If by complete deniability you mean "the moral satisfaction of knowing they can't prove you're lying", then yes, it's complete deniability.
If you mean "they are likely to believe me and let me out of jail or stop hitting me with this rubber hose", then no, there's not complete deniability.
Of course they know you're using rubberhose so you eventually give up the password to the 100 megs of anarchy and bomb making literature..... all the while your meg or 2 of accounting for you drug dealings is safe.
Except now they have proof you were lying, and they haven't found what they came for.
Far better would be a password that shows them the 400 MB of innocent stuff and IMMEDIATELY deletes all the rest. That would give you plausible deniability.
Do you expect them to just go "We fucked up! I guess everyone can have our new OS for free now! Shucks! Well, won't do that again, ha ha!"
Do you expect AOL to just let you have that post on rograndom.com about using LICQ to get around their efforts to restrict use of their ICQ service?
Would you think it fair if their lawyers sent you a cease and desist notice to remove that post?
The folks who wrote the article didn't pirate OSX, and they didn't advocate pirating it. You do expect people to use LICQ to violate the terms of the ICQ usage policy, however; so Apple is on shakier legal ground with this than AOL would be if they tried to stop you.
And, BTW, if this story were that AOL had served you such a notice, I'd be flaming them in this thread.
As Theo says himself in his interview, people who don't like his model of selling the ISOs are free to make their own. This will hopefully quiet the stupidity that usually follows this announcement:
What was amazing to me about them is the fact that Theo proudly links to them as proof that he was being entirely reasonable and they were being discriminatory, but the emails show quite clearly that he was completely unwilling to make a simple promise not to be an asshole after having demonstrated a history of pissing people off.
He's got a right to be an asshole, and god knows I'm the pot calling the kettle black, but to link to those emails and think they provide vindication is heavily disconnected from reality.
Part of the reason I'm looking for a new laptop is that the keyboard on my Thinkpad 760 is a piece of shit. It's smooshy, and sometimes it doesn't register a key when I type fast because the whole keyboard bends.
Newer ones are probably better, though, and the facts that it's a Pentium 133, has a maximum of 104MB of RAM, and is picky about the RAM are far more compelling reasons why I'm switching to something else.
Thanks for the word about the Apple keyboard, though; just one more reason not to buy an iBook.
But that means nothing compared to actual precendence, of which I am not aware, 'cause I don't really keep up with this stuff. I assume it's protected, as the recent case against that mobster was borderline and it wasn't a question of whether the guy would be forced to give his password, but what to do once it had been aquired.
There's a great analysis on the Rubberhose web site, talking about the legal precedents and arguments currently existing.
The argument that Fifth Amendment protection doesn't extend to things you've already said, such as information on a hard drive already, is scary, even if you don't find it compelling. Courts don't always rule in accordance with a particular interpretation of the law, much less in accordance with logic.
So you are not going to buy an iBook to run Linux on because Apple have an OS upgrade CD (with a license that says that it can only be used for OS upgrades I would imagine) that can be modified (thus breaching the aforementioned license) to install a full MacOSX 10.1 on any Mac instead of only on Macs with 10.0 preinstalled.
No, I'm not going to buy an iBook because Apple uses lawyers to bully a journalist into killing a story on bogus legal grounds because it exposes something stupid Apple did.
Their action doesn't prevent anybody from pirating their software; if you're going to pirate a copy of the upgrade disk, you'd certainly be equally willing to pirate a copy of the full disk.
Or perhaps you were never going to buy an iBook to run Linux on anyway, but thought you would post that ill conceived reasoning anyway?
Think what you want; I have a saved shopping cart on Apple's web site for the iBook, and mailing list posts in a local LUG's list asking if anybody else around here is running Linux on one, and if so what distribution they recommend. That's an awful lot of work to go to for something I am "never going to buy".
But if you use the upgrade CD to install the OS when you don't have OSX, then you are breaking the law. I can't put it any simpler than that.
That's very true. But if you're willing to break that law, you're just as willing to pirate it from a full disk as from an upgrade. They won't sell you the upgrade disk unless you have purchased the OS, remember?
Publishing details that enable people to break the law is a moral issue though.
Yes, and it's one where the law has usually sided with the Constitution and against the censor. Or did you forget about the First Amendment?
No-one can prevent you from printing details on how to build an atomic bomb, or make nerve gas in your kitchen, but you can't publish "delete this file and you can install what you already purchased from an alternate disk". Does that strike you as logical? It must, since you're asserting that disagreeing with it is illogical.
Perhaps you should spend a few more minutes pursuing the logic before you assume I didn't.
