I've read a few comments already implying this is all about companies covering their tracks after commiting fraud or other criminal acts. These comments rightly ask why should we be concerned about policies and technological solutions to aid this.
However destroying evidence is only a small part of what this debate is about - it just makes for the flashiest headlines.
The issue is about the way email is used - many people write emails with an informality similar to speech, forgetting that email often has a 'lifespan' equivalent to many physical documents. When you also consider that emails are being used as documentary evidence in legal cases this begins to be a cause for concern. Why? Because people don't always express themselves precisely and may give a misleading impression - especially if the email is taken in isolation.
And it's not just the informality it's the 'working document' status of email. Let's say a particular business decision is the subject of scrutiny in a legal case, and let's say it was a decision reached after some discussion. If that discussion took place in a meeting then the documentary evidence would be the minutes - which would express the decision reached. If that discussion took place over email - would you be able to discern later that an email saying "We should do X" was expressing the final decision or merely a point of view in an on-going discussion? What if you had to prove than Y not X was the final decision?
So the policies that need to be implemented are not necessarily about covering up wrong-doing, they are about making sure that documents (emails) which may be treated as written communcation, have the clarity and riguor that they need. If they are informal working documents then they may need to be either clearly marked or destroyed at an appropriate time.
In my view the heart of any sensible policy should be education about how to write emails appropriately. The guideline I always use is "am I still happy to send this knowing that my customer/competitor/a.n.other could potentially see it one day?" If the answer is no then the email either needs re-writing or possibly a different form of communication is needed.
Thanks for the link - very interesting website. It will be interesting to see whether the site makes money given that there's no copy protection involved. I suspect it will - because fans tend to want to support the authors they're fans of.
What I wonder about is if he's making money but there is a lot of unpaid for distribution - will he feel that he wants to introduce copy protection in order to make more money or will he be happy with what he's getting?
At the moment he seems to be saying that if he can't make money he'll stop the project - which is the only non-Honour incentive not to distribute his work on a large scale. I get the feeling he's pretty relaxed about sharing copies on a small scale though -
We're very willing to try this as an experiment. But if people start passing too many free copies of the Shadowmarch story around and we get to the point where it doesn't pay for itself anymore, then I'll have to stop doing it, and nobody (me included) will get to find out where it's going. But I don't want to put too much emphasis on that. Most net-users are honest folk anyway, and my readership has always been the best of the best in all ways.
Note he says "passing too many free copies" rather than "passing free copies" - very enlightened and realistic I think.
I'd like to see this kind of thing succeed. I may even subscribe - think I'll read the free chapters first though.
Taco and Hemos and whoever else are not running a company. They run a website and are employees of a company.
Someone in VA Linux has responsibility for Slashdot, knows exactly how much it costs etc. Rob obviously doesn't - but that's not what they pay him to do!
In the first place I'm not so sure it's so easy to define 'preferred form' but even if it was -
Imagine a GPL project called free-prog.
Company takes the the source to free-prog, modify it/add their own code in 'plain' readable source. Let's call this secret-prog.
Company never releases this code - so they don't have to release the source for secret-prog. This is legal under the GPL as I understand it.
Company obfuscates the source for secret-prog. They then add to this more code, probably a standard module for something useful but trivial - a File Save dialog let's say. They name this new project obfus-prog. This they compile and release, together with source - which is 99% obfuscated.
As long as they only ever release obfus-prog and not secret-prog then the 'preferred form' of the source for obfus-prog is the obfuscated source code.
Personally I think that's enough but a judge might require more. Maybe they'd also need to put up some artificial barriers between the two sets of code. Maybe you have to make sure that the two source trees are kept separate on separate servers. Have separate teams working on them - similar to clean room conditions for reverse engineering.
But I think the whole thing's moot. Obfuscated source is still source and there are programmers out there who can read, interpret and re-code it - and re-distribute it.
Defining Source legally is not so easy.
on
Abusing the GPL?
·
· Score: 3, Interesting
Firstly I think it's not so easy to define source at all. I read some of the transcripts of the 2600 case that dealt with arguing that Code=Source=Speech. It was really revealing - defining source is a slippery issue.
