Actually, if you do read the specific patent, they use the phrase "a computer software product which" in almost every one of their claims. So it's definitely a software patent.
The claim is for a two part process wherein they use some verifiable identity information (such as a credit card) to establish the real identity of the user and then grant the user access to some software or service for purposes of "electronic commerce". One should also note that the original application in this case was filed in 1995. So this leaves us with two questions:
1) Is the idea sufficiently novel and specific to have been granted a patent?
I was argue that it is not. This is an obvious first step in a simple electronic commerce set-up. If they had patented a particular method of establishing identity, then that would be one thing, but they patent the very idea of establishing a user's identity. It's the same as a car dealership asking to see your driver's license before they let you test drive a car, but in software. Not novel and not specific.
2) Is there any prior art which would invalidate this patent?
Yes, there definitely and obviously is. Although in 1995 the internet was not the commercial mecca that it is now, on-line service providers like AOL and Compuserve used credit cards to verify identity before letting you use their electronic systems. Compuserve, in fact, let you just dial into and provide a credit card number. And several of the services offered things you could buy which would be charged to your user account.
So, in conclusion, it's clear that this software patent, like most software patents, is vague, overly broad, and should be completely invalidated by obvious prior art.
Actually, it's an FAA regulation. It is, however, a secret FAA regulation. And this is the crux of the matter. There should not be secret laws in a democracy. And that is a far more important matter than whether or not you have to produce ID to board a plane (which itself is important).
I hope there's another way to deal with it because what he's doing right now is filing a fraudulent trademark application. I appreciate that he's in a bind, but breaking one law to prevent others from breaking another is not generally going to fly. I mean, if you commit assault to prevent a murder, that's one thing, but committing trademark fraud to prevent others from committing copyright fraud? I don't think so.
And just in case it is less than clear, this -is- trademark fraud. To apply for a trademark, you have to fill out a form which includes statements to the effect of "we have no knowledge of anyone else using this trademark in the same field of business". In order to apply for this trademark, they have to lie on the form, which is fraud.
Keith
Re:Not a problem (yet)
on
SHA-1 Broken
·
· Score: 1
Actually, no one has developed quantum algorithms which can break any encryption other than those which rely on factoring being hard. We have a quantum factoring algorithm. We don't have a quantum modular logarithm algorithm. So although RSA, Rabin, and a few others would be toast, Diffie Hellman, El Gamal, NTRU, and quite a number of other public key schemes would still be safe. And no secret key scheme I've ever seen relies on factoring, so AES, Triple-DES, and all the AES candidates would still be secure.
As for quantum entanglement, people are working on it. It's an active field of research, but these things don't happen instantly just because someone wants them to. Sorry. What you're really doing is comparing two completely unrelated things:
1) Long range consumer wireless data transmission. It's a technology whose primary benefit over existing technologies is that it is cheaper to deploy and more versatile. It's an immediate and pragmatic thing with real benefits which we could all be using within as soon as two or three years. It's something that real companies are looking at building real devices for right now.
2) Quantum entanglement communication. It's a high end research idea which they aren't sure if can ever be realized. If it can, it will likely be very expensive for quite a while and hence not suitable for consumers. It is possible that we will communicate using this technology in a few decade's time, but at this point, it is not in the running for immediate deployment in any way shape or form. No real companies have the capability to build anything like this now. The companies who are looking at rolling out WiMax stuff likely don't even have anyone on staff who understand quantum entanglement, never mind anyone who could build one.
It's sort of like your next door neighbor, a plumber, has come to you and said "Hey, I've just ordered this new car. Check out the specs on this baby. I'm really going to enjoy driving to work now." and you've said "Car? With all the automobile accidents which could happen between here and work? You should be working on building a teleporter instead."
Keith
Re:Parent is flamebait and trollish. Mod down.
on
LokiTorrent Shut Down
·
· Score: 2, Interesting
Hacking your X-Box is not in any way shape or form illegal and certainly not -massively- illegal. Legally, it's no different from hacking your own computer. You cannot commit wire fraud against yourself. Microsoft doesn't sell licenses to use the X-Box, it sells X-Boxes. Hacking you X-Box may invalidate your warrantee and get you banned from X-Box Live, but that just means the Microsoft is unhappy, not that you broke any laws.
Actually, the lack of a superuser makes this sort of thing significantly easier. In a superuser system, what happens when the superuser dies or forgets his password? You have to yank out the disc drive and use some other system to rewrite the password file. That's not precisely an elegant solution. Plus, the superuser password has such an enormous possibility for abuse that any sane administrator wants to make sure that as few people know it as possible.