I have been narrowing down my choices for a laptop for several weeks now, planning to buy when I get my bonus.
I'd figured that since I run Linux, platform didn't really matter much as Linux will run on pretty much any laptop that exists, so the only important things to consider were:
1) Looks pretty.
2) Good keyboard.
With that in mind, the iBook was on my short list.
You've narrowed my list by one more, Apple. I thank you.
Timothy, if it's "your own home page", it probably doesn't have to be usable to anybody except you, so all the usability standards in the world don't mean jack squat.
"Your company's home page" might make sense as a target for this, but 99% of the people reading this (including me, I admit) don't have anything to say on their OWN home page that's that crucial.
When you decrypt that 400MB section, it will look as though it is actually 1GB in size, with 600MB free space.
Yes, and the judge's expert, who will have read the documentation including the guide, will say "if you only wanted to use 400MB of your disk and didn't have anything incriminating to hide, why would you be using a program designed to do this kind of hiding in the first place."
In fact, as they imply in the discussion on physical coercion, not being able to demonstrate usage of all 100% of the space may get you into more trouble.
The partition "looks like" 1GB, but the fact that's only got 400MB of data is suspicious.
And what happens if the court's expert writes out 600MB of data to "fill" the partition? You better be a pretty good actor, or he'll see in your face that he's gonna overwrite your data. Hope it wasn't important data. It's in his best interest to wipe out YOUR copy and keep his copies. You'll never get them back.
So it's a little deniability for unimportant data, but the court isn't gonna buy that you installed this stuff to protect unimportant data.
I forgot to add, which do you think a judge is more likely to believe:
1) There's an encrypted partition, but I forgot the password.
2) There's software for accessing steganized encrypted partitions, with documentation that recommends creating a large chunk of noise to hide it in, and there's a large chunk of noise, but there's no partition, I just keep random noise on my 2GB drive and only use this 1GB partition, the rest is just where I store the random noise, honest.
The presence of Rubberhose software and a huge segment of random noise on the disk is going to be enough to convince a court that you have a Rubberhose partition.
The suggested "create 1GB of noise and then put two partitions in it, and just say you've got one" isn't going to work either. The court is gonna say "oh, you've got 1GB of noise according to our expert, but only a 300MB partition with nothing incriminating on it? Yeah, right, buddy; gimme the password for the other 700MB partition or you can rot in jail on contempt".
Even a couple megs of "unused" space is going to be taken as a sign you've got a small partition hidden, if you've got Rubberhose software on the system to access it.
Steganography only works when the carrier files have utility beyond that of the hypothetical encrypted information.
So what? You think there's a malicious script kiddie out there who's going "damn, I'd love to own some 5y5t3mz, but I can't find any exploits on Slashdot. Guess I'll go play Nintendo."?
The exploit wasn't news when it went on Slashdot, it was history. The pushback from CERT and various Linux distributions was the news item.
Perhaps worse; we're all getting widescreen TVs now. How about instead of widescreen versions of the shows, HDTV ends up carrying a 4:3 show in the middle of the screen with ads on either side?
The judge has given a roadmap for getting around his ruling: subscriptions. In his judgement a subscription would clearly be a license, not a sale, thus no "first sale" doctrine would apply. Not coincidentally, many large software sellers are moving to a subscription model. This ruling will only serve to accelerate that process.
That's good for us, not bad. Subscriptions will piss a segment of the public off, and that segment may have to turn to Open Source if the entire commercial world is doing subscriptions.
It's ironic, however, that one of the almost universally accepted valid Open Source business models is the subscription. The difference, of course, being that you don't lose your right to use the software if you let your subscription lapse. Subscribing to updates is different than subscribing to usage, and we'll probably need to use a different term to make that clear.
I've found that everything I submit has somebody else's version (usually a/. staffer) posted within three days, but with fewer links and/or less cogent commentary. I just content myself with the knowledge that I was first and better.
Slashdot Mirror
Or of EMACS; why not just use ed? All that extra functionality is just frippery.
Where'd that come from?
The C-X C-S in your signature.
There is complete deniability.
If by complete deniability you mean "the moral satisfaction of knowing they can't prove you're lying", then yes, it's complete deniability.
If you mean "they are likely to believe me and let me out of jail or stop hitting me with this rubber hose", then no, there's not complete deniability.
Of course they know you're using rubberhose so you eventually give up the password to the 100 megs of anarchy and bomb making literature..... all the while your meg or 2 of accounting for you drug dealings is safe.
Except now they have proof you were lying, and they haven't found what they came for.
Far better would be a password that shows them the 400 MB of innocent stuff and IMMEDIATELY deletes all the rest. That would give you plausible deniability.
