I hadn't heard of Microsoft's involvement at all until the article on Slashdot that they were starting to mandate UEFI Secure Boot.
As far as I know, that UEFI standard is older than their involvement. Older still is repeated calls in the security research community for some kind of signed boot process to enable a ground-up signed system. The major motivations for which were to create more reliable antimalware and to do remote attestation. (More reliable antimalware meaning anitmalware that can prove that every layer below it isn't compromised. It's basically impossible to detect sufficiently advanced malware that's running at a lower level than you are.) That's where I remember it from. So I don't buy that it's a scheme ginned up by Microsoft to do something that it's currently not actually being used to do.
I'm sure there are all sorts of terrible things that Secure Boot can be used to accomplish if you wrap the tinfoil around your head tightly enough. I'll even admit that some marketing guy in Microsoft may well end up getting them to use it for one or more of those things. But Secure Boot is actually useful, so I'll refrain from complaining about it until Microsoft actually does something evil.
It's only yours if you buy it. I suggest not buying hardware with Secure Boot, if it bothers you so much. But then, all x86 hardware with Secure Boot is required to have the option to disable that feature. So, you could take that route, too.
Note that this still means that in order to initiate the download, the server S has to serve out the whole file at least once, to the first downloader -- and if the file is being distributed without the copyright owner's permission, then the operators of server S can be taken to court. This legal pressure was the reason that the Pirate Bay switched from serving BitTorrent files to serving magnet links, which enable users to download content purely from each other, without the Pirate Bay ever actually serving the content themselves.
Not at all. The person you're labeling as "server S" here would be more appropriately called the "initial seeder". Every individual that is participating in a swarm but has the entire torrent being shared is a seeder. The initial seeder is, generally, the person first making the file available. BitTorrent doesn't treat them any differently from any other seeder, though.
There are two kinds of servers in a BitTorrent network: a tracker and an index. The trackers are actually part of the BitTorrent protocol. They maintain a list of connected peers for each torrent. That is all. The indexes are not strictly part of the BitTorrent protocol. They are websites that are sources for metainfo files (".torrent files") and/or magnet links. Confusingly, The Pirate Bay runs both. The Pirate Bay website is an index. They also run trackers. However, neither indexes nor trackers ever possess or share any part of the actual data being shared. They store and transmit only metadata.
D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.
This is often how it's described, but it's not true. BitTorrent's decision-making is local-only. A particular peer P1 will tend to deprioritize another peer P2 if does not receive pieces from that peer. (This is a "tit-for-tat" priority approach.) Peers don't communicate with each other about who's been sharing what. They don't communicate with the tracker about who's been sharing what. They receive no explicit instructions from other peers or from the tracker.
As for your overall idea, it seems like you're trying to out-clever the legal system. That's a dangerous path. It's more effective to have a system where the protects you want are guaranteed by the design of the system.
In other words, all P2P systems are doomed to reinvent Freenet, badly.
No, 35 years was a very real possibility for Swartz.
It's not. It's a media figure concocted using a formula that has no relationship to how sentences are actually computed. He realistically faced up to 7 years in prison if tried and convicted. The offered plea bargains of 4 months and judge's discretion (max 6 months) is low if the prosecutor though they had any shot of getting close to 7 years. (Or, the prosecutor thought they had a fairly weak case. Given the evidence, I doubt that.)
And the judge could decide to be an asshole if he wanted.
No, it would just give you a false sense of security.
If Google does the encryption, then Google has the encryption keys. If an employee can access a user's e-mails, why wouldn't they be able to access the encryption key? (Or, to put it the other way: If you plan on protecting the user's privacy by not letting employees access the encryption keys, why not just use the same mechanism to not let the employees access the user's data, now? It's the same level of protection.)
Encryption isn't magic pixie dust that solves security and privacy problems.
There are only two valuable things in tabletop RPG books: the ideas and the mechanics (or fluff and crunch, if you prefer). The ideas can be translated to any system, regardless of the one they were written for, as long as there are some mechanics to back it up. Most of the really useful ideas aren't strongly bound to any mechanics, anyway. Translating mechanics is certainly doable, but is a lot more work to do well.
But you don't need to even do that. You could have enjoyable tabletop games for a decade using only old published modules and rulebooks.
Don't forget that JSTOR is also not the one that makes all of the rules, here. They don't own the copyright to the works they distribute. They had to get licenses from the publishers.
The DOJ reaction? Slap a 50 years sentence on him.