In a capabilities based system, you can have a much finer grain of what can be done. So you can divide the traditional super-user responsibilities amongst several different users, meaning that there is no longer a single point of failure or a single means of abusing the system. For instance, you could have three different trusted users who have the power to remove people's passwords but not to give them new passwords and three other trusted users who can give people new passwords if their password has been removed but not to remove the password. None of these six users has to be trusted nearly as much as one user who can change user's passwords at will because each of them has less power. So because there's less possibility of abuse, the responsibility can be shared more widely.
All of the powers and duties which a superuser account has still exist. A capabilities system isn't a system in which no one can ever change passwords or access files other than their own. It's just a system in which those powers and duties can be spread out across multiple users. This means that "what if the only person who knows the superuser password dies?" is no longer an issue and it also means that powers can be delegated more. Instead of having to get someone with root every time problems need fixing, there could be different people with responsibilities for different parts. Every division could have its own password manager and its own file rights manager.
When power is decentralized there's more accountability, less possibility for abuse, and no longer a single point of failure. Asking how you can run a computer system without a superuser is sort of like asking how you can run a government without an emperor.
Well to begin with, patents are an imposition on freedom. You give someone a temporary and artificial monopoly in order to gain benefit to society. You don't have to justify why not give them patents, you have to show why you should. The benefits (at least in theory) are thus:
1) Companies have a greater incentive to innovate and create new products. 2) Little guys don't get their inventions stolen.
Except that neither of these apply to software patents. Now, clearly, there's no shortage of innovation and new product creation in the software market. I mean, really, there are fifty zillion software companies out there and myriad individuals just writing software in their spare time. And software patents are more like to hurt the little guy than help them. The little guy can't afford the cost of doing a patent search for every line of code he writes to make sure that no one else has used the same idea in the last 20 years.
In software how novel things are is very unclear. There would be nothing wrong with patenting things which truly are completely novel, but if ten programmers are given a problem, four or five of them are going to come up with the same answer. If we allow the first one to come up with an idea to patent it, it means that the others aren't allowed to solve the problem in the best way even though they would have on their own.
And more to the point what will actually happen is that the second, third, fourth, etc. guy will come to the problem, have no idea how the first guy solved it, but come up with the same algorithm and implement it. They won't know what the other guy named his algorithm, so they won't be able to find the patent and the software will be produced. Then at some later point, the first guy's company will discover this and hold the other guys' software hostage with a patent lawsuit. Patent is meant to prevent really stealing people's ideas, but when you look at the patents which have been granted for software in places where such is allowed, the level of novelty required is so low that multiple independent creation of the idea patented is not only likely, but in many cases inevitable.
Further, showing prior art in physical devices is fairly easy, but showing it in software where other people's source code is hidden from you, becomes almost impossible. So maybe in the above scenario, it's not the first guy who patented it, but the third, but the first and second ones didn't see it as novel or didn't work for companies which worry about patenting things. But by the time the lawsuit roll around 10 years later, the first two have completely forgotten all about it and their code is each buried inside some obsolete product whose source code is locked away in a secret vault somewhere.
Now, you may note that this also makes it harder to find the lawsuits to press to begin with, and that's true. But there is one very obvious section of software which is more vulnerable to suits over software patents: open source software. I personally know of at least one major, well known open source project used by a significant portion of the user base of this web site which accidentally stepped on the patents of a large company. Now, in this case, the company has done a really terrific thing, they've not filed a lawsuit and aren't mentioning it in public (which is why I'm being so vague) so as to not hurt the reputation of the project or in any way cause FUD. But, in general, software patents are likely to hurt open source because they'll be enforced on open source products much more often than on closed source products.
BitTorrent isn't illegal at all. It's just a means of doing a download. Just as http or ftp can be used to share copyrighted content, so can BitTorrent. But like http or ftp, BitTorrent can be used to download legitimate content too. Even the MPAA admitted that Bittorrent has significant non-piracy uses, so BitTorrent is not illegal in any sense of the word.
Also, if you know anything about the history of BitTorrent and its creator, you would know that BitTorrent wasn't created in order to share copyrighted content. At the time BitTorrent was created, there were plenty of functioning piracy networks. What did not exist, however, was a means for normal internet users to share big files efficiently. So Bram made BitTorrent in order that people could share big files. That this would be used for piracy was inevitable, but that was not the point of creating it. If it had been meant specifically for piracy, there would be a search function built into it.
