There is one other factor that Bozdune did not consider (perhaps it was not just that important to his business). What happens the next time the code produced by the outsourcing needs to modified?
More importantly, what happens the next time you want to do something that sounds similar? Do you (management) know enough about what you actually have to rationally decide how hard it would be to modify the existing code to meet the new business requirements?
Do you have experienced development staff who quickly modify the code because of long experience with it? Is your development team aware of all the problems that happened last time, and have proactively come up with plans to improve things the next time around?
To me, these problems are the most pernicious effect of out-sourcing. It is literally corporate knowledge seeping out the door. I've watch older applications be put in "out-sourced" support, which is almost a sure death sentence. More importantly, not only does the application go away, but the company looses knowledge on how to make that class of business solutions.
Since I still have to outsource, the only way I've found past this problem is to establish long term relationships with out-sourcing firms. If the out-sourcing firm has stable employment, and can provide people who generally work on "your" projects, you can overcome the worst of these problems. It is also important to carefully consider what you out-source, most successful projects at the very beginning and very end of their life-cycle (again, watch out for knowledge loss with the end-of-life projects).
First, the Slate article is at best misleading. The original FCC press release had a lot of contradictory material - things like "the flag won't affect computers" and "computer HDTV tuners must preserve the decoded HDTV signals with robustness (eg. hardware protection)". The Slate article resolved all FCC contradictions as pro-consumer; something that I don't think will happen once the details are released. If the FCC were honest, they would just say we can't design the system with the promised consumer protections; so we will rescind the broadcast flag requirement. There is little chance of that happening, unless they are motivated by massive protests (both consumers, and hopefully the consumer-electronics and computer industries).
Second, there is full intent by the studios to force the use of the broadcast flag everywhere. The FCC may only require its use in over-the-air HDTV signals, but don't forget that that the studios have already forced satellite providers to include this functionality (thus no FCC mandate required). Just because the FCC does not require the flag for "satellite or cable consumers" does not mean that they will not also be subjected to it!
Don't forget that once the flag has been added, that the DMCA makes it illegal to circumvent it (regardless of why the flag was put there; the DMCA treats both FCC-mandated over-the-air and manufacturer "feature" broadcast flags equally).
Funny thing, from my perspective, the problem is not enough regulation!
Don't get me wrong, the government never should have gotten into this in the first place. But once they decided to get into this type of regulation, it takes a lot of work to make it work right. Instead of making careful regulations, the FCC has essentially said "we will let the market (i.e. the large corporate stakeholders) regulate itself". This will naturally result in the consumer being screwed!
I see a regular problem with libertarians and dealing with government intervention. Once the government has gotten involved and stirred up the pot (with mandates and the like), don't pretend the market will solve things thereafter. If the government has intervened and unbalanced a market, the solution should be to work through the government to rebalance the rules (preferred choice: elimination) into an even playing field again.
That does not mean that the market will not provide some correction to government intervention - but these corrections are typically much more severe. The failure of DAT is a good example. Not only were opportunities lost, but they are still pretty much lost today (question - who benefits when people don't "own" the music they themselves produce - the RIAA!). Even today, there are very few methods of digitally recording sounds produced by yourself - unless you buy a "professional" product (an exemption built into the law that otherwise screwed the consumer).
I'd also recommend Gibson's "Holy Fire". It took me a while to get through it for some reason, but it does a nice job of investigating just this topic - what happens when technology can extend human lifes.
Then all of sudden, Aaron Spelling informed everybody that you couldn't show the film without paying him royalties. How did he seize control of a film in the public domain? By buying the rights to the story it was based on, and also to a song played in the movie.
This is basically correct, except things just got a little better. There was a recent supreme court ruling on a case that sounded very similar to this one - essentially a TV show based on a book that was not renewed. The court decided that the TV show was in the public domain, even if the book was not.
1) Diebold is not moving to "128bit" encryption, it is going to Triple-DES, which has an equivalent strength somewhere between 80-bits to 112-bits (the lower figure is what the ANSI X9 standards pessimistically assume). When you hear someone talk about 3DES with 168-bit strength; it is a sign of either cluelessness and/or marketing-hype.
2) The 3DES upgrades for ATM are expensive, but they often include two other features - an encrypting-PIN-keyboard and a PKI feature for remote key-loading. The encrypting keyboard is a recent security requirement (insiders were placing taps inside the ATM between the keypad and the security processor). The PKI-based remote-key feature is still immature, but will save the ATM operators a ton of money in the future.
3) Someone mentioned that ATMs are only connected with leased lines, which was largely true until 10-15 years ago. Today there are many POT dial-up ATMs, and internet ATMs are starting to become more common. In theory the ability to tap or modify the communication stream between ATM and Host won't buy you anything other than a Denial-of-Service attack. That assumes both the ATM and the Host are following the latest standards and policies; sadly not always a safe assumption.
4) The notion that banks will go to 3DES because it is "the right thing" is a bit naïve. Some banks are very security conscious, and I've dealt with a few that did 3DES migrations 4-5 years ago. But the most of the banks won't change until there is a club to their head. DES at 56-bits has been known to be less than optimal for years, but the average bank is only now changing because you have organizations like MasterCard and Visa saying: "You can't participate on our network unless you protect the PINS and keys with 3DES". The current mandates require that new ATMs have 3DES, but they don't require retrofitting of deployed ATMs until Dec 2005. Guess when most of the banks will go to 3DES?
Enough myth busting for now. I'll leave the mysteries of why banks are not using AES, and why they are not upgrading all their internal systems to 3DES for another day.
I don't see much to worry about in HR2517, at least on the surface (speaking as a copyright reformist who believes the current laws are unbalanced and ultimately are detrimental to the promotion of art and science). Iâ(TM)d like to see more education, especially if it helps wake up people to how restrictive the current laws are.
I tend to mistrust the further removal of due process that is talked about in the bill â" much of the bill is geared towards allowing copyright prosecutions to take place even if the material in question has not been formally registered with the copyright office. Iâ(TM)m not sure why this is such an urgent need for Section 2 points 8-11.
I tend to distrust a law that formalizes weak claims â" in effect the law seems to allow greater abuses where alleged copyright owners can file claims with less need to prove they are actually the copyright owners. We have all seen that the DMCA has been misused for false claims because the accuser does not have much downside. None the less, I might change my mind about this if someone could present a great explanation of why copyright registration exemptions are needed and why the current laws donâ(TM)t work.
Section 3 and 4 are kind of interesting â" I wonder how much budget will be attached to this bill to expand the FBI? I fear what will happen if this bill is actually passed is that the FBI will be burdened to do these action without any extra budget, and this will actually cause an overall decrease in the FBIâ(TM)s effectiveness.
All in all, it looks mostly like a bit of special purpose legislation that congress can pass to justify itâ(TM)s campaign fund raising. I donâ(TM)t think it will be particularly effective unless a lot of money is attached to the bill, and not much will come of it.
I thought the last question had a particularly great set of RIAA spinsâ¦
Q: Without anti-copyright devices, wouldn't that extend copyright terms for eternity?
Matt Oppenheim responds: The DMCA Anti-Circumvention provision is intended to encourage innovation, both in the artistic community and the technological community.
Yeah thatâ(TM)s it, talk about intent. Donâ(TM)t pay any attention to what it actually does!
...To date, nobody has suggested that copy control technologies have locked up a work that should be in the public domain.
Hmm, there were 3 or 4 complaints at the last Library of Congress DMCA review where people complained about public domain movies that had the full set of DVD copy protections. There were also complaints about electronic books that restricted use of public-domain stories (the classic "can't read aloud" setting for Alice in Wonderland). Iâ(TM)d have to call that statement an outright lie!
Of course the fact that NO works have entered the public domain recently (thanks to congressional extensions) has NOTHING to do with why this is not more widely noticed!
They are selling material that is copyrighted. That means that copying (and all permutations thereof) of that material is restricted. End of story.
You have now bought the RIAA's over simplification is issues. That is the real point of why they keep howling about copy infringement. The point you are missing is that the solutions they keep asking for don't really solve copyright infringement.
The solutions they have asked for (and have mostly been granted by a lazy congress) end-up giving the RIAA and MPAA much more power, take away the rights of citizens and consumers, hobble the technology industry, and [most ironically] discourage creation of new creative content. Meanwhile the "piracy" problem does not get addressed by these measures so they keep on having to ask for more and more.
Finally, your statement is a classic summary of what the RIAA wants you to believe. It ignores a bunch of complications like the Digital-Home-Recording-Act of 1992 which allows people to distribute copies of digital audio recordings (so long as those copies have a special tax - best know example is the CD-Audio blank). To paraphrase your statement into an even more obvious form: We have a stealing problem and need special rules to help us out (never mind the details).
Pushing the absolute limit set by your dive computer IS DUMB...