Seems like you don't have much understanding of the law if you confuse the media reporting the maximum theoretical sentence (which really isn't) with actual sentencing.
She demonstrated very plainly that she doesn't have the understanding of law needed to work on it professionally.
You generally don't get disbarment for people disagreeing with your prosecutorial discretion. Regardless, that wouldn't qualify as "understanding of the law". Swartz was charged entirely with crimes it seems very likely that he actually committed. He even demonstrated that he knew what he was doing was illegal and he was doing it with a purpose in mind. Starting off by charging someone with everything they can reasonably be charged with is pretty standard procedure for prosecutors.
You may not like the laws or how prosecution is done, and that's reasonable, but it's not the prosecutor at fault.
But he could get 35 years in prison, especially if the judge wanted to make an example of him, which happens more than you would believe.
Not really. He'd then have excellent grounds for appeal, since the judge would have been straying very far from the federal sentencing guidelines.
When media reports a set of charges, they sum together the number of charges and sum together the maximum sentences for all of the charges, leading to something like "12 charges with a maximum of 35 years in prison". But when sentencing, according to the guidelines, you eliminate redundant charges that are for the same criminal act and use the one with the highest penalty. So it's rarely possible to ever get the sentence reported by the media.
In Swartz's case, he could have realistically been sentenced to 7 years in jail.
That seems unlikely, though. The two plea bargains offered were for 4 months jail or the judge's discretion, up to a maximum of 6 months. That's a very generous plea if they thought they had any chance of getting the maximum sentence in trial.
I agree with your comment. However, the "damages" they're talking about are the expense of a response to his actions -- investigating and mitigating those specific actions. It's not the same as someone exposing a need for more security. It's still arguable, but it's fairly different. (You could argue that unless their expenditures were unusually high, that their actions are simply a normal cost of maintaining security. You can't pin the cost of having a guard on whatever thief he happens to catch. You can also argue that JSTOR's blocking MIT was an option they chose to take, rather than one necessitated by Swartz's actions, and so is not attributable to Swartz.)
Interesting and well-thought-out. Have you read the Volokh write-up?
I would argue that in this case it's not civil disobedience, since he was actively trying to avoid being caught. That's not the nature of civil disobedience. (One might argue that he was only avoiding being caught to be successful, and he would reveal himself upon releasing the documents, but that would be conjecture.)
The Volokh piece talks about the accepted standard for punishment in this case, which is "special deterrence" -- since there's little damage, the object of the punishment should be to prevent Swartz from attempting to carry out his crime (or a similar action).
The burden of a criminal case and spending however many years getting raped in prison in the mind is bound to lead towards depression.
If that was his concern, than the answer to "however many years" is either 4 months or up to 6 months, depending on which of the two offered plea bargains he took. It's very possible he could have gotten time served, but if he wanted to minimize the risk of prison time, 4 months.
Of course, it would still be counted as a felony conviction. If he fought it out of principle and lost, he could face more time.
Not quite. MIT and JSTOR had to spend resources addressing this problem. (In theory, maybe the didn't really *have* to, but if JSTOR routinely ignored such actions, they'd run in to trouble with the journal publishers. If MIT ignored it, they'd run into trouble with JSTOR. And, they can't tell the difference between something innocuous and something more malicious until they investigate.) As part of it, JSTOR cut off access to MIT. That's the sum total of the harm that resulted. How much of that is attributable as "damage" caused by Swartz's actions is arguable.
No, I couldn't care less about Godwin. Not all of us give a shit about mod points.
Not mod points, Godwin points. You're baiting a comparison to Nazis.
In this particular instance, nothing about it was normal. They went out of their way to go after the guy, even after being asked to drop it.
Asked to drop it by whom? JSTOR? This isn't a civil case, it's criminal. JSTOR is only one of the injured parties, and the state doesn't need any injured party's permission to bring charges.
They didn't go out of their way to go after him, they just went after him. It's their job, it's how prosecution is done, and it's normal. You can think it's unfair, but you shouldn't think that it's unusual just because it got media attention. It's not.
There are actual crimes that they could be prosecuting, but this is the crap they go for instead.
This was an actual crime. It's their job to prosecute crimes. Swartz even knew full well that it was criminal. You may not think it should be a crime -- and maybe it shouldn't -- but Swartz is not a special case here, either. The same actions would be considered a crime regardless of who committed them.
No, you're deliberately misinterpreting it in order to make a pass at scoring some Godwin points.