Peercast is similar except that it's about allowing normal internet users to share audio and video streams. Will it be used for piracy as well? Almost certainly, but again: that's not its point.
We the little guy don't need to wait for them to do this. We have computers, an internet, BitTorrent, RSS, and clients which combine BitTorrent and RSS. I've got my own full-resolution videoblog (which really is just an intermittent TV station). If you want to make your own content, you can have your own station too. It's not difficult or expensive.
"Presumed innocent until proven guilty" is a fundamental concept of our courts of law. The reality, however, is that some people are so obviously guilty that those of us who are not part of the court system have on reason to pretend otherwise. If someone walked up to you and shot you in the foot, you wouldn't refer to him as an "alleged foot shooter". You'd know that he actually did shoot you in the foot and describe him as such. We happen to know that this guy has been marketing a fraudlent spyware removal tool. He is entitled to be treated justly, and no one here is going to interfere with his right to a fair and legal trial. However, he is certainly not in any way entitled to be treated without contempt. We would have treated him with contempt before he was arrested, and his arrest does not change things.
His claims were not a direct contradiction, but to happen to be paying careful attention to the legality of the actions which you're denying having done is awfully suspicious looking. As for the action in question, it is selling a fraudlent product. That it involves spyware which has not yet been made illegal is just an aside.
I'm actually running my own RSS + BT video blog (which isn't very impressive at the moment as my camera broke and I haven't bought a new one yet, but don't worry: it'll get better soon). The difference between a video blog and a full TV station is just a question of scale.
Right now there are two RSS + BT clients: 1) Torrentocracy, a mythTV plugin and 2) Buttress, a java application. They're not precisely equivalent, but they both serve the same basic function. So, if you want to consume video, get one of those.
If you want to serve it, get BitTorrent, set up a tracker, and start a blog with torrent enclosures. I think that some of the pay blogging tools support this (Radio and Moveable Type I believe both support it with some plugin). But an even cheaper way to do this is to go get Blosxom, a free, open source blogging tool written in perl, and get the plugin which Dave Slusher and I wrote to allow you to do enclosures in RSS feeds created using Blosxom. Then, bam, you're in the video broadcast business.
All the links you might need for this (except if you want to use Radio or Moveable Type because I really don't know a thing about them) can be found on my homepage at http://www.asyserver.com/~kirwin/.
This is the time to begin TV democracy. There's no point in waiting and debating.
Now, I have nothing against those people how advocate this sort of path. I'm all for it. But at this point we're pretty well past the point of sitting around and talking about it. It's time to do it if you're gonna do it. The technology is pretty much all in place. It's just a matter of putting everything together.
That's why I'm actually running my own video blog (which isn't very impressive at the moment as my camera broke and I haven't bought a new one yet, but don't worry: it'll get better soon). The difference between a video blog and a full TV station is just a question of scale.
Ideally we want RSS and BitTorrent together. Right now there are two clients which do this: 1) Torrentocracy, a mythTV plugin and 2) Buttress, a java application. They're not precisely equivalent, but they both serve the same basic function. So, if you want to consume video, get one of those.
If you want to serve it, get BitTorrent, set up a tracker, and start a blog with torrent enclosures. I think that some of the pay blogging tools support this (Radio and Moveable Type I believe both support it with some plugin). But an even cheaper way to do this is to go get Blosxom, a free, open source blogging tool written in perl, and get the plugin which Dave Slusher and I wrote to allow you to do enclosures in RSS feeds created using Blosxom. Then, bam, you're in the video broadcast business.
All the links you might need for this (except if you want to use Radio or Moveable Type because I really don't know a thing about them) can be found on my homepage at http://www.asyserver.com/~kirwin/.
This is the time to begin TV democracy. There's no point in waiting and debating.
BitTorrent distributes small files in a central, regulated, non-p2p manner which contain cryptographic hashes of the blocks of the file. As such, it is computationally infeasible to replace any part of the file with another one. BitTorrent is a p2p download client. It is not a p2p file sharing network. As such it is not plagued by the sorts of problems which arise in p2p file sharing networks.
If you read the
details of the encryption system, it's easy to see that there is no mechanism to prevent other programs from using the AirPort Express's AirTunes system. It's set up so that streaming audio cannot be eavesdropped upon and recorded. It's also set up so that a program running on some other computer on the network cannot pretend to be an AirPort Express, thereby gaining access to the digital audio stream. But it is not set up to avoid other programs using it to play music. The only thing preventing that is a lack of documentation.