It all depends on the context, as a previous poster stated there is an element of choice here. You choose the computer, and you choose the settings in the computer. For example I've set my computer (a Cobra) to use the most conservative setting (of 3 choices). Does that mean I'm dumb to use the maximums provided by that mode? Same concept applies to choice of computers.
When I first heard about this several months ago (I heard about it from RISKS), I started thinking about how I as an intelligent person could detect and counter this type of software bug.
I agree with the point about trusting the computer's readouts about safe time to fly. Obviously in the case of the people flying after diving, they violated the standard cautions about air travel. For instance the latest NAUI recommendation is to not fly at least 12 hours after a single dive, and to wait at least 24 hours after multiple dives. Recent articles in DAN have been more conservative, and recommend at least 24 hours. People should not let a dive computer override those recommendations.
But a number of other divers were injured after a more typical procedure of doing multiple dives per day. I suspect, but am not sure that some of these incidents could have mitigated by common sense. They usually involved 4 or more dives in a day. While 4+ dives a day obviously can be done safely, I think common sense should indicate that you don't want to push the absolute limits here.
I think the best prevention method is to still use the charts. If you did a wall dive starting steep and going shallower, you can still use the charts as a basis - check and see what the chart results would be if you were a column or two better. While this would be a risky practice for pure chart diving, I believe this would be a useful information supplement to make sure that your computer is working within normal parameters.
Plagiarism per say is not against the law, but copyright law does grant authors specific derivative rights that overlap. Next to the DMCA (and mandated DRM), I've come to feel the worst part of current copyright law is the over expansion of these derivative rights.
To take the parent post's example of a 10 year old creating their own Pokemon characters, technically that is illegal. It is also the way people learn and is very natural to society.
I saw a recent op-ed by Richard Posner, a 7th Court of Appeal's Judge, called The Truth About Plagiarism. I think it is worth reading.
I'll concede your point about the public domain not shrinking, but you can't claim it is expanding either. Once material from 1923+ starts expiring, than I'll let you get away with "not expanding as quickly":-) I hope congress took enough notice about the Eldritch case to stop them from lengthening the term again, but I remain pessimistic.
As for creativity, I attended a liberal arts college with emphasis in Journalism and Theater (my major was computer science). I've taken a graduate seminar in law for Computer Professionals, as well as management and ERT law classes. I've read and discussed copyright law extensively (it has been something of a soapbox for about 3 years now).
I think I understand your point about plagiarism, but depending upon your actual definition that does not negate what I'm saying. For example, if an author were to write a story set in the Star Trek universe, but with original characters and plot lines - would you call that plagiarism? According the current copyright law this most likely would be copyright infringement. I claim that this is an excessive amount of protection, and that in most cases the author probably did nothing morally wrong. Multiply that by a lot of people, and most of the writing will not be great works of art, but will there be a different percentage of "goodness" between borrowed settings and the [theoretically] totally original story?
Now go back and re-read the example, substituting "student" instead of "author". Does this action by a student make a difference in how you feel about it? Why is it OK to infringe copyright for learning, but not for commercial sale? When I read to my toddler, occasionally he likes to make up alternative plots or wordings to his favorite stories (something I highly encourage). Yet if I were to record these alternative versions (even if I did not sell them), I am technically in violation of copyright.
---- Here are a couple of further explanations about points made in earlier posts. Perhaps this concept of setting needs an example: say I wanted to tell a "tall tale" about a lumberjack. The stories about Paul Bunion instantly set a mood, and if I decide to attribute one more story to that classic hero, I might perhaps be able to write a story more elegantly because of the cultural assumptions that come with him. This is actually an amusing example, because "Paul" was made up for advertising, and most of the stories are based on folk tales that have been told about other people in other settings. So lets say "Paul" is still in copyright (I seem to recall that it dates from 1910 or so, so it probably is not) - does my use of him constitute plagiarism, or is it morally wrong? I don't think so personally. Would my story have been better if I did not start out with a stock character? Maybe, maybe not - I don't think there is a definitive answer.
Also I wanted to explain what I think is proper "Sequel" protection: trademarks! Active trademarks don't expire, and they help consumers determine who produced the work. There may be a lot of "hacks" out there, but trademarks will help people determine who to trust. A good example is often talked about with the potential expiration of Mickey Mouse. Personally I don't think Disney has done that great of a job with him recently, but lets say that some people highly value the "official" Disney Mickey Mouse stories. When versions of Mickey enter the public domain, and anybody can incorporate him into their work, the customers can still rely upon Disney trademarks.
Depending upon circumstances I may even agree with you, but you have to confess that things can get pretty fuzzy when you talk about expression being a combination of dialog, the character's name, the location of the plot and the plot itself. The importance of any particular factor varies a lot!
The way I see it, there is a spectrum of derivative work - ranging from straight translations to stories that are only vaguely related. My complaint is that the current copyright laws have been largely written by copyright holders (see Digital Copyright by Jessica Litman for more about this claim); who have a strong economic incentive to draw the line as far to the "vaguely related" side as possible. There will never be a perfect definition (that is why we have judges), but currently copyright is so over-protective of derivative works that culture as a whole suffers.
You claim that forcing a screenplay writer to come up with an original story will have a better result for society, but don't provide much proof. I can certainly come up with examples, pro and con. I think the best example of harm comes not from professionals trying to write hack stories, but from the hindrance to education and learning. We probably laud the process of getting a young student to write a story based on things that inspire them, but under current laws the story they wrote infringes upon derivative copyright protection. The lets-pretend games exercise the imagination and help establish valuable thought processes; but many of them also infringe upon derivative copyright protection. Now these laws are rarely enforced against children (but it does happen now and then - now that the internet has made fan fiction so public); ironically the marketing for movie-toys is based upon the assumption kids will play this way.
One other factor to take into account is the shrinking of the public domain. Throughout written history, writers have often referenced (directly or indirectly) past works in a very beneficial manner. In our society we have both extremely long copyright terms and very broad derivative protection. This makes it much harder to practice the time-honored techniques of referencing other works that your audience would be familiar with.
Let me close with a few more tweaks against this "totally original" is better philosophy. This broad combination of copyright protection may produce more "original" works, but the chilling effect could just as easily suppress a great deal of worthy but less original work. Do we want a nation with a lot of creative people who sometimes create totally original work; or a nation that very rarely produces creative work -- but really rewards it when it happens? Our current laws clearly assume that most people are not creative - and is actually geared toward preventing widespread creativity. The 1992 DHRA is a good example: it assumed that the only audio recordings people made were of mass produced recordings; and mandated serial-copy management (SCM) for all digital-audio consumer recorders which greatly hinders home musicians.
Even if more original stories are created, the current laws also tend to produce creative works that are shallower. Entrenched copyright holders don't have competition, so they can be lazy in expanding upon their "base" (prior to current laws, they would have faced competition from outside creators because the "base" would have been in the public domain). The new creators don't have the option of building a story "upon the shoulders of giants", and have to build-up all the references from scratch. Since they have to spend so much time building up the internal framework of the story, they have less energy to put into the other truly creative parts of the work. Short stories become much harder to write, and are rarely published. The law encourages creation of lots of shallow sequels, and discourages works of great depth.
Copyright does not protect ideas, it only protects the expression of ideas.
In theory Copyright only protects the expression, not the ideas behind the expression. The big exception, at least in my opinion, is the concept of derivative control. There are two main areas where this comes up - translations and sequels. These concepts have been introduced into US copyright law over the last 100 years, and have grown progressively stronger.
The case for granting copyright holders protection against translation is stronger than sequel protection. In the 19th century authors did not even have language translation protection - a book written in English could be translated into another language and sold without the copyright holders permission. Another common form of translation is making a movie based on a book (from memory this protection was added in 1914). From a high level, I think these added copyright protections are beneficial to authors and may even provide a net benefit to society.
The problem is that we are no longer protecting the expression, rather the ideas behind the expression. This is a fuzzy area, and unfortunately the current laws have expanded the power of copyright holders well into idea protection. Lets look more closely at the idea of translating a book into a movie. Almost no movie is a literal translation of book; and as we all gripe from time to time sometimes the movie has almost no resemblance to the book.
Take the example of a movie that is very loosely based on a book. All they share is ideas of plot and character personalities. They have no common "expression" (such as a movie character who speaks something written in the book). Why should the book author have control over the movie under these circumstances? Would it make any difference to your feelings if the book and movie used the same title? How about the same names for characters and locations? Everything here (except the titles and names) are ideas, not expressions; yet our current copyright laws give the copyright holder control over them.
The current laws even provide sequel protection, where the copyright holders can control who uses the ideas of the "world" they have created. So even if the story share no plot elements or main characters; the copyright holders can control how the world is used. At this point we have reached a point, that in my opinion, where the copyright laws have become very unbalanced. It allows some entrenched copyright holders to rope-off ideas, and causes a negative impact to culture.