The point is that the prosecutor's behavior is not "as ordered", but rather is simply the norm for how prosecution is done. If you find that unacceptable, the appropriate path is to try to fix the use of these tactics in general, rather than singling this out as a specific case with a particular problem.
I believe part of the subtext of the article is that that whole approach is stupid. (Of course, I'm biased. I think publishing a number like that that has no basis in reality is stupid.)
To be fair, a person who is being intimidated by a prosecutor should have a lawyer handy, and the lawyer should explain all this. The press is free to report pretty much any crazy numbers they want, and the articles they write will largely be read by people without any legal knowledge and no lawyers hand. Stupid? Sure. But at least there's some basis for the double standard.
I don't even see anything to discuss. Seriously, how the hell is this acceptable?
It basically works like this. Back in the day, there were no real open-access journals. (This was when things were actually printed and distributed, and the whole process was much less efficient.) So pay journals built up all of the good reputation. People paid to do research are expected to share their findings with the research community. Sharing with the public is nice, but it's not a key component of the research process. So now all the paid journals have the best reputations, the most visibility, the highest readership. So publishing in those is "better" than publishing elsewhere. As such, your funding agencies think that you're doing your job "better" if you're publishing in these journals, which happen to be paid. (The fact that their paid has nothing to do with it -- it's solely that higher-reputation journals are better.)
This all changes if your funding agency requires that you publish your paper in an open-access journal, which the NIH has started doing. (It does some other interesting things, too. It increases the reputation of the open-access journals, which helps, in the long term, make open-access journals a good choice for people whose funding agencies don't require this. Also, if the funding agency is big enough, it starts making the high-profile paid journals back down on their stance on exclusivity, which enables researchers to publish in both an open-access location and a paid, refereed, high-profile journal.)
Slashdot Mirror
I hadn't heard of Microsoft's involvement at all until the article on Slashdot that they were starting to mandate UEFI Secure Boot.
As far as I know, that UEFI standard is older than their involvement. Older still is repeated calls in the security research community for some kind of signed boot process to enable a ground-up signed system. The major motivations for which were to create more reliable antimalware and to do remote attestation. (More reliable antimalware meaning anitmalware that can prove that every layer below it isn't compromised. It's basically impossible to detect sufficiently advanced malware that's running at a lower level than you are.) That's where I remember it from. So I don't buy that it's a scheme ginned up by Microsoft to do something that it's currently not actually being used to do.
I'm sure there are all sorts of terrible things that Secure Boot can be used to accomplish if you wrap the tinfoil around your head tightly enough. I'll even admit that some marketing guy in Microsoft may well end up getting them to use it for one or more of those things. But Secure Boot is actually useful, so I'll refrain from complaining about it until Microsoft actually does something evil.
It's only yours if you buy it. I suggest not buying hardware with Secure Boot, if it bothers you so much. But then, all x86 hardware with Secure Boot is required to have the option to disable that feature. So, you could take that route, too.
Note that this still means that in order to initiate the download, the server S has to serve out the whole file at least once, to the first downloader -- and if the file is being distributed without the copyright owner's permission, then the operators of server S can be taken to court. This legal pressure was the reason that the Pirate Bay switched from serving BitTorrent files to serving magnet links, which enable users to download content purely from each other, without the Pirate Bay ever actually serving the content themselves.
Not at all. The person you're labeling as "server S" here would be more appropriately called the "initial seeder". Every individual that is participating in a swarm but has the entire torrent being shared is a seeder. The initial seeder is, generally, the person first making the file available. BitTorrent doesn't treat them any differently from any other seeder, though.
There are two kinds of servers in a BitTorrent network: a tracker and an index. The trackers are actually part of the BitTorrent protocol. They maintain a list of connected peers for each torrent. That is all. The indexes are not strictly part of the BitTorrent protocol. They are websites that are sources for metainfo files (".torrent files") and/or magnet links. Confusingly, The Pirate Bay runs both. The Pirate Bay website is an index. They also run trackers. However, neither indexes nor trackers ever possess or share any part of the actual data being shared. They store and transmit only metadata.
D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.
This is often how it's described, but it's not true. BitTorrent's decision-making is local-only. A particular peer P1 will tend to deprioritize another peer P2 if does not receive pieces from that peer. (This is a "tit-for-tat" priority approach.) Peers don't communicate with each other about who's been sharing what. They don't communicate with the tracker about who's been sharing what. They receive no explicit instructions from other peers or from the tracker.