Because there was no documentation, this is a hack. He had to reverse engineer the protocol and build a client which worked without any documentation or reference implementations or any of that, so it's definitely a hack. But it isn't a crack. He didn't defeat any cryptographic or DRM system (which also means that the DMCA is a non-concern). What happened was that there was an undocumented cryptographic protocol and he wrote a client which implemented it. I applaud him, but calling it a "crack" is just plain old bad reporting.
Keith Irwin
The patent claims the process of Huffman encoding and/or run-length encoding digital signals. The CCITT Group 3 Fax machine standard used run length encoding followed by Huffman encoding to compress the digital signals before transmission. It was issues in 1980, six years before the patent.
I don't understand why any company would capitulate when the prior art is quite as obvious as the digital fax machine. I'll wager that they've even used a fax machine in persuing their claims.
Section 8 of article I (not to be confused with the first amendment) of the constitution which outlines the powers of Congress includes "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their
respective Writings and Discoveries;"
Copyright by its very nature is an exception to the free speech clause of the first amendment. It says that rather than being free to write anything that I want, I mustn't right something that someone else has already written recently. The power to decide the specifics of copyright is in the hands of Congress. However, that does not mean that they cannot go too far. In this case, I firmly believe that they have far exceeded the purpose and intent of the powers granted them and that the DMCA crosses the line into unconstitutionality. We'll see whether or not the Supreme Court agrees.
I added an addendum to the fourth attack and fixed some minor typos today. The addendum essentially demonstrates the fourth attack as practical in the real world and much quicker than previously though through the use of a birthday-paradox style attack.
Since I'm writing a reply, I'll also take a moment to mention Scott Crosby's short critique of HDCP. Roughly it's the same thing as the second part of my fourth attack. Essentially, it is correct, although he skips over the difficult issues such as the modulo 2^56 math without mentioning them. Myself and other did later show that one can do so with impunity, but it was a desire to hammer out these difficulties which was why my paper comes to the public after his rather than before. He has told me that he's now working on a more in depth paper with some other researchers. I suspect that it contains things not found in my own, although he hasn't explicitly told me as much.
I will also say that I view Ferguson's claims of being able to recover the whole of the master key (which I don't refer to by that name in my paper, but certainly agree that it exists in the form of some 1600 56-bit values) with some skepticism. In my attack, I describe how to get all but the left-most approximately 8 bits of each. To extract the whole thing as best I can tell requires solving sets of linear equations with no division by 2 at any point. Although there are certain sets of KSVs for which that could be done, I don't know how one would expect to reliably find such. My suspicion is that he has broken the fundamental cipher (which I do not do) but overlooked the same modulo 2^56 math gotcha that Crosby initially did. I am, of course, just speculating about that, however.
Re:There is a definite error.
on
Does P = NP?
·
· Score: 1
In case anyone is still reading, this turned out not to be an error in theorem five, after all, but instead an error in the definition of one of the terms used in theorm 5, specifically, his definition of "path". I accepted the definition as written. What he actually meant was the usual graph-theoretic definition of "path". I don't at all appreciate him describing my statements as "illiterate" given that all I did was take his definitions at face value rather than applying my existing experience.
I believe that there is a flaw in his approach at a much later stage in the proof, specifically the part regarding co-vertices. I will post more if and when I get the chance to investigate that part more thoroughly so that I can nail down any problems with certainty.
Keith
There is a definite error.
on
Does P = NP?
·
· Score: 1
Probably no one is reading this any longer, but just in case, I thought that I'd point out a serious, perhaps insurmountable, error in the paper. Theorem 5 is simply incorrect. As he didn't really prove it, I cannot point out a flaw in any proof of theorem 5, but I can, quite simply, give a counter-example. Consider a graph which consists only of a 5-cycle. Any X0 would consist of two non-adjacent nodes. The digraph has to have at least two successive edges which point in the same direction around the cycle (I won't bother proving that because it's very easy to see). This means that any transitive closure graphs of that digraph would contain at least one triangle. Given that there is one triangle, in this case the MPP would be guaranteed to consist of a triangle and a line. This fits the definition of a VS graph because any maximum antipath has size two (the same as the number of paths in the MPP), which is the same as the size of X0, and must be a maximal independent set of the transitive closure graph. However, since a triangle is always included in the MPP and one edge of every triangle is always non-essential, there is no possible MPP of the TGC which contains only essential arcs. So the theorem clearly does not hold on a 5-cycle! I sincerely doubt that this is a single exception. I'm quite certain that if need be, I could find many more counter-examples, but one is sure to suffice.
