While the copyright act codifies fair use and backups as legal rights of the consumer, it rests upon the constitution. The cosntitution gives creators a monopoly on how that work is copied. If the creator wants people to make as many copies as they'd like, it should trump what the copyright act says as far as how many copies a consumer may make.
However, this could be very bad for fair use. If the copyright act stating that users may only make one copy is found to be unconstitutional in that it restricts what methods a creator can employ to make the copies of his work, then does this put the rest of the fair use provisions in jeopardy? Is the copyright act written in such a way that if one part of the law is found unconstitutional that the rest of it is still intact?
I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
Organize a boycott of the product/service. If the client knows that they will make no money off the product/service unless those working on it get better treatment, it may change their mind on the deadline.
Making money later is a better choice than spending money you won't make back.
user must have control over uploads. I've sought an obtained permission from every rightsholder of the works I share on gnutella. They're glad that I'm distributing their art for them. I should have the ability to download first and share later. If people want to be honest and obtain permission from the artists, the application shouldn't automatically pre-empt the decision by sharing downloaded chunks automatically.
PKI for artists. An artist should be able to sign (consent for distro) their work and a user should be able to choose to narrow their search results to artists who signed their works. The artist pubkey repository should be easy to find. Some artists will never understand crypto, so it should err on the side of availability. We need people to be informed above all else.
Y'all may bitch and whine about what that may do for the protocol, but I will say this in my defense: The major label and mpaa lame-o's will never consent to distro, but independent artists will. If you really want to kick riaa/mpaa squarely in the nards, give them some real competition and do it nice and legal.
My friends and I have set up gpg encrypted/signed chat using fire on OS X. What we did was create local chat only keypairs on our machines, then exported armored pubkeys and uploaded them to a directory on a server for which we all have access via ssh -2.
So we know that our means of acquiring keys is relatively resistant to MITM. To be more secure, we could chgrp the keys for just us and chmod them 640.
Of course, we have to trust the integrity of the machine, but it's better than the automatic key exchanges that trillian and fire offer and more convenient than burning cd-r's of your pubkey for every member of the group and then meeting up with every person you add for a face to face exchange.
http://www.prosoundweb.com/recording/mm/week1/mm .p hp
This has by far been the most read and loved diary of an engineer on a major label project. It might take you a few days, but you will be entertained!
Plus you will learn that one workflow improvement for one cog in this machine doesn't amount to a hill of beans as far as what it take to get the whole project firing on all cylinders.
This has been brought up in the past. Problem is, BitTorrent really only has big advantages for big files. The publisher still has to tell every client who else is downloading. For something as small as a web page you may as well just serve up the page.
However, including an mnet hash at the bottom of the article might do something for you. It's optimized for cacheing and serving up popular files. The hash is significantly small enough to be stuck on the end of an article and then no one server gets singled out.
after uncommenting the vhosts modules, bouncing the daemon doesn't do the trick. I rebooted and it's all swell now.
php, perl, ssl and other mods are commented out by the installer (both load and add). I uncommented php4 before the reboot and it's still not working though, so this might not be a global fix for all non-functioning modules.
10.2.5 killed my virtualhosts. It commented stuff out in my httpd.conf without making a backup. I fixed the conf and bounced the daemon, still no dice. It'll host stuff up from the default directory if I surf there via IP, but not by domain name. I checked my DNS box too, everything's just peachy there (linux x86) so it's not a resolving issue.
the reason people will stick to photoshop is color. Gimp is good for rgb and greyscale, but is useless for print, which needs cmyk color. Not all jobs use cmyk, but why use 2 environments? Photoshop does all color as LAB then converts to the selected color mode. Gimp just doesn't compare to photoshop in the use of color.
Film Gimp, however, could give photoshop a kick in the nards. Recently used in Scooby Doo, it's 16 bit per channel in RGB designed specifically for motion picture retouching and rotoscoping. Photoshop just doesn't have the capabilities film gimp has when it comes to these. The RGB only flaw is not as big a problem in film and video.
Some other independent streams: somafm.com (indie pop rocks is a favorite) spacelab.org (for all your pop and twee needs)
I recommend keeping a list (textfile) of cd's you want to buy in your taskbar/dock. I listen to net radio and if I like a song, I add the info to the list and research the list ever week or so. The list is one click away in the top level of the GUI, so it's really efficient. I gave the list to my family before christmas this year and I was not disappointed.