I can already hear certain people saying "come up with your own ideas", and there are a couple of problems with this approach. The first is that there are only so many ideas; perhaps the best example is the "4-note" protection of songs where in theory no composer should have more than 3 notes of "substantial similarity" between what they are writing and any song under copyright (if this was truly enforced by all copyright holders, song writing would become a rare art indeed). The second is that protection of ideas is not good for society, indeed the interaction of expanding upon ideas is at the heart of creation.
Consider a range actions, all of which might be called sequels: 1) While watching a movie I wonder what if "x" made a different decision, 2) Some friends and I talk about the "x" decision, 3) Some friends and I talk about this on a public discussion group, 4) A group of friends decide to act out the situation to further explore how the decision effected things, 5) I write a paper/story about this decision, 6) I sell the paper, 7) I write a modeling program with decision trees based on that situation (some might call this a game), 8) I sell this program.
Now all of these actions are ideas, yet only (1) and (2) are clearly permitted by copyright law. The public discussion (3) will mostly be permitted under fair use, but there are legal cases where disscusions have been ruled illegal (usually when the information that started the dicussio
If Temple of Doom didn't have enough action or adventure for you, you need to check your pulse.
Temple of Doom had all the makings needed for a great movie, but it lost out on the cutting-room-floor. This is especially noticeable in comparison to Raiders', which is perhaps the best paced movie I've seen. Raiders knew just when to slow down and let the audience catch their breath, and when to hit them with another action sequence.
Temple' on the other hand was greatly uneven, alternating between too long action sequences and long slow sequences. The slow sequences were further hindered by less sympathetic characters (the kid and the girl both got annoying).
I confess that I loved the opening, but I would shed no tears if they cutout the entire rollercoaster sequence. If they cut out 15 or so minutes from the movie, it would dramatically improve Temple'.
Schneier's book, while certainly well-meaning, has promoted the idea that you don't need to understand formal notions of security to be a serious cryptographer.
I'd like to see the AC expand upon this, since I'm not quite sure what he means. Given the typical short attention span of/. I'm going to make a guess on what he meant; and comment on that guess. If I have guessed wrong, please post a follow-up comment.
Schneier himself has mentioned the problem with poor crypto system designs (and the self-taught 'expert' saying: "...but I read Applied Cryptography.":-) This book is really the perfect opposite of that - it talks about many design problems and constantly warns people to seek expert help during system design.
If someone wants to be a cryptographer, this book won't help them much (see my other post about lack of details). But this booked was not targeted to cryptographers in the literal sense; it was targeted towards designing systems that use cryptography.
The dangerous road is the middle road, where we have "experts" who don't really understand the foundations of the subject.
This is where I start to have problems with your post. Perhaps it depends upon your definition of what understanding "foundations" is, or what you mean by learning "some" complexity and computational number theory. At a high level, someone who is just designing a web application does not need to know any of those things. They do need to know the benefits and negatives of SSL/TLS, basics of key management, threat issues and the like. For people like these, Practical Cryptography is just fine.
Even at a lower level, a crypto system designer does not need a full understanding of cryptographic primitives. For example you mentioned factoring; a designer does not need to know the details of the general field number sieve method; but they do need to know that there are a variety of factoring methods that are slowly improving in efficiency when it comes time to select an algorithm and key length. Perhaps surprisingly to you, even than books like Schneier's can be useful. I know that I often start with Applied Cryptography because of the good overviews, before moving to another book for more details (like the CRC Handbook).
I've read about 1/3 of the book, and based upon that feel the book is worth recommending. Aside from the good points I'll mention below, my biggest problem with the book is lack of depth. I've been doing applied cryptography for over 15 years now, so I'm probably not the typical reader (I'm not a cryptographer in the formal sense, but I design protocols and use cryptographic constructs on a regular basis).
The writing is clear and does a good job of presenting information, and doing that well for a dense subject like cryptography should not be underestimated. The book is strongly opinionated, and I think that is a strength since the authors try [and for the most part succeed] in explaining how those opinions were formed. The topics are fairly comprehensive, and the material seems to be well organized (from what I've read so far).
For the knowledgeable, it is a bit disappointing. I did not expect to learn tons of new stuff, but was still disappointed at the depth. In many ways, the book was only a half-notch deeper than reading Schneier's Cryptogram essays, where perhaps I was hoping for something more like his papers. The good use of footnotes and references helps offset things a little.
There were clearly areas where the authors were more interested in than others, often corresponding to previous work (CTR block-cipher mode, PRNG). Other areas were less inspired, for example in the MAC (message-authentication-code) chapter they offer the advice "Do not output any of the intermediate values." This sounds good at first glance, but it totally impractical except under special circumstances (if the MAC routine allows variable length messages, and almost all do, intermediate values can be calculated by simply feeding the parts of the message into the routine - thus this advice has no real world value).
Another nitpick, is that I would have liked to see the various "rules" and advice formulated into check lists. That would have made the book much more valuable for crypto system designers, be they novice or expert.
On the balance, I feel that the book is worthwhile to anyone interested in the subject of cryptography, or who has to use [or design, test] a system that has cryptography. It won't make you an expert (funny how some people still think reading a book could do this), but at least it raises an awareness of the types of problems that derail cryptographic systems designs. It is easy to read and informative.
The 1984 date struck me; since that was the year I bought my first PC computer. It was being discontinued (and I got an IBM employee discount thanks to an uncle) - I don't remember what the list price was.
IBM PC-XT Portable {we called it the luggable} Price: ? ($950 discount, with bundled software) CPU: 8088 4.7 MHz (+$20 NEC V20) Memory: 128KB RAM (+$50 for 640KB) Interfaces: none Monitor: 9" Amber CGA Text: 80x25 Graphics: 640x240, 16 shades of amber OS: IBM DOS 2.0 FDD: 2 x 360 KB FDD (DS, DD) Weight: somewhere under 30 pounds in the canvas carrying case Languages: IBM Basic (in ROM) Options: 1200 BAUD internal Modem ($500), 20 MB HDD ($600 not IBM)
Actually, I have to say I ended up with a better computer (plus no need to pay for a Gym membership:-) The low price was because by 1984 it was apparent that the XT Portable was not successfully competing against Compaq.
PS: You may laugh at the $20 processor upgrade, but it shortened the power-on memory-test from 105 seconds down to 75 seconds. The hard drive was a first generation 3.5" with a thin-film head, and a than speedy 85 ms access time.
This has always puzzled me: why is there such an obsession with preventing bit-for-bit copies?
The real secret -- the digital piracy threat plays great in Washington. At this point, and for quite a while in the future the threat is just a myth. It was certainly true when the first anti-digital law was passed in 1992 (Digital Home Recording Act), and Napster did not change anything.
The threat than, and now, is low quality copies. Back then it was kids with $50 dubbing-cassette boomboxes, now its 128-bit (or worse) MP3. I really sneer every time I hear the phrase "perfect digital copy" (it was even used in Loefgren's B.A.L.A.N.C.E. act). The real problem is digital distribution, not the act of multiple copies.
By playing games with digital outputs (not allowing them for DVD video, or DVD-A/SACD Audio; or crippling DAT outputs), the only people they really dissuade from making copies are the very people who are their best customers - the audiophile/videophile (these fools, and I include myself here, have been known to buy multiple copies of recordings). The people the who are listening to copies instead of buying recordings don't care much about quality.
So why do they keep maintaining this myth? The publishers (ie. RIAA and MPAA) get a bunch of advantages. The advantages of the "perfect digital copies" myth include:
* Congress thinks this is a good enough excuse to pass laws (publishers have to add money too, but it gives congress some type of intellectual cover) - primary excuse for DHRA, DMCA, and a bunch of other proposed laws. * It gives the publishers a stick to control the equipment manufactures with * It gives the publishers power to be a gatekeeper, even for media and distribution forms they don't currently use (how else can the MPAA get broadcast flags put in computers?). * It slows down the path to direct distribution, and keeps up the profit margin of large media companies. * It discourages home grown music (most modern equipment can't record, and if they can it is often with crippled options - aka Sony Minidisc).
In reality Digital controls do not have much effect on casual copying. The exception is the video arena where the MPAA got mandated MacroVision/CopyGuard, and the wet dreams of other publishers is to get a similar fix for their "analog holes".
Looking back historically, it is easy to see how congress was "rolled". The publishers tried for years to get new rights and privileges over analog content, but were mostly rejected. When they trotted out the Perfect Digital Copy myth; Congress rolled over and gave them controls past their wildest dreams (the current DMCA). Now they are working backwards, and complaining that they don't have the same control over analog (actually they are asking for far more than they ever asked back in the pre-digital days; but now they have the precedence in the current digital controls).
As for what's being done I don't know, but doing RSA over PPP sounds like a decent, flexible option.
Nope, bzzzt play again! Sorry, did not mean to be impolite. The point-of-sale industry is extremely cost sensitive, and most POS terminals use the equivalent of an 8051 to perform the cryptography. You could theoretically do RSA, but it would take a long, long time. Smartcards will eventually change this, but don't hold your breath. The cost of putting an Ethernet port into a terminal is also pretty laughable.
