Re:Capitalism, Amazon, and Existentialism
on
Amazon.Heartbreak
·
· Score: 1
I have to agree with much of this. Amazon does have a very good site and it's very useful. You just can't argue with that success. Daisey's point is entertaining and humorous, but he's playing the court jester. At the end of the day, that's not much more than fun because you can't survive on jokes alone.
Think about it. Mike Daisey wouldn't be selling books if there weren't hard working folks answering email, stocking shelves, catagorizing books, and doing the scut work that he jokes about. Unfortunately, there's just plenty of hard work that need to be done. I'm going to read the book and probably enjoy it, but I'm sure I'll feel that he's being too cynical.
The French have a saying that goes roughly, "Those who refuse to play politics usually die by politics."
There are many reasons to hate the strictures of the GPL. It's very unforgiving. But it also has the effect of binding a number of people together into one coherent group and coherent groups are the only ones who have power in a democracy.
This coherency is even more important than ever in the face of the new proposed laws for curtailing the power of personal computers. Some say that the content companies like Disney would like to turn every PC into a set-top box controlled from Hollywood. There's plenty of truth to that. The GPL, for better or worse, to serve as the one ring to bind them all.
That being said, I have profess some confusion about BitKeeper. Although I haven't looked at the product or the license lately, I was pretty impressed by the logical conundrum created by Larry McVoy. The default mode of the product FORCES all of your development work to be free. You have to pay cash to take the project proprietary. That's a pretty clever notion, if you ask me. It seems like something that's even more likely to encourage and enforce free software than the GPL. Okay, RMS will disagree with that statement. I'm not even sure I believe it. But cash is a powerful force.
There are plenty of songs that infect my brain like a virus and I can't get rid of them. They may sound stupid if you think of them, but maybe they prey on the unconscious. In fact, that's probably why they give their music to radio stations.
Oh, this is just absolutely brilliant. I register wayner.org and use it for a permanent email address. And they're going to take away the domain?
But what do we do for other organizations? I run the website for my lacrosse team. It's not a company, it's not a business, it's not even a non-profit. Where are we supposed to go? Is every little league team, every dance group, every girl scout troop, every political organization, every random association of people supposed to file incorporation papers? That seems completely silly and a real waste of everyone's time and money.
I've read Rebel Code and I liked it. After reading several comments I thought I would add my own minireview here that might help others understand the book a bit better.
First, Rebel Code is largely a book about the development of the Linux kernel. Most of the first part of the book is devoted to the decisions that Linus Torvalds made along the way. The details about when he added TCP/IP and other features, for instance, are well-covered. Moody apparently constructed much of this from the archives of the mailing lists-- an amazing trove of data that any historian would be lucky to inherit.
Second, the book is really a technical history. In the preprint I read, Moody begins the fourth chapter with this sentence: "Almost
immediate after he and Tanenbaum had argued over
the relative merits of Linux and Minix, Linus
bumped up the version number of his operating
system kernel from 0.12 to 0.95, which came out on
7 March 1992."
Slashdot readers will like this and I almost felt vaguely jealous that I didn't include this information in Free for All . But I had a rule that I would include no software version numbers in the book to prevent myself from going into too much technical detail. I didn't want to lose the more casual reader and that was sure to happen if I was debating the differences between versions of the kernel. Still, I loved this kind of technical detail and most Slashdot readers will probably enjoy it too.
Which brings us to my third answer to someone's good question: wouldn't it be easier to learn about open source by just reading the stuff on the web. If you've got the time, then reading the original material makes some sense. But Moody has spent the time plowing through all of it to write a good history of the evolution of the kernel. So reading the book can save you some time and expose you to his thinking. Obviously reading both makes more sense, but there's only so much time.
Fourth, the treatment of the book is a bit unbalanced. While Katz is correct that all of the major players are included, they're not included in the same detail. The most telling detail is that Moody refers to everyone by their last name except "Linus". I realize that this is a cute convention, but it's sort of a very slight, backhanded insult to many others who contributed a great deal to the project along the way. This is supposed to be a revolution of equals. Yet, Torvalds is a star?