Another way is to join independent music email lists. There are plenty out there. I belong to several. People post reviews of stuff they discovered or ask for recommendations and get great answers. You can also find out about all kinds of underground shows. You can get 3 or 4 bands in a night for less than the cost of a matinee. And they often sell their CD's there for just over half what the majors sell stuff for in the stores.
I stopped listening to radio after the telecommunications act screwed it all up. But after joining the right email lists and tuning in to independent net radio I've found that the quality and quantity of music in my life has increased tremendously.
There is life outside the scope of the major labels and it is a good life.
Hey Einstein? If you want to have the artists CDs and not just crappy mp3 downloads, you have to buy it from the damn store.
Most record labels aren't majors or members of the RIAA. Same goes for CD releases. Most are on independent labels or the band self-released.
I spend thousands of dollars a year on music. Shows, shirts, CD's...I spend more on music than I do on food. Not a dime goes to majors or RIAA.
And you'd think I was missing out on the 'best' stuff but I'm not. While all those major and RIAA labels are wetting their pants writing songs to conform to clearchannel standards and mastering all the dynamics out of the CD (so theirs will be louder than the competition), the independents are recording music that they like. Music which stands on it's own merits.
As a consumer of music, I have a choice of who I buy music from and why. I choose not to buy music from people who I feel are doing a disservice to musicians and our musical heritage. I actively buy great music from great bands and labels who are not evil.
The major labels are not a utility like PG&E. They are companies who live and die by convincing consumers to give them money. When I can get music which is as good or better from people who treat their musicians and customers with respect there's no reason to pay somebody who acts without ethics or morals. In fact, I feel it's wrong to reward somebody for negative behavior. Rewards are for people who do good.
So if you disagree with what the majors and the RIAA are doing and you give them money, you are a hypocrite. You are saying one thing but doing the other. We are not to blame for their behavior, but we are wrong to reward them for it.
If you don't like DRM CD's, then don't buy any CD's from any label which produces them. They'll get the message.
If you disagree with the RIAA's politics or technological positions and you give their member labels money, you are a hypocrite. Take that money you were going to give to Sony and give it to a label which isn't a corrupt cabal of mobsters. One that will actually give the artists a fair cut of the money and not bootleg CD's under their nose. Or give it to the EFF.
Don't be a hypocrite. Put your money where your mouth is. If you don't like DRM CD's, then boycott the labels that sell them.
A lot of bands have switched to manufacturing EP's via cdr and saving the presses for the full length release. I hope that legitimate CD-R releases aren't being counted as piracy in these raids.
It's just that simple. It's a royal pain in the ass to configure correctly, and when it finally is running, the fonts are butt ugly.
Working in an x-windows based window manager is an ergonomic fustercluck. It's hard keeping your mind on your tasks when you're constantly reminded of clunkiness. Keeping mental state of all the quirks is mental time I could dedicate to my work.
Frankly, x-windows and the window managers that sit on top if it are the human interface equivalent of heavy lifting with your back. A poor imitation of crufty dinosaur GUI's.
I use macs as my workstation boxen and Unix for headless applications. *nix is definitely my operating system of choice, and all my systems run some flavor of it. I use OpenBSD for infrastructure nodes and Linux for development and deployment servers.
My OS X box is my workstation. The interface isn't perfect but it's comfortable and easy. I'm very productive in it, and I never tire of it. If it's in my way, I use bash. It's also nice to have Photoshop on a *nix for the price of a PC.
The rest of my machines don't even have x-windows installed. No GUI at all. Stripped down and optimized for the task at hand.
I think the best way to get Linux past the desktop barrier is to fix the GUI so it doesn't suck so bad. Rewrite it, wave a dead chicken over it, whatever it takes. Otherwise, it never will be a serious contender for something people have to stare at all day and develop a working relationship with.
There are 2 schemes that I've seen for chat crypto. One involves using diffie hellman to negotiate keys between strangers automatically. this is convenient because key negotiation is automatic, and all a user has to do is click a checkbox to get it to work. trillian does this to negotiate blowfish keys. Problem is that it can be MITM'd. The other method I've seen is to use GPG or another openPGP implementation. This can be more secure, as a user can use more secure means of key exchange (burn onto cdrom and hand to your friend) but can be a real pain for people to set up and has all the other quirks of gpg. Fire uses that one.