My experience selling POS terminals is that the merchant will not pay $1 extra for 3 times the security, they want the absolute minimum cost! Canada had a very stringent specification (through interact), which at the time my terminal was one of the few that actually met it. The only problem was that instead of enforcing the standards, they granted everyone waivers so they could by insecure terminals that cost a few dollars less (seriously, something like $200 vs. $195). That was a few years ago, so one could optimistically hope things got better.
The POS terminals use single-DES (at least in the USA until 2005 or so, when they are scheduled to go to 3DES). Modem connection has become less common, as terminals connected to intelligent cash registers have become more popular (at least in the larger stores). The ANSI X9 provides the standards that govern cryptographic protocols for ATM and POS terminals.
When you set your own PIN, the bank just stores an offset that is used in conjunction with the autogenerated PIN.
This is true in one of the most common algorithms, commonly known within the industry as the "IBM 3624" (named after an older ATM model I believe). The algorithm takes an account number, a secret key, and some configuration information and produces something called a "natural PIN". As mentioned above, a customer selected PIN results in an offset that is applied to the natural PIN.
There are however a variety of other PIN Verification Number (PVN) algorithms that don't produce a natural PIN. Instead the PIN is another input into the hash algorithm, and the resulting value cannot accurately be called an offset. A good example is another algorithm mentioned in the paper - the Visa PVV (this algorithm is also superior to the 3624 algorithm for a variety of reasons, including use of 3DES process instead of single-DES, and superior resistance to broken PINs).
So you're telling me that a new law, passed recently, took something that was previously legal and made it illegal?
You have forgotten the context, this was a discussion of entitlements vs. government give-aways. You claimed it was always illegal, so I was just a whiner complaining about loosing entitlements. I said it was a government give away, and offered several reasons why the activities were legal, up to the time the DMCA passed. You have now conceded that the activities I claimed to be legal, were in fact legal before the DMCA.
Why can't you take the next step, and admit that the copyright owners gained new powers from the passage of the DMCA, at the direct expense of consumers? Whenever I've asked you in the past, you have always claimed the anti-circumvention clause in the DMCA just preserved existing rights.
I am unaware of any bad software patents.
OK (as I shake my head in wonder). Perhaps my examples comparing bad patents to an overly broad copyright system will be useful to other people (if anybody else is still reading the thread). I don't feel a need to go down the path of trying to explain that one from scratch. Suffice to say that there are any number of overly broad, and insufficiently unique patents that have been issued over the years.
To spell out the similarity - Poor patents take ideas from the public domain and undeservedly give someone control over them; just like an overly broad music copyright can let people undeservedly control a 3-note rift.
Some content protected by the broadcast flag may not be timeshifted by digital mean.
I apologize that I missed your kinda-sorta acknowledgement that time-shifting was a right. I never claimed is was a right without any exceptions (all of the rights you mentioned like free speech from the 1st amendment have similar types of exceptions). The point you raise about broadcast flags is not in the DMCA; but has come up during FCC rules-making discussions (those rules are still governed by the DMCA section K granted rights concerning time-shifting).
----
At this point, I think we agree on the facts at least, which is why I've kept my side of the thread active. We still disagree on a lot of topics, but I'll save those conversations for future times. I care deeply about both the health of our culture, and the value of encouraging new creations of work. Although we have used lots of examples from fiction, it is also important to remember copyright can encourage (or discourage) important scholarship and social situations. Don't forget the first copyright laws were actually designed to censor and control information. The Constitutional stated goals of benefiting authors and society is worthy. Copyright requires a balance, and should not be measured by benefit to authors alone.
I'll close with a quote from William Gibson's review of the Matrixblog. In this web page, Gibson discusses the importance of cultural influences upon the process of creation. Note that all of the influences he cited are still under copyright, and my brief quote here is plainly fair-use.
Whatever of my work may be there [e.g. in the movie The Matrix], it seems to me to have gotten there by exactly the kind of creative cultural osmosis I've always depended on myself. If there's NEUROMANCER in THE MATRIX, there's THE STARS MY DESTINATION and DHALGREN in NEUROMANCER, and much else besides, down to and including actual bits of embarrassingly undigested gristle. And while I was drawing directly from those originals, and many others, the makers of THE MATRIX were drawing through a pre-existing "cyberpunk" esthetic, which constituted as much of a found object, for them, as "science fiction" did for me. From where they were, they had the added luxury of choosing bits from, say, Billy Idol's "Neuromancer" as well.
Some content protected by the broadcast flag may not be timeshifted by digital means. This is not illegal. It's perfectly legal. Why? Because timeshifting is not a right.
Read section K of the DMCA (it is evident you have not). Is specifically requires time-shifting for all material (and goes so far as to specify differences between ordinary broadcasts and pay-per-view). Now explain to me again how that is an "exception" and not a "right". I'm giving you examples, but you are ignoring them!
I'm not convinced that you're qualified to have an ethical discussion of this matter...
Oh yes, personal attacks always help a discussion of supposed facts. Actually lets clarify this discussion for a moment: I said [paraphrasing]: "morally speaking copyrights are not the same thing as property ownership", and you replied to the effect of "just because you don't agree with the law, what kind of standing do you have to disagree". I am just now coming to the conclusion that perhaps you do believe copyrights and property ownership are indeed the same thing. I can't really believe you are so ignorant to believe the law treats property ownership and copyright even remotely close to each other. Perhaps you want to rephrase or clarify these comments?
I hate to break it to you, dude, but you are a copyright owner.
I confess, careless shorthand reference. To be really accurate when describing participants of the copyright conventions over 100 years takes several paragraphs or even pages (and my posts already tend to run too long). A slightly more accurate description would be "entrenched and organized copyright holders". For example the movie industry got royally screwed by the first couple of copyright conventions in the 20th century - it was not until they organized in 1910's that they started having input into the law writing process. The two universal participants who did not participate in these conventions were business that had not been invented yet (naturally) and the general public (who were theoretically represented by congress, but in truth not very well).
Harmful how?
Think about the bad software patents that have been granted. That is not too far from where the music industry is now. Certain basic elements in the craft of creating music have been "removed" by the misuse of copyrights. Just like software patents, there are only a few bad actors (i.e. compare the 3-note rift case to British Telecom trying to go after people for use hyperlinks). The amount of misuse in the music industry is worse, and the potential is much worse.
Copyright prohibits copying. It has no effect whatsoever on inspiration.
I'm a great fan of Tom Stoppard, and the play that really launched his career was "Rosencrantz and Guilenstren Are Dead" (sorry I've misspelled something here). He takes inspiration from Shakespeare's Hamlet and creates a brilliant work. Very few people would call this a "copy" of Hamlet. The case I quoted ("The Wind Done Gone") is a similar treatment to "Gone With the Wind". In the last 50 some odd years copyright law has greatly expanded and essentially has given the author the ability to control "sequels" - something that has no real historical precedence. Part of the power of a great work (and even some so-so ones like Star Trek) is to inspire people to go into the "world" created by the author and play their own games "what if this happened, what would have changed".
You deride this as theft, intellectual weakness, and as something that should be under the control of the original author. Since I think many creations started out this way (listen to author interviews, see how they come up with story ideas), I think it is a practice that is at worst lazy. At best it allows ideas to be multiplied and leveraged (standing on the shoulders of giants), and also provides insights into commonality or differences of people and society. In my opinion sequels should be a "trademark" matter (so that potential audience as well as the author clearly understand the work's pedigree), but venturing into protecting ideas is where copyright law overreaches. As you said, the law is supposed to prohibit copying an expression, not inspiration.
Having recent works protected by copyright does those people no harm whatsoever.
If copyrights were only protecting the expression, I would agree.
See, the DMCA doesn't prevent you from being able to replace something.
Define "unauthorized"! In my example, I've been prevented from making a back-up copy, an act that is legal (I'll agree that it is not a "right", but the legality of making back-ups is well defined through actual court cases). The copyright holder may or not approve, but making a back-up is legal.
So in a literal sense it is an "unauthorized" copy, but you make an incorrect leap when you call the action illegal (that is also how this thread started, you asserted that any unauthorized copy of a CD were illegal, and still have not provided any proof beyond broad assertions). Now back to the analogy, the car manufacturer may not like the fact I can change tires, and may even make such actions "unauthorized". That does not make it illegal either. This is where the new law comes in, and changes the status quo. The manufacturer (i.e. copyright holder) gets broad new powers and the ability to legally prevent actions that are legal. That is precisely what the DMCA has done with its anti-circumvention clause.
You can spout RIAA/MPAA propaganda about the difference between a right and an exception; but the plain fact is that the bill gives publishers the ability to prohibit legal activities. It is quite evident that you morally felt some of these activities should not have been legal, but your feelings don't really count when it comes to the law (hmmm, where have I heard that before).
Slashdot Mirror
There is one other factor that Bozdune did not consider (perhaps it was not just that important to his business). What happens the next time the code produced by the outsourcing needs to modified?