Which brings us to number five, Richard Stallman. The book devotes at least one chapter to him and acknowledges the contribution of the GNU project to the development of the kernel. But the book is first and foremost a history of the development of the kernel. I don't think it's fair to criticize the book for what it is not because the only way to remedy the situation is to write more and more and more. If Moody analyzed the development of the GNU project and the GNU software package in the same level of detail, then the book would be thousands of pages long, perhaps even a million. This may be why Stallman may feel slighted. Torvalds gets all of the spotlight and he only wrote a kernel at the center of it all.
This really is an impossible problem for the book author. When I was finishing Free for All I felt like Oscar Schindler in "Schindler's List". There were just thousands of neat stories and important contributors that didn't reach print, in almost all cases because I lacked the time and energy to fit them in.
This is a good book and one that I really enjoyed reading. It's a great technical history of the development of the kernel that should be read by all of the computer science majors who seem to think that all of these neat drivers and GUIs just happened. There was a lot of tough work when an OS is being bootstrapped. This history is a good way to understand just why things are as they are.
As usual, I want to let everyone know that the source code for the mimic functions is available if you just ask. Send me some email. You can get it in C, Pascal or Java flavor.
Each of these versions reads the same generic grammar file. So you can create your own grammar for encoding messages. I've written one that uses the voice over to a baseball game. The folks at SpamMimic wrote their own using Spam as an inspiration. I would love to see some more.
Incidentally, writing and modifying the grammars is one way to "key" the output. Only someone with the right grammar can decode a message. Another way is to use a number of mechanisms to scramble the grammar for each message. These are all explained in Disappearing Cryptography .
Please write with questions and comments.
-Peter
p3@wayner.org
I devoted one entire chapter in my book to the confluence of charity and open source software because it is so different from the way things are normally given away. Open source gives the software to everyone whether or not they fit some definition of charity. In the past, many businesses charge one price to one group and charge a different price to charities.
In theory, the business isn't really supposed to gain anything from the gift. They're only allowed to deduct the value of the gift. That means you can't give away a clunker automobile and take off the full price when it was new.
But determining the true value of intellectual property like software is impossible to do. All the costs lie in the creation and it costs almost nothing to give away a free copy.
So what amount does Microsoft take off its taxes when it gives away a copy of Windows to a non-profit? I don't know, but it could be larger than its real cost. I talked to a few tax lawyers in producing the book and they said there was no firm guidance from the government in the matter. It was possible that software companies were taking off the full list price for the product.
So, the point is that businesses can generate cash by giving away software to non-profits by writing off more than the cost of making the contribution. I'm not saying that Microsoft or anyone else is doing this, but I wouldn't be surprised if someone is suggesting it to them.
Unfortunately, the open source community loses in this structure. Of course, donations to Stallman's FSF seem to be tax deductable so maybe it all washes out in some strange way.
This has got to be the worst idea I've ever heard. Television networks make more money the more people watch their programmers. Advertisers love to have more people see their commercials. I would think that they want people to tape their broadcasts and watch them again and again and again.
I can tell you from personal experience that a VCR increased the amount of television I watched. If I'm not home, I can still see the show and the commercials.
This is especially important now that I have a new baby. When she starts crying, we hit the pause button and that happens often. If it wasn't for a DVD player and a VCR, we would see anything.
I don't mind if people sell old copies of books. That's just how the business has evolved. The doctrine of First Sale says that creators only get paid the first time a copy is sold. The customer is actually getting something tangible for their cash.
But Amazon is sure making it easy for people to buy used copies. The icon for buying a used copy seems more inviting to my eyes than the icon for buying a new one. Amazon has an incredible position of power in the industry these days. People use it as a book review service, a books in print listing and a store. They can push the publishers around.
In the long run, I think Amazon will want to quit doing this. Amazon already gets a discount of 50% or more off the list price on new books. Getting the used books and shipping them out is harder to do with the same amount of efficiency as buying the new books. It just takes more work. That means it will be hard for Amazon to offer more than 10-25% of the cover price to people for their used books. Then they might be able to sell the book for 50% off. At this point, the cost of shipping and handling really starts becoming significant.