What IIP does is meld these two schemes in a chocolate-peanut butter kind of arrangement. Inter network node communication uses the first method, but then it layers on the end to end properties of the second (albeit with a second DH exchange).
It also mitigates the client issue. Right now, mac and windows users can't exchange secure IM's because trillian uses one scheme and fire uses the other. IIP bridges this gap for everybody by simply proxying IRC.
So yes, IIP is a hack and you may regard it with a bit of scrutiny. However, you should step back and see how this protocol is similar/different than others in the context of its goals. I think they've done a good job using peer reviewed cryptosystem components when they were available to fit requirements and incorporated some of the better aspects of cryptographic solutions that are around to solve similar problems.
it's 128 bit blowfish with Diffie Hellman key negotiation. Diffie Hellman by itself can be MITM'd (man in the middle'd).
Now, the MITM threat can be managed by a couple means. There is a superset of DH that uses signed keys to avoid MITM. You can also secure the network between the 2 communicating parties.
SecureIM does not use the more secure superset of DH, so it can be MITM'd. The networks that trillian supports secureIM over are AOL and ICQ (both owned by AOL). This means that the US government could compel AOL to automate MITM attacks against secureIM. I wouldn't doubt if this was built into dcs1000/carnivore, echelon and other similar schemes.
One example of why this system does not offer the level of anonymity/security it is claiming is the mistaken belief that adding random "cover traffic" prevents traffic analysis. For some reason amateurs seem to think that if you add a few random bits of message traffic and delay a few messages between nodes then this "noise" will make observation and message correlation harder for an attacker.
It is true that adding random noise into the channel won't completely thwart traffic analysis. However, I think you're considering this from the point of view that the goal is to keep the node associations from the attacker (a talked to b, b talked to c, c shows up in manila with a submarine full of gold) or that the intent is to provide anonymity to the users.
I don't think this is the case. IIP rotates keys between nodes every 52 blocks using Diffie Hellman. You are correct that an attacker can exist within the iip network and use the messages in the channel to do the traffic analysis. Diffie Hellman can be MITM'd, so it is smart to make it difficult to predict when the negotiation takes place. If the amount of blocks that traverse between the hosts can not be guessed by hanging out in the chat and counting how many times they exchange info, you make it more difficult to attack the key negotiation.
Furthermore, from the security in depth department, the data is encrypted for point to point communication, so even if the key exchange at the node level is MITM'd, they still only get cyphertext.
The creators also recognize that the anonymity isn't perfect. Until they can get that working, they've set it up so people have plausible deniability. A malicious node can find the IP's it's connected to, but it never knows if those are end users or another node in the network. So even though you've been identified, you can still deny that you are actually you.
I understand and agree with you about how chaffing data does not provide anonymity or good steganography for the communications. However, I don't think that is why it's used in IIP. It's used to make Diffie Hellman exchanges a moving target. Anonymity, stego and plausible deniability are provided by other means.
From an artistic point of view, the problem isn't which medium to develop...it's how to improve both technologies such that cost/energy/latency is not too different. I should have the freedom to choose the technology which best serves the intent of the piece free from those constraints. It could be film, it could be video. It really depends on how I want it to turn out in the end.
So more substance, less rant: here's how I think these technologies would be useful to end users, and thus what we should be thinking about here.
Video Tap: A major video breakthrough in the feature film making process was Jerry Lewis's video tap. This puts a prism or split field diopter in between the lens and the film plane, splitting it in two, one going to the film plane, the other going to a video camera. This is how a director is able to get immediate feedback on how the scene went (instead of waiting for the dailies the next night to see it). A high framerate video tap for high framerate film would be extremely handy. The quality wouldn't have to be great, it would just need fidelity to tell the director and cinematographer how well composed the take was, and making sure all the stuff thats supposed to be in the take are there...and nothing else (like a boom mic).
Internet/NLE: This also would help in modern, internetworked digital non-linear processes. This is where takes are digitized as they are shot (if not already doing initial capture in DV) and dropped into the timeline in a nonlinear edit suite (avid, cinerella, final cut pro) whos project files are shared in an internetworked data store (film crews on other ends of the world, and the CG shop instantly are able to see their shot in the context of the other units shots...in realtime) via a 3 point edit. Even with a film process, the tap could digitize the footage and insert it into the timeline...the print of the footage could be later scanned and conformed to the timeline. Very handy. So this ties into the throughput problem. You have to consider that the bottleneck isn't CCD voltage intervals, cache tomfoolery or writing to a non-volatile medium. It could be a crappy ADSL connection or satellite uplink set up by people who scarcely understand how that stuff works.