More importantly, what happens the next time you want to do something that sounds similar? Do you (management) know enough about what you actually have to rationally decide how hard it would be to modify the existing code to meet the new business requirements?
Do you have experienced development staff who quickly modify the code because of long experience with it? Is your development team aware of all the problems that happened last time, and have proactively come up with plans to improve things the next time around?
To me, these problems are the most pernicious effect of out-sourcing. It is literally corporate knowledge seeping out the door. I've watch older applications be put in "out-sourced" support, which is almost a sure death sentence. More importantly, not only does the application go away, but the company looses knowledge on how to make that class of business solutions.
Since I still have to outsource, the only way I've found past this problem is to establish long term relationships with out-sourcing firms. If the out-sourcing firm has stable employment, and can provide people who generally work on "your" projects, you can overcome the worst of these problems. It is also important to carefully consider what you out-source, most successful projects at the very beginning and very end of their life-cycle (again, watch out for knowledge loss with the end-of-life projects).
Obligatory reference: Scott Adams worked at the San Ramon PacBell (BSC) plant when he created Dilbert.
First, the Slate article is at best misleading. The original FCC press release had a lot of contradictory material - things like "the flag won't affect computers" and "computer HDTV tuners must preserve the decoded HDTV signals with robustness (eg. hardware protection)". The Slate article resolved all FCC contradictions as pro-consumer; something that I don't think will happen once the details are released. If the FCC were honest, they would just say we can't design the system with the promised consumer protections; so we will rescind the broadcast flag requirement. There is little chance of that happening, unless they are motivated by massive protests (both consumers, and hopefully the consumer-electronics and computer industries).
Second, there is full intent by the studios to force the use of the broadcast flag everywhere. The FCC may only require its use in over-the-air HDTV signals, but don't forget that that the studios have already forced satellite providers to include this functionality (thus no FCC mandate required). Just because the FCC does not require the flag for "satellite or cable consumers" does not mean that they will not also be subjected to it!
Don't forget that once the flag has been added, that the DMCA makes it illegal to circumvent it (regardless of why the flag was put there; the DMCA treats both FCC-mandated over-the-air and manufacturer "feature" broadcast flags equally).
Funny thing, from my perspective, the problem is not enough regulation!
Don't get me wrong, the government never should have gotten into this in the first place. But once they decided to get into this type of regulation, it takes a lot of work to make it work right. Instead of making careful regulations, the FCC has essentially said "we will let the market (i.e. the large corporate stakeholders) regulate itself". This will naturally result in the consumer being screwed!
I see a regular problem with libertarians and dealing with government intervention. Once the government has gotten involved and stirred up the pot (with mandates and the like), don't pretend the market will solve things thereafter. If the government has intervened and unbalanced a market, the solution should be to work through the government to rebalance the rules (preferred choice: elimination) into an even playing field again.
That does not mean that the market will not provide some correction to government intervention - but these corrections are typically much more severe. The failure of DAT is a good example. Not only were opportunities lost, but they are still pretty much lost today (question - who benefits when people don't "own" the music they themselves produce - the RIAA!). Even today, there are very few methods of digitally recording sounds produced by yourself - unless you buy a "professional" product (an exemption built into the law that otherwise screwed the consumer).
keep in mind, it's the RIAA doing the suing...
Nice theory, but incorrect. The actual lawsuits are brought by the copyright holders.
I'd also recommend Gibson's "Holy Fire". It took me a while to get through it for some reason, but it does a nice job of investigating just this topic - what happens when technology can extend human lifes.
Then all of sudden, Aaron Spelling informed everybody that you couldn't show the film without paying him royalties. How did he seize control of a film in the public domain? By buying the rights to the story it was based on, and also to a song played in the movie.
This is basically correct, except things just got a little better. There was a recent supreme court ruling on a case that sounded very similar to this one - essentially a TV show based on a book that was not renewed. The court decided that the TV show was in the public domain, even if the book was not.
To clear up a few misperceptions in this thread -
1) Diebold is not moving to "128bit" encryption, it is going to Triple-DES, which has an equivalent strength somewhere between 80-bits to 112-bits (the lower figure is what the ANSI X9 standards pessimistically assume). When you hear someone talk about 3DES with 168-bit strength; it is a sign of either cluelessness and/or marketing-hype.
2) The 3DES upgrades for ATM are expensive, but they often include two other features - an encrypting-PIN-keyboard and a PKI feature for remote key-loading. The encrypting keyboard is a recent security requirement (insiders were placing taps inside the ATM between the keypad and the security processor). The PKI-based remote-key feature is still immature, but will save the ATM operators a ton of money in the future.
3) Someone mentioned that ATMs are only connected with leased lines, which was largely true until 10-15 years ago. Today there are many POT dial-up ATMs, and internet ATMs are starting to become more common. In theory the ability to tap or modify the communication stream between ATM and Host won't buy you anything other than a Denial-of-Service attack. That assumes both the ATM and the Host are following the latest standards and policies; sadly not always a safe assumption.
4) The notion that banks will go to 3DES because it is "the right thing" is a bit naïve. Some banks are very security conscious, and I've dealt with a few that did 3DES migrations 4-5 years ago. But the most of the banks won't change until there is a club to their head. DES at 56-bits has been known to be less than optimal for years, but the average bank is only now changing because you have organizations like MasterCard and Visa saying: "You can't participate on our network unless you protect the PINS and keys with 3DES". The current mandates require that new ATMs have 3DES, but they don't require retrofitting of deployed ATMs until Dec 2005. Guess when most of the banks will go to 3DES?
Enough myth busting for now. I'll leave the mysteries of why banks are not using AES, and why they are not upgrading all their internal systems to 3DES for another day.
I don't see much to worry about in HR2517, at least on the surface (speaking as a copyright reformist who believes the current laws are unbalanced and ultimately are detrimental to the promotion of art and science). Iâ(TM)d like to see more education, especially if it helps wake up people to how restrictive the current laws are.
I tend to mistrust the further removal of due process that is talked about in the bill â" much of the bill is geared towards allowing copyright prosecutions to take place even if the material in question has not been formally registered with the copyright office. Iâ(TM)m not sure why this is such an urgent need for Section 2 points 8-11.
I tend to distrust a law that formalizes weak claims â" in effect the law seems to allow greater abuses where alleged copyright owners can file claims with less need to prove they are actually the copyright owners. We have all seen that the DMCA has been misused for false claims because the accuser does not have much downside. None the less, I might change my mind about this if someone could present a great explanation of why copyright registration exemptions are needed and why the current laws donâ(TM)t work.
Section 3 and 4 are kind of interesting â" I wonder how much budget will be attached to this bill to expand the FBI? I fear what will happen if this bill is actually passed is that the FBI will be burdened to do these action without any extra budget, and this will actually cause an overall decrease in the FBIâ(TM)s effectiveness.
All in all, it looks mostly like a bit of special purpose legislation that congress can pass to justify itâ(TM)s campaign fund raising. I donâ(TM)t think it will be particularly effective unless a lot of money is attached to the bill, and not much will come of it.
Q: Without anti-copyright devices, wouldn't that extend copyright terms for eternity?
Matt Oppenheim responds: The DMCA Anti-Circumvention provision is intended to encourage innovation, both in the artistic community and the technological community.
Yeah thatâ(TM)s it, talk about intent. Donâ(TM)t pay any attention to what it actually does!
Hmm, there were 3 or 4 complaints at the last Library of Congress DMCA review where people complained about public domain movies that had the full set of DVD copy protections. There were also complaints about electronic books that restricted use of public-domain stories (the classic "can't read aloud" setting for Alice in Wonderland). Iâ(TM)d have to call that statement an outright lie!
Of course the fact that NO works have entered the public domain recently (thanks to congressional extensions) has NOTHING to do with why this is not more widely noticed!
They are selling material that is copyrighted. That means that copying (and all permutations thereof) of that material is restricted. End of story.
You have now bought the RIAA's over simplification is issues. That is the real point of why they keep howling about copy infringement. The point you are missing is that the solutions they keep asking for don't really solve copyright infringement.
The solutions they have asked for (and have mostly been granted by a lazy congress) end-up giving the RIAA and MPAA much more power, take away the rights of citizens and consumers, hobble the technology industry, and [most ironically] discourage creation of new creative content. Meanwhile the "piracy" problem does not get addressed by these measures so they keep on having to ask for more and more.
Finally, your statement is a classic summary of what the RIAA wants you to believe. It ignores a bunch of complications like the Digital-Home-Recording-Act of 1992 which allows people to distribute copies of digital audio recordings (so long as those copies have a special tax - best know example is the CD-Audio blank). To paraphrase your statement into an even more obvious form: We have a stealing problem and need special rules to help us out (never mind the details).
Pushing the absolute limit set by your dive computer IS DUMB...