As for your overall idea, it seems like you're trying to out-clever the legal system. That's a dangerous path. It's more effective to have a system where the protects you want are guaranteed by the design of the system.
In other words, all P2P systems are doomed to reinvent Freenet, badly.
Then after some time, he would've been cut off, which is what happened.
It's the part where you repeatedly and knowingly circumvent the measures they're using to cut you off where you really tread into dangerous territory.
No, 35 years was a very real possibility for Swartz.
It's not. It's a media figure concocted using a formula that has no relationship to how sentences are actually computed. He realistically faced up to 7 years in prison if tried and convicted. The offered plea bargains of 4 months and judge's discretion (max 6 months) is low if the prosecutor though they had any shot of getting close to 7 years. (Or, the prosecutor thought they had a fairly weak case. Given the evidence, I doubt that.)
And the judge could decide to be an asshole if he wanted.
Which Swartz's lawyers would eat up.
No, it would just give you a false sense of security.
If Google does the encryption, then Google has the encryption keys. If an employee can access a user's e-mails, why wouldn't they be able to access the encryption key? (Or, to put it the other way: If you plan on protecting the user's privacy by not letting employees access the encryption keys, why not just use the same mechanism to not let the employees access the user's data, now? It's the same level of protection.)
Encryption isn't magic pixie dust that solves security and privacy problems.
Is this some vague attempt at a version war, are you just trolling, or do you really not know that there's a 1st Ed. AD&D?
You know, you don't need the new materials.
There are only two valuable things in tabletop RPG books: the ideas and the mechanics (or fluff and crunch, if you prefer). The ideas can be translated to any system, regardless of the one they were written for, as long as there are some mechanics to back it up. Most of the really useful ideas aren't strongly bound to any mechanics, anyway. Translating mechanics is certainly doable, but is a lot more work to do well.
But you don't need to even do that. You could have enjoyable tabletop games for a decade using only old published modules and rulebooks.
I wonder what dimwit coined the word "hack" for that.
Probably some guy with a hacksaw.
Was he actually charged with copyright violation?
Don't forget that JSTOR is also not the one that makes all of the rules, here. They don't own the copyright to the works they distribute. They had to get licenses from the publishers.
Not a student at MIT. He's a fellow at Harvard. They have a JSTOR subscription, too, but he chose to use MIT's network.
The contents of JSTOR are not in the public domain. You may think that they should be, but that's not the same thing.
The DOJ reaction? Slap a 50 years sentence on him.
Seems like you don't have much understanding of the law if you confuse the media reporting the maximum theoretical sentence (which really isn't) with actual sentencing.
She demonstrated very plainly that she doesn't have the understanding of law needed to work on it professionally.
You generally don't get disbarment for people disagreeing with your prosecutorial discretion. Regardless, that wouldn't qualify as "understanding of the law". Swartz was charged entirely with crimes it seems very likely that he actually committed. He even demonstrated that he knew what he was doing was illegal and he was doing it with a purpose in mind. Starting off by charging someone with everything they can reasonably be charged with is pretty standard procedure for prosecutors.
You may not like the laws or how prosecution is done, and that's reasonable, but it's not the prosecutor at fault.
But he could get 35 years in prison, especially if the judge wanted to make an example of him, which happens more than you would believe.
Not really. He'd then have excellent grounds for appeal, since the judge would have been straying very far from the federal sentencing guidelines.
When media reports a set of charges, they sum together the number of charges and sum together the maximum sentences for all of the charges, leading to something like "12 charges with a maximum of 35 years in prison". But when sentencing, according to the guidelines, you eliminate redundant charges that are for the same criminal act and use the one with the highest penalty. So it's rarely possible to ever get the sentence reported by the media.
In Swartz's case, he could have realistically been sentenced to 7 years in jail.
That seems unlikely, though. The two plea bargains offered were for 4 months jail or the judge's discretion, up to a maximum of 6 months. That's a very generous plea if they thought they had any chance of getting the maximum sentence in trial.
I agree with your comment. However, the "damages" they're talking about are the expense of a response to his actions -- investigating and mitigating those specific actions. It's not the same as someone exposing a need for more security. It's still arguable, but it's fairly different. (You could argue that unless their expenditures were unusually high, that their actions are simply a normal cost of maintaining security. You can't pin the cost of having a guard on whatever thief he happens to catch. You can also argue that JSTOR's blocking MIT was an option they chose to take, rather than one necessitated by Swartz's actions, and so is not attributable to Swartz.)
Interesting and well-thought-out. Have you read the Volokh write-up?