Noise and heat: One of the banes of film making and one of the big advantages of digital video is the noise that all those ratchet/crank/shutter type mechanisms in a camera create. A lot of the sound work in a film is dealing with the noise from the camera. Sometimes, the sound is recorded later after discarding the sound from the set wholesale. Now, in order for a cmos imager to be effective at these speeds, we'll need to keep it cool. Heat is more likely to degrade throughput than buffer speed or size. Hence, we're going to need to build hardware to cool the cmos. That hardware is likely going to be more exotic than the cmos, take more energy than the motor for a high speed film device and potentially create a lot of noise on it's own. So the advantages of the high speed DV cam over film are only possible if the apparatus that supports the camera don't reintroduce the same problems on an equal or greater scale than existed in film.
Personally, I feel that the single greatest and most useful application of this technology, from a creative standpoint is the high speed video tap. It would liberate crews from the burden of dailies and integrate high speed footage into modern production processes.
For non-creative uses (scientific/research), this technology can free users from the latent and toxic nature of film processing infrastructure.
freebirth (http://www.bitmechanic.com/projects/freebirth/) was co-written by a coder/musician. pretty sweet, does some things that rebirth can't. You can hear it in use if you listen to Gold Chains: (http://www.epitonic.com/artists/goldchains.html). He's that co-author guy. Anyway, check freebirth out. F'in sweet.
When we we're jailing Dmitry Sklyarov, people outside the US protested at our embassies. Where/how could people in the US (or other non-european countries) hold a similar protest? It would be nice to let the EU know that people who live under these kinds of laws suffer and are scared. It would also underscore the track record of such laws.
Slashdot Mirror
While the copyright act codifies fair use and backups as legal rights of the consumer, it rests upon the constitution. The cosntitution gives creators a monopoly on how that work is copied. If the creator wants people to make as many copies as they'd like, it should trump what the copyright act says as far as how many copies a consumer may make.
However, this could be very bad for fair use. If the copyright act stating that users may only make one copy is found to be unconstitutional in that it restricts what methods a creator can employ to make the copies of his work, then does this put the rest of the fair use provisions in jeopardy? Is the copyright act written in such a way that if one part of the law is found unconstitutional that the rest of it is still intact?
Bart no like. Baaaad medicine!
I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
Organize a boycott of the product/service. If the client knows that they will make no money off the product/service unless those working on it get better treatment, it may change their mind on the deadline.
Making money later is a better choice than spending money you won't make back.
more items:
user must have control over uploads. I've sought an obtained permission from every rightsholder of the works I share on gnutella. They're glad that I'm distributing their art for them. I should have the ability to download first and share later. If people want to be honest and obtain permission from the artists, the application shouldn't automatically pre-empt the decision by sharing downloaded chunks automatically.
PKI for artists. An artist should be able to sign (consent for distro) their work and a user should be able to choose to narrow their search results to artists who signed their works. The artist pubkey repository should be easy to find. Some artists will never understand crypto, so it should err on the side of availability. We need people to be informed above all else.
Y'all may bitch and whine about what that may do for the protocol, but I will say this in my defense: The major label and mpaa lame-o's will never consent to distro, but independent artists will. If you really want to kick riaa/mpaa squarely in the nards, give them some real competition and do it nice and legal.
My friends and I have set up gpg encrypted/signed chat using fire on OS X. What we did was create local chat only keypairs on our machines, then exported armored pubkeys and uploaded them to a directory on a server for which we all have access via ssh -2.
So we know that our means of acquiring keys is relatively resistant to MITM. To be more secure, we could chgrp the keys for just us and chmod them 640.
Of course, we have to trust the integrity of the machine, but it's better than the automatic key exchanges that trillian and fire offer and more convenient than burning cd-r's of your pubkey for every member of the group and then meeting up with every person you add for a face to face exchange.
the mixerman chronicles:
m .p hp
http://www.prosoundweb.com/recording/mm/week1/m
This has by far been the most read and loved diary of an engineer on a major label project. It might take you a few days, but you will be entertained!