Keith
Slashdot Mirror
Actually, if you do read the specific patent, they use the phrase "a computer software product which" in almost every one of their claims. So it's definitely a software patent.
The claim is for a two part process wherein they use some verifiable identity information (such as a credit card) to establish the real identity of the user and then grant the user access to some software or service for purposes of "electronic commerce". One should also note that the original application in this case was filed in 1995. So this leaves us with two questions:
1) Is the idea sufficiently novel and specific to have been granted a patent?
I was argue that it is not. This is an obvious first step in a simple electronic commerce set-up. If they had patented a particular method of establishing identity, then that would be one thing, but they patent the very idea of establishing a user's identity. It's the same as a car dealership asking to see your driver's license before they let you test drive a car, but in software. Not novel and not specific.
2) Is there any prior art which would invalidate this patent?
Yes, there definitely and obviously is. Although in 1995 the internet was not the commercial mecca that it is now, on-line service providers like AOL and Compuserve used credit cards to verify identity before letting you use their electronic systems. Compuserve, in fact, let you just dial into and provide a credit card number. And several of the services offered things you could buy which would be charged to your user account.
So, in conclusion, it's clear that this software patent, like most software patents, is vague, overly broad, and should be completely invalidated by obvious prior art.
Keith
Actually, it's an FAA regulation. It is, however, a secret FAA regulation. And this is the crux of the matter. There should not be secret laws in a democracy. And that is a far more important matter than whether or not you have to produce ID to board a plane (which itself is important).
Keith
I hope there's another way to deal with it because what he's doing right now is filing a fraudulent trademark application. I appreciate that he's in a bind, but breaking one law to prevent others from breaking another is not generally going to fly. I mean, if you commit assault to prevent a murder, that's one thing, but committing trademark fraud to prevent others from committing copyright fraud? I don't think so.
And just in case it is less than clear, this -is- trademark fraud. To apply for a trademark, you have to fill out a form which includes statements to the effect of "we have no knowledge of anyone else using this trademark in the same field of business". In order to apply for this trademark, they have to lie on the form, which is fraud.
Keith
Move to AES-hash.
Actually, no one has developed quantum algorithms which can break any encryption other than those which rely on factoring being hard. We have a quantum factoring algorithm. We don't have a quantum modular logarithm algorithm. So although RSA, Rabin, and a few others would be toast, Diffie Hellman, El Gamal, NTRU, and quite a number of other public key schemes would still be safe. And no secret key scheme I've ever seen relies on factoring, so AES, Triple-DES, and all the AES candidates would still be secure.
As for quantum entanglement, people are working on it. It's an active field of research, but these things don't happen instantly just because someone wants them to. Sorry. What you're really doing is comparing two completely unrelated things:
1) Long range consumer wireless data transmission. It's a technology whose primary benefit over existing technologies is that it is cheaper to deploy and more versatile. It's an immediate and pragmatic thing with real benefits which we could all be using within as soon as two or three years. It's something that real companies are looking at building real devices for right now.
2) Quantum entanglement communication. It's a high end research idea which they aren't sure if can ever be realized. If it can, it will likely be very expensive for quite a while and hence not suitable for consumers. It is possible that we will communicate using this technology in a few decade's time, but at this point, it is not in the running for immediate deployment in any way shape or form. No real companies have the capability to build anything like this now. The companies who are looking at rolling out WiMax stuff likely don't even have anyone on staff who understand quantum entanglement, never mind anyone who could build one.
It's sort of like your next door neighbor, a plumber, has come to you and said "Hey, I've just ordered this new car. Check out the specs on this baby. I'm really going to enjoy driving to work now." and you've said "Car? With all the automobile accidents which could happen between here and work? You should be working on building a teleporter instead."
Keith
Hacking your X-Box is not in any way shape or form illegal and certainly not -massively- illegal. Legally, it's no different from hacking your own computer. You cannot commit wire fraud against yourself. Microsoft doesn't sell licenses to use the X-Box, it sells X-Boxes. Hacking you X-Box may invalidate your warrantee and get you banned from X-Box Live, but that just means the Microsoft is unhappy, not that you broke any laws.
Keith
Actually, the lack of a superuser makes this sort of thing significantly easier. In a superuser system, what happens when the superuser dies or forgets his password? You have to yank out the disc drive and use some other system to rewrite the password file. That's not precisely an elegant solution. Plus, the superuser password has such an enormous possibility for abuse that any sane administrator wants to make sure that as few people know it as possible.