It all depends on the context, as a previous poster stated there is an element of choice here. You choose the computer, and you choose the settings in the computer. For example I've set my computer (a Cobra) to use the most conservative setting (of 3 choices). Does that mean I'm dumb to use the maximums provided by that mode? Same concept applies to choice of computers.
When I first heard about this several months ago (I heard about it from RISKS), I started thinking about how I as an intelligent person could detect and counter this type of software bug.
I agree with the point about trusting the computer's readouts about safe time to fly. Obviously in the case of the people flying after diving, they violated the standard cautions about air travel. For instance the latest NAUI recommendation is to not fly at least 12 hours after a single dive, and to wait at least 24 hours after multiple dives. Recent articles in DAN have been more conservative, and recommend at least 24 hours. People should not let a dive computer override those recommendations.
But a number of other divers were injured after a more typical procedure of doing multiple dives per day. I suspect, but am not sure that some of these incidents could have mitigated by common sense. They usually involved 4 or more dives in a day. While 4+ dives a day obviously can be done safely, I think common sense should indicate that you don't want to push the absolute limits here.
I think the best prevention method is to still use the charts. If you did a wall dive starting steep and going shallower, you can still use the charts as a basis - check and see what the chart results would be if you were a column or two better. While this would be a risky practice for pure chart diving, I believe this would be a useful information supplement to make sure that your computer is working within normal parameters.
Plagiarism per say is not against the law, but copyright law does grant authors specific derivative rights that overlap. Next to the DMCA (and mandated DRM), I've come to feel the worst part of current copyright law is the over expansion of these derivative rights.
To take the parent post's example of a 10 year old creating their own Pokemon characters, technically that is illegal. It is also the way people learn and is very natural to society.
I saw a recent op-ed by Richard Posner, a 7th Court of Appeal's Judge, called The Truth About Plagiarism. I think it is worth reading.
I'll concede your point about the public domain not shrinking, but you can't claim it is expanding either. Once material from 1923+ starts expiring, than I'll let you get away with "not expanding as quickly" :-) I hope congress took enough notice about the Eldritch case to stop them from lengthening the term again, but I remain pessimistic.
As for creativity, I attended a liberal arts college with emphasis in Journalism and Theater (my major was computer science). I've taken a graduate seminar in law for Computer Professionals, as well as management and ERT law classes. I've read and discussed copyright law extensively (it has been something of a soapbox for about 3 years now).
I think I understand your point about plagiarism, but depending upon your actual definition that does not negate what I'm saying. For example, if an author were to write a story set in the Star Trek universe, but with original characters and plot lines - would you call that plagiarism? According the current copyright law this most likely would be copyright infringement. I claim that this is an excessive amount of protection, and that in most cases the author probably did nothing morally wrong. Multiply that by a lot of people, and most of the writing will not be great works of art, but will there be a different percentage of "goodness" between borrowed settings and the [theoretically] totally original story?
Now go back and re-read the example, substituting "student" instead of "author". Does this action by a student make a difference in how you feel about it? Why is it OK to infringe copyright for learning, but not for commercial sale? When I read to my toddler, occasionally he likes to make up alternative plots or wordings to his favorite stories (something I highly encourage). Yet if I were to record these alternative versions (even if I did not sell them), I am technically in violation of copyright.
----
Here are a couple of further explanations about points made in earlier posts. Perhaps this concept of setting needs an example: say I wanted to tell a "tall tale" about a lumberjack. The stories about Paul Bunion instantly set a mood, and if I decide to attribute one more story to that classic hero, I might perhaps be able to write a story more elegantly because of the cultural assumptions that come with him. This is actually an amusing example, because "Paul" was made up for advertising, and most of the stories are based on folk tales that have been told about other people in other settings. So lets say "Paul" is still in copyright (I seem to recall that it dates from 1910 or so, so it probably is not) - does my use of him constitute plagiarism, or is it morally wrong? I don't think so personally. Would my story have been better if I did not start out with a stock character? Maybe, maybe not - I don't think there is a definitive answer.
Also I wanted to explain what I think is proper "Sequel" protection: trademarks! Active trademarks don't expire, and they help consumers determine who produced the work. There may be a lot of "hacks" out there, but trademarks will help people determine who to trust. A good example is often talked about with the potential expiration of Mickey Mouse. Personally I don't think Disney has done that great of a job with him recently, but lets say that some people highly value the "official" Disney Mickey Mouse stories. When versions of Mickey enter the public domain, and anybody can incorporate him into their work, the customers can still rely upon Disney trademarks.
Depending upon circumstances I may even agree with you, but you have to confess that things can get pretty fuzzy when you talk about expression being a combination of dialog, the character's name, the location of the plot and the plot itself. The importance of any particular factor varies a lot!
The way I see it, there is a spectrum of derivative work - ranging from straight translations to stories that are only vaguely related. My complaint is that the current copyright laws have been largely written by copyright holders (see Digital Copyright by Jessica Litman for more about this claim); who have a strong economic incentive to draw the line as far to the "vaguely related" side as possible. There will never be a perfect definition (that is why we have judges), but currently copyright is so over-protective of derivative works that culture as a whole suffers.
You claim that forcing a screenplay writer to come up with an original story will have a better result for society, but don't provide much proof. I can certainly come up with examples, pro and con. I think the best example of harm comes not from professionals trying to write hack stories, but from the hindrance to education and learning. We probably laud the process of getting a young student to write a story based on things that inspire them, but under current laws the story they wrote infringes upon derivative copyright protection. The lets-pretend games exercise the imagination and help establish valuable thought processes; but many of them also infringe upon derivative copyright protection. Now these laws are rarely enforced against children (but it does happen now and then - now that the internet has made fan fiction so public); ironically the marketing for movie-toys is based upon the assumption kids will play this way.
One other factor to take into account is the shrinking of the public domain. Throughout written history, writers have often referenced (directly or indirectly) past works in a very beneficial manner. In our society we have both extremely long copyright terms and very broad derivative protection. This makes it much harder to practice the time-honored techniques of referencing other works that your audience would be familiar with.
Let me close with a few more tweaks against this "totally original" is better philosophy. This broad combination of copyright protection may produce more "original" works, but the chilling effect could just as easily suppress a great deal of worthy but less original work. Do we want a nation with a lot of creative people who sometimes create totally original work; or a nation that very rarely produces creative work -- but really rewards it when it happens? Our current laws clearly assume that most people are not creative - and is actually geared toward preventing widespread creativity. The 1992 DHRA is a good example: it assumed that the only audio recordings people made were of mass produced recordings; and mandated serial-copy management (SCM) for all digital-audio consumer recorders which greatly hinders home musicians.
Even if more original stories are created, the current laws also tend to produce creative works that are shallower. Entrenched copyright holders don't have competition, so they can be lazy in expanding upon their "base" (prior to current laws, they would have faced competition from outside creators because the "base" would have been in the public domain). The new creators don't have the option of building a story "upon the shoulders of giants", and have to build-up all the references from scratch. Since they have to spend so much time building up the internal framework of the story, they have less energy to put into the other truly creative parts of the work. Short stories become much harder to write, and are rarely published. The law encourages creation of lots of shallow sequels, and discourages works of great depth.
Copyright does not protect ideas, it only protects the expression of ideas.
In theory Copyright only protects the expression, not the ideas behind the expression. The big exception, at least in my opinion, is the concept of derivative control. There are two main areas where this comes up - translations and sequels. These concepts have been introduced into US copyright law over the last 100 years, and have grown progressively stronger.
The case for granting copyright holders protection against translation is stronger than sequel protection. In the 19th century authors did not even have language translation protection - a book written in English could be translated into another language and sold without the copyright holders permission. Another common form of translation is making a movie based on a book (from memory this protection was added in 1914). From a high level, I think these added copyright protections are beneficial to authors and may even provide a net benefit to society.
The problem is that we are no longer protecting the expression, rather the ideas behind the expression. This is a fuzzy area, and unfortunately the current laws have expanded the power of copyright holders well into idea protection. Lets look more closely at the idea of translating a book into a movie. Almost no movie is a literal translation of book; and as we all gripe from time to time sometimes the movie has almost no resemblance to the book.
Take the example of a movie that is very loosely based on a book. All they share is ideas of plot and character personalities. They have no common "expression" (such as a movie character who speaks something written in the book). Why should the book author have control over the movie under these circumstances? Would it make any difference to your feelings if the book and movie used the same title? How about the same names for characters and locations? Everything here (except the titles and names) are ideas, not expressions; yet our current copyright laws give the copyright holder control over them.
The current laws even provide sequel protection, where the copyright holders can control who uses the ideas of the "world" they have created. So even if the story share no plot elements or main characters; the copyright holders can control how the world is used. At this point we have reached a point, that in my opinion, where the copyright laws have become very unbalanced. It allows some entrenched copyright holders to rope-off ideas, and causes a negative impact to culture.