How are you going to exploit it if it's not started, genius?
Hence why I said "a bit disingenuous", not "incorrect".
And even if you do start it, it's a local hole.
No, it's not.
I see that as being a pointless waste of effort.
And that is why the *BSDs are an "also-ran".
Cute graphical installers are just frippery.
The same can be said of cute ncurses-based installers. Why not just make everybody edit a text file on the boot floppy?
Or of EMACS; why not just use ed? All that extra functionality is just frippery.
Do you expect them to just go "We fucked up! I guess everyone can have our new OS for free now! Shucks! Well, won't do that again, ha ha!"
Do you expect AOL to just let you have that post on rograndom.com about using LICQ to get around their efforts to restrict use of their ICQ service?
Would you think it fair if their lawyers sent you a cease and desist notice to remove that post?
The folks who wrote the article didn't pirate OSX, and they didn't advocate pirating it. You do expect people to use LICQ to violate the terms of the ICQ usage policy, however; so Apple is on shakier legal ground with this than AOL would be if they tried to stop you.
And, BTW, if this story were that AOL had served you such a notice, I'd be flaming them in this thread.
They're still saying "Four years without a remote hole in the default install!"
Isn't it a bit disingenuous to say this? Yes, it's true that the default install doesn't start lpd, but it certainly installs it.
Open/Free/Net don't need a User Friendly graphical install interface because their current interface is friendly to the users they aim at.
And yet, the other OSes that aim at those same users, such as Solaris, AIX, and HP/UX, do have GUI installs.
As Theo says himself in his interview, people who don't like his model of selling the ISOs are free to make their own. This will hopefully quiet the stupidity that usually follows this announcement:
As usual, ISO images here.
What was amazing to me about them is the fact that Theo proudly links to them as proof that he was being entirely reasonable and they were being discriminatory, but the emails show quite clearly that he was completely unwilling to make a simple promise not to be an asshole after having demonstrated a history of pissing people off.
He's got a right to be an asshole, and god knows I'm the pot calling the kettle black, but to link to those emails and think they provide vindication is heavily disconnected from reality.
Not the worst, but certainly not an IBM.
Part of the reason I'm looking for a new laptop is that the keyboard on my Thinkpad 760 is a piece of shit. It's smooshy, and sometimes it doesn't register a key when I type fast because the whole keyboard bends.
Newer ones are probably better, though, and the facts that it's a Pentium 133, has a maximum of 104MB of RAM, and is picky about the RAM are far more compelling reasons why I'm switching to something else.
Thanks for the word about the Apple keyboard, though; just one more reason not to buy an iBook.
But that means nothing compared to actual precendence, of which I am not aware, 'cause I don't really keep up with this stuff. I assume it's protected, as the recent case against that mobster was borderline and it wasn't a question of whether the guy would be forced to give his password, but what to do once it had been aquired.
There's a great analysis on the Rubberhose web site, talking about the legal precedents and arguments currently existing.
The argument that Fifth Amendment protection doesn't extend to things you've already said, such as information on a hard drive already, is scary, even if you don't find it compelling. Courts don't always rule in accordance with a particular interpretation of the law, much less in accordance with logic.
So you are not going to buy an iBook to run Linux on because Apple have an OS upgrade CD (with a license that says that it can only be used for OS upgrades I would imagine) that can be modified (thus breaching the aforementioned license) to install a full MacOSX 10.1 on any Mac instead of only on Macs with 10.0 preinstalled.
No, I'm not going to buy an iBook because Apple uses lawyers to bully a journalist into killing a story on bogus legal grounds because it exposes something stupid Apple did.
Their action doesn't prevent anybody from pirating their software; if you're going to pirate a copy of the upgrade disk, you'd certainly be equally willing to pirate a copy of the full disk.
Or perhaps you were never going to buy an iBook to run Linux on anyway, but thought you would post that ill conceived reasoning anyway?
Think what you want; I have a saved shopping cart on Apple's web site for the iBook, and mailing list posts in a local LUG's list asking if anybody else around here is running Linux on one, and if so what distribution they recommend. That's an awful lot of work to go to for something I am "never going to buy".
But if you use the upgrade CD to install the OS when you don't have OSX, then you are breaking the law. I can't put it any simpler than that.
That's very true. But if you're willing to break that law, you're just as willing to pirate it from a full disk as from an upgrade. They won't sell you the upgrade disk unless you have purchased the OS, remember?
Publishing details that enable people to break the law is a moral issue though.
Yes, and it's one where the law has usually sided with the Constitution and against the censor. Or did you forget about the First Amendment?