Secondly even if your definition - must be human readable - is accepted, there are humans who can read machine language, in hex (I'm sure we've all got anecdotes about our favourite guru programmer doing just that). And to be honest most programmers, with a little effort, could train themselves to do the same.
Finally - you're assuming the obfuscated text is no longer source and that therefore there is a separate text which is the 'real source'. Let's think about how someone normally forks a GPL project, something like -
- take original GPL'd source code
- make modifications
- release new code, with source, and acknowledgement of original authors
But the GPL doesn't AFAIK require the release of the original source - only the source for your new version. Releasing the original code is the responsibility of the authors of the original project.
So in this case, obfuscation is part of the modifications, along with inclusion of some home-grown code (the original GPL code was only 30% of the whole right?). So legally how is there a difference?
However, these points in themselves lead to reasons why this approach would be unsuccessful. Namely,
- if hex machine code is human-readable then obfuscated C certainly is. Plus if it's been obfuscated mechanically - it can be de-obfuscated mechanically. Partially anyway.
- they have to acknowledge the original code's authors and therefore the original project. People can compare the obfuscated code with the original code and figure a lot of it out.
Using a combination of these I can forsee that it would be possible to generate a completely 'plain source' version and keep it in step with the obfuscated one, with relative ease.
To sum up - I think legally they can do this, but I doubt it will gain them much advantage.
This is true bu still, most copyrighted material shared on something like Morpheus would probably fail both (3) and (4) because it's usually the entire work and it's available to millions.
Probably not - it's too much work. I could pretend that's the reason I don't use these programs. In actual fact the reason I don't is that I don't need P2P.
Open Source does not guarantee security. Open Source does not guarantee that there are no backdoors. Someone still has to look at the code to establish those issues.
Open Source only guarantees that you would have the ability to check for holes.
Which is kinda what I meant when I said "If it had been an Open Source client you would have had the ability to make sure there *are* no backdoors." [emphasis added]
The point is that Open Source gives you another option. The option it gives you requires some work. But hey, Life's Tough!
Kazaa is just a minute away from getting completely shut down. They've just admitted to the RIAA that it is possible to shut somebody out of their (nasty) proprietary network... putting them into the same boat as Napster, as far as a Judge will be concerned with them.
I don't think it's that clearcut. This event has shown that they can deny access to network, it has not shown that they can identify or control what is being shared.
Imagine buying a VCR and discovering it has a secret disabling chip that can be activated remotely by the manufacturer. The manufacturer rents you the VCR rather than selling it and fires off a 'disable' signal if you don't pay your bill. Now Big Media Company comes along and says "You must disable all these VCRs because they are being used to make unauthorised copies of copyright material."
After they stop laughing, the VCR manufacturer tells BMC where to go. They have no way to identify or stop infringement, and they ain't going to kiss goodbye to their customer base on BMC's say-so.
"Ah", says BMC, "but you have shown the technology is possible. It must be possible to add the ability to identify content being copied, and by extension copyright infringement."
"It is", says VCR maker, "but we didn't do that. It's not a 'feature' our customers want. Did you have a point?
And so on - in front of a judge, until somebody runs out of money.
My only suggestion is this. You lay out the issues very well and then at then end get into what looks like a personal attack (I'm sure you don't mean it to be). Here's the changes I'd make FWIW
I am not sure exactly how you think you are benefiting South Carolina with this bill is very confrontational and slightly insulting - it implies he doesn't know what he's doing.
How about I do not believe this bill will benefit South Carolina?
Please don't act solely in the interest of your high-dollar contributors. This is even worse - you're implying that he's been improperly influenced by contibutions from business. That's a serious allegation, insulting to his integrity.
Mention instead the other side of the coin, following on from your previous sentence i.e.
My reading of the proposal is that it will only benefit the large corporations in this country, especially the media conglomerates. Please make sure that you are also acting on behalf of non-corporate interests, the individual constituents who voted for you.
The last sentence can stand if you tone down the other two because you modify the you are doing a disservice with by proposing this bill. Otherwise I might have suggested this bill will do a disservice
The thing to remember is that you are trying to influence this guy's opinion not run against him in the next election. You may believe that he's an idiot who doesn't understand the issue and is in the pockets of big business - but if your letter comes over that way any chance of persuading him will probably be lost.