I think that in the long run Amazon's core business will be niche books that aren't best sellers. It's just so much cheaper to bulk ship the millions of copies of Tom Clancy or Danielle Steel to a local mall where people can pick them up while doing their errands.
[John Gilmore wrote about this topic yesterday on several lists. Here's my reaction. I'm curious to hear what others think.]
I'm glad that John spent the time and energy to write a good summary of what is going on in the hard disk area. He's spot on about the dangers to our liberties.
But I was quite worried until I began to see the dangers for IBM and Intel in the scheme. This is not an easy play for them because it threatens much of the entire industry in these ways:
1) This is going to increase the cost of using PCs dramatically. Hard disk crashes are going to go from major disasters to utter catastrophes. When the disks go bad, you'll need to buy all new copies of the software, images, movies, and what not. Backing up? Well, that will be another headache that won't be possible without the right permissions. They can wave their hands, but there's no getting around the fact that installing software is going to have plenty of new red tape.
I don't see how they will be able to distinguish between the truth and a lie when a guy calls up and say, "uh, my hard disk crashed. I need to install it on a new machine." They either authorize it or they don't. In fact, they'll probably have to automate the process because it's so expensive to have an actual human on the other end.
My mean time between hard disk failures is about 2 years, but I'm a heavy user. Can we really afford to create a new class of technicians who do special hard disk replacement for 20% of America each year?
2) This really changes the nature of the business. Right now the PC and software manufacturers sell you a box, wave good bye and say, "Good luck." Support is a joke. Actually fixing the machines costs too much money. Anything worth under $400 is essentially disposable.
If they put trusted hard disks in place, then there needs to be someone to care for these disks. They can't just keep waving good bye when you walk out the door. The business model needs to change to be something like cable television. That means hiring thousands if not millions of technicians who will come to your house and fix your hard drive.
3) This is really going to slow innovation and that's really going to hurt IBM and Intel. Already the hardware guys depend heavily on upgrades to keep people buying machines. If people can't move their software to a new zippier computer, then they're not going to buy a new zippier computer. Take a look at the cable television world. Most people are still using 1970's era technology. It just takes too long for the service technicians to go to each house and replace things. But that's the only way you can run the world when you have trusted corrals for special data. You can't just let any schmoe upgrade their hard disk or any schmoe is going to be able to pirate Hollywood movies. Gosh, that's all us proles do all day long you know. Pirate content.
4) This is another opportunity for the open source community to come in and steal market share. If the press reports in Slashdot and other places are to believed, it was only a few months ago that Microsoft marched into the offices at Virginia Beach and asked them to produce the certificates for their copies of Windows. You know, those neat hologram embossed slips of paper. They didn't have one for each PC so they had to pay more than $129,000. (http://slashdot.org/articles/00/12/01/0532206.sht ml)
This is another opportunity for Red Hat or some other Linux box company to walk into companies and say, "Use Red Hat, Mozilla, and Star Office and you'll never have license problems again. The hardware guys claim that they can take care of rights management issues for you. So can we and we cost alot less."
I think this may be the greatest thing that's come along for open source OSs yet. As Princess Leia said in the Hollywood content "Star Wars", "The harder you squeeze your fingers Vader, the more planets slip through the fingers." Do those content wrangling lawyers down there ever look at the content they protect?
http://www.wayner.org/books/ffa/ for information on my book on open source software.
One of the nice things about OutGuess is the fact that it is keyed. That means you can scramble the steganography with a key. An attacker must recover the key to recover the data, something that seems pretty difficult. (Of course, nothing is ever certain in cryptography.)
Well, it's a bit more complicated than all that. Steganography is a close cousin to encryption and it's often used in conjunction with it. If you encrypt first, then the data looks like white noise. Even if someone knows the steganographic program, they're not going to recover the data.
But using labels to define what is encryption and what is steganography is not easy because many of the better steganographic algorithms use keys to control how and where the information is hidden.