No-one can prevent you from printing details on how to build an atomic bomb, or make nerve gas in your kitchen, but you can't publish "delete this file and you can install what you already purchased from an alternate disk". Does that strike you as logical? It must, since you're asserting that disagreeing with it is illogical.
Perhaps you should spend a few more minutes pursuing the logic before you assume I didn't.
I have been narrowing down my choices for a laptop for several weeks now, planning to buy when I get my bonus.
I'd figured that since I run Linux, platform didn't really matter much as Linux will run on pretty much any laptop that exists, so the only important things to consider were:
1) Looks pretty.
2) Good keyboard.
With that in mind, the iBook was on my short list.
You've narrowed my list by one more, Apple. I thank you.
Timothy, if it's "your own home page", it probably doesn't have to be usable to anybody except you, so all the usability standards in the world don't mean jack squat.
"Your company's home page" might make sense as a target for this, but 99% of the people reading this (including me, I admit) don't have anything to say on their OWN home page that's that crucial.
When you decrypt that 400MB section, it will look as though it is actually 1GB in size, with 600MB free space.
Yes, and the judge's expert, who will have read the documentation including the guide, will say "if you only wanted to use 400MB of your disk and didn't have anything incriminating to hide, why would you be using a program designed to do this kind of hiding in the first place."
In fact, as they imply in the discussion on physical coercion, not being able to demonstrate usage of all 100% of the space may get you into more trouble.
The partition "looks like" 1GB, but the fact that's only got 400MB of data is suspicious.
And what happens if the court's expert writes out 600MB of data to "fill" the partition? You better be a pretty good actor, or he'll see in your face that he's gonna overwrite your data. Hope it wasn't important data. It's in his best interest to wipe out YOUR copy and keep his copies. You'll never get them back.
So it's a little deniability for unimportant data, but the court isn't gonna buy that you installed this stuff to protect unimportant data.
I forgot to add, which do you think a judge is more likely to believe:
1) There's an encrypted partition, but I forgot the password.
2) There's software for accessing steganized encrypted partitions, with documentation that recommends creating a large chunk of noise to hide it in, and there's a large chunk of noise, but there's no partition, I just keep random noise on my 2GB drive and only use this 1GB partition, the rest is just where I store the random noise, honest.
Rubberhose doesn't give you deniability.
The presence of Rubberhose software and a huge segment of random noise on the disk is going to be enough to convince a court that you have a Rubberhose partition.
The suggested "create 1GB of noise and then put two partitions in it, and just say you've got one" isn't going to work either. The court is gonna say "oh, you've got 1GB of noise according to our expert, but only a 300MB partition with nothing incriminating on it? Yeah, right, buddy; gimme the password for the other 700MB partition or you can rot in jail on contempt".
Even a couple megs of "unused" space is going to be taken as a sign you've got a small partition hidden, if you've got Rubberhose software on the system to access it.
Steganography only works when the carrier files have utility beyond that of the hypothetical encrypted information.
those holes don't normally get broadcast on /.
So what? You think there's a malicious script kiddie out there who's going "damn, I'd love to own some 5y5t3mz, but I can't find any exploits on Slashdot. Guess I'll go play Nintendo."?
The exploit wasn't news when it went on Slashdot, it was history. The pushback from CERT and various Linux distributions was the news item.
If you're concerned about security you're not using wu-ftpd anyway. They have a remote exploit found about once a month.
How dare those RedHat bastards fix a security problem early.
Congratulations, you now have a 50" widescreen TV with a 19" 4:3 picture. For a couple grand, plus the cost of your converter.
It'd be cheaper to just tape a couple of pieces of paper over the screen.
Perhaps worse; we're all getting widescreen TVs now. How about instead of widescreen versions of the shows, HDTV ends up carrying a 4:3 show in the middle of the screen with ads on either side?
The judge has given a roadmap for getting around his ruling: subscriptions. In his judgement a subscription would clearly be a license, not a sale, thus no "first sale" doctrine would apply. Not coincidentally, many large software sellers are moving to a subscription model. This ruling will only serve to accelerate that process.
That's good for us, not bad. Subscriptions will piss a segment of the public off, and that segment may have to turn to Open Source if the entire commercial world is doing subscriptions.
It's ironic, however, that one of the almost universally accepted valid Open Source business models is the subscription. The difference, of course, being that you don't lose your right to use the software if you let your subscription lapse. Subscribing to updates is different than subscribing to usage, and we'll probably need to use a different term to make that clear.
Can Wil Wheaton be in your paper?
I've found that everything I submit has somebody else's version (usually a /. staffer) posted within three days, but with fewer links and/or less cogent commentary. I just content myself with the knowledge that I was first and better.