In a capabilities based system, you can have a much finer grain of what can be done. So you can divide the traditional super-user responsibilities amongst several different users, meaning that there is no longer a single point of failure or a single means of abusing the system. For instance, you could have three different trusted users who have the power to remove people's passwords but not to give them new passwords and three other trusted users who can give people new passwords if their password has been removed but not to remove the password. None of these six users has to be trusted nearly as much as one user who can change user's passwords at will because each of them has less power. So because there's less possibility of abuse, the responsibility can be shared more widely.
All of the powers and duties which a superuser account has still exist. A capabilities system isn't a system in which no one can ever change passwords or access files other than their own. It's just a system in which those powers and duties can be spread out across multiple users. This means that "what if the only person who knows the superuser password dies?" is no longer an issue and it also means that powers can be delegated more. Instead of having to get someone with root every time problems need fixing, there could be different people with responsibilities for different parts. Every division could have its own password manager and its own file rights manager.
When power is decentralized there's more accountability, less possibility for abuse, and no longer a single point of failure. Asking how you can run a computer system without a superuser is sort of like asking how you can run a government without an emperor.
Keith
Well to begin with, patents are an imposition on freedom. You give someone a temporary and artificial monopoly in order to gain benefit to society. You don't have to justify why not give them patents, you have to show why you should. The benefits (at least in theory) are thus:
1) Companies have a greater incentive to innovate and create new products.
2) Little guys don't get their inventions stolen.
Except that neither of these apply to software patents. Now, clearly, there's no shortage of innovation and new product creation in the software market. I mean, really, there are fifty zillion software companies out there and myriad individuals just writing software in their spare time. And software patents are more like to hurt the little guy than help them. The little guy can't afford the cost of doing a patent search for every line of code he writes to make sure that no one else has used the same idea in the last 20 years.
In software how novel things are is very unclear. There would be nothing wrong with patenting things which truly are completely novel, but if ten programmers are given a problem, four or five of them are going to come up with the same answer. If we allow the first one to come up with an idea to patent it, it means that the others aren't allowed to solve the problem in the best way even though they would have on their own.
And more to the point what will actually happen is that the second, third, fourth, etc. guy will come to the problem, have no idea how the first guy solved it, but come up with the same algorithm and implement it. They won't know what the other guy named his algorithm, so they won't be able to find the patent and the software will be produced. Then at some later point, the first guy's company will discover this and hold the other guys' software hostage with a patent lawsuit. Patent is meant to prevent really stealing people's ideas, but when you look at the patents which have been granted for software in places where such is allowed, the level of novelty required is so low that multiple independent creation of the idea patented is not only likely, but in many cases inevitable.
Further, showing prior art in physical devices is fairly easy, but showing it in software where other people's source code is hidden from you, becomes almost impossible. So maybe in the above scenario, it's not the first guy who patented it, but the third, but the first and second ones didn't see it as novel or didn't work for companies which worry about patenting things. But by the time the lawsuit roll around 10 years later, the first two have completely forgotten all about it and their code is each buried inside some obsolete product whose source code is locked away in a secret vault somewhere.
Now, you may note that this also makes it harder to find the lawsuits to press to begin with, and that's true. But there is one very obvious section of software which is more vulnerable to suits over software patents: open source software. I personally know of at least one major, well known open source project used by a significant portion of the user base of this web site which accidentally stepped on the patents of a large company. Now, in this case, the company has done a really terrific thing, they've not filed a lawsuit and aren't mentioning it in public (which is why I'm being so vague) so as to not hurt the reputation of the project or in any way cause FUD. But, in general, software patents are likely to hurt open source because they'll be enforced on open source products much more often than on closed source products.
Keith
BitTorrent isn't illegal at all. It's just a means of doing a download. Just as http or ftp can be used to share copyrighted content, so can BitTorrent. But like http or ftp, BitTorrent can be used to download legitimate content too. Even the MPAA admitted that Bittorrent has significant non-piracy uses, so BitTorrent is not illegal in any sense of the word.
Also, if you know anything about the history of BitTorrent and its creator, you would know that BitTorrent wasn't created in order to share copyrighted content. At the time BitTorrent was created, there were plenty of functioning piracy networks. What did not exist, however, was a means for normal internet users to share big files efficiently. So Bram made BitTorrent in order that people could share big files. That this would be used for piracy was inevitable, but that was not the point of creating it. If it had been meant specifically for piracy, there would be a search function built into it.