Wouldn't it be fair use to download the TV shows? I mean, if they are beaming the signal to your TV you should be able to do with it whatever you want in theory..
Well are they beaming it at you? The majority of downloading happens because people can't get the show themselves - either because it's not being shown in their area, or because it's only shown on a subscription service.
I think to use 'fair use' as a defence you would have to show that you had access to it anyway - i.e. that it aired in your area or you subscribed to a cable channel etc.
I don't follow it (that closely) either but it seems like you're talking about 2 different, though related, things.
There's the process of patch submissiong which is pretty much the same - send them to the maintainers, who are supposed to send them to the 'trusted few', who send them to Linus. Some of the recent discussion seems to be over the fact that the maintainers thought they had a direct line to Linus, whilst he didn't see it that way.
Then there's the tool Linus uses to organize his source tree(s). This will allow Linus to speed up the process of applying and testing patches. It will not change the protocol for submitting patches. Maybe he'll give the trusted ones write permissions if they even decide to adopt BK too.
At least that's my impression - I could be, and usually am, wrong:)
Does anyone else find it ironic (or possibly just stupid) that someone would try to rake in licencing fees from a video codec that is predominently used to pirate movies....
Yes and no. If you follow any of the content links on their webpage you'll see that they are trying to make money off partnerships with online movie providers. They offer streaming movies or a time-limited download. The later works with some encryption they've included in the latest playa, codec.
It's kinda like video rental over the net I guess. If the price is right I think they'll make some money.
Would I rather watch these episodes on my big screen surround sound - of course!!!! Do I have that option???? NOOOO
Get yourself a DVD player. You can get one that will play VCDs/SVCDs. Check out www.vcdhelp.com - it'll tell you about compatible players and has just about every Howto you'll ever need.
Slashdot Mirror
They can certainly be used to commit buttery!
You didn't really expect me to leave that did you? ;)
I've read a few comments already implying this is all about companies covering their tracks after commiting fraud or other criminal acts. These comments rightly ask why should we be concerned about policies and technological solutions to aid this.
However destroying evidence is only a small part of what this debate is about - it just makes for the flashiest headlines.
The issue is about the way email is used - many people write emails with an informality similar to speech, forgetting that email often has a 'lifespan' equivalent to many physical documents. When you also consider that emails are being used as documentary evidence in legal cases this begins to be a cause for concern. Why? Because people don't always express themselves precisely and may give a misleading impression - especially if the email is taken in isolation.
And it's not just the informality it's the 'working document' status of email. Let's say a particular business decision is the subject of scrutiny in a legal case, and let's say it was a decision reached after some discussion. If that discussion took place in a meeting then the documentary evidence would be the minutes - which would express the decision reached. If that discussion took place over email - would you be able to discern later that an email saying "We should do X" was expressing the final decision or merely a point of view in an on-going discussion? What if you had to prove than Y not X was the final decision?
So the policies that need to be implemented are not necessarily about covering up wrong-doing, they are about making sure that documents (emails) which may be treated as written communcation, have the clarity and riguor that they need. If they are informal working documents then they may need to be either clearly marked or destroyed at an appropriate time.
In my view the heart of any sensible policy should be education about how to write emails appropriately. The guideline I always use is "am I still happy to send this knowing that my customer/competitor/a.n.other could potentially see it one day?" If the answer is no then the email either needs re-writing or possibly a different form of communication is needed.
Thanks for the link - very interesting website. It will be interesting to see whether the site makes money given that there's no copy protection involved. I suspect it will - because fans tend to want to support the authors they're fans of.
What I wonder about is if he's making money but there is a lot of unpaid for distribution - will he feel that he wants to introduce copy protection in order to make more money or will he be happy with what he's getting?
At the moment he seems to be saying that if he can't make money he'll stop the project - which is the only non-Honour incentive not to distribute his work on a large scale. I get the feeling he's pretty relaxed about sharing copies on a small scale though -
We're very willing to try this as an experiment. But if people start passing too many free copies of the Shadowmarch story around and we get to the point where it doesn't pay for itself anymore, then I'll have to stop doing it, and nobody (me included) will get to find out where it's going. But I don't want to put too much emphasis on that. Most net-users are honest folk anyway, and my readership has always been the best of the best in all ways.