I can already hear certain people saying "come up with your own ideas", and there are a couple of problems with this approach. The first is that there are only so many ideas; perhaps the best example is the "4-note" protection of songs where in theory no composer should have more than 3 notes of "substantial similarity" between what they are writing and any song under copyright (if this was truly enforced by all copyright holders, song writing would become a rare art indeed). The second is that protection of ideas is not good for society, indeed the interaction of expanding upon ideas is at the heart of creation.
Consider a range actions, all of which might be called sequels: 1) While watching a movie I wonder what if "x" made a different decision, 2) Some friends and I talk about the "x" decision, 3) Some friends and I talk about this on a public discussion group, 4) A group of friends decide to act out the situation to further explore how the decision effected things, 5) I write a paper/story about this decision, 6) I sell the paper, 7) I write a modeling program with decision trees based on that situation (some might call this a game), 8) I sell this program.
Now all of these actions are ideas, yet only (1) and (2) are clearly permitted by copyright law. The public discussion (3) will mostly be permitted under fair use, but there are legal cases where disscusions have been ruled illegal (usually when the information that started the dicussio
If Temple of Doom didn't have enough action or adventure for you, you need to check your pulse.
Temple of Doom had all the makings needed for a great movie, but it lost out on the cutting-room-floor. This is especially noticeable in comparison to Raiders', which is perhaps the best paced movie I've seen. Raiders knew just when to slow down and let the audience catch their breath, and when to hit them with another action sequence.
Temple' on the other hand was greatly uneven, alternating between too long action sequences and long slow sequences. The slow sequences were further hindered by less sympathetic characters (the kid and the girl both got annoying).
I confess that I loved the opening, but I would shed no tears if they cutout the entire rollercoaster sequence. If they cut out 15 or so minutes from the movie, it would dramatically improve Temple'.
Schneier's book, while certainly well-meaning, has promoted the idea that you don't need to understand formal notions of security to be a serious cryptographer.
/. I'm going to make a guess on what he meant; and comment on that guess. If I have guessed wrong, please post a follow-up comment.
:-) This book is really the perfect opposite of that - it talks about many design problems and constantly warns people to seek expert help during system design.
I'd like to see the AC expand upon this, since I'm not quite sure what he means. Given the typical short attention span of
Schneier himself has mentioned the problem with poor crypto system designs (and the self-taught 'expert' saying: "...but I read Applied Cryptography."
If someone wants to be a cryptographer, this book won't help them much (see my other post about lack of details). But this booked was not targeted to cryptographers in the literal sense; it was targeted towards designing systems that use cryptography.
The dangerous road is the middle road, where we have "experts" who don't really understand the foundations of the subject.
This is where I start to have problems with your post. Perhaps it depends upon your definition of what understanding "foundations" is, or what you mean by learning "some" complexity and computational number theory. At a high level, someone who is just designing a web application does not need to know any of those things. They do need to know the benefits and negatives of SSL/TLS, basics of key management, threat issues and the like. For people like these, Practical Cryptography is just fine.
Even at a lower level, a crypto system designer does not need a full understanding of cryptographic primitives. For example you mentioned factoring; a designer does not need to know the details of the general field number sieve method; but they do need to know that there are a variety of factoring methods that are slowly improving in efficiency when it comes time to select an algorithm and key length. Perhaps surprisingly to you, even than books like Schneier's can be useful. I know that I often start with Applied Cryptography because of the good overviews, before moving to another book for more details (like the CRC Handbook).
I've read about 1/3 of the book, and based upon that feel the book is worth recommending. Aside from the good points I'll mention below, my biggest problem with the book is lack of depth. I've been doing applied cryptography for over 15 years now, so I'm probably not the typical reader (I'm not a cryptographer in the formal sense, but I design protocols and use cryptographic constructs on a regular basis).
The writing is clear and does a good job of presenting information, and doing that well for a dense subject like cryptography should not be underestimated. The book is strongly opinionated, and I think that is a strength since the authors try [and for the most part succeed] in explaining how those opinions were formed. The topics are fairly comprehensive, and the material seems to be well organized (from what I've read so far).
For the knowledgeable, it is a bit disappointing. I did not expect to learn tons of new stuff, but was still disappointed at the depth. In many ways, the book was only a half-notch deeper than reading Schneier's Cryptogram essays, where perhaps I was hoping for something more like his papers. The good use of footnotes and references helps offset things a little.
There were clearly areas where the authors were more interested in than others, often corresponding to previous work (CTR block-cipher mode, PRNG). Other areas were less inspired, for example in the MAC (message-authentication-code) chapter they offer the advice "Do not output any of the intermediate values." This sounds good at first glance, but it totally impractical except under special circumstances (if the MAC routine allows variable length messages, and almost all do, intermediate values can be calculated by simply feeding the parts of the message into the routine - thus this advice has no real world value).
Another nitpick, is that I would have liked to see the various "rules" and advice formulated into check lists. That would have made the book much more valuable for crypto system designers, be they novice or expert.
On the balance, I feel that the book is worthwhile to anyone interested in the subject of cryptography, or who has to use [or design, test] a system that has cryptography. It won't make you an expert (funny how some people still think reading a book could do this), but at least it raises an awareness of the types of problems that derail cryptographic systems designs. It is easy to read and informative.
The 1984 date struck me; since that was the year I bought my first PC computer. It was being discontinued (and I got an IBM employee discount thanks to an uncle) - I don't remember what the list price was.
:-) The low price was because by 1984 it was apparent that the XT Portable was not successfully competing against Compaq.
IBM PC-XT Portable {we called it the luggable}
Price: ? ($950 discount, with bundled software)
CPU: 8088 4.7 MHz (+$20 NEC V20)
Memory: 128KB RAM (+$50 for 640KB)
Interfaces: none
Monitor: 9" Amber CGA
Text: 80x25
Graphics: 640x240, 16 shades of amber
OS: IBM DOS 2.0
FDD: 2 x 360 KB FDD (DS, DD)
Weight: somewhere under 30 pounds in the canvas carrying case
Languages: IBM Basic (in ROM)
Options: 1200 BAUD internal Modem ($500), 20 MB HDD ($600 not IBM)
Actually, I have to say I ended up with a better computer (plus no need to pay for a Gym membership
PS: You may laugh at the $20 processor upgrade, but it shortened the power-on memory-test from 105 seconds down to 75 seconds. The hard drive was a first generation 3.5" with a thin-film head, and a than speedy 85 ms access time.
This has always puzzled me: why is there such an obsession with preventing bit-for-bit copies?
The real secret -- the digital piracy threat plays great in Washington. At this point, and for quite a while in the future the threat is just a myth. It was certainly true when the first anti-digital law was passed in 1992 (Digital Home Recording Act), and Napster did not change anything.
The threat than, and now, is low quality copies. Back then it was kids with $50 dubbing-cassette boomboxes, now its 128-bit (or worse) MP3. I really sneer every time I hear the phrase "perfect digital copy" (it was even used in Loefgren's B.A.L.A.N.C.E. act). The real problem is digital distribution, not the act of multiple copies.
By playing games with digital outputs (not allowing them for DVD video, or DVD-A/SACD Audio; or crippling DAT outputs), the only people they really dissuade from making copies are the very people who are their best customers - the audiophile/videophile (these fools, and I include myself here, have been known to buy multiple copies of recordings). The people the who are listening to copies instead of buying recordings don't care much about quality.
So why do they keep maintaining this myth? The publishers (ie. RIAA and MPAA) get a bunch of advantages. The advantages of the "perfect digital copies" myth include:
* Congress thinks this is a good enough excuse to pass laws (publishers have to add money too, but it gives congress some type of intellectual cover) - primary excuse for DHRA, DMCA, and a bunch of other proposed laws.
* It gives the publishers a stick to control the equipment manufactures with
* It gives the publishers power to be a gatekeeper, even for media and distribution forms they don't currently use (how else can the MPAA get broadcast flags put in computers?).
* It slows down the path to direct distribution, and keeps up the profit margin of large media companies.
* It discourages home grown music (most modern equipment can't record, and if they can it is often with crippled options - aka Sony Minidisc).
In reality Digital controls do not have much effect on casual copying. The exception is the video arena where the MPAA got mandated MacroVision/CopyGuard, and the wet dreams of other publishers is to get a similar fix for their "analog holes".
Looking back historically, it is easy to see how congress was "rolled". The publishers tried for years to get new rights and privileges over analog content, but were mostly rejected. When they trotted out the Perfect Digital Copy myth; Congress rolled over and gave them controls past their wildest dreams (the current DMCA). Now they are working backwards, and complaining that they don't have the same control over analog (actually they are asking for far more than they ever asked back in the pre-digital days; but now they have the precedence in the current digital controls).
As for what's being done I don't know, but doing RSA over PPP sounds like a decent, flexible option.
Nope, bzzzt play again! Sorry, did not mean to be impolite. The point-of-sale industry is extremely cost sensitive, and most POS terminals use the equivalent of an 8051 to perform the cryptography. You could theoretically do RSA, but it would take a long, long time. Smartcards will eventually change this, but don't hold your breath. The cost of putting an Ethernet port into a terminal is also pretty laughable.