Peercast is similar except that it's about allowing normal internet users to share audio and video streams. Will it be used for piracy as well? Almost certainly, but again: that's not its point.
Keith
We the little guy don't need to wait for them to do this. We have computers, an internet, BitTorrent, RSS, and clients which combine BitTorrent and RSS. I've got my own full-resolution videoblog (which really is just an intermittent TV station). If you want to make your own content, you can have your own station too. It's not difficult or expensive.
Keith Irwin
"Presumed innocent until proven guilty" is a fundamental concept of our courts of law. The reality, however, is that some people are so obviously guilty that those of us who are not part of the court system have on reason to pretend otherwise. If someone walked up to you and shot you in the foot, you wouldn't refer to him as an "alleged foot shooter". You'd know that he actually did shoot you in the foot and describe him as such. We happen to know that this guy has been marketing a fraudlent spyware removal tool. He is entitled to be treated justly, and no one here is going to interfere with his right to a fair and legal trial. However, he is certainly not in any way entitled to be treated without contempt. We would have treated him with contempt before he was arrested, and his arrest does not change things.
His claims were not a direct contradiction, but to happen to be paying careful attention to the legality of the actions which you're denying having done is awfully suspicious looking. As for the action in question, it is selling a fraudlent product. That it involves spyware which has not yet been made illegal is just an aside.
I'm actually running my own RSS + BT video blog (which isn't very impressive at the moment as my camera broke and I haven't bought a new one yet, but don't worry: it'll get better soon). The difference between a video blog and a full TV station is just a question of scale.
Right now there are two RSS + BT clients: 1) Torrentocracy, a mythTV plugin and 2) Buttress, a java application. They're not precisely equivalent, but they both serve the same basic function. So, if you want to consume video, get one of those.
If you want to serve it, get BitTorrent, set up a tracker, and start a blog with torrent enclosures. I think that some of the pay blogging tools support this (Radio and Moveable Type I believe both support it with some plugin). But an even cheaper way to do this is to go get Blosxom, a free, open source blogging tool written in perl, and get the plugin which Dave Slusher and I wrote to allow you to do enclosures in RSS feeds created using Blosxom. Then, bam, you're in the video broadcast business.
All the links you might need for this (except if you want to use Radio or Moveable Type because I really don't know a thing about them) can be found on my homepage at http://www.asyserver.com/~kirwin/.
This is the time to begin TV democracy. There's no point in waiting and debating.
Keith Irwin
Now, I have nothing against those people how advocate this sort of path. I'm all for it. But at this point we're pretty well past the point of sitting around and talking about it. It's time to do it if you're gonna do it. The technology is pretty much all in place. It's just a matter of putting everything together.
That's why I'm actually running my own video blog (which isn't very impressive at the moment as my camera broke and I haven't bought a new one yet, but don't worry: it'll get better soon). The difference between a video blog and a full TV station is just a question of scale.
Ideally we want RSS and BitTorrent together. Right now there are two clients which do this: 1) Torrentocracy, a mythTV plugin and 2) Buttress, a java application. They're not precisely equivalent, but they both serve the same basic function. So, if you want to consume video, get one of those.
If you want to serve it, get BitTorrent, set up a tracker, and start a blog with torrent enclosures. I think that some of the pay blogging tools support this (Radio and Moveable Type I believe both support it with some plugin). But an even cheaper way to do this is to go get Blosxom, a free, open source blogging tool written in perl, and get the plugin which Dave Slusher and I wrote to allow you to do enclosures in RSS feeds created using Blosxom. Then, bam, you're in the video broadcast business.
All the links you might need for this (except if you want to use Radio or Moveable Type because I really don't know a thing about them) can be found on my homepage at http://www.asyserver.com/~kirwin/.
This is the time to begin TV democracy. There's no point in waiting and debating.
Keith Irwin
BitTorrent distributes small files in a central, regulated, non-p2p manner which contain cryptographic hashes of the blocks of the file. As such, it is computationally infeasible to replace any part of the file with another one. BitTorrent is a p2p download client. It is not a p2p file sharing network. As such it is not plagued by the sorts of problems which arise in p2p file sharing networks.
If you read the details of the encryption system, it's easy to see that there is no mechanism to prevent other programs from using the AirPort Express's AirTunes system. It's set up so that streaming audio cannot be eavesdropped upon and recorded. It's also set up so that a program running on some other computer on the network cannot pretend to be an AirPort Express, thereby gaining access to the digital audio stream. But it is not set up to avoid other programs using it to play music. The only thing preventing that is a lack of documentation.