Note he says "passing too many free copies" rather than "passing free copies" - very enlightened and realistic I think.
I'd like to see this kind of thing succeed. I may even subscribe - think I'll read the free chapters first though.
It just seems to me that "preferred form" is way too vague, too open to interpretation.
Taco and Hemos and whoever else are not running a company. They run a website and are employees of a company.
Someone in VA Linux has responsibility for Slashdot, knows exactly how much it costs etc. Rob obviously doesn't - but that's not what they pay him to do!
In the first place I'm not so sure it's so easy to define 'preferred form' but even if it was -
Imagine a GPL project called free-prog.
Company takes the the source to free-prog, modify it/add their own code in 'plain' readable source. Let's call this secret-prog.
Company never releases this code - so they don't have to release the source for secret-prog. This is legal under the GPL as I understand it.
Company obfuscates the source for secret-prog. They then add to this more code, probably a standard module for something useful but trivial - a File Save dialog let's say. They name this new project obfus-prog. This they compile and release, together with source - which is 99% obfuscated.
As long as they only ever release obfus-prog and not secret-prog then the 'preferred form' of the source for obfus-prog is the obfuscated source code.
Personally I think that's enough but a judge might require more. Maybe they'd also need to put up some artificial barriers between the two sets of code. Maybe you have to make sure that the two source trees are kept separate on separate servers. Have separate teams working on them - similar to clean room conditions for reverse engineering.
But I think the whole thing's moot. Obfuscated source is still source and there are programmers out there who can read, interpret and re-code it - and re-distribute it.
Firstly I think it's not so easy to define source at all. I read some of the transcripts of the 2600 case that dealt with arguing that Code=Source=Speech. It was really revealing - defining source is a slippery issue.
Secondly even if your definition - must be human readable - is accepted, there are humans who can read machine language, in hex (I'm sure we've all got anecdotes about our favourite guru programmer doing just that). And to be honest most programmers, with a little effort, could train themselves to do the same.
Finally - you're assuming the obfuscated text is no longer source and that therefore there is a separate text which is the 'real source'. Let's think about how someone normally forks a GPL project, something like -
- take original GPL'd source code
- make modifications
- release new code, with source, and acknowledgement of original authors
But the GPL doesn't AFAIK require the release of the original source - only the source for your new version. Releasing the original code is the responsibility of the authors of the original project.
So in this case, obfuscation is part of the modifications, along with inclusion of some home-grown code (the original GPL code was only 30% of the whole right?). So legally how is there a difference?
However, these points in themselves lead to reasons why this approach would be unsuccessful. Namely,
- if hex machine code is human-readable then obfuscated C certainly is. Plus if it's been obfuscated mechanically - it can be de-obfuscated mechanically. Partially anyway.
- they have to acknowledge the original code's authors and therefore the original project. People can compare the obfuscated code with the original code and figure a lot of it out.
Using a combination of these I can forsee that it would be possible to generate a completely 'plain source' version and keep it in step with the obfuscated one, with relative ease.
To sum up - I think legally they can do this, but I doubt it will gain them much advantage.
But I am not a lawyer.
This is true bu still, most copyrighted material shared on something like Morpheus would probably fail both (3) and (4) because it's usually the entire work and it's available to millions.
Which is one of the reasons why I don't own a Tivo.
Is it possible to run a Tivo standalone? - without connecting to their subscription service - which I wouldn't want anyway.
You assume all that - because it's quicker to assume than actually click on a link and check.
Probably not - it's too much work. I could pretend that's the reason I don't use these programs. In actual fact the reason I don't is that I don't need P2P.
Open Source does not guarantee security. Open Source does not guarantee that there are no backdoors. Someone still has to look at the code to establish those issues.
Open Source only guarantees that you would have the ability to check for holes.
Which is kinda what I meant when I said "If it had been an Open Source client you would have had the ability to make sure there *are* no backdoors." [emphasis added]
The point is that Open Source gives you another option. The option it gives you requires some work. But hey, Life's Tough!Kazaa is just a minute away from getting completely shut down. They've just admitted to the RIAA that it is possible to shut somebody out of their (nasty) proprietary network... putting them into the same boat as Napster, as far as a Judge will be concerned with them.