Plus you will learn that one workflow improvement for one cog in this machine doesn't amount to a hill of beans as far as what it take to get the whole project firing on all cylinders.
This has been brought up in the past. Problem is, BitTorrent really only has big advantages for big files. The publisher still has to tell every client who else is downloading. For something as small as a web page you may as well just serve up the page.
However, including an mnet hash at the bottom of the article might do something for you. It's optimized for cacheing and serving up popular files. The hash is significantly small enough to be stuck on the end of an article and then no one server gets singled out.
Yeah, Markoff can kiss my shiny metal ass. I'd read his memes as readily as I'd french kiss a person with SARS.
after uncommenting the vhosts modules, bouncing the daemon doesn't do the trick. I rebooted and it's all swell now.
php, perl, ssl and other mods are commented out by the installer (both load and add). I uncommented php4 before the reboot and it's still not working though, so this might not be a global fix for all non-functioning modules.
10.2.5 killed my virtualhosts. It commented stuff out in my httpd.conf without making a backup. I fixed the conf and bounced the daemon, still no dice. It'll host stuff up from the default directory if I surf there via IP, but not by domain name. I checked my DNS box too, everything's just peachy there (linux x86) so it's not a resolving issue.
This blows. I use vhosts for work.
I agree. No matter how unamerican DRM (the subversion of fair use) is, Kenny G must be stopped.
How is blowing a representation of a real person away with a railgun NOT antisocial!?
He was saying that laptops were 30% of the share of mac sales. Not that macs were 30% of computer industry sales.
Those numbers are totally legit, you just didn't read the words around them.
the reason people will stick to photoshop is color. Gimp is good for rgb and greyscale, but is useless for print, which needs cmyk color. Not all jobs use cmyk, but why use 2 environments? Photoshop does all color as LAB then converts to the selected color mode. Gimp just doesn't compare to photoshop in the use of color.
Film Gimp, however, could give photoshop a kick in the nards. Recently used in Scooby Doo, it's 16 bit per channel in RGB designed specifically for motion picture retouching and rotoscoping. Photoshop just doesn't have the capabilities film gimp has when it comes to these. The RGB only flaw is not as big a problem in film and video.
Right On! Enon Rules.
Other ways to keep track of independent music:
Some other independent streams:
somafm.com (indie pop rocks is a favorite)
spacelab.org (for all your pop and twee needs)
I recommend keeping a list (textfile) of cd's you want to buy in your taskbar/dock. I listen to net radio and if I like a song, I add the info to the list and research the list ever week or so. The list is one click away in the top level of the GUI, so it's really efficient. I gave the list to my family before christmas this year and I was not disappointed.
Another way is to join independent music email lists. There are plenty out there. I belong to several. People post reviews of stuff they discovered or ask for recommendations and get great answers. You can also find out about all kinds of underground shows. You can get 3 or 4 bands in a night for less than the cost of a matinee. And they often sell their CD's there for just over half what the majors sell stuff for in the stores.
I stopped listening to radio after the telecommunications act screwed it all up. But after joining the right email lists and tuning in to independent net radio I've found that the quality and quantity of music in my life has increased tremendously.
There is life outside the scope of the major labels and it is a good life.
Hey Einstein? If you want to have the artists CDs and not just crappy mp3 downloads, you have to buy it from the damn store.
Most record labels aren't majors or members of the RIAA. Same goes for CD releases. Most are on independent labels or the band self-released.
I spend thousands of dollars a year on music. Shows, shirts, CD's...I spend more on music than I do on food. Not a dime goes to majors or RIAA.
And you'd think I was missing out on the 'best' stuff but I'm not. While all those major and RIAA labels are wetting their pants writing songs to conform to clearchannel standards and mastering all the dynamics out of the CD (so theirs will be louder than the competition), the independents are recording music that they like. Music which stands on it's own merits.
As a consumer of music, I have a choice of who I buy music from and why. I choose not to buy music from people who I feel are doing a disservice to musicians and our musical heritage. I actively buy great music from great bands and labels who are not evil.
The major labels are not a utility like PG&E. They are companies who live and die by convincing consumers to give them money. When I can get music which is as good or better from people who treat their musicians and customers with respect there's no reason to pay somebody who acts without ethics or morals. In fact, I feel it's wrong to reward somebody for negative behavior. Rewards are for people who do good.
