-performance", lies, greed, immorality, ... I see the same. Maybe you should look again.
...) do is of no interest to me (I have none of their stock in my portfolio.
Many folks today do not understand that there is public property (sometimes called not-for-profit code/content/IP/...), which is not for free (and is not a school, city/national park,
Therefor, I can lookup socialism and collectivism, but I am not sure it will get you out of your box-thought process. As another point, simply because someone champions humanity (we are our brothers' keeper when they are sick, uneducated, terrorized,
As noted from my last post dogma BS whether on socialism, capitalism, or is in fact pejorative. Give fools (politicians, dictators, demigods,
The marketplace already significantly rewards "profit-performance" and lies, greed, immorality,
Software MS-Win or Linux, the jury is still out. Currently, I support the EFF and non-profit OSDs. I cannot program but I can make small yearly donations to support their humanitarian mission. What the profit motivated OSDs (SCO, MS,
Oldhawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Of sorry if this offends you. But there really is a LOT of anti-american feelings in the rest of the world. It doesn't take a genious to figure this out. Just watch some non-american news stations, or talk to some non-americans, or better yet, go travel.
The may be off topic, but it is in no way a troll. Neither was my last comment. It's simply the truth. It's times like these when the US centricity of slashdot become painfully apparent.
I still say, let them (M$, others) try! The only way it could detriment the computing world is if the companies say, "it's not our fault the code is buggy, we stole it from open source authors..." which only helps our cause by illuminating the proprietary firms failings.
Wouldn't you love lightweight IPC, universal interconnectivity, powerful scripting, and strong security on windows? I wouldn't mind if they pasted their GUI right on top of Linux 2.6! So long as they don't take away my freedoms to use GPL code.
Imitation is, after all, the highest form of praise.