My experience selling POS terminals is that the merchant will not pay $1 extra for 3 times the security, they want the absolute minimum cost! Canada had a very stringent specification (through interact), which at the time my terminal was one of the few that actually met it. The only problem was that instead of enforcing the standards, they granted everyone waivers so they could by insecure terminals that cost a few dollars less (seriously, something like $200 vs. $195). That was a few years ago, so one could optimistically hope things got better.
The POS terminals use single-DES (at least in the USA until 2005 or so, when they are scheduled to go to 3DES). Modem connection has become less common, as terminals connected to intelligent cash registers have become more popular (at least in the larger stores). The ANSI X9 provides the standards that govern cryptographic protocols for ATM and POS terminals.
When you set your own PIN, the bank just stores an offset that is used in conjunction with the autogenerated PIN.
This is true in one of the most common algorithms, commonly known within the industry as the "IBM 3624" (named after an older ATM model I believe). The algorithm takes an account number, a secret key, and some configuration information and produces something called a "natural PIN". As mentioned above, a customer selected PIN results in an offset that is applied to the natural PIN.
There are however a variety of other PIN Verification Number (PVN) algorithms that don't produce a natural PIN. Instead the PIN is another input into the hash algorithm, and the resulting value cannot accurately be called an offset. A good example is another algorithm mentioned in the paper - the Visa PVV (this algorithm is also superior to the 3624 algorithm for a variety of reasons, including use of 3DES process instead of single-DES, and superior resistance to broken PINs).
So you're telling me that a new law, passed recently, took something that was previously legal and made it illegal?
You have forgotten the context, this was a discussion of entitlements vs. government give-aways. You claimed it was always illegal, so I was just a whiner complaining about loosing entitlements. I said it was a government give away, and offered several reasons why the activities were legal, up to the time the DMCA passed. You have now conceded that the activities I claimed to be legal, were in fact legal before the DMCA.
Why can't you take the next step, and admit that the copyright owners gained new powers from the passage of the DMCA, at the direct expense of consumers? Whenever I've asked you in the past, you have always claimed the anti-circumvention clause in the DMCA just preserved existing rights.
I am unaware of any bad software patents.
OK (as I shake my head in wonder). Perhaps my examples comparing bad patents to an overly broad copyright system will be useful to other people (if anybody else is still reading the thread). I don't feel a need to go down the path of trying to explain that one from scratch. Suffice to say that there are any number of overly broad, and insufficiently unique patents that have been issued over the years.
To spell out the similarity - Poor patents take ideas from the public domain and undeservedly give someone control over them; just like an overly broad music copyright can let people undeservedly control a 3-note rift.
Some content protected by the broadcast flag may not be timeshifted by digital mean.
I apologize that I missed your kinda-sorta acknowledgement that time-shifting was a right. I never claimed is was a right without any exceptions (all of the rights you mentioned like free speech from the 1st amendment have similar types of exceptions). The point you raise about broadcast flags is not in the DMCA; but has come up during FCC rules-making discussions (those rules are still governed by the DMCA section K granted rights concerning time-shifting).
----
At this point, I think we agree on the facts at least, which is why I've kept my side of the thread active. We still disagree on a lot of topics, but I'll save those conversations for future times. I care deeply about both the health of our culture, and the value of encouraging new creations of work. Although we have used lots of examples from fiction, it is also important to remember copyright can encourage (or discourage) important scholarship and social situations. Don't forget the first copyright laws were actually designed to censor and control information. The Constitutional stated goals of benefiting authors and society is worthy. Copyright requires a balance, and should not be measured by benefit to authors alone.
I'll close with a quote from William Gibson's review of the Matrixblog. In this web page, Gibson discusses the importance of cultural influences upon the process of creation. Note that all of the influences he cited are still under copyright, and my brief quote here is plainly fair-use.
Whatever of my work may be there [e.g. in the movie The Matrix], it seems to me to have gotten there by exactly the kind of creative cultural osmosis I've always depended on myself. If there's NEUROMANCER in THE MATRIX, there's THE STARS MY DESTINATION and DHALGREN in NEUROMANCER, and much else besides, down to and including actual bits of embarrassingly undigested gristle. And while I was drawing directly from those originals, and many others, the makers of THE MATRIX were drawing through a pre-existing "cyberpunk" esthetic, which constituted as much of a found object, for them, as "science fiction" did for me. From where they were, they had the added luxury of choosing bits from, say, Billy Idol's "Neuromancer" as well.
Some content protected by the broadcast flag may not be timeshifted by digital means. This is not illegal. It's perfectly legal. Why? Because timeshifting is not a right.
Read section K of the DMCA (it is evident you have not). Is specifically requires time-shifting for all material (and goes so far as to specify differences between ordinary broadcasts and pay-per-view). Now explain to me again how that is an "exception" and not a "right". I'm giving you examples, but you are ignoring them!
I'm not convinced that you're qualified to have an ethical discussion of this matter...
Oh yes, personal attacks always help a discussion of supposed facts. Actually lets clarify this discussion for a moment: I said [paraphrasing]: "morally speaking copyrights are not the same thing as property ownership", and you replied to the effect of "just because you don't agree with the law, what kind of standing do you have to disagree". I am just now coming to the conclusion that perhaps you do believe copyrights and property ownership are indeed the same thing. I can't really believe you are so ignorant to believe the law treats property ownership and copyright even remotely close to each other. Perhaps you want to rephrase or clarify these comments?
I hate to break it to you, dude, but you are a copyright owner.
I confess, careless shorthand reference. To be really accurate when describing participants of the copyright conventions over 100 years takes several paragraphs or even pages (and my posts already tend to run too long). A slightly more accurate description would be "entrenched and organized copyright holders". For example the movie industry got royally screwed by the first couple of copyright conventions in the 20th century - it was not until they organized in 1910's that they started having input into the law writing process. The two universal participants who did not participate in these conventions were business that had not been invented yet (naturally) and the general public (who were theoretically represented by congress, but in truth not very well).
Harmful how?
Think about the bad software patents that have been granted. That is not too far from where the music industry is now. Certain basic elements in the craft of creating music have been "removed" by the misuse of copyrights. Just like software patents, there are only a few bad actors (i.e. compare the 3-note rift case to British Telecom trying to go after people for use hyperlinks). The amount of misuse in the music industry is worse, and the potential is much worse.
Copyright prohibits copying. It has no effect whatsoever on inspiration.
I'm a great fan of Tom Stoppard, and the play that really launched his career was "Rosencrantz and Guilenstren Are Dead" (sorry I've misspelled something here). He takes inspiration from Shakespeare's Hamlet and creates a brilliant work. Very few people would call this a "copy" of Hamlet. The case I quoted ("The Wind Done Gone") is a similar treatment to "Gone With the Wind". In the last 50 some odd years copyright law has greatly expanded and essentially has given the author the ability to control "sequels" - something that has no real historical precedence. Part of the power of a great work (and even some so-so ones like Star Trek) is to inspire people to go into the "world" created by the author and play their own games "what if this happened, what would have changed".
You deride this as theft, intellectual weakness, and as something that should be under the control of the original author. Since I think many creations started out this way (listen to author interviews, see how they come up with story ideas), I think it is a practice that is at worst lazy. At best it allows ideas to be multiplied and leveraged (standing on the shoulders of giants), and also provides insights into commonality or differences of people and society. In my opinion sequels should be a "trademark" matter (so that potential audience as well as the author clearly understand the work's pedigree), but venturing into protecting ideas is where copyright law overreaches. As you said, the law is supposed to prohibit copying an expression, not inspiration.
Having recent works protected by copyright does those people no harm whatsoever.
If copyrights were only protecting the expression, I would agree.
See, the DMCA doesn't prevent you from being able to replace something.
Define "unauthorized"! In my example, I've been prevented from making a back-up copy, an act that is legal (I'll agree that it is not a "right", but the legality of making back-ups is well defined through actual court cases). The copyright holder may or not approve, but making a back-up is legal.
So in a literal sense it is an "unauthorized" copy, but you make an incorrect leap when you call the action illegal (that is also how this thread started, you asserted that any unauthorized copy of a CD were illegal, and still have not provided any proof beyond broad assertions). Now back to the analogy, the car manufacturer may not like the fact I can change tires, and may even make such actions "unauthorized". That does not make it illegal either. This is where the new law comes in, and changes the status quo. The manufacturer (i.e. copyright holder) gets broad new powers and the ability to legally prevent actions that are legal. That is precisely what the DMCA has done with its anti-circumvention clause.
You can spout RIAA/MPAA propaganda about the difference between a right and an exception; but the plain fact is that the bill gives publishers the ability to prohibit legal activities. It is quite evident that you morally felt some of these activities should not have been legal, but your feelings don't really count when it comes to the law (hmmm, where have I heard that before).