So if you disagree with what the majors and the RIAA are doing and you give them money, you are a hypocrite. You are saying one thing but doing the other. We are not to blame for their behavior, but we are wrong to reward them for it.
If you don't like DRM CD's, then don't buy any CD's from any label which produces them. They'll get the message.
If you disagree with the RIAA's politics or technological positions and you give their member labels money, you are a hypocrite. Take that money you were going to give to Sony and give it to a label which isn't a corrupt cabal of mobsters. One that will actually give the artists a fair cut of the money and not bootleg CD's under their nose. Or give it to the EFF.
Don't be a hypocrite. Put your money where your mouth is. If you don't like DRM CD's, then boycott the labels that sell them.
A lot of bands have switched to manufacturing EP's via cdr and saving the presses for the full length release. I hope that legitimate CD-R releases aren't being counted as piracy in these raids.
It's just that simple. It's a royal pain in the ass to configure correctly, and when it finally is running, the fonts are butt ugly.
Working in an x-windows based window manager is an ergonomic fustercluck. It's hard keeping your mind on your tasks when you're constantly reminded of clunkiness. Keeping mental state of all the quirks is mental time I could dedicate to my work.
Frankly, x-windows and the window managers that sit on top if it are the human interface equivalent of heavy lifting with your back. A poor imitation of crufty dinosaur GUI's.
I use macs as my workstation boxen and Unix for headless applications. *nix is definitely my operating system of choice, and all my systems run some flavor of it. I use OpenBSD for infrastructure nodes and Linux for development and deployment servers.
My OS X box is my workstation. The interface isn't perfect but it's comfortable and easy. I'm very productive in it, and I never tire of it. If it's in my way, I use bash. It's also nice to have Photoshop on a *nix for the price of a PC.
The rest of my machines don't even have x-windows installed. No GUI at all. Stripped down and optimized for the task at hand.
I think the best way to get Linux past the desktop barrier is to fix the GUI so it doesn't suck so bad. Rewrite it, wave a dead chicken over it, whatever it takes. Otherwise, it never will be a serious contender for something people have to stare at all day and develop a working relationship with.
There are 2 schemes that I've seen for chat crypto. One involves using diffie hellman to negotiate keys between strangers automatically. this is convenient because key negotiation is automatic, and all a user has to do is click a checkbox to get it to work. trillian does this to negotiate blowfish keys. Problem is that it can be MITM'd. The other method I've seen is to use GPG or another openPGP implementation. This can be more secure, as a user can use more secure means of key exchange (burn onto cdrom and hand to your friend) but can be a real pain for people to set up and has all the other quirks of gpg. Fire uses that one.
What IIP does is meld these two schemes in a chocolate-peanut butter kind of arrangement. Inter network node communication uses the first method, but then it layers on the end to end properties of the second (albeit with a second DH exchange).
It also mitigates the client issue. Right now, mac and windows users can't exchange secure IM's because trillian uses one scheme and fire uses the other. IIP bridges this gap for everybody by simply proxying IRC.
So yes, IIP is a hack and you may regard it with a bit of scrutiny. However, you should step back and see how this protocol is similar/different than others in the context of its goals. I think they've done a good job using peer reviewed cryptosystem components when they were available to fit requirements and incorporated some of the better aspects of cryptographic solutions that are around to solve similar problems.
it's 128 bit blowfish with Diffie Hellman key negotiation. Diffie Hellman by itself can be MITM'd (man in the middle'd).
Now, the MITM threat can be managed by a couple means. There is a superset of DH that uses signed keys to avoid MITM. You can also secure the network between the 2 communicating parties.
SecureIM does not use the more secure superset of DH, so it can be MITM'd. The networks that trillian supports secureIM over are AOL and ICQ (both owned by AOL). This means that the US government could compel AOL to automate MITM attacks against secureIM. I wouldn't doubt if this was built into dcs1000/carnivore, echelon and other similar schemes.
It is true that adding random noise into the channel won't completely thwart traffic analysis. However, I think you're considering this from the point of view that the goal is to keep the node associations from the attacker (a talked to b, b talked to c, c shows up in manila with a submarine full of gold) or that the intent is to provide anonymity to the users.