Here's a simple example from the book. Imagine that you're going to hide information in "bad disk blocks". You might arrange to take some perfectly good disk blocks and mark them bad so the standard DOS will complete ignore them. A simple solution is to take k blocks of data and store them in the first k free blocks.
A more sophisticated solution uses a cryptographically secure random number generator to select a randomly ordered subset of k blocks from a set of n. The random number seed used to start off this random number chain acts like a key. Even if an attacker knows that you're using the old "bad block" trick, he won't know which blocks you chose and in which order you stored the data. This gets more interesting the smaller the size of the block happens to be. When it gets around the bit size, then it's essentially strong encryption.
There are many other keyed solutions. Many of the newer algorithms rely upon them. So do the better watermarks for those who intended to thwart whatever the SDMI folks throw into music. Some of the best solutions work like spread spectrum radio (the original steganographic solution) and allow several people to store their data in the same big pool without disturbing each other. It's pretty cool.
When does keyed steganography become cryptography? Well, that's a question for the language police. The mimic functions can scramble the grammars with a random number generator. I can give you an argument that the scrambled mimic functions could be as strong as RSA, but its just math. Unfortunately the best we can do is wait for plenty of people to try to break a system before we can put much faith in it.
The book is pretty dated already, but I think that
the core information is still relevant. The
workshops on Information Hiding include plenty of
great papers. The watermarking folks have done
some interesting research, but well, we may never
know much about that because the SDMI is so intent
on secrecy and security through obscurity. Welcome
to the new Dark Ages. I'm planning on updating the
book and perhaps producing another volume in the
near future.
The easiest part to update at this point is the
code. The book contains printed Pascal, something
that was almost considered a munition before the
latest glasnost in the crypto wars.
There is now C code thanks to Jason Penney. He
converted the original Pascal code in a pretty
direct fashion. I converted the Pascal into Java.
You can any of the three versions by sending me
email to pcw@flyzone.com. I'm thinking of getting a website going
once I figure out the current state of the export
regulations. There's some problems with leaving an
open site for North Korea, I think.
The program itself is modular so you can write
your own grammars for encoding messages without
learning C, Pascal, or Java. That means you don't
need to use my lame baseball example. One of the neater
developments is a website for converting messages
into spam, a medium that is quite lame by default:
http://www.spammimic.com/index.shtml
Finally, if you have suggestions for new information
hiding techniques or steganographic algorithms to
include in a future version, I hope you'll write
and suggest them to me. Any help you can give, would
be appreciated.
Slashdot Mirror
I have to agree with much of this. Amazon does have a very good site and it's very useful. You just can't argue with that success. Daisey's point is entertaining and humorous, but he's playing the court jester. At the end of the day, that's not much more than fun because you can't survive on jokes alone.
Think about it. Mike Daisey wouldn't be selling books if there weren't hard working folks answering email, stocking shelves, catagorizing books, and doing the scut work that he jokes about. Unfortunately, there's just plenty of hard work that need to be done. I'm going to read the book and probably enjoy it, but I'm sure I'll feel that he's being too cynical.
-Peter
No. He meant the business of entertaining. Daisey wrote a play first and then this book. He's quite a showman. I loved the movie.
I wrote "Couch Wars" more than a year. It's a good introduction to the current world of satellite smartcard hacking.
.
http://www.wayner.org/books/f7.pdf
You're free to circulate it now because I've turned it into advertising ware for my latest two books Translucent Databases and Disappearing Cryptography
If anyone has thoughts, comments, or suggestions, write me at p3@wayner.org.
Here's the direct link to Stallman , although you should read the first story first.
The French have a saying that goes roughly, "Those who refuse to play politics usually die by politics."
There are many reasons to hate the strictures of the GPL. It's very unforgiving. But it also has the effect of binding a number of people together into one coherent group and coherent groups are the only ones who have power in a democracy.