Because there was no documentation, this is a hack. He had to reverse engineer the protocol and build a client which worked without any documentation or reference implementations or any of that, so it's definitely a hack. But it isn't a crack. He didn't defeat any cryptographic or DRM system (which also means that the DMCA is a non-concern). What happened was that there was an undocumented cryptographic protocol and he wrote a client which implemented it. I applaud him, but calling it a "crack" is just plain old bad reporting. Keith Irwin
The patent claims the process of Huffman encoding and/or run-length encoding digital signals. The CCITT Group 3 Fax machine standard used run length encoding followed by Huffman encoding to compress the digital signals before transmission. It was issues in 1980, six years before the patent.
I don't understand why any company would capitulate when the prior art is quite as obvious as the digital fax machine. I'll wager that they've even used a fax machine in persuing their claims.
Section 8 of article I (not to be confused with the first amendment) of the constitution which outlines the powers of Congress includes "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their
respective Writings and Discoveries;"
Copyright by its very nature is an exception to the free speech clause of the first amendment. It says that rather than being free to write anything that I want, I mustn't right something that someone else has already written recently. The power to decide the specifics of copyright is in the hands of Congress. However, that does not mean that they cannot go too far. In this case, I firmly believe that they have far exceeded the purpose and intent of the powers granted them and that the DMCA crosses the line into unconstitutionality. We'll see whether or not the Supreme Court agrees.
Keith
I added an addendum to the fourth attack and fixed some minor typos today. The addendum essentially demonstrates the fourth attack as practical in the real world and much quicker than previously though through the use of a birthday-paradox style attack.
Since I'm writing a reply, I'll also take a moment to mention Scott Crosby's short critique of HDCP. Roughly it's the same thing as the second part of my fourth attack. Essentially, it is correct, although he skips over the difficult issues such as the modulo 2^56 math without mentioning them. Myself and other did later show that one can do so with impunity, but it was a desire to hammer out these difficulties which was why my paper comes to the public after his rather than before. He has told me that he's now working on a more in depth paper with some other researchers. I suspect that it contains things not found in my own, although he hasn't explicitly told me as much.
I will also say that I view Ferguson's claims of being able to recover the whole of the master key (which I don't refer to by that name in my paper, but certainly agree that it exists in the form of some 1600 56-bit values) with some skepticism. In my attack, I describe how to get all but the left-most approximately 8 bits of each. To extract the whole thing as best I can tell requires solving sets of linear equations with no division by 2 at any point. Although there are certain sets of KSVs for which that could be done, I don't know how one would expect to reliably find such. My suspicion is that he has broken the fundamental cipher (which I do not do) but overlooked the same modulo 2^56 math gotcha that Crosby initially did. I am, of course, just speculating about that, however.
Keith
HDCP is used to encrypt video.
Keith
In case anyone is still reading, this turned out not to be an error in theorem five, after all, but instead an error in the definition of one of the terms used in theorm 5, specifically, his definition of "path". I accepted the definition as written. What he actually meant was the usual graph-theoretic definition of "path". I don't at all appreciate him describing my statements as "illiterate" given that all I did was take his definitions at face value rather than applying my existing experience. I believe that there is a flaw in his approach at a much later stage in the proof, specifically the part regarding co-vertices. I will post more if and when I get the chance to investigate that part more thoroughly so that I can nail down any problems with certainty. Keith
Probably no one is reading this any longer, but just in case, I thought that I'd point out a serious, perhaps insurmountable, error in the paper. Theorem 5 is simply incorrect. As he didn't really prove it, I cannot point out a flaw in any proof of theorem 5, but I can, quite simply, give a counter-example. Consider a graph which consists only of a 5-cycle. Any X0 would consist of two non-adjacent nodes. The digraph has to have at least two successive edges which point in the same direction around the cycle (I won't bother proving that because it's very easy to see). This means that any transitive closure graphs of that digraph would contain at least one triangle. Given that there is one triangle, in this case the MPP would be guaranteed to consist of a triangle and a line. This fits the definition of a VS graph because any maximum antipath has size two (the same as the number of paths in the MPP), which is the same as the size of X0, and must be a maximal independent set of the transitive closure graph. However, since a triangle is always included in the MPP and one edge of every triangle is always non-essential, there is no possible MPP of the TGC which contains only essential arcs. So the theorem clearly does not hold on a 5-cycle! I sincerely doubt that this is a single exception. I'm quite certain that if need be, I could find many more counter-examples, but one is sure to suffice. Keith