I don't think it's that clearcut. This event has shown that they can deny access to network, it has not shown that they can identify or control what is being shared.
Imagine buying a VCR and discovering it has a secret disabling chip that can be activated remotely by the manufacturer. The manufacturer rents you the VCR rather than selling it and fires off a 'disable' signal if you don't pay your bill. Now Big Media Company comes along and says "You must disable all these VCRs because they are being used to make unauthorised copies of copyright material."
After they stop laughing, the VCR manufacturer tells BMC where to go. They have no way to identify or stop infringement, and they ain't going to kiss goodbye to their customer base on BMC's say-so.
"Ah", says BMC, "but you have shown the technology is possible. It must be possible to add the ability to identify content being copied, and by extension copyright infringement."
"It is", says VCR maker, "but we didn't do that. It's not a 'feature' our customers want. Did you have a point?
And so on - in front of a judge, until somebody runs out of money.
If it had been an Open Source client you would have had the ability to make sure there *are* no backdoors.
Or to put it another way - if you want to be sure that the software you run doesn't change your settings only run open source software.
My only suggestion is this. You lay out the issues very well and then at then end get into what looks like a personal attack (I'm sure you don't mean it to be). Here's the changes I'd make FWIW
I am not sure exactly how you think you are benefiting South Carolina with this bill is very confrontational and slightly insulting - it implies he doesn't know what he's doing. How about I do not believe this bill will benefit South Carolina?
Please don't act solely in the interest of your high-dollar contributors. This is even worse - you're implying that he's been improperly influenced by contibutions from business. That's a serious allegation, insulting to his integrity. Mention instead the other side of the coin, following on from your previous sentence i.e. My reading of the proposal is that it will only benefit the large corporations in this country, especially the media conglomerates. Please make sure that you are also acting on behalf of non-corporate interests, the individual constituents who voted for you.
The last sentence can stand if you tone down the other two because you modify the you are doing a disservice with by proposing this bill. Otherwise I might have suggested this bill will do a disservice
The thing to remember is that you are trying to influence this guy's opinion not run against him in the next election. You may believe that he's an idiot who doesn't understand the issue and is in the pockets of big business - but if your letter comes over that way any chance of persuading him will probably be lost.
You make a fair point - but I think 10% subscription rate is widely optimistic - 1% will be good going.
Do you understand the paradox of your reply? - it's priceless!
"Methinks you should exercise whatever level reading capabilities you obtained in your educational persuits"
LOL
Well are they beaming it at you? The majority of downloading happens because people can't get the show themselves - either because it's not being shown in their area, or because it's only shown on a subscription service.
I think to use 'fair use' as a defence you would have to show that you had access to it anyway - i.e. that it aired in your area or you subscribed to a cable channel etc.
Copying for personal use is fair use.
Copying and sharing with another is not.
I don't think he was making an argument to ignore this, I think he was saying this is not a surpise
There *is* a televised version of H2G2 and it wasn't too great. Although I have a soft spot for it because it introduced me to H2G2.
I've never seen Lexx so I've no idea how good it is.
I don't follow it (that closely) either but it seems like you're talking about 2 different, though related, things.
There's the process of patch submissiong which is pretty much the same - send them to the maintainers, who are supposed to send them to the 'trusted few', who send them to Linus. Some of the recent discussion seems to be over the fact that the maintainers thought they had a direct line to Linus, whilst he didn't see it that way.
Then there's the tool Linus uses to organize his source tree(s). This will allow Linus to speed up the process of applying and testing patches. It will not change the protocol for submitting patches. Maybe he'll give the trusted ones write permissions if they even decide to adopt BK too.
At least that's my impression - I could be, and usually am, wrong :)
Yes and no. If you follow any of the content links on their webpage you'll see that they are trying to make money off partnerships with online movie providers. They offer streaming movies or a time-limited download. The later works with some encryption they've included in the latest playa, codec.
It's kinda like video rental over the net I guess. If the price is right I think they'll make some money.
Get yourself a DVD player. You can get one that will play VCDs/SVCDs. Check out www.vcdhelp.com - it'll tell you about compatible players and has just about every Howto you'll ever need.
Whilst it's extremely annoying and frustrating this is hardly a new thing in the games industry and certainly not unique to Loki.