This coherency is even more important than ever in the face of the new proposed laws for curtailing the power of personal computers. Some say that the content companies like Disney would like to turn every PC into a set-top box controlled from Hollywood. There's plenty of truth to that. The GPL, for better or worse, to serve as the one ring to bind them all.
That being said, I have profess some confusion about BitKeeper. Although I haven't looked at the product or the license lately, I was pretty impressed by the logical conundrum created by Larry McVoy. The default mode of the product FORCES all of your development work to be free. You have to pay cash to take the project proprietary. That's a pretty clever notion, if you ask me. It seems like something that's even more likely to encourage and enforce free software than the GPL. Okay, RMS will disagree with that statement. I'm not even sure I believe it. But cash is a powerful force.
There are plenty of songs that infect my brain like a virus and I can't get rid of them. They may sound stupid if you think of them, but maybe they prey on the unconscious. In fact, that's probably why they give their music to radio stations.
Oh, this is just absolutely brilliant. I register wayner.org and use it for a permanent email address. And they're going to take away the domain? But what do we do for other organizations? I run the website for my lacrosse team. It's not a company, it's not a business, it's not even a non-profit. Where are we supposed to go? Is every little league team, every dance group, every girl scout troop, every political organization, every random association of people supposed to file incorporation papers? That seems completely silly and a real waste of everyone's time and money.
First, Rebel Code is largely a book about the development of the Linux kernel. Most of the first part of the book is devoted to the decisions that Linus Torvalds made along the way. The details about when he added TCP/IP and other features, for instance, are well-covered. Moody apparently constructed much of this from the archives of the mailing lists-- an amazing trove of data that any historian would be lucky to inherit.
Second, the book is really a technical history. In the preprint I read, Moody begins the fourth chapter with this sentence: "Almost immediate after he and Tanenbaum had argued over the relative merits of Linux and Minix, Linus bumped up the version number of his operating system kernel from 0.12 to 0.95, which came out on 7 March 1992."
Slashdot readers will like this and I almost felt vaguely jealous that I didn't include this information in Free for All . But I had a rule that I would include no software version numbers in the book to prevent myself from going into too much technical detail. I didn't want to lose the more casual reader and that was sure to happen if I was debating the differences between versions of the kernel. Still, I loved this kind of technical detail and most Slashdot readers will probably enjoy it too.
Which brings us to my third answer to someone's good question: wouldn't it be easier to learn about open source by just reading the stuff on the web. If you've got the time, then reading the original material makes some sense. But Moody has spent the time plowing through all of it to write a good history of the evolution of the kernel. So reading the book can save you some time and expose you to his thinking. Obviously reading both makes more sense, but there's only so much time.
Fourth, the treatment of the book is a bit unbalanced. While Katz is correct that all of the major players are included, they're not included in the same detail. The most telling detail is that Moody refers to everyone by their last name except "Linus". I realize that this is a cute convention, but it's sort of a very slight, backhanded insult to many others who contributed a great deal to the project along the way. This is supposed to be a revolution of equals. Yet, Torvalds is a star?
Which brings us to number five, Richard Stallman. The book devotes at least one chapter to him and acknowledges the contribution of the GNU project to the development of the kernel. But the book is first and foremost a history of the development of the kernel. I don't think it's fair to criticize the book for what it is not because the only way to remedy the situation is to write more and more and more. If Moody analyzed the development of the GNU project and the GNU software package in the same level of detail, then the book would be thousands of pages long, perhaps even a million. This may be why Stallman may feel slighted. Torvalds gets all of the spotlight and he only wrote a kernel at the center of it all.
This really is an impossible problem for the book author. When I was finishing Free for All I felt like Oscar Schindler in "Schindler's List". There were just thousands of neat stories and important contributors that didn't reach print, in almost all cases because I lacked the time and energy to fit them in.
This is a good book and one that I really enjoyed reading. It's a great technical history of the development of the kernel that should be read by all of the computer science majors who seem to think that all of these neat drivers and GUIs just happened. There was a lot of tough work when an OS is being bootstrapped. This history is a good way to understand just why things are as they are.