I don't think this is the case. IIP rotates keys between nodes every 52 blocks using Diffie Hellman. You are correct that an attacker can exist within the iip network and use the messages in the channel to do the traffic analysis. Diffie Hellman can be MITM'd, so it is smart to make it difficult to predict when the negotiation takes place. If the amount of blocks that traverse between the hosts can not be guessed by hanging out in the chat and counting how many times they exchange info, you make it more difficult to attack the key negotiation.
Furthermore, from the security in depth department, the data is encrypted for point to point communication, so even if the key exchange at the node level is MITM'd, they still only get cyphertext.
The creators also recognize that the anonymity isn't perfect. Until they can get that working, they've set it up so people have plausible deniability. A malicious node can find the IP's it's connected to, but it never knows if those are end users or another node in the network. So even though you've been identified, you can still deny that you are actually you.
I understand and agree with you about how chaffing data does not provide anonymity or good steganography for the communications. However, I don't think that is why it's used in IIP. It's used to make Diffie Hellman exchanges a moving target. Anonymity, stego and plausible deniability are provided by other means.
From an artistic point of view, the problem isn't which medium to develop...it's how to improve both technologies such that cost/energy/latency is not too different. I should have the freedom to choose the technology which best serves the intent of the piece free from those constraints. It could be film, it could be video. It really depends on how I want it to turn out in the end.
So more substance, less rant: here's how I think these technologies would be useful to end users, and thus what we should be thinking about here.
Video Tap: A major video breakthrough in the feature film making process was Jerry Lewis's video tap. This puts a prism or split field diopter in between the lens and the film plane, splitting it in two, one going to the film plane, the other going to a video camera. This is how a director is able to get immediate feedback on how the scene went (instead of waiting for the dailies the next night to see it). A high framerate video tap for high framerate film would be extremely handy. The quality wouldn't have to be great, it would just need fidelity to tell the director and cinematographer how well composed the take was, and making sure all the stuff thats supposed to be in the take are there...and nothing else (like a boom mic).
Internet/NLE: This also would help in modern, internetworked digital non-linear processes. This is where takes are digitized as they are shot (if not already doing initial capture in DV) and dropped into the timeline in a nonlinear edit suite (avid, cinerella, final cut pro) whos project files are shared in an internetworked data store (film crews on other ends of the world, and the CG shop instantly are able to see their shot in the context of the other units shots...in realtime) via a 3 point edit. Even with a film process, the tap could digitize the footage and insert it into the timeline...the print of the footage could be later scanned and conformed to the timeline. Very handy. So this ties into the throughput problem. You have to consider that the bottleneck isn't CCD voltage intervals, cache tomfoolery or writing to a non-volatile medium. It could be a crappy ADSL connection or satellite uplink set up by people who scarcely understand how that stuff works.
Noise and heat: One of the banes of film making and one of the big advantages of digital video is the noise that all those ratchet/crank/shutter type mechanisms in a camera create. A lot of the sound work in a film is dealing with the noise from the camera. Sometimes, the sound is recorded later after discarding the sound from the set wholesale. Now, in order for a cmos imager to be effective at these speeds, we'll need to keep it cool. Heat is more likely to degrade throughput than buffer speed or size. Hence, we're going to need to build hardware to cool the cmos. That hardware is likely going to be more exotic than the cmos, take more energy than the motor for a high speed film device and potentially create a lot of noise on it's own. So the advantages of the high speed DV cam over film are only possible if the apparatus that supports the camera don't reintroduce the same problems on an equal or greater scale than existed in film.
Personally, I feel that the single greatest and most useful application of this technology, from a creative standpoint is the high speed video tap. It would liberate crews from the burden of dailies and integrate high speed footage into modern production processes.
For non-creative uses (scientific/research), this technology can free users from the latent and toxic nature of film processing infrastructure.
freebirth (http://www.bitmechanic.com/projects/freebirth/) was co-written by a coder/musician. pretty sweet, does some things that rebirth can't. You can hear it in use if you listen to Gold Chains: (http://www.epitonic.com/artists/goldchains.html). He's that co-author guy. Anyway, check freebirth out. F'in sweet.
When we we're jailing Dmitry Sklyarov, people outside the US protested at our embassies. Where/how could people in the US (or other non-european countries) hold a similar protest? It would be nice to let the EU know that people who live under these kinds of laws suffer and are scared. It would also underscore the track record of such laws.