I would argue that in this case it's not civil disobedience, since he was actively trying to avoid being caught. That's not the nature of civil disobedience. (One might argue that he was only avoiding being caught to be successful, and he would reveal himself upon releasing the documents, but that would be conjecture.)
The Volokh piece talks about the accepted standard for punishment in this case, which is "special deterrence" -- since there's little damage, the object of the punishment should be to prevent Swartz from attempting to carry out his crime (or a similar action).
The burden of a criminal case and spending however many years getting raped in prison in the mind is bound to lead towards depression.
If that was his concern, than the answer to "however many years" is either 4 months or up to 6 months, depending on which of the two offered plea bargains he took. It's very possible he could have gotten time served, but if he wanted to minimize the risk of prison time, 4 months.
Of course, it would still be counted as a felony conviction. If he fought it out of principle and lost, he could face more time.
After all, there was no harm to anyone
Not quite. MIT and JSTOR had to spend resources addressing this problem. (In theory, maybe the didn't really *have* to, but if JSTOR routinely ignored such actions, they'd run in to trouble with the journal publishers. If MIT ignored it, they'd run into trouble with JSTOR. And, they can't tell the difference between something innocuous and something more malicious until they investigate.) As part of it, JSTOR cut off access to MIT. That's the sum total of the harm that resulted. How much of that is attributable as "damage" caused by Swartz's actions is arguable.
"Let me in" and "I love you" are both correct grammar. You're perhaps thinking of correct punctuation.
Sure, as long as you only need the one password.
No, I couldn't care less about Godwin. Not all of us give a shit about mod points.
Not mod points, Godwin points. You're baiting a comparison to Nazis.
In this particular instance, nothing about it was normal. They went out of their way to go after the guy, even after being asked to drop it.
Asked to drop it by whom? JSTOR? This isn't a civil case, it's criminal. JSTOR is only one of the injured parties, and the state doesn't need any injured party's permission to bring charges.
They didn't go out of their way to go after him, they just went after him. It's their job, it's how prosecution is done, and it's normal. You can think it's unfair, but you shouldn't think that it's unusual just because it got media attention. It's not.
There are actual crimes that they could be prosecuting, but this is the crap they go for instead.
This was an actual crime. It's their job to prosecute crimes. Swartz even knew full well that it was criminal. You may not think it should be a crime -- and maybe it shouldn't -- but Swartz is not a special case here, either. The same actions would be considered a crime regardless of who committed them.
Sue them for theft, and perhaps racketeering. Also sue them under the anti trust laws for price fixing.
I get the suspicion you have no idea what JSTOR is or what it does.
No, you're deliberately misinterpreting it in order to make a pass at scoring some Godwin points.
The point is that the prosecutor's behavior is not "as ordered", but rather is simply the norm for how prosecution is done. If you find that unacceptable, the appropriate path is to try to fix the use of these tactics in general, rather than singling this out as a specific case with a particular problem.
I believe part of the subtext of the article is that that whole approach is stupid. (Of course, I'm biased. I think publishing a number like that that has no basis in reality is stupid.)
To be fair, a person who is being intimidated by a prosecutor should have a lawyer handy, and the lawyer should explain all this. The press is free to report pretty much any crazy numbers they want, and the articles they write will largely be read by people without any legal knowledge and no lawyers hand. Stupid? Sure. But at least there's some basis for the double standard.
I don't even see anything to discuss. Seriously, how the hell is this acceptable?
It basically works like this. Back in the day, there were no real open-access journals. (This was when things were actually printed and distributed, and the whole process was much less efficient.) So pay journals built up all of the good reputation. People paid to do research are expected to share their findings with the research community. Sharing with the public is nice, but it's not a key component of the research process. So now all the paid journals have the best reputations, the most visibility, the highest readership. So publishing in those is "better" than publishing elsewhere. As such, your funding agencies think that you're doing your job "better" if you're publishing in these journals, which happen to be paid. (The fact that their paid has nothing to do with it -- it's solely that higher-reputation journals are better.)
This all changes if your funding agency requires that you publish your paper in an open-access journal, which the NIH has started doing. (It does some other interesting things, too. It increases the reputation of the open-access journals, which helps, in the long term, make open-access journals a good choice for people whose funding agencies don't require this. Also, if the funding agency is big enough, it starts making the high-profile paid journals back down on their stance on exclusivity, which enables researchers to publish in both an open-access location and a paid, refereed, high-profile journal.)