As usual, I want to let everyone know that the source code for the mimic functions is available if you just ask. Send me some email. You can get it in C, Pascal or Java flavor. Each of these versions reads the same generic grammar file. So you can create your own grammar for encoding messages. I've written one that uses the voice over to a baseball game. The folks at SpamMimic wrote their own using Spam as an inspiration. I would love to see some more. Incidentally, writing and modifying the grammars is one way to "key" the output. Only someone with the right grammar can decode a message. Another way is to use a number of mechanisms to scramble the grammar for each message. These are all explained in Disappearing Cryptography . Please write with questions and comments. -Peter p3@wayner.org
In theory, the business isn't really supposed to gain anything from the gift. They're only allowed to deduct the value of the gift. That means you can't give away a clunker automobile and take off the full price when it was new.
But determining the true value of intellectual property like software is impossible to do. All the costs lie in the creation and it costs almost nothing to give away a free copy.
So what amount does Microsoft take off its taxes when it gives away a copy of Windows to a non-profit? I don't know, but it could be larger than its real cost. I talked to a few tax lawyers in producing the book and they said there was no firm guidance from the government in the matter. It was possible that software companies were taking off the full list price for the product.
So, the point is that businesses can generate cash by giving away software to non-profits by writing off more than the cost of making the contribution. I'm not saying that Microsoft or anyone else is doing this, but I wouldn't be surprised if someone is suggesting it to them.
Unfortunately, the open source community loses in this structure. Of course, donations to Stallman's FSF seem to be tax deductable so maybe it all washes out in some strange way.
I can tell you from personal experience that a VCR increased the amount of television I watched. If I'm not home, I can still see the show and the commercials.
This is especially important now that I have a new baby. When she starts crying, we hit the pause button and that happens often. If it wasn't for a DVD player and a VCR, we would see anything.
But Amazon is sure making it easy for people to buy used copies. The icon for buying a used copy seems more inviting to my eyes than the icon for buying a new one. Amazon has an incredible position of power in the industry these days. People use it as a book review service, a books in print listing and a store. They can push the publishers around.
In the long run, I think Amazon will want to quit doing this. Amazon already gets a discount of 50% or more off the list price on new books. Getting the used books and shipping them out is harder to do with the same amount of efficiency as buying the new books. It just takes more work. That means it will be hard for Amazon to offer more than 10-25% of the cover price to people for their used books. Then they might be able to sell the book for 50% off. At this point, the cost of shipping and handling really starts becoming significant.
I think that in the long run Amazon's core business will be niche books that aren't best sellers. It's just so much cheaper to bulk ship the millions of copies of Tom Clancy or Danielle Steel to a local mall where people can pick them up while doing their errands.
Sorry for the confusion.
[John Gilmore wrote about this topic yesterday on several lists. Here's my reaction. I'm curious to hear what others think.]
t ml)
I'm glad that John spent the time and energy to write a good summary of what is going on in the hard disk area. He's spot on about the dangers to our liberties.
But I was quite worried until I began to see the dangers for IBM and Intel in the scheme. This is not an easy play for them because it threatens much of the entire industry in these ways:
1) This is going to increase the cost of using PCs dramatically. Hard disk crashes are going to go from major disasters to utter catastrophes. When the disks go bad, you'll need to buy all new copies of the software, images, movies, and what not. Backing up? Well, that will be another headache that won't be possible without the right permissions. They can wave their hands, but there's no getting around the fact that installing software is going to have plenty of new red tape.
I don't see how they will be able to distinguish between the truth and a lie when a guy calls up and say, "uh, my hard disk crashed. I need to install it on a new machine." They either authorize it or they don't. In fact, they'll probably have to automate the process because it's so expensive to have an actual human on the other end.
My mean time between hard disk failures is about 2 years, but I'm a heavy user. Can we really afford to create a new class of technicians who do special hard disk replacement for 20% of America each year?
2) This really changes the nature of the business. Right now the PC and software manufacturers sell you a box, wave good bye and say, "Good luck." Support is a joke. Actually fixing the machines costs too much money. Anything worth under $400 is essentially disposable.
If they put trusted hard disks in place, then there needs to be someone to care for these disks. They can't just keep waving good bye when you walk out the door. The business model needs to change to be something like cable television. That means hiring thousands if not millions of technicians who will come to your house and fix your hard drive.
3) This is really going to slow innovation and that's really going to hurt IBM and Intel. Already the hardware guys depend heavily on upgrades to keep people buying machines. If people can't move their software to a new zippier computer, then they're not going to buy a new zippier computer. Take a look at the cable television world. Most people are still using 1970's era technology. It just takes too long for the service technicians to go to each house and replace things. But that's the only way you can run the world when you have trusted corrals for special data. You can't just let any schmoe upgrade their hard disk or any schmoe is going to be able to pirate Hollywood movies. Gosh, that's all us proles do all day long you know. Pirate content.
4) This is another opportunity for the open source community to come in and steal market share. If the press reports in Slashdot and other places are to believed, it was only a few months ago that Microsoft marched into the offices at Virginia Beach and asked them to produce the certificates for their copies of Windows. You know, those neat hologram embossed slips of paper. They didn't have one for each PC so they had to pay more than $129,000. (http://slashdot.org/articles/00/12/01/0532206.sh
This is another opportunity for Red Hat or some other Linux box company to walk into companies and say, "Use Red Hat, Mozilla, and Star Office and you'll never have license problems again. The hardware guys claim that they can take care of rights management issues for you. So can we and we cost alot less."
I think this may be the greatest thing that's come along for open source OSs yet. As Princess Leia said in the Hollywood content "Star Wars", "The harder you squeeze your fingers Vader, the more planets slip through the fingers." Do those content wrangling lawyers down there ever look at the content they protect?
http://www.wayner.org/books/ffa/ for information on my book on open source software.
p3@wayner.org
But using labels to define what is encryption and what is steganography is not easy because many of the better steganographic algorithms use keys to control how and where the information is hidden.
Here's a simple example from the book. Imagine that you're going to hide information in "bad disk blocks". You might arrange to take some perfectly good disk blocks and mark them bad so the standard DOS will complete ignore them. A simple solution is to take k blocks of data and store them in the first k free blocks.
A more sophisticated solution uses a cryptographically secure random number generator to select a randomly ordered subset of k blocks from a set of n. The random number seed used to start off this random number chain acts like a key. Even if an attacker knows that you're using the old "bad block" trick, he won't know which blocks you chose and in which order you stored the data. This gets more interesting the smaller the size of the block happens to be. When it gets around the bit size, then it's essentially strong encryption.
There are many other keyed solutions. Many of the newer algorithms rely upon them. So do the better watermarks for those who intended to thwart whatever the SDMI folks throw into music. Some of the best solutions work like spread spectrum radio (the original steganographic solution) and allow several people to store their data in the same big pool without disturbing each other. It's pretty cool.
When does keyed steganography become cryptography? Well, that's a question for the language police. The mimic functions can scramble the grammars with a random number generator. I can give you an argument that the scrambled mimic functions could be as strong as RSA, but its just math. Unfortunately the best we can do is wait for plenty of people to try to break a system before we can put much faith in it.
The easiest part to update at this point is the code. The book contains printed Pascal, something that was almost considered a munition before the latest glasnost in the crypto wars.
There is now C code thanks to Jason Penney. He converted the original Pascal code in a pretty direct fashion. I converted the Pascal into Java. You can any of the three versions by sending me email to pcw@flyzone.com. I'm thinking of getting a website going once I figure out the current state of the export regulations. There's some problems with leaving an open site for North Korea, I think.
The program itself is modular so you can write your own grammars for encoding messages without learning C, Pascal, or Java. That means you don't need to use my lame baseball example. One of the neater developments is a website for converting messages into spam, a medium that is quite lame by default:
http://www.spammimic.com/index.shtml
Finally, if you have suggestions for new information hiding techniques or steganographic algorithms to include in a future version, I hope you'll write and suggest them to me. Any help you can give, would be appreciated